Introduction to E-Commerce

Outline: - What is Commerce? - Benefits of E-Commerce - What is E-Commerce? - Types of E-Commerce - Difference of E-Commerce and Traditional Commerce Commerce - is the exchange of something of value between two entities. That "something may be goods, services, information, money, or anything else the two entities consider to have value. Commerce is the central mechanism from which capitalism is derived. E-commerce - stands for electronic commerce and pertains to trading in goods and services through the electronic medium, i.e. the Internet. - On the Internet, it pertains to a website, which sells products or services directly from the site using a shopping cart or shopping basket system and allows credit card payments. Differences between Electronic Commerce and traditional commerce The major difference is the way information is exchanged and processed: Traditional commerce: face-to-face, telephone lines , or mail systems manual processing of traditional business transactions individual involved in all stages of business transactions E-Commerce: using Internet or other network communication technology automated processing of business transactions individual involved in all stages of transactions pulls together all activities of business transactions, marketing and advertising as well as service and customer support Better to be Online! (Is It Better to be Online?) Easy search and retrieval of desired object Ease in comparison between object and shops Less tiring Enables the business activity to enter the global market Cuts down cost Better to be Offline! (Is It Better to be Offline?) Privacy issue and disclosure of information False information Delivery time can be an agony. Spam messages Benefits of E- Commerce Benefits to Organizations: - Global Reach -- Market expansion to national and international markets - Extended Hours 24/7/365 - Cost reduction -- Reduced cost of creating, processing, distributing, storing and retrieving paper based information - Automated business processing - Cost-effective document transfer - Reduced time to complete business transactions, speed-up the delivery time - Improved customer service. - Increased productivity - Reduced transportation Costs

Introduction to E-Commerce
Benefits to Consumers: - Transactions can be done 24 hrs a day, all year round and from any location - Customer has more choices - Rapid inter-personal communications and information accesses - Wider access to assistance and to advice from experts - Save shopping time and money - Fast services and delivery Limitations of E- Commerce Technical Limitations: - Lack of security, reliability, standards - Insufficient bandwidth - Rapid change in software development tools - Difficult to integrate the Internet and EC s/w with existing applications and databases - Venders require special web servers and other infrastructures - Incompatibility of certain operating systems with certain h/w or s/w. (optional) Non-Technical Limitations: - Cost and justification - Security and privacy - Lack of trust and user resistance - Other factors Division of E-commerce E-tailing Also called as electronic retail or e-retail Retailers use Web to sell products and services This division directly refers to the one we see, the 24 hour virtual mall. Amazon.com, Compudata.com, Social Networks Market research Ability of companies to gather data from their prospects through registration form, questionnaires or order forms But this is a privacy issue, whether if it is really for market study Electronic Data Interchange (EDI) Exchange of business data using an understood data format. Involves data exchange from parties that do know each other EDI is expected to be replaced by one or more standard XML formats such as ebXML Email, fax and internet telephony Used as a media to reached prospects and established customers. Internet telephony and fax is usually done in business to business transaction Companies and their email of newsletters to subscribers Opt-in-email allows user to voluntarily receive mail updates Forces fueling E- Commerce 1. Economic Factors 2. Marketing and Customer Interaction Forces 3. Technology and Digital Convergence 1. Economic Forces - Reduced Cost - Low technological infrastructure - Internal Integration of operations

Introduction to E-Commerce
- External Integration of operations 2. Marketing and Customer Interaction Forces - Efficient Marketing Channel - Market Equity - Target Marketing - Customer Relations 3. Technology and Digital Convergence Convergence of Content - Convergence of different types of information - Information gathering, processing, manipulation and distribution Convergence of transmission - Convergence of Communication equipment - Convergence of Voice and data networks E-Commerce 2 Major Categories Business-to-consumer (B2C) : Online transactions are made between businesses and individual consumers. E.g. Amazon.com, eBay.com. Business-to-business (B2B): Businesses make online transactions with other businesses. Other Categories Consumer-to-consumer (C2C) E-learning Mobile commerce (m-commerce) E-government E-commerce Applications - Supply Chain Management - Video-on-demand - Procurement and purchasing - On-line Marketing and Advertising - Home Shopping Common Business Services infrastructure The common business infrastructure for electronic commerce consists of four main elements: Security Authentication Encryption Electronic Payments 1. Security Major concern for doing business on the Internet. Businesses feel vulnerable to attack. Encryption is used to help secure data. HTTPS (HTTP with SSL) is used to encrypt data to ensure its integrity and safety. Secure Sockets Layer (SSL) is a standard for secure interactions use on the Web. SSL, uses a combination of private key encryption (using a one-time session key) and digital signatures to enhance the security of transmission. Concerns remain for e-commerce transactions since there are numerous examples of data and privacy issues. 2. Authentication Authentication is the security process of verifying that a user is who he or she says they are. Passwords are the most common type of authentication. It is important that users understand strong passwords. Digital signatures are now gaining popularity for authenticating transmitted information. Authentication: Digital Signatures Digital signatures take the place of ordinary signatures in online transactions to prove that the sender of a message is who he or she claims to be. When received, the digital signature is compared with a known copy of the senders digital signature. Digital signatures are also sent in encrypted form to ensure they have not been forged. 3. Encryption

Introduction to E-Commerce
Encryption systems translate data into a secret code (many types of encryption used). Encryption systems include 4 main components: Plaintext: the unencrypted message An encryption algorithm: that works like the locking mechanism to a safe A key that works like the safes combination Ciphertext is produced from the plaintext message by the encryption function. Decryption is the same process in reverse (like a modulation/demodulation), but it doesnt always use the same key or algorithm. Plaintext results from decryption. Encryption Techniques The two main encryption techniques now in use: Symmetric encryption in which both sender and receiver use the same key. Asymmetric or public key encryption, which uses two separate keys, called public and private keys. Symmetric Encryption Symmetric or private key encryption uses the same algorithm and key to both encrypt and decrypt a message. Historically, this is the most common encryption technique. Since the key must be distributed, however, it is vulnerable to interception. This is an important weakness of symmetric key encryption. DES uses symmetric encryption. Asymmetric or Public Key Encryption A second popular technique is asymmetric or public key encryption (PKE). PKE is called asymmetric since it uses two different one way keys: a public key used to encrypt messages, and a private key used to decrypt them. PKE greatly reduces the key management problem since the private key is never distributed. PGP (pretty good privacy) is a popular form of PKE available as shareware. 4. Electronic Payments A number of payment methods are used by businesses to make and receive payments on the Internet. These methods are basically the equivalent of off-line payment methods. Here are a few of the most popular types: Virtual Terminals. Transaction Processors. Internet Checking. Electronic Funds Transfer (EFT). Search Engines Search engines are used to index the contents of the Internet so that information about a specific topic can be located. Managers should pay attention to search engines for two reasons: They provide useful and extensive access to information. And, they can provide the visibility that becoming listed with them provides. Google, founded in 1991 by two Stanford Ph.D. students, is the most popular search engine. Web Services & Personalization A web service is a standardized way of integrating web-based applications. Organizations can share data transparently. Web services are the basic building blocks of the SOA (Service Oriented Architecture). They are excellent for integrating systems across organizational boundaries.

Introduction to E-Commerce
Personalization is the selective delivery of content and services to customers and prospective customers. Can offer customized services to meet the past and future interests of customers. Messaging and Information Distribution Infrastructure Second building block of supporting framework for e-commerce. Includes email, instant messaging, Voice over IP (VoIP), point-to-point file transfers (FTP), and groupware. E-mail is still largest use in this area. ISP (Internet Service Provider) connects the user to the Internet. Multimedia content Third building block of supporting framework for e-commerce. Includes standards for various multimedia file types. Examples of materials transported in this way include: Video Audio Text/Electronic documents Graphics & Photos Realtime/Non-realtime applications Network Publishing Infrastructure Fourth building block of supporting framework for e-commerce. Includes data communications circuits over which information travels. Includes: Packet-switched networking (telephony is circuit-switched) Packets contain overhead information including addressing They are also routed, like mail All of this flows across Internet backbones Newer Internet access technologies include wireless access, cable access and DSL. Public Policy Public policy is one of two supporting pillars for e-commerce. Public policy issues include: universal access, privacy, information pricing, information access. Privacy issues include what information is private and/or who should have the right to use/sell information about Internet users: Requesting personal information on visiting a web site Creating customer profiles Leaving electronic footprints when visiting a web site Technical Standards Standardization is the second supporting pillar for e-Commerce. Standards are critical for electronic interaction. Secure Electronic Transaction (SET) for secure payments of online credit card transactions is one of the most heavily promoted standards Other application standards include file transfer protocol (FTP), hypertext transfer protocol (HTTP), simple network management protocol (SNMP), post office protocol (POP), and multimedia internet mail extensions (MIME) Risks Associated with Electronic Commerce What is Risk? Business risk is the possibility of a loss or injury that can reduce or eliminate an organizations ability to achieve its objectives. Any loss, theft, or destruction of data or misuse of data or programs meets the definition.

Introduction to E-Commerce
Intranet Risks Intranets are networks within an organization that handle transaction processes and e-mail within the organization and are linked to the outside. The threats that are usually tied to intranets are unauthorized and illegal employee activities whether to steal or harm the organization. A number of possibilities exist. 1. interception of network messages, 3. privileged employees, and 2. access to corporate databases, 4. company reluctance to prosecute. Internet Risks This section will consider risks to consumers, risks to businesses, and some general concerns. 1. Risks to consumers include theft of credit card numbers, theft of passwords, privacy questions, and cookies. Read this material carefully both as accountants and as consumers. 2. Risks to businesses are different. The two primary issues discussed are IP spoofing and denial of service attacks. A number of news stories in the last few months relate to these techniques. Other issues discussed for business include the problems related to technology failures and especially malicious programs. You have, no doubt, heard of the Melissa virus and the Love Bug!

Security, Assurance, and Trust

Awareness of problems is a start. Taking the necessary precautions is the necessary follow-up. Three areas of precaution are discussed: data encryption, digital authentication, and firewalls. A. Encryption Encryption is the process of coding data before it is transmitted and decoding it after. The key issues relate to the key(s) used for the process and who knows them. Two basic methods are presented: data encryption standard (DES) and public key encryption. Read to understand the techniques and their differences. B. Digital Authentication Authentication relates the techniques to support the authenticity of transmitted data. In other words, techniques used to prove the transaction is authentic. Two techniques are discussed: digital signatures and digital certificates. C. Firewalls A firewall is a combination of hardware and software used to keep out intruders. This section discusses both networklevel firewalls and application-level firewalls. [Note also that firewall software is available to consumers and is recommended for individuals who have opted for fulltime Internet access through cable connection. Since the connection is continuous, with a fixed IP address, protection from the outside is recommended.] D. Seals of Assurance It is only natural that the risks associated with the Internet have spawned organizations offering protection. Many seals of assurance the Good Housekeeping seal for Internet sites have appeared. This section discusses six. Note, however, that others will appear, and all are not created equal. Read the characteristics carefully. They are designed for different purposes. This area also invites scams!

Introduction to E-Commerce
The seals discussed in this section include: BBBOnline, TRUSTe, VeriSign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.

Implications for the Accounting Profession

So, what does all of this mean for the accounting profession? In just a few words Things are going to change! And the changes will affect how accountants are trained and how they do their job new ways to do old tasks and many new responsibilities. [If you have not yet had your auditing course, be patient and store this information for future reference.] With business activity being increasingly automated, auditors must use new techniques in evaluating control adequacy and in verifying that economic events did, in fact, occur and were properly recorded. A. Privacy Violation Companies must protect customer and trading partner data. Both as accountants and as consumers we have good reason to be concerned about the use companies make of the data they collect on their customers and trading partners. Five key questions are raised: Does the organization have a stated privacy policy? What mechanisms are in place to assure the consistent application of stated privacy policies? What information on customers, trading partners, and visitors does the company capture? Does the organization share or sell its customer, trading partner, or visitor information? Can individuals and business entities verify and update the information captured about them? Privacy violation is a serious worry. The book discussed a KPMG white paper and the Safe Harbor Agreement between the U.S. and the European Union that was implemented in 1995.