Electronic CommerceElectronic Commerce

Yan XiongYan XiongCollege of BusinessCollege of BusinessCSU SacramentoCSU Sacramento

9/25/03

AgendaAgenda What is Electronic Commerce?What is Electronic Commerce? Understanding the InternetUnderstanding the Internet IT components of Electronic Commerce IT components of Electronic Commerce Control issues related to Electronic CommerceControl issues related to Electronic Commerce E-PaymentE-Payment

““In a few years' time, In a few years' time, there will be no Internet there will be no Internet companies - there will just companies - there will just be companies - and all be companies - and all companies that will companies that will operate in the future, will operate in the future, will be Internet companies.”be Internet companies.”

-A. Grove, ~1999-A. Grove, ~1999

E-BusinessE-Business““Electronic business Electronic business

(e-business) is the use of (e-business) is the use of information technology and information technology and electronic communication networks electronic communication networks to exchange business information to exchange business information and conduct transactions in and conduct transactions in electronic, paperless form.” electronic, paperless form.”

Glover, Liddle and PrawittGlover, Liddle and Prawitt

Types of E-CommerceTypes of E-Commerce Business to Business Business to Business (B2B)(B2B) Business to Customer Business to Customer (B2C)(B2C) Various others (e.g., Government to Various others (e.g., Government to

Customers)Customers) Were projected to grow at same rateWere projected to grow at same rate BUTBUT . . . then came . . . then came

“dot.com failures”“dot.com failures”

E-Business Forecast **E-Business Forecast **Type ofType of

E-BusinessE-Business19991999

VolumeVolume% of% ofTotalTotal

20042004VolumeVolume

% of% ofTotalTotal

B2BB2B $109$109billionbillion

8484 $7.3$7.3trilliontrillion

9090

B2CB2C $20$20billionbillion

1616 $800$800billionbillion

1010

** Forrester and Gartner Groups (2000)

Where we’ve been Where we’ve been

Discovery

1999 200220012000

High Expectations

Reality Check

Pragmatic Adoption

Add proliferation

line

EDI

Rosettanet

FTP

Machine to MachineMachine to Machine Progression Progression

Web services

•Rosettanet standardizes format and choreography for transactions•Web services exposes business capabilities as real-time executable functions•Look for the best of both to merge

Ship Notice

Distributors Contract Manufacturers

SuppliersLogistics

CustomersForecastInventory

OrdersBuild Signal

Quality Data

Invoice

PaymentForecast

Invoice

Order

Ship Notice

Payment

Order Ack.

Product Information

ForecastOrder

Inventory Reporting

Advanced Ship Notice

Receipt Notification

Invoice

Payment

EDIEDI Electronic Data InterchangeElectronic Data Interchange Mature technology (15 years) now Mature technology (15 years) now

being moved to Internetbeing moved to Internet Mainframe computersMainframe computers Batch processingBatch processing Using value added network (VAN)Using value added network (VAN) Standards have been developedStandards have been developed

Accounting standards recentlyAccounting standards recently

Typical EDI TransactionTypical EDI Transaction

Manufacturer

Supplier

Value-AddedNetwork

Purchase Order

Purchase Order

Confirmation

Confirmation

E-mail usingANSI X12 standard

EDI DisadvantagesEDI Disadvantages Changes limited by EDI structure-Changes limited by EDI structure-

serial processserial process EDI using VANs costlyEDI using VANs costly Works best between pairs of companiesWorks best between pairs of companies Difficult for small firms to participateDifficult for small firms to participate Cisco has small firms use web serviceCisco has small firms use web service

Financial Electronic Financial Electronic Data Interchange (FEDI)Data Interchange (FEDI) Use of EDI to exchange information is only part of Use of EDI to exchange information is only part of

buyer-seller relationship in B2B electronic commerce buyer-seller relationship in B2B electronic commerce Electronic funds transfer (EFT)Electronic funds transfer (EFT): making cash payments : making cash payments

electronicallyelectronically EFT done through EFT done through Automated Clearing House (ACH)Automated Clearing House (ACH) network network

Emerging B2B Emerging B2B ProblemsProblems Antitrust issuesAntitrust issues Control issuesControl issues Virus and security problemsVirus and security problems Privacy of data issuesPrivacy of data issues Problems greater than with Problems greater than with

traditional business traditional business enterprises enterprises due to multiplicity of playersdue to multiplicity of players

B2C EffectsB2C Effects Globalization of marketsGlobalization of markets One-to-one marketingOne-to-one marketing Customization of products / servicesCustomization of products / services Integration of systems with clientsIntegration of systems with clients

Dell linked to clients intranetsDell linked to clients intranets Intel has to improve Taiwan Intel has to improve Taiwan

Phone CompanyPhone Company

B2C EffectsB2C Effects E-service not even E-service not even

envisaged beforeenvisaged before e.g., UPS adding computer setup e.g., UPS adding computer setup

service to Dell’s provisioningservice to Dell’s provisioning Commoditization of productsCommoditization of products

CommodityCommodity is product with narrow is product with narrow profit margins and no major brand profit margins and no major brand differentiation in pricedifferentiation in price

e.g., printerse.g., printers

B2C OpportunitiesB2C Opportunities Companies can create electronic catalogs on Companies can create electronic catalogs on

Web sites to totally automate sales Web sites to totally automate sales order entryorder entry

Electronic commerce applications can also improve Electronic commerce applications can also improve quality of post-sales customer supportquality of post-sales customer support

B2C OpportunitiesB2C Opportunities For products that can be digitized :For products that can be digitized :

(books, software, music)(books, software, music) inbound / outbound logistics steps of value chain can be inbound / outbound logistics steps of value chain can be

performed electronicallyperformed electronically Improve efficiency / effectiveness of value chain support Improve efficiency / effectiveness of value chain support

activitiesactivities

Bank Per-transaction CostsBank Per-transaction Costs

Tellers

$1.07

ATMs

$0.39

Online

$0.01

E-Business

Home Heating CaseHome Heating Case Downes and MuiDownes and Mui East Coast clientEast Coast client Part of larger oil and gas Part of larger oil and gas

retail operationretail operation 17% share of total market17% share of total market Only 4% of direct sales to residentsOnly 4% of direct sales to residents

Home Heating OilHome Heating Oil OPPORTUNITIES:OPPORTUNITIES:

Sales to residents Sales to residents accounted for 75% of profitsaccounted for 75% of profits

Sales to independent distributors Sales to independent distributors at a much lower margin at a much lower margin than to residential customersthan to residential customers

Home Heating OilHome Heating Oil PROBLEMS:PROBLEMS:

Company’s brand name Company’s brand name not strongnot strong

70% of residential customers 70% of residential customers over age of 50 over age of 50

Exit costs too high to walk away Exit costs too high to walk away from businessfrom business

Heating Oil CaseHeating Oil Case SOLUTION:SOLUTION:

Bypass distributorsBypass distributors Break industry rulesBreak industry rules Destroy its own Value ChainDestroy its own Value Chain

Prospects so poor, they had little to Prospects so poor, they had little to loselose

New “Virtual Fuel Company” (VFC)New “Virtual Fuel Company” (VFC)

Virtual Fuel CompanyVirtual Fuel Company Early stages:Early stages:

Customers can order via Customers can order via telephone or Webtelephone or Web

Longer term:Longer term: Connect sensors from home Connect sensors from home

heating tanks to production heating tanks to production facilitiesfacilities

Over wireless network or internetOver wireless network or internet

Virtual Fuel CompanyVirtual Fuel Company Will be able to tell customer Will be able to tell customer

when it is time to reorder when it is time to reorder Maybe JIT system?Maybe JIT system?

Fuel truck pulls up to residence Fuel truck pulls up to residence just when heating oil tank just when heating oil tank reaches empty reaches empty

New Model AdvantagesNew Model Advantages No expensive sales or No expensive sales or

distribution functiondistribution function Outsource order process Outsource order process

to customer to customer Compete aggressively with Compete aggressively with

local dealers on pricelocal dealers on price Reverse local dealer advantage of Reverse local dealer advantage of

location and personal relationshipslocation and personal relationships

Heating Oil CaseHeating Oil Case BOTTOM LINE:BOTTOM LINE:“ “ . . .a disadvantaged player . . .a disadvantaged player

already in the industry decided to already in the industry decided to solve its problem by wrecking the solve its problem by wrecking the business model for everyonebusiness model for everyone.”.”

Downes and MuiDownes and Mui

But . . . .But . . . . . . .what does this have to . . .what does this have to

do with accounting? do with accounting? electronic transactions more electronic transactions more

difficult to track / controldifficult to track / control fuzzy borders between firms fuzzy borders between firms

(e.g., vendors / customers)(e.g., vendors / customers) revenue recognitionrevenue recognition

auditing becomes more difficultauditing becomes more difficult

So . . .So . . . . . . let’s learn some more . . . let’s learn some more

about this beast that we about this beast that we have to tame:have to tame: how the Internet workshow the Internet works IT componentsIT components control issuescontrol issues e-paymentse-payments

AgendaAgenda Understanding the InternetUnderstanding the Internet

Internet LayersInternet Layers

Infrastructure Layer

Application Layer

Intermediary Layer

Commerce Layer

Infrastructure LayerInfrastructure Layer Companies providing Companies providing

products and services to products and services to create Internet provider (IP) create Internet provider (IP) network infrastructurenetwork infrastructure

Includes:Includes: Internet Service Providers (ISPs)Internet Service Providers (ISPs) security vendorssecurity vendors fiber optics vendorsfiber optics vendors telecommunications companiestelecommunications companies

Application LayerApplication Layer Enables business activities Enables business activities

to be performed online to be performed online Provides software production and Provides software production and

services to facilitate Web transactionsservices to facilitate Web transactions Includes:Includes:

Web development softwareWeb development software search engine softwaresearch engine software Web databasesWeb databases

Intermediary LayerIntermediary Layer Increases efficiency of Increases efficiency of

electronic markets by facilitating electronic markets by facilitating interaction between buyers and sellersinteraction between buyers and sellers

Acts as mechanism for transaction Acts as mechanism for transaction processing through previous layersprocessing through previous layers

Includes:Includes: brokeragesbrokerages online travel agentsonline travel agents online advertisingonline advertising

Commerce LayerCommerce Layer Sales of products and Sales of products and

services over the Internet to services over the Internet to consumers and businessesconsumers and businesses

Includes:Includes: ““e-tailers”e-tailers” manufacturers selling onlinemanufacturers selling online subscription-based servicessubscription-based services online entertainmentonline entertainment airlines selling tickets onlineairlines selling tickets online

DefinitionsDefinitions IPIP: Internet protocol: Internet protocol IP AddressIP Address: message destination: message destination Message PacketMessage Packet: String of data, : String of data,

each carrying IP and IP Addresseach carrying IP and IP Address Regional NodeRegional Node: Meshing of : Meshing of

transmission linestransmission lines

CONNECTION OPTIONS

Dial-up Modem

ISPYou

CableNode

POPPhone Lines

PhoneCompanyPhone Lines

DSLModem

Local bankof modems –

Point ofPresence

CableModem

Internet ServiceProvider

Neighborhood

Connection OptionsConnection Options Dialup ModemDialup Modem: can make : can make

local call to access Internetlocal call to access Internet DSL ModemDSL Modem: regular phone service : regular phone service

and Internet service, on same line at and Internet service, on same line at same timesame time

Cable ModemCable Modem: the more neighbors : the more neighbors accessing node at same time, the accessing node at same time, the slower the connectionslower the connection

E-mail MessagesE-mail Messages

IPODomain NameServer (DNS)

E-mailServer

Recei-vor

Message sits onthe E-mail serveruntil receiver logson; then messagesent.

log-on

ServersServers High capacity computerHigh capacity computer

contains network softwarecontains network software Handles:Handles:

communicationcommunication storagestorage resource sharingresource sharing

Application software / data Application software / data common to all userscommon to all users

Internet ProtocolsInternet Protocols ProtocolProtocol: guidelines : guidelines

computers use to talk to computers use to talk to one anotherone another

Internet Protocol (IP):Internet Protocol (IP): for moving raw datafor moving raw data

Transmission Control Transmission Control ProtocolProtocol (TCP):(TCP): for making for making sure that data arrives intactsure that data arrives intact

Putting them together = Putting them together = TCP / IPTCP / IP

AgendaAgenda

IT components of IT components of Electronic CommerceElectronic Commerce

Types of NetworksTypes of Networks Global networks used by many companies to Global networks used by many companies to

conduct e- commerce and to manage conduct e- commerce and to manage internal operations consist of: internal operations consist of: • Private portion owned or leased by the companyPrivate portion owned or leased by the company• The InternetThe Internet

Private PortionPrivate Portion Local area network (LAN):Local area network (LAN): system of computers system of computers

and other devices (printers) located and other devices (printers) located in close proximity to each otherin close proximity to each other

Wide area network (WAN):Wide area network (WAN): covers a wide covers a wide geographic areageographic area

LANLAN Nodes in close Nodes in close

proximity to each otherproximity to each other e.g., same buildinge.g., same building

Owned by using organizationOwned by using organization e.g., not leased from carriere.g., not leased from carrier

Why a LAN?Why a LAN? SimplicitySimplicity Group productionGroup production Data sharingData sharing Faster data transferFaster data transfer CheaperCheaper Easier resource controlEasier resource control

WANsWANs Companies typically own all equipment for local Companies typically own all equipment for local

area network (LAN) area network (LAN) Usually don’t own long-distance data communications Usually don’t own long-distance data communications

connections of wide area network (WAN)connections of wide area network (WAN) Either contract to use Either contract to use value-addedvalue-added network (VAN)network (VAN) or use the or use the

InternetInternet

IntranetsIntranets Internal networks connecting to main Internal networks connecting to main

Internet Internet Can be navigated with same browser software, Can be navigated with same browser software,

but are closed off from general publicbut are closed off from general public

ExtranetsExtranets Link the intranets of two or more companiesLink the intranets of two or more companies Either Internet or VAN can be used to connect Either Internet or VAN can be used to connect

companies forming extranetcompanies forming extranet Value-added networks (VAN) more reliable and secure than Value-added networks (VAN) more reliable and secure than

InternetInternet but more expensivebut more expensive

Network TypesNetwork Types Value-added Network (VAN)Value-added Network (VAN)

large-scale telecommunications large-scale telecommunications networksnetworks

leased connections to clientsleased connections to clients charge based on usagecharge based on usage

Virtual Private Network (VPN)Virtual Private Network (VPN) less expensive (public network)less expensive (public network) encrypt all packetsencrypt all packets

What is a VPN?What is a VPN? Info-Tech Research Group Info-Tech Research Group

DotComAdvisorDotComAdvisor Network encrypted with Network encrypted with

special security protocolspecial security protocol Requires a server for Requires a server for

authenticating remote usersauthenticating remote users

Why VPNs?Why VPNs? Low implementation costLow implementation cost

few thousands of $ for few thousands of $ for each 20 to 50 simultaneous each 20 to 50 simultaneous usersusers

Low maintenance costsLow maintenance costs eliminates large bank of modemseliminates large bank of modems ISP handles thisISP handles this

Why VPNs?Why VPNs? Long distance savingsLong distance savings

Local connectionsLocal connections Savings often pay for VPN Savings often pay for VPN

in a few monthsin a few months

What’s VPN Downside?What’s VPN Downside? Some security problemsSome security problems Integration with other network Integration with other network

technologiestechnologies access and useaccess and use

Communications Communications ChannelsChannels Medium that connects sender and receiverMedium that connects sender and receiver

– standard telephone linesstandard telephone lines– coaxial cablescoaxial cables– fiber opticsfiber optics– microwave systemsmicrowave systems– communications satellitescommunications satellites– cellular radios and telephonescellular radios and telephones

Client-ServerClient-Server Many WANs, LANs set up Many WANs, LANs set up

as client/server systemsas client/server systems Each desktop computer is clientEach desktop computer is client Client send requests for data to serverClient send requests for data to server Servers perform preprocessing on Servers perform preprocessing on

data base and send only relevant data base and send only relevant subset of data to client for local processingsubset of data to client for local processing

AgendaAgenda What is Electronic Commerce?What is Electronic Commerce? Understanding the InternetUnderstanding the Internet IT components of Electronic Commerce IT components of Electronic Commerce Control issues related to Electronic CommerceControl issues related to Electronic Commerce E-PaymentsE-Payments

E-Commerce ThreatsE-Commerce Threats High value and complexity High value and complexity

of E-Commerce initiativesof E-Commerce initiatives Outside threats from automated Outside threats from automated

attack toolsattack tools Lack of attention to security Lack of attention to security

fundamentals fundamentals Myriad points of access with which Myriad points of access with which

security managers must be concernedsecurity managers must be concerned Computer Technology Research Corporation, 2000Computer Technology Research Corporation, 2000

Types of ThreatsTypes of Threats InterceptionInterception Redirection Redirection (spoofing)(spoofing)

ImpersonationImpersonation IdentificationIdentification Exploitable Program ErrorsExploitable Program Errors Weak Client SecurityWeak Client Security Deloitte and ToucheDeloitte and Touche

Auditing ChallengesAuditing Challenges Increased complexity of Increased complexity of

auditing through computerauditing through computer Integrity and reliability of Integrity and reliability of

clients’ networksclients’ networks Extension of audit to trading Extension of audit to trading

partners’ systemspartners’ systems Increased skills required by smaller Increased skills required by smaller

auditing firmsauditing firms small firms going on-linesmall firms going on-line

Control IssuesControl Issues E-commerce creates control issues: E-commerce creates control issues:

• Validity of transactionsValidity of transactions• Authorization of transactionsAuthorization of transactions• Safeguarding of assetsSafeguarding of assets• Safeguarding privacySafeguarding privacy

Control IssuesControl Issues Fundamental control objective: Fundamental control objective: allall transactions transactions

are validare valid In e-commerce, transaction validity requires two things:In e-commerce, transaction validity requires two things:

• Authenticate identity of partiesAuthenticate identity of parties• Ensure that information is not altered during transmission Ensure that information is not altered during transmission

between buyer and sellerbetween buyer and seller

Control IssuesControl Issues Proper authorization of transactionsProper authorization of transactions essential to essential to

protect each party from unilateral protect each party from unilateral repudiation of transaction by other partyrepudiation of transaction by other party

Both organizations and individuals want to Both organizations and individuals want to safeguard their assetssafeguard their assets

Control IssuesControl Issues E-commerce threats:E-commerce threats:

– loss of confidentialityloss of confidentiality– unauthorized accessunauthorized access– loss of dataloss of data

Although electronic commerce introduces new threats not present in Although electronic commerce introduces new threats not present in traditional methods, it also provides possibility of more effective controlstraditional methods, it also provides possibility of more effective controls

AgendaAgenda What is Electronic Commerce?What is Electronic Commerce? Understanding the InternetUnderstanding the Internet IT components of Electronic Commerce IT components of Electronic Commerce Control issues related to Electronic CommerceControl issues related to Electronic Commerce E-PaymentsE-Payments

E-Payment MethodsE-Payment Methods Magnetic Strip Card Magnetic Strip Card

(e.g., ATM cards) (e.g., ATM cards) Smart Cards:Smart Cards:

contains microprocessor contains microprocessor and storage unit and storage unit

store 100 times more datastore 100 times more data popular in Europepopular in Europe requires US equipment investment requires US equipment investment

SET ProtocolSET Protocol Secure Electronic Secure Electronic

Transaction (SET)Transaction (SET) Master Card / VisaMaster Card / Visa Provide secure payment environment Provide secure payment environment

for transmission of credit card datafor transmission of credit card data Number SET users increased by 300% Number SET users increased by 300%

since implementation in 1998since implementation in 1998

SET FeaturesSET Features Confidentiality (encryption)Confidentiality (encryption) Data integrityData integrity

digital signatures / message digestsdigital signatures / message digests Cardholder / merchant authenticationCardholder / merchant authentication

digital signatures / certificatesdigital signatures / certificates Platform interoperability Platform interoperability

defined protocols / message formatsdefined protocols / message formats

Topics CoveredTopics Covered What is Electronic Commerce?What is Electronic Commerce? Understanding the InternetUnderstanding the Internet IT components of Electronic Commerce IT components of Electronic Commerce Control issues related to Electronic CommerceControl issues related to Electronic Commerce E-PaymentE-Payment