1.What is e-commerce
Electronic commerce is a term for any type of business, or commercial transaction, that involves the transfer of information across the internet. It is an online platform where sales can be made by supplier to customer. In order for one to conduct e-commerce there needs to be a storefront or an e-commerce platform for example magento, demandware, oracle commerce, shopify, woocommerce, etc.
2.Types of eCommerce Business Models
Typically, eCommerce business models can be divided into six major types, such as:
• Business-to-Business (B2B)
• Business-to-Consumer (B2C)
• Consumer-to-Consumer (C2C)
• Consumer-to-Business (C2B)
• Business-to-Administration (B2A)
• Consumer-to-Administration (C2A)
The Business-to-Business (B2B) model consists of electronic transactions and processes relating to the provision of goods and services. The business is conducted between companies and may involve conventional wholesalers and producers dealing with retailers. A business to business platform provides it goods and services to an intermediate buyer who then sells the product to the final customer. As an example, a wholesaler may decide to place an order from a company’s business website and upon the receipt of consignment, goes on to sell the end product to a final customer purchases the product at one of the retail outlets.
The Business-to-Consumer eCommerce is related to the transactions and relationship between businesses and the end customers. This is mainly to do with the retail eCommerce trade that takes place online. With the inception of the internet, B2C eCommerce has evolved to a great extent. Today, we find scores of electronic shopping sites and virtual stores on the web, that sell myriad products, ranging from computers, fashion items to even necessities.
In this case, the customer has more info about the products in the form of informative content and there is also a chance to buy products at cheaper rates. Most times, quick delivery of the order is also maintained.
This consists of electronic transactions of products and services between two customers. These are mainly conducted through a third party that provides an online platform for these transactions. Sites, where old items are bought and sold, are examples of C2C eCommerce. A website following the C2C business model helps consumers to sell their assets like residential property, cars, motorcycles, etc., or rent a room by publishing their information on the website. Website may or may not charge the consumer for its services. Another consumer may opt to buy the product of the first customer by viewing the post/advertisement on the website.
In this, a complete reversal of the selling and buying process takes place. This is very relevant for crowdsourcing projects. In this case, individuals make their items or services and sell them to companies. Some examples are proposals for company site or logo, royalty free photographs, design elements and so on. In this model, a consumer approaches a website showing multiple business organizations for a particular service. The consumer places an estimate of amount he/she wants to spend for a particular service. For example, the comparison of interest rates of personal loan/car loan provided by various banks via websites. A business organization who fulfills the consumer’s requirement within the specified budget, approaches the customer and provides its services.
In this kind of eCommerce transaction, there are dealings between companies and public administration. It encompasses different services, such as social security, fiscal measures, legal documents, employment and so on.
In this eCommerce model, electronic transactions are carried between individuals and public administration. Some examples are distance learning, information sharing, electronic tax filing, and so on.
The main objective of both the B2A and C2A types of eCommerce is to increase flexibility, efficiency, and transparency in public administration.
Business – to – Government
B2G model is a variant of B2B model. Such websites are used by governments to trade and exchange information with various business organizations. Such websites are accredited by the government and provide a medium to businesses to submit application forms to the government.
Government – to – Business
Governments use B2G model websites to approach business organizations. Such websites support auctions, tenders, and application submission functionalities.
Government – to – Citizen
Governments use G2C model websites to approach citizen in general. Such websites support auctions of vehicles, machinery, or any other material. Such website also provides services like registration for birth, marriage or death certificates. The main objective of G2C websites is to reduce the average time for fulfilling citizen’s requests for various government services.
A form of the e-payment system which requires the use of the card issued by a financial institute to the cardholder for making payments online or through an electronic device, without the use of cash. Credit card. As you can see, nowadays most online transactions are done with Credit Cards. Since this paradigm does not need much for infrastructure and can be understood easily by users. Although using a credit card to purchase on the net is very popular, there are still some flaws of credit card payment. For example:
• Credit card Frauds
• No customer signature
• Legitimacy of merchant
• Privacy is always compromised with spam emails and telemarketing calls
• Sometimes, the cost of transferring a payment can exceed the cost of the product itself.
A plastic card with a microprocessor that can be loaded with funds to make transactions; also known as a chip card. The smart card (or integrated circuit card) is the culmination of a technological evolution starting with cards with barcodes and magnetic stripe cards. Smart cards or microprocessor cards contain within the thickness of their plastic (0.76 mm) a miniature computer (operating system, microprocessor, memories, and integrated circuits). These cards can carry out advanced methods of encryption to authenticate participants, to guarantee the integrity of data, and to ensure their confidentiality.
A financial transaction in which the account holder instructs the bank to collect a specific amount of money from his account electronically to pay for goods or services.
A digital version of an old paper check. It’s an electronic transfer of money from a bank account, usually checking account, without the use of the paper check.
This is a form of an electronic payment system, where a certain amount of money is stored on a client’s device and made accessible for online transactions.
A card with a certain amount of money that can be used to perform the transaction in the issuer store. A typical example of stored-value cards are gift cards.
Electronic Fund Transfer
It is a very popular electronic payment method to transfer money from one bank account to another bank account. Accounts can be in the same bank or different banks. Money is transferred electronically from one financial institution to another.Funds transfer can be done using ATM or using computer.
Payment is done over the network.Amount gets transferred from one financial body to another financial body, without any involvement of middleman. E-money transactions are faster, convenient, and saves a lot of time. Online payments done via credit cards, debit cards, or smart cards are examples of emoney transactions.
Amount gets deducted from card’s bank account . Sufficient balance in bank account for the transaction to get completed. Debit cards free the customer to carry cash and cheques. Even merchants accept a debit card readily. A debit card has the following features Issuing bank logo, EMV chip, Hologram, Card number, Card brand logo, Expiration date, Cardholder’s name.Types of debit cards online debit card and offline debit card.
4.What are web services (all tiers)
Web Service is a subset of the middle layer (Application or Business Logic) in a multi-tier architecture. All a web service is does is provide a business function in a modular form. It stores HTML files and dispenses them to clients, processes forms details and communicates with other servers. A web service enables communication amoung varius applications by using open standards such as HTML, XML, WSDL, UDDI and SOAP. A web service takes the help of the following:
• XML to tag the data
• SOAP to transfer a message
• WSDL to describe the availability of service.
• UDDI to publish and find web services
Types of webservices may include JSON-RPC, JSON-WSP, Web template, Web Services Description Language (WSDL),XML Interface for Network Services (XINS), provides a POX-style web service specification format,Web Services Conversation Language (WSCL).
• it is a stand alone application .e.g WAMP
• no networking is involved
• has high-performance
• Can’t access remote services
• Involves two entities e.g client and web servers
• Quite simple
• Separation of presentation logic from
• business logic
• Little potential for resource sharing, a big
• Involves three entities e.g client and web servers and dbserver
• Separation of presentation, business and data logic
• Concurrent data access
• Allows for shared resources
• It is more secure
• Involves four entities e.g client, web servers,appserver and dbserver
• May be expensive
5.Explain Ecommerce security protocols
SECURE HYPERTEXT TRANSFER PROTOCOL (S-HTTP)
S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that can allow the exchange of files on the World Wide Web securely. Each S-HTTP file is secured using encryption or contains a digital certificate. For any document, S-HTTP is a known alternative to Secure Socket Layer (SSL). It is different from SSL in that that S-HTTP enables the client to send a certificate to authenticate the user unlike in SSL where the server is the only one that is be authenticated. S-HTTP is usually used when for example the server represents a bank and requires a secure way of authenticating users that differs from the traditional use of passwords and user identifications. S-HTTP does not use any single encryption system, but it does support the Rivest-Shamir-Adleman public key infrastructure encryption system.
SECURE SOCKETS LAYER (SSL)
This protocol encrypts data being transmitted over a network. It encrypts the data before being sent across the World Wide Web. In addition to that, SSL provides client-server authentication. An initial handshake, much like TCP connection establishment, occurs to agree the encryption algorithm (e.g. DES, IDEA…) and transfer keys. This is done to authenticate the server to the client. As soon as a connection with proper authentication is established, a public key is used to encrypt data being transmitted and a private key is used to decipher the data on the destination server side.
How it works:
SSL lies between the application layer and the transport layer. The SSL receives an http message from any application and encrypts the message. It is then directed to a TCP socket. On the destination server side, the SSL reads from the TCP socket and decryption of data and the data on the application is done.
• SSL Server Authentication
Certificates are used to identify of the server. A list of Trusted certification authorities is present in the web browser of the user and contain their public keys. When an SSL connection is made, a certificate is obtained by the server. Communication is only granted when the certificate matches a trusted authority.
• SSL Mutual Authentication
Mutual Authentication may be granted when there is need to. This enables the server to identify the user. The server then obtains certificates from the client for authentication.
• Encrypted SSL session
The data that is sent between the client and the server is encrypted and decrypted upon receipt. SSL can detect whether the data has been tempered with or not.
SET (Secure Electronic Transaction)
SET is used for secure credit card transactions on the Internet. SET has been endorsed by virtually where complement the drawbacks of simple credit card payment scheme. The underlying protocols and standards for secure electronic transactions were backed and supported by Microsoft, IBM, MasterCard, Visa, Netscape, and others. The use of Digital certificates was to provide the electronic access to funds. When a purchase was made electronically, encrypted digital certificates were what let the customer, merchant, and financial institution complete a verified transaction. It was used to enable secure transmissions of consumer credit card information via electronic means across the internet. SET was used to block out much detail on credit cards and the information they contain. This then prevents a merchant, hacker or cybercriminal from obtaining unauthorised information. Some of the SET protocol goals include:
• To ensure confidentiality of the information between the participants because the information is only available to parties in a transaction when and where necessary.
• To avoid spoofing of data in transmission over a network. Providing a secure communication channel that is secure for all parties involved in a transaction.
• Give a solution to multi-authentication
• Transacting in real-time
The participants refer to the SET protocol
• Online retailer who provides goods an services using electronic cash.
• The bank provides the payment gateway between customs and online shop.
• Electronic Money Issuer or some banks which can issue the E-money are responsible for the payment of debt of the customs.
• Certificate Authority is trusted to issue X.509v3 public key certificates for customs, online shops e.t.c. it is also in charge of authentication for the method of payments and participant identification.
Features of SET
• It deals with credit card payments
• confidentiality of information
• data integrity
• authentication of customer’s account
• Verifying online shops
• Interactive operation
TLS (Transport Layer Security)
Transport Layer Security (TLS) is found on the application-level and is used to provide encryption technology for the Internet. TLS relies on certificates and private-public key exchange pairs for this level of security. This protocol is used for certificate exchange, mutual authentication, and negotiating ciphers to secure the stream from potential tampering and eavesdropping.
Features of TLS
TLS consists of two primary components:
• A handshake protocol is used to authenticate the communicating parties, negotiate modes of cryptography and parameter and establish shared keying material. The handshake protocol was designed to resist tampering i.e an active attacker should not be able to force the peers to negotiate different parameters than they would if the connection were not under attack.
• A record protocol uses a parameter created by the handshake protocol to secure traffic between the communicating peers. The record protocol divides traffic up into a series of records each of which is independently protected using the traffic keys.
WTLS(Wireless Transport Layer Security)
It is the security level for Wireless Application Protocol (WAP) applications, WTLS was developed to address challenges faced by mobile network devices. These challenges may include limited processing power and memory capacity, and low bandwidth and to provide adequate authentication, data integrity, and privacy protection mechanisms. Wireless transactions including those between a user and their bank require serious authentication and encryption to ensure security to protect the communication from attack during data transmission. Because mobile networks do not provide end-to-end security, TLS had to be modified to address the special needs of wireless users. WTLS provides an optimized handshake through dynamic key refreshing, which allows encryption keys to be regularly updated during a secure session.