Post on 15-Jan-2016
transcript
ELC 200
Day 23
Agenda
Questions from last Class? Assignment 5 corrected
3 A’s, 2 B’s, 1 C, 3 D, 4 F’s Most D’s and F’s are due to lateness Better off to turn in what you have on time then to finish late.
Quiz 3 Graded 6 A’s, 5 B’s, 1 C’s and 2 MIA’s
Student Evaluations Assignment 6, 7 & 8 all posted
Assignment 6 due April 27 @ 12:30PM Assignment 7 due May 1 @ 12:30PM Assignment 8 due May 8 @ 8AM
EBiz plan and presentations Due May 8 @ 8AM More information in assignments section of WebCT
Security for E-Payments
Public key infrastructure (PKI)—a scheme for securing e-payments using public key encryption and various technical components
Foundation of a number of network applications: Supply chain management Virtual private networks Secure e-mail Intranet applications
http://computer.howstuffworks.com/encryption.htm
Security for E-Payments
Public key encryptionEncryption (cryptography)—the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble (decrypt) it
Security for E-Payments (cont.)
All encryption has four basic parts: Plaintext—an unencrypted message in human-
readable form Ciphertext—a plaintext message after it has
been encrypted into unreadable form Encryption algorithm—the mathematical
formula used to encrypt the plaintext into ciphertext and vice versa
Key—the secret code used to encrypt and decrypt a message
Security for E-Payments (cont.)
Two major classes of encryption systems: Symmetric (private key)
Used to encrypt and decrypt plain text Shared by sender and receiver of text
Asymmetric (public key) Uses a pair of keys Public key to encrypt the message Private key to decrypt the message
http://www.uic.edu/depts/accc/newsletter/adn26/index.html
Security for E-Payments (cont.)
Public key encryption—method of encryption that uses a pair of keys—a public key to encrypt a message and a private key (kept only by its owner) to decrypt it, or vice versa Private key—secret encryption code held
only by its owner Public key—secret encryption code that is
publicly available to anyone
Exhibit 10.1Private Key Encryption
Exhibit 10.2Key Sizes & Time to Try All Possible Keys
Digital signatures—an identifying code that can be used to authenticate the identity of the sender of a message or document
Used to: Authenticate the identity of the sender of a
message or document Ensure the original content of the electronic
message or document is unchanged
Security for E-Payments (cont.)
Security for E-Payments (cont.)
Digital Signatures—how they work:1. Create an e-mail message with the contract in
it
2. Using special software, you “hash” the message, converting it into a string of digits (message digest)
3. You use your private key to encrypt the hash (your digital signature
Security for E-Payments (cont.)
4. E-mail the original message along with the encrypted hash to the receiver
5. Receiver uses the same special software to hash the message they received
6. Company uses your public key to decrypt the message hash that you sent. If their hash matches the decrypted hash, then the message is valid
Exhibit 10.3Digital Signatures
Security for E-Payments (cont.)
Digital certificates—verification that the holder of a public or private key is who he or she claims to be
Certificate authorities (CAs)—third parties that issue digital certificates
Name : “Richard”key-Exchange Key :Signature Key :Serial # : 29483756Other Data : 10236283025273Expires : 6/18/04Signed : CA’s Signature
Crypto, Digital Signature and Digital Certificates
Cryptography provides security by using encryption Ensures privacy
Digital Signatures are just like a real signature DCMA makes them just as legally binding as a signed
paper document
Digital Certificates uses Cryptographic techniques to prove Identity
Digital Signature
SenderReceiver
DS Plaintext
Add Digital Signature to Each MessageProvides Message-by-Message Authentication
Encrypted for Confidentiality
Digital Signature: Sender
DS
Plaintext
MD
Hash
Sign (Encrypt) MD withSender’s Private Key
To Create the Digital Signature:
1. Hash the plaintext to create
a brief message digest; This is
NOT the digital signature
2. Sign (encrypt) the message
digest with the sender’s private
key to create the digital
Signature
Digital Signature
SenderEncrypts Receiver
Decrypts
Send Plaintext plus Digital SignatureEncrypted with Symmetric Session Key
DS Plaintext
Transmission
Digital Signature: Receiver
DSReceived Plaintext
MDMD
1.Hash
2.Decrypt withTrue Party’sPublic Key
3.Are they Equal?
1. Hash the receivedplaintext with the samehashing algorithm the
sender used. This givesthe message digest
2. Decrypt the digitalsignature with the sender’spublic key. This also should
give the message digest.
3. If the two match, the message is authenticated;The sender has the true
Party’s private key
Public Key Deception
Impostor
“I am the True Person.”
“Here is TP’s public key.” (Sends Impostor’s public key)
“Here is authenticationbased on TP’s private key.”
(Really Impostor’s private key)
Decryption of message from Verifierencrypted with Impostor’s public key,
so Impostor can decrypt it
Verifier
Must authenticate True Person.
Believes now has TP’s public key
Believes True Personis authenticated
based on Impostor’s public key
“True Person,here is a message encrypted
with your public key.”
CriticalDeception
Digital Certificates
Digital certificates are electronic documents that give the true party’s name and public key
Applicants claiming to be the true party have their authentication methods tested by this public key
If they are not the true party, they cannot use the true party’s private key and so will not be authenticated
Digital certificates follow the X.509 Standard
Digital Signatures and Digital Certificates
Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital signature
DS Plaintext
Applicant
Verifier
Certificate Authority
DigitalCertificate:True Party’sPublic Key
Standards for E-Payments
Secure socket layer (SSL)—protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality
Transport Layer Security (TLS)—as of 1996, another name for the Secure Socket Layer protocol
Standards for E-Payments (cont.)
Secure Electronic Transaction (SET)—a protocol designed to provide secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others
Electronic Cards and Smart Cards
Payment cards—electronic cards that contain information that can be used for payment purposes Credit cards—provides holder with credit to make
purchases up to a limit fixed by the card issuer Charge cards—balance on a charge card is
supposed to be paid in full upon receipt of monthly statement
Debit card—cost of a purchase drawn directly from holder’s checking account (demand-deposit account)
Electronic Cards and Smart Cards (cont.)
The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant’s financial institution,
acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers performing
same duties formerly provided by issuers, etc.)
Exhibit 10.4Online Credit Card Processing
Electronic Cards and Smart Cards (cont.)
Credit card gateway—an online connection that ties a merchant’s systems to the back-end processing systems of the credit card issuer
Virtual credit card—an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers
Electronic Cards and Smart Cards (cont.)
Electronic wallets (e-wallets)—a software component in which a user stores credit card numbers and other personal information; when shopping online; the user simply clicks the e-wallet to automatically fill in information needed to make a purchase One-click shopping—saving your order
information on retailer’s Web server E-wallet—software downloaded to cardholder’s
desktop that stores same information and allows one-click-like shopping
Electronic Cards and Smart Cards (cont.)
Security risks with credit cards Stolen cards Reneging by the customer—authorizes a
payment and later denies it Theft of card details stored on merchant’s
computer—isolate computer storing information so it cannot be accessed directly from the Web
Electronic Cards and Smart Cards (cont.)
Purchasing cards—special-purpose payment cards issued to a company’s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit
Instrument of choice for B2B purchasing
E-Cards (cont.)
Benefits of using purchasing cards Productivity gains Bill consolidation Payment reconciliation Preferred pricing Management reports Control
Exhibit 10.5Participants & Process of Using a Purchasing Card
Smart Cards
Smart card—an electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card
Smart Cards (cont.)
Categories of smart cards Contact card—a smart card containing a
small gold plate on the face that when inserted in a smart-card reader makes contact and so passes data to and from the embedded microchip
Contactless (proximity) card—a smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device
Smart Cards (cont.)
Securing smart cards Theoretically, it is possible to “hack” into a
smart card Most cards can now store the information in
encrypted form Same cards can also encrypt and decrypt data
that is downloaded or read from the card Cost to the attacker of doing so far exceeds
the benefits
Smart Cards (cont.)
Important applications of smart card use: Loyalty Financial Information technology Health and social welfare Transportation Identification
E-Cash and Innovative Payment Methods
E-cash—the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items
Micropayments—small payments, usually under $10
Most of this work in Digital Cash comes from the research of Dr. David Chaum
E-Coin.net
System consists of three participants: User
Opens an account with eCoin.com Downloads a special e-wallet to their desktop PC Purchases some eCoins with a credit card
Merchant—embeds a special eCoin icon in its payment page
eCoin server—operates as a broker Keeps customer and merchant accounts Accepts payment requests from the customer’s e-wallet Computes embedded invoices for the merchant
E-Cash and Payment Card Alternatives (cont.)
Wireless paymentsVodafone “m-pay bill” system that enables wireless subscribers to use their mobile phones to make micropayments
Qpass (qpass.com)Charges to qpass account, are charged to a specified credit card on a monthly basis
Stored-Value Cards
Stores cash downloaded from bank or credit card account Visa cash—a stored-value card designed to
handle small purchases or micropayments; sponsored by Visa
Mondex—a stored-value card designed to handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard
E-Loyalty and Reward Programs
Loyalty programs online B2C sites spend hundreds of dollars acquiring
new customers Payback only comes from repeat customers
who are likely to refer other customers to a siteElectronic script—a form of electronic money
(or points), issued by a third party as part of a loyalty program; can be used by consumers to make purchases at participating stores
E-Loyalty and Reward Programs (cont.) Beenz—a form of electronic script offered by beenz.com
that consumers earn at participating sites and redeem for products or services Consumer earns beenz by visiting, registering, or
purchasing at 300 participating sites Beenz are stored and used for later purchases Partnered with MasterCard to offer rewardzcard—stored-
value card used in U.S. and Canada for purchases where MasterCard is accepted
Transfer beenz into money to spend on Web, by phone, mail order, physical stores
Went “out of business” in 2001
E-Loyalty and Reward Programs (cont.)
MyPoints-CyberGold Customers earn cash for viewing ads Cash used for later purchases or applied to credit card
account
Prepaid stored value cards—used online and off-line RocketCash
Combines online cash account with rewards program User opens account and adds funds Used to make purchases at participating merchants
Internetcash
Teenage market—primary reason for going online Communicating with friends via email and
chat rooms homework Researching information Playing games Downloading music or videos
Internetcash (cont.)
Why they do not shop online Parents will not let them children their (the
parents) credit cards online They cannot touch the products It is difficult to return items purchased on the
Web They do not have the money Transaction may be insecure
Internetcash (cont.)
InternetCash offers prepaid stored-value cards sold in amounts of $10, $20, $50, and $100 Must be activated to work Gives the user shopping privileges at online
stores that carry an InternetCash icon Purchases are automatically deducted from
the value of the card InternetCash’s transactions are anonymous
Internetcash (cont.)
InternetCash is facing obstacles First, they have to find retailers willing to sell the
cards Must persuade merchants to accept the card for
online purchases Legal issues
Person-to-Person Payments
Person-to-person (P2P) payments—e-payment schemes (such as paypal.com) that enable the transfer of funds between two individuals Repaying money borrowed Paying for an item purchased at online auction Sending money to students at college Sending a gift to a family member
Global B2B Payments
Letters of credit (LC)—a written agreement by a bank to pay the seller, on account of the buyer, a sum of money upon presentation of certain documents
TradeCard (tradecard.com)—innovative e-payment method that uses a payment card
Electronic Letters of Credit (LC)
Benefits to sellers Credit risk is
reduced Payment is highly
assured Political/country
risk is reduced
Benefits to the buyer Allows buyer to negotiate for a
lower purchase price Buyer can expand its source of
supply Funds withdrawn from buyer’s
account only after the documents have been inspected by the issuing bank
TradeCard Payments
TradeCard allows businesses to effectively and efficiently complete B2B transactions whether large or small, domestic or cross-border, or in multiple currencies Buyers and sellers interact with each other via the
TradeCard system System
Checks purchase orders for both parties Awaits confirmation from a logistics company that deliveries
have been made and received Authorizes payment completing financial transaction
between the buyer and seller
E-Checking
E-check—the electronic version or representation of a paper check Eliminate need for expensive process
reengineering and takes advantage of the competency of the banking industry
eCheck Secure (from vantaguard.com) and checkfree.com provide software that enables the purchase of goods and services with e-checks
Used mainly in B2B
Order Fulfillment: Overview
Order fulfillment—all the activities needed to provide customers with ordered goods and services, including related customer services Back-office operations—the activities that
support fulfillment of sales, such as accounting and logistics
Front-office operations—the business processes, such as sales and advertising, that are visible to customers
Overview of Logistics
Logistics—the operations involved in the efficient and effective flow and storage of goods, services, and related information from point of origin to point of consumption
Delivery of materials or services Right time Right place Right cost
Exhibit 10.9Order Fulfillment and Logistics Systems
EC Order Fulfillment Process
1. Payment clearance2. In-stock availability3. Arranging
shipments4. Insurance 5. Production
(planning, execution)
6. Plant services
7. Purchasing and warehousing
8. Customer contacts
9. Returns (Reverse logistics—movement of returns from customers to vendors)
10. Demand forecast
11. Accounting, billing
Steps in the process of order fulfillment
Order Fulfillment and the Supply Chain
Order fulfillment and order taking are integral parts of the supply chain.
Flows of orders, payments, and materials and parts need to be coordinated among Company’s internal participants External partners
The principles of supply chain management must be considered in planning and managing the order fulfillment process
Problems in Order Fulfillment
Manufacturers, warehouses, and distribution channels were not in sync with the e-tailers
High inventory costsQuality problems exist due to
misunderstandingsShipments of wrong products, materials, and
partsHigh cost to expedite operations or shipments
Problems in Order Fulfillment (cont.)
Uncertainties Major source of uncertainty is demand forecast Demand is influenced by
Consumer behavior Economic conditions Competition Prices Weather conditions Technological developments Customers’ confidence
Problems in Order Fulfillment (cont.)
Demand forecast should be conducted frequently with collaborating business partners along the supply chain in order to correctly gauge demand and make plans to meet it
Delivery times depend on factors ranging from machine failures to road conditions
Quality problems of materials and parts (may create production time delays)
Labor troubles (such as strikes) can interfere with shipments
Problems in Order Fulfillment (cont.)
Order fulfillment problems are created due by lack of coordination and inability or refusal to share information
Bullwhip effect—large fluctuations in inventories along the supply chain, resulting from small fluctuations in demand for finished products
Solutions to Order Fulfillment Problems
Improvements to order taking process Order taking can be done on EDI, EDI/Internet, or
an extranet, and it may be fully automated. In B2B, orders are generated and transmitted
automatically to suppliers when inventory levels fall below certain levels.
Result is a fast, inexpensive, and a more accurate process
Web-based ordering using electronic forms expedites the process
Makes it more accurate Reduces the processing cost for sellers
Solutions to Order Fulfillment Problems (cont.)Implementing linkages between order-
taking and payment systems can also be helpful in improving order fulfillment
Electronic payments can expedite order fulfillment cycle and payment delivery period Payment processing significantly less
expensive Fraud can be controlled better
Inventory Management Improvements
Inventories can be minimized by: Introducing a make-to-order (pull) production
process Providing fast and accurate demand information
to suppliers Inventory management can be improved
(inventory levels and administrative expenses) can be minimized by: Allowing business partners to electronically track
and monitor orders and production activities Having no inventory at by digitizing products
Automated Warehouses
B2C order fulfillment—send small quantities to a large number of individuals Step 1: retailers contract Fingerhut to stock
products and deliver Web orders Step 2: merchandise stored SKU warehouse Step 3: orders arrive Step 4: computer program consolidates orders
from all vendors into “pick waves”
Automated Warehouses (cont.)
Step 5: picked items moved by conveyors to packing area; computer configures size and type of packing; types special packing instructions
Step 6: conveyer takes packages to scanning station (weighed)
Step 7: scan destination; moved by conveyer to waiting trucks
Step 8: full trucks depart for Post Offices
Same Day, Even Same Hour Delivery
Role of FedEx and similar shippers From a delivery to all-logistics Many services Complete inventory control Packaging, warehousing, reordering, etc. Tracking services to customers
Same Day, Even Same Hour Delivery (cont.)
Supermarket deliveries Transport of fresh food to people who are
in homes only at specific hours Distribution systems are critical Fresh food may be spoiled
Partnering Efforts
Collaborative commerce among members of the supply chain results in: Shorter cycle times Minimal delays and work interruptions Lower inventories Less administrative cost Minimize bullwhip effect problem
Order Fulfillment in B2B
Using e-marketplaces and exchanges to ease order fulfillment problems
Both public and private marketplaces E-procurement system controlled by one large
buyer, suppliers adjust their activities and IS to fit the IS of the buyer
Company-centric marketplace can solve several supply chain problems
Use an extranet Use a vertical exchange
Order Fulfillment in B2B (cont.)
Shippers (sellers) Receivers (buyers) Carriers Third-party logistics
providers Warehouse
companies
Vertical e-marketplaces
Transportation
e-marketplaces Logistics software
application vendors
Players in B2B fulfillment
Handling Returns
Necessary for maintaining customer trust and loyalty using: Return item to place it was purchased Separate logistics of returns from logistics of
delivery Completely outsource returns Allow customer to physically drop returned
items at collection stations
UPS Provides Broad EC Services
Electronic tracking of packagesElectronic supply chain services for
corporate customers by industry including: Portal page with industry-related information Statistics
Calculators for computing shipping feesHelp customers manage electronic supply
chains
The UPS Strategy (cont.)
Improved inventory management, warehousing, and delivery
Integration with shipping management system
Notify customers by e-mail of: Delivery status Expected time of arrival of incoming
packages
The UPS Strategy (cont.)
Representative tools 7 transportation and delivery applications
Track packages Analyze shipping history Calculate exact time-in-transit
Downloadable tools Proof of delivery Optimal routing features
Delivery of digital documents Wireless access to UPS system
Managerial Issues
What B2C payment methods should we use?What B2B payment methods should we use?Should we use an in-house payment
mechanism or outsource it?How secure are e-payments?Have we planned for order fulfillment?How should we handle returns?Do we want alliances in order fulfillment?What EC logistics applications would be useful?
Summary
Crucial factors determining the success of an e-payment method
Key elements in securing an e-paymentOnline credit card players and processesThe uses and benefits of purchasing cardsCategories and potential uses of smart
cardsOnline alternatives to credit card payments
Summary (cont.)
E-check processes and involved partiesThe role of order fulfillment and back-office
operations in ECThe order fulfillment processProblems in order fulfillmentSolutions to order fulfillment problems