ELC 200
Day 23
�Agenda
Questions from last Class? Assignment 5 corrected
3 A’s, 2 B’s, 1 C, 3 D, 4 F’s Most D’s and F’s are due to lateness Better off to turn in what you have on time then to finish late.
Quiz 3 Graded
6 A’s, 5 B’s, 1 C’s and 2 MIA’s
Student Evaluations Assignment 6, 7 & 8 all posted
Assignment 6 due April 27 @ 12:30PM Assignment 7 due May 1 @ 12:30PM Assignment 8 due May 8 @ 8AM EBiz plan and presentations Due May 8 @ 8AM More information in assignments section of WebCT
�Security for E-Payments
Public key infrastructure (PKI)—a scheme for securing e-payments using public key encryption and various technical components Foundation of a number of network applications:
Supply chain management Virtual private networks Secure e-mail Intranet applications
http://computer.howstuffworks.com/encryption.ht m
�Security for E-Payments
Public key encryption
Encryption (cryptography)—the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an unauthorized person to unscramble (decrypt) it
�Security for E-Payments (cont.)
All encryption has four basic parts:
Plaintext—an unencrypted message in humanreadable form Ciphertext—a plaintext message after it has been encrypted into unreadable form Encryption algorithm—the mathematical formula used to encrypt the plaintext into ciphertext and vice versa Key—the secret code used to encrypt and decrypt a message
�Security for E-Payments (cont.)
Two major classes of encryption systems:
Symmetric (private key)
Used to encrypt and decrypt plain text Shared by sender and receiver of text
Asymmetric (public key)
Uses a pair of keys Public key to encrypt the message Private key to decrypt the message
http://www.uic.edu/depts/accc/newsletter/adn26/index.html
�Security for E-Payments (cont.)
Public key encryption—method of encryption that uses a pair of keys—a public key to encrypt a message and a private key (kept only by its owner) to decrypt it, or vice versa
Private key—secret encryption code held only by its owner Public key—secret encryption code that is publicly available to anyone
�Exhibit 10.1 Private Key Encryption
�Exhibit 10.2
Key Sizes & Time to Try All Possible Keys
�Security for E-Payments (cont.)
Digital signatures—an identifying code that can be used to authenticate the identity of the sender of a message or document Used to:
Authenticate the identity of the sender of a message or document Ensure the original content of the electronic message or document is unchanged
�Security for E-Payments (cont.)
Digital Signatures—how they work:
1. Create an e-mail message with the contract in it 2. Using special software, you “hash” the message, converting it into a string of digits (message digest) 3. You use your private key to encrypt the hash (your digital signature
�Security for E-Payments (cont.)
4. E-mail the original message along with the encrypted hash to the receiver 5. Receiver uses the same special software to hash the message they received 6. Company uses your public key to decrypt the message hash that you sent. If their hash matches the decrypted hash, then the message is valid
�Exhibit 10.3 Digital Signatures
�Security for E-Payments (cont.)
Digital certificates— verification that the holder of a public or private key is who he or she claims to be Certificate authorities (CAs)—third parties that issue digital certificates
Name : “Richard” key-Exchange Key : Signature Key : Serial # : 29483756 Other Data : 10236283025273 Expires : 6/18/04 Signed : CA’s Signature
�Crypto, Digital Signature and Digital Certificates
Cryptography provides security by using encryption
Ensures privacy
Digital Signatures are just like a real signature
DCMA makes them just as legally binding as a signed paper document
Digital Certificates uses Cryptographic techniques to prove Identity
�Digital Signature
Encrypted for Confidentiality
DS
Plaintext
Sender
Receiver
Add Digital Signature to Each Message Provides Message-by-Message Authentication
�Digital Signature: Sender
To Create the Digital Signature: 1. Hash the plaintext to create a brief message digest; This is NOT the digital signature 2. Sign (encrypt) the message digest with the sender’s private key to create the digital Signature Plaintext Hash MD
Sign (Encrypt) MD with Sender’s Private Key
DS
�Digital Signature
Send Plaintext plus Digital Signature Encrypted with Symmetric Session Key
DS Plaintext
Sender Encrypts
Transmission
Receiver Decrypts
�Digital Signature: Receiver
Received Plaintext DS 2. Decrypt with True Party’s Public Key MD 1. Hash the received plaintext with the same hashing algorithm the sender used. This gives the message digest 2. Decrypt the digital signature with the sender’s public key. This also should give the message digest. 3. If the two match, the message is authenticated; The sender has the true Party’s private key
1. Hash
MD 3. Are they Equal?
�Public Key Deception
Impostor “I am the True Person.” “Here is TP’s public key.” (Sends Impostor’s public key) “Here is authentication based on TP’s private key.” (Really Impostor’s private key) Decryption of message from Verifier encrypted with Impostor’s public key, so Impostor can decrypt it Verifier Must authenticate True Person.
Critical Deception
Believes now has TP’s public key
Believes True Person is authenticated based on Impostor’s public key “True Person, here is a message encrypted with your public key.”
�Digital Certificates
Digital certificates are electronic documents that give the true party’s name and public key Applicants claiming to be the true party have their authentication methods tested by this public key If they are not the true party, they cannot use the true party’s private key and so will not be authenticated Digital certificates follow the X.509 Standard
�Digital Signatures and Digital Certificates
Public key authentication requires both a digital signature and a digital certificate to give the public key needed to test the digital Digital signature Certificate:
Certificate Authority Applicant DS Plaintext Verifier
True Party’s Public Key
�Standards for E-Payments
Secure socket layer (SSL)—protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality Transport Layer Security (TLS)—as of 1996, another name for the Secure Socket Layer protocol
�Standards for E-Payments (cont.)
Secure Electronic Transaction (SET)—a protocol designed to provide secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others
�Electronic Cards and Smart Cards
Payment cards—electronic cards that contain information that can be used for payment purposes
Credit cards—provides holder with credit to make purchases up to a limit fixed by the card issuer Charge cards—balance on a charge card is supposed to be paid in full upon receipt of monthly statement Debit card—cost of a purchase drawn directly from holder’s checking account (demand-deposit account)
�Electronic Cards and Smart Cards (cont.)
The Players
Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant’s financial institution, acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers performing same duties formerly provided by issuers, etc.)
�Exhibit 10.4 Online Credit Card Processing
�Electronic Cards and Smart Cards (cont.)
Credit card gateway—an online connection that ties a merchant’s systems to the back-end processing systems of the credit card issuer Virtual credit card— an e-payment system in which a credit card issuer gives a special transaction number that can be used online in place of regular credit card numbers
�Electronic Cards and Smart Cards (cont.)
Electronic wallets (e-wallets)—a software component in which a user stores credit card numbers and other personal information; when shopping online; the user simply clicks the e-wallet to automatically fill in information needed to make a purchase
One-click shopping—saving your order information on retailer’s Web server E-wallet—software downloaded to cardholder’s desktop that stores same information and allows one-click-like shopping
�Electronic Cards and Smart Cards (cont.)
Security risks with credit cards
Stolen cards Reneging by the customer—authorizes a payment and later denies it Theft of card details stored on merchant’s computer—isolate computer storing information so it cannot be accessed directly from the Web
�Electronic Cards and Smart Cards (cont.)
Purchasing cards—special-purpose payment cards issued to a company’s employees to be used solely for purchasing nonstrategic materials and services up to a preset dollar limit
Instrument of choice for B2B purchasing
�E-Cards (cont.)
Benefits of using purchasing cards
Productivity gains Bill consolidation Payment reconciliation Preferred pricing Management reports Control
�Exhibit 10.5
Participants & Process of Using a Purchasing Card
�Smart Cards
Smart card—an electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card
�Smart Cards (cont.)
Categories of smart cards
Contact card—a smart card containing a small gold plate on the face that when inserted in a smart-card reader makes contact and so passes data to and from the embedded microchip Contactless (proximity) card—a smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device
�Smart Cards (cont.)
Securing smart cards
Theoretically, it is possible to “hack” into a smart card
Most cards can now store the information in encrypted form Same cards can also encrypt and decrypt data that is downloaded or read from the card
Cost to the attacker of doing so far exceeds the benefits
�Smart Cards (cont.)
Important applications of smart card use:
Loyalty Financial Information technology Health and social welfare Transportation Identification
�E-Cash and Innovative Payment Methods
E-cash—the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items Micropayments—small payments, usually under $10 Most of this work in Digital Cash comes from the research of Dr. David Chaum
�E-Coin.net
System consists of three participants:
User
Opens an account with eCoin.com Downloads a special e-wallet to their desktop PC Purchases some eCoins with a credit card
Merchant—embeds a special eCoin icon in its payment page eCoin server—operates as a broker
Keeps customer and merchant accounts Accepts payment requests from the customer’s e-wallet Computes embedded invoices for the merchant
�E-Cash and Payment Card Alternatives (cont.)
Wireless payments
Vodafone “m-pay bill” system that enables wireless subscribers to use their mobile phones to make micropayments
Qpass (qpass.com)
Charges to qpass account, are charged to a specified credit card on a monthly basis
�Stored-Value Cards
Stores cash downloaded from bank or credit card account
Visa cash—a stored-value card designed to handle small purchases or micropayments; sponsored by Visa Mondex—a stored-value card designed to handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard
�E-Loyalty and Reward Programs
Loyalty programs online
B2C sites spend hundreds of dollars acquiring new customers Payback only comes from repeat customers who are likely to refer other customers to a site
Electronic script—a form of electronic money (or points), issued by a third party as part of a loyalty program; can be used by consumers to make purchases at participating stores
�E-Loyalty and Reward Programs (cont.)
Beenz—a form of electronic script offered by beenz.com that consumers earn at participating sites and redeem for products or services
Consumer earns beenz by visiting, registering, or purchasing at 300 participating sites Beenz are stored and used for later purchases Partnered with MasterCard to offer rewardzcard— stored-value card used in U.S. and Canada for purchases where MasterCard is accepted Transfer beenz into money to spend on Web, by phone, mail order, physical stores
Went “out of business” in 2001
�E-Loyalty and Reward Programs (cont.)
MyPoints-CyberGold
Customers earn cash for viewing ads Cash used for later purchases or applied to credit card account
Prepaid stored value cards—used online and off-line
RocketCash
Combines online cash account with rewards program User opens account and adds funds Used to make purchases at participating merchants
�Internetcash
Teenage market—primary reason for going online
Communicating with friends via email and chat rooms homework Researching information Playing games Downloading music or videos
�Internetcash (cont.)
Why they do not shop online
Parents will not let them children their (the parents) credit cards online They cannot touch the products It is difficult to return items purchased on the Web They do not have the money Transaction may be insecure
�Internetcash (cont.)
InternetCash offers prepaid storedvalue cards sold in amounts of $10, $20, $50, and $100
Must be activated to work Gives the user shopping privileges at online stores that carry an InternetCash icon Purchases are automatically deducted from the value of the card InternetCash’s transactions are anonymous
�Internetcash (cont.)
InternetCash is facing obstacles
First, they have to find retailers willing to sell the cards Must persuade merchants to accept the card for online purchases Legal issues
�Person-to-Person Payments
Person-to-person (P2P) payments—epayment schemes (such as paypal.com) that enable the transfer of funds between two individuals
Repaying money borrowed Paying for an item purchased at online auction Sending money to students at college Sending a gift to a family member
�Global B2B Payments
Letters of credit (LC)—a written agreement by a bank to pay the seller, on account of the buyer, a sum of money upon presentation of certain documents TradeCard (tradecard.com)—innovative e-payment method that uses a payment card
�Electronic Letters of Credit (LC)
Benefits to sellers
Credit risk is reduced Payment is highly assured Political/country risk is reduced
Benefits to the buyer
Allows buyer to negotiate for a lower purchase price Buyer can expand its source of supply Funds withdrawn from buyer’s account only after the documents have been inspected by the issuing bank
�TradeCard Payments
TradeCard allows businesses to effectively and efficiently complete B2B transactions whether large or small, domestic or cross-border, or in multiple currencies
Buyers and sellers interact with each other via the TradeCard system System
Checks purchase orders for both parties Awaits confirmation from a logistics company that deliveries have been made and received Authorizes payment completing financial transaction between the buyer and seller
�E-Checking
E-check—the electronic version or representation of a paper check
Eliminate need for expensive process reengineering and takes advantage of the competency of the banking industry eCheck Secure (from vantaguard.com) and checkfree.com provide software that enables the purchase of goods and services with e-checks Used mainly in B2B
�Order Fulfillment: Overview
Order fulfillment—all the activities needed to provide customers with ordered goods and services, including related customer services
Back-office operations—the activities that support fulfillment of sales, such as accounting and logistics Front-office operations—the business processes, such as sales and advertising, that are visible to customers
�Overview of Logistics
Logistics—the operations involved in the efficient and effective flow and storage of goods, services, and related information from point of origin to point of consumption Delivery of materials or services
Right time Right place Right cost
�Exhibit 10.9
Order Fulfillment and Logistics Systems
�EC Order Fulfillment Process
Steps in the process of order fulfillment 1. Payment clearance 2. In-stock availability 3. Arranging shipments 4. Insurance 5. Production (planning, execution) 6. Plant services 7. Purchasing and warehousing 8. Customer contacts 9. Returns (Reverse logistics—movement of returns from customers to vendors) 10. Demand forecast 11. Accounting, billing
�Order Fulfillment and the Supply Chain
Order fulfillment and order taking are integral parts of the supply chain. Flows of orders, payments, and materials and parts need to be coordinated among
Company’s internal participants External partners
The principles of supply chain management must be considered in planning and managing the order fulfillment process
�Problems in Order Fulfillment
Manufacturers, warehouses, and distribution channels were not in sync with the e-tailers High inventory costs Quality problems exist due to misunderstandings Shipments of wrong products, materials, and parts High cost to expedite operations or shipments
�Problems in Order Fulfillment (cont.)
Uncertainties
Major source of uncertainty is demand forecast Demand is influenced by
Consumer behavior Economic conditions Competition Prices Weather conditions Technological developments Customers’ confidence
�Problems in Order Fulfillment (cont.)
Demand forecast should be conducted frequently with collaborating business partners along the supply chain in order to correctly gauge demand and make plans to meet it Delivery times depend on factors ranging from machine failures to road conditions Quality problems of materials and parts (may create production time delays) Labor troubles (such as strikes) can interfere with shipments
�Problems in Order Fulfillment (cont.)
Order fulfillment problems are created due by lack of coordination and inability or refusal to share information Bullwhip effect—large fluctuations in inventories along the supply chain, resulting from small fluctuations in demand for finished products
�Solutions to Order Fulfillment Problems
Improvements to order taking process
Order taking can be done on EDI, EDI/Internet, or an extranet, and it may be fully automated. In B2B, orders are generated and transmitted automatically to suppliers when inventory levels fall below certain levels. Result is a fast, inexpensive, and a more accurate process
Web-based ordering using electronic forms expedites the process Makes it more accurate Reduces the processing cost for sellers
�Solutions to Order Fulfillment Problems (cont.)
Implementing linkages between ordertaking and payment systems can also be helpful in improving order fulfillment Electronic payments can expedite order fulfillment cycle and payment delivery period
Payment processing significantly less expensive Fraud can be controlled better
�Inventory Management Improvements
Inventories can be minimized by:
Introducing a make-to-order (pull) production process Providing fast and accurate demand information to suppliers
Inventory management can be improved (inventory levels and administrative expenses) can be minimized by:
Allowing business partners to electronically track and monitor orders and production activities Having no inventory at by digitizing products
�Automated Warehouses
B2C order fulfillment—send small quantities to a large number of individuals
Step 1: retailers contract Fingerhut to stock products and deliver Web orders Step 2: merchandise stored SKU warehouse Step 3: orders arrive Step 4: computer program consolidates orders from all vendors into “pick waves”
�Automated Warehouses (cont.)
Step 5: picked items moved by conveyors to packing area; computer configures size and type of packing; types special packing instructions Step 6: conveyer takes packages to scanning station (weighed) Step 7: scan destination; moved by conveyer to waiting trucks Step 8: full trucks depart for Post Offices
�Same Day, Even Same Hour Delivery
Role of FedEx and similar shippers
From a delivery to all-logistics Many services Complete inventory control Packaging, warehousing, reordering, etc. Tracking services to customers
�Same Day, Even Same Hour Delivery (cont.)
Supermarket deliveries
Transport of fresh food to people who are in homes only at specific hours Distribution systems are critical Fresh food may be spoiled
�Partnering Efforts
Collaborative commerce among members of the supply chain results in:
Shorter cycle times Minimal delays and work interruptions Lower inventories Less administrative cost Minimize bullwhip effect problem
�Order Fulfillment in B2B
Using e-marketplaces and exchanges to ease order fulfillment problems Both public and private marketplaces
E-procurement system controlled by one large buyer, suppliers adjust their activities and IS to fit the IS of the buyer Company-centric marketplace can solve several supply chain problems Use an extranet Use a vertical exchange
�Order Fulfillment in B2B (cont.)
Players in B2B fulfillment Shippers (sellers) Receivers (buyers) Carriers Third-party logistics providers Warehouse companies Vertical emarketplaces Transportation e-marketplaces Logistics software application vendors
�Handling Returns
Necessary for maintaining customer trust and loyalty using:
Return item to place it was purchased Separate logistics of returns from logistics of delivery Completely outsource returns Allow customer to physically drop returned items at collection stations
�UPS Provides Broad EC Services
Electronic tracking of packages Electronic supply chain services for corporate customers by industry including:
Portal page with industry-related information Statistics
Calculators for computing shipping fees Help customers manage electronic supply chains
�The UPS Strategy (cont.)
Improved inventory management, warehousing, and delivery Integration with shipping management system Notify customers by e-mail of:
Delivery status Expected time of arrival of incoming packages
�The UPS Strategy (cont.)
Representative tools
7 transportation and delivery applications
Track packages Analyze shipping history Calculate exact time-in-transit
Downloadable tools
Proof of delivery Optimal routing features
Delivery of digital documents Wireless access to UPS system
�Managerial Issues
What B2C payment methods should we use? What B2B payment methods should we use? Should we use an in-house payment mechanism or outsource it? How secure are e-payments? Have we planned for order fulfillment? How should we handle returns? Do we want alliances in order fulfillment? What EC logistics applications would be useful?
�Summary
Crucial factors determining the success of an e-payment method Key elements in securing an e-payment Online credit card players and processes The uses and benefits of purchasing cards Categories and potential uses of smart cards Online alternatives to credit card payments
�Summary (cont.)
E-check processes and involved parties The role of order fulfillment and back-office operations in EC The order fulfillment process Problems in order fulfillment Solutions to order fulfillment problems
�