1 Web Developer Foundations: Using XHTML Chapter 12 E-Commerce Overview Modified by Linda Kenney November, 2006.

1

Web Developer Foundations: Using XHTML

Chapter 12

E-Commerce OverviewModified by Linda Kenney

November, 2006

2© 2007 Pearson Education

Learning Outcomes

• In this chapter, you will learn how to:– Describe E-Commerce– Identify benefits and risks of E-Commerce– Describe E-Commerce business models– Describe E-Commerce Security and Encryption– Describe EDI (Electronic Data Interchange)– Describe trends and projections for E-Commerce– Describe issues related to E-Commerce– Describe order and payment processing– Describe E-Commerce solution options


What is E-Commerce?• The integration of communications, data

management, and security technologies to allow individuals and organizations to exchange information related to the sale of goods and services.

• Major functions of E-Commerce include:– the buying of goods, – the selling of goods, and – performance of financial transactions on the

Internet.


E-Commerce Advantages for Businesses

• Reduced Costs

• Increased Customer Satisfaction

• More Effective Data Management

• Potentially Higher Sales


Reduced Costs – why?


Increased Customer Satisfaction – why?


More Effective Data Management – why?


Potentially Higher Sales-why?


E-Commerce Advantages for Consumers

• Convenience – why?

• Easier Comparison Shopping

• Wider Selection of Goods


E-Commerce Risksfor Businesses

• Need for a robust, reliable web site• Fraudulent transactions• Customer reluctance to purchase

online• Increased competition


E-Commerce Risksfor Consumers

• Possible Security Issues• Possible Privacy Issues• Purchasing from photos &

descriptions• Possible difficulty with returns


E-CommerceBusiness Models

• B2C – Business-to-Consumer– Some are online only– Some are both online and Brick and

Mortar

• B2B – Business-to-Business• C2C – Consumer-to-Consumer• B2G – Business-to-Government


Electronic Data Interchange (EDI)

• EDI is the transfer of data between different companies using networks.

• This facilitates the exchange of standard business documents including purchase orders and invoices.

• EDI is not new; it has been in existence since the 1960s.

• Organizations that exchange EDI transmissions are called trading partners.

• Newer technologies such as XML and Web Services are replacing traditional EDI by allowing trading partners virtually unlimited opportunities to customize their information exchange over the Internet.

E-CommerceStatistics

Source:Forrester Research as reported on http://www.nua.com/surveys/

http://www.nua.com/surveys/




E-CommerceStatistics - updated

• E-commerce revenue in 2006 – over $2 billion

• http://www.clickz.com/showPage.html?page=3611181


Typical InternetUser

• A recent study by Harris Interactive discussed on Clickz.com (http://www.clickz.com/stats/sectors/geographics/article.php/5911_1011491 )

found that the typical Internet user in the U.S. now mirrors the U.S. population.

Male 49%

Female 51%

Household Income $40,816

Adults 18-49 74%


“Black Friday” stats

• http://www.internetnews.com/ec-news/article.php/3645606

• http://www.clickz.com/showPage.html?page=3624037


E-Commerce Issues

• Intellectual Property• Security• Fraud• Taxation• International Commerce


Intellectual Property

• Domain names and cybersquatting

• http://www.icann.org/udrp/udrp.htm


Security


Fraud


Taxation


International Commerce


Order &Payment Processing

• Describe online ordering.


• Try: www.amazon.com


Order &Payment Processing

• E-Commerce Payment Models:– Cash– Check– Credit– Smart Card– Micropayments


Cash/Check

• http://www.internetcash.com/

• https://www.paypal.com/

• http://www.checkfree.com/

Credit Card OrderProcessing Flow


Secure Electronic Transactions (SET)

• Standard protocol that enables secure credit card transactions on the Internet. SET uses encryption and digital certificates.


Smart Card

• Similar to a credit card, but with an integrated circuit.

• Mainly used in Europe, Australia, and Japan


Micropayments

• Small amounts of currency are exchanged over the Internet.

• http://www.peppercoin.com/

“When digital and physical merchants deploy Peppercoin, consumers can use their debit and credit cards for purchases of any size. For example, a consumer can pay for a parking meter, purchase a digital news article for $0.50, or buy a pack of gum from the corner store for $0.75. “


E-CommerceStorefront Solutions

• Instant Online Storefront

• Off-The-Shelf Shopping Cart Software

• Custom Built Solution

• Semi-Custom Built Solutions on a Budget


Instant Online Storefront

• Yahoo!http://smallbusiness.yahoo.com/ecommerce/

• Earthstoreshttp://home.earthstores.com/

• FreeMerchanthttp://www.freemerchant.com/


Off-The-Shelf Shopping Cart Software

• Miva Merchant,

http://www.miva.com/us/

• Mercantec

http://www.mercantec.com/


Custom Built Solution– IBM's WebSphere

– Microsoft's Visual Studio.NET

– Macromedia Dreamweaver

– Etc.


Semi-Custom Built Solutions on a Budget

• E-Commerce add-ons for FrontPage and Dreamweaver

• Paypal order processing

• Free shopping cart scripts


• STOP HERE


E-CommerceSecurity

• Encryption– Used to ensure privacy within an organization

and on the Internet.– The conversion of data into an unreadable form,

called a ciphertext. This ciphertext cannot be easily understood by unauthorized individuals.

• Decryption– The process of converting the ciphertext back

into its original form, called plaintext or cleartext, so it can be understood.

• The encryption/decryption process requires an algorithm and a key.


• Encryption is needed because information in a packet can be intercepted as it travels across media.


E-Commerce SecurityEncryption Types

Secure E-Commerce transactions make use of the encryption technologies below:

• Symmetric-key Encryption• Asymmetric-key Encryption• Hash EncryptionThese technologies are used as part of SSL

(Secure Sockets Layer) – the technology that helps to make commerce on the Internet secure.


E-Commerce SecurityTypes of Encryption(1)

Symmetric-Key Encryption

• Also called single-key encryption. • Both the encryption and decryption use the same key.• Since the key must be kept secret from others, both the

sender and receiver must know the key before communicating using encryption.

• An advantage of symmetric-key encryption is speed.



Asymmetric-Key Encryption• Also called public-key

encryption. • There is no shared secret.• Instead, two keys are

created at the same time. • This key pair contains

a public key and a private key.

• Public-key encryption is much slower than symmetric-key encryption.



Hash Encryption• A hash algorithm transforms a string of

characters into a usually shorter fixed-length value or key that represents the original string, called a digest.

• Hash encryption is one-way encryption. • Hash encryption is used for information

that will not be read or decrypted. • The function of hash encryption is to

verify the integrity of information.


Secure Sockets Layer (SSL)• SSL is a protocol that allows data to be privately

exchanged over public networks.

• SSL was developed by Netscape and is used to encrypt data sent between a client (usually a web browser) and a web server.

• SSL utilizes both symmetric and asymmetric keys.

• SSL uses the “https” protocol instead of the “http” protocol

• Most browsers display a “lock” icon when SSL is being used.


Secure Sockets Layer(SSL)

• SSL provides secure communication between a client and server by using:– Server and (optionally) client digital certificates for

authentication– Symmetric-key cryptography using a "session key" for

bulk encryption – Public-key cryptography for transfer of the session key– Message Digests (hash encryption) to verify the

integrity of the transmission


SSL in Action


SSL & Digital Certificate• SSL enables two computers to securely

communicate by using a digital certificate for authentication.

• A digital certificate is a form of an asymmetric key that also contains information about the certificate, the holder of the certificate, and the issuer of the certificate.


Digital Certificate• The contents of a digital

certificate include:– The public key– Effective date of the

certificate– Expiration date of the

certificate– Details about the Certificate

Authority -- the issuer of the certificate

– Details about the certificate holder

– A digest of the certificate content


Certificate Authority• A Certificate Authority is a trusted

third-party organization or company that issued digital certificates.

• Well-known Certificate Authorities:– Verisign

• http://www.verisign.com

– Thawte• http://www.thawte.com


Obtaining a Digital Certificate

• Request a certificate from a Certificate Authority and pay the application fee.

• The Certificate Authority:– verifies your identity, – issues your Certificate,– and supplies you with a public/private key pair.

• Store the certificate in your software - such as a web server, web browser, or e-mail application.

• The Certificate Authority makes your certificate publicly known.


SSL & Digital Certificates

• When you visit an e-commerce site that uses SSL, a number of steps are involved in the authentication process. – The web browser and web server go through initial

handshaking steps using the server certificate and keys.

– Once trust is established, the web browser encrypts the single secret key (symmetric key) that will be used for the rest of the communication.

– From this point on, all data is encrypted using the secret key.


SummaryThis chapter introduced you to basic e-

ommerce concepts and implementations.

Consider taking an E-Commerce course to continue your study of this dynamic and growing area of web development.

1 Web Developer Foundations: Using XHTML Chapter 12 E-Commerce Overview Modified by Linda Kenney November, 2006.

Documents