Protocols for Secure Electronic Commerce
eBook - ePub

Protocols for Secure Electronic Commerce

Mostafa Hashem Sherif

Share book
  1. 461 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Protocols for Secure Electronic Commerce

Mostafa Hashem Sherif

Book details
Book preview
Table of contents
Citations

About This Book

Protocols for Secure Electronic Commerce, Third Edition presents a compendium of protocols for securing electronic commerce, or e-commerce, in consumer- and business-to-business applications. Attending to a variety of electronic payment systems currently in use around the globe, this edition:



  • Updates all chapters to reflect the latest technical advances and developments in areas such as mobile commerce
  • Adds a new chapter on Bitcoin and other cryptocurrencies that did not exist at the time of the previous edition's publication
  • Increases the coverage of PayPal in accordance with PayPal's amplified role for consumers and businesses
  • Expands the discussion of bank cards, dedicating a full chapter to magnetic stripe cards and a full chapter to chip-and-PIN technology

Protocols for Secure Electronic Commerce, Third Edition offers a state-of-the-art overview of best practices for the security of e-commerce, complete with end-of-chapter review questions and an extensive bibliography of specialized references. A Solutions Manual and PowerPoint slides are available with qualifying course adoption.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Protocols for Secure Electronic Commerce an online PDF/ePUB?
Yes, you can access Protocols for Secure Electronic Commerce by Mostafa Hashem Sherif in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Redes de computadoras. We have over one million books available in our catalogue for you to explore.

Information

Publisher
CRC Press
Year
2017
ISBN
9781315356402
Edition
3
Topic
Ciencia de la computación
Subtopic
Redes de computadoras

1
Overview of Electronic Commerce

Electronic commerce is at the conjunction of the advances in microelectronics, information processing, and telecommunication that have redefined the role of computers, first in enterprises and now in daily life, beyond that of process and production control. In the early phase, business supply networks or distribution channels were automated for optimal scheduling of production based on feedback from markets. Since the 1980s, a series of innovations opened new vistas to electronic commerce in consumer applications through automatic cash dispensers, bank cards, and Internet and wireless transactions. Simultaneously, money took the form of bits moving around the world, including the form of cryptocurrencies. Electronic commerce is also evolving in a virtual economy, focusing on services with looser temporal, geographic, or organizational obligations and with less consumption of natural resources and pollution hazards (Haesler, 1995).
This chapter presents a general introduction to various aspects of electronic commerce: its definition, various categories, its effects on society, its infrastructure, and what fraud means for individuals.

1.1 Electronic Commerce and Mobile Commerce

Electronic commerce (e-commerce), as defined by the French Associ­ation for Commerce and Electronic Interchange* —a nonprofit industry association created in 1996—is “the set of totally dematerialized relations that economic agents have with each other.” Thus, e-commerce encompasses physical or virtual goods (software, information, music, books, etc.), as well as the establishment of users’ profiles based on demographic and behavioral data collected during online transactions.
The Open Mobile Alliance (OMA) defines mobile commerce (m-commerce) as “the exchange or buying or selling of services and goods, both physical and digital, from a mobile device” (Open Mobile Alliance, 2005, p. 8). Typically, the buyer and the seller interact over a mobile network before the customer can engage the financial transaction. This initial phase includes advertising, discovery and negotiation of the price, and the terms and conditions.
Thus, both electronic commerce and mobile commerce blend existing technologies to create new financial services accessible from desktops, mobile terminals, phones, or pads. The ubiquity of mobile phones outside the industrialized countries has opened access to financial services, with telephone companies establishing payment networks through cash stored or transferred by phone. In recent years, mobile commerce services were extended to many financial services such as bill presentment and payment, loans, salary payment, and life insurance policies (the telecommunication company has all information that an underwriter needs from its subscribers, such as name, birth date, and address).
In this book, unless explicitly mentioned, the term electronic commerce will encompass all transactions irrespective of the access method, wireline or wireless, as well as the type of money used. There are instances, however, where the term mobile commerce implies specific characteristics. First, mobile transactions can be location based, that is, commercial offers can be modulated according to the current location of the mobile terminal. (In all cases, subscribers can receive tailored offers based on their demographic profile, preferences, and transaction history.) Second, in some countries, the limit for the amount that a user can transfer at any one time or during a specified time interval is lower when the transaction is conducted over a mobile network. Also, in some countries, mobile financial services require a partnership between telecommunication companies and banks or that telecommunication companies have a banking license. Other countries such as Kenya allow mobile money accounts to be unattached to any financial account, and mobile banking is exempt from the regulation of typical banking institutions (Bird, 2012; Crabtree, 2012; Demirguc-Kunt and Klapper, 2012).
* Association Française pour le Commerce et les Échanges Électroniques (AFCEE).
Table 1.1 summarizes the main differences between Internet commerce and mobile commerce.
TABLE 1.1 Comparison of Electronic Commerce and Mobile Commerce
images
It should be noted that more than 90% of retail purchases in the United States are still conducted offline (Mishkin and Ahmed, 2014), but by 2016, 9% of the retail sales in the United States would be online. Of this, 8% would be mobile commerce transactions, which correspond in value to $90 billion in 2017 (Huynh, 2012). Furthermore, with the increase in the number of mobile broadband subscribers worldwide to around seven billion, mobile commerce may become the dominant channel by 2018 (Taylor, 2013).
Depending on the nature of the economic agents and the type of relations among them, the applications of e-commerce fall within one of four main categories:
  1. Business to business (B2B), where the customer is another enterprise or another department within the same enterprise. A characteristic of these types of relations is their long-term stability. This stability justifies the use of costly data processing systems, the installation of which is a major project. This is particularly true in information technology systems linking the major financial institutions. It should be noted that currently, mobile commerce does not include business-to-business transactions.
  2. Business to consumer (B2C) at a distance through a telecommunication network, whether fixed or mobile.
  3. Proximity or face-to-face commerce includes face-to-face interactions between the buyer and the seller as in supermarkets, drugstores, coffee shops, and so on. These interactions can be mediated through machines using contactless payment cards or mobile phones.
  4. Peer-to-peer or person-to-person commerce (P2P) takes place without intermediaries, such as the transfer of money from one individual to another.

1.1.1 Examples of Business-to-Business Commerce

Business-to-business e-commerce was established long before the Internet. Some of the pre-Internet networks are as follows:
  1. Société Internationale de Télécommunications Aéronautiques (SITA—International Society for Aeronautical Telecommunications), the world’s leading service provider of IT business solutions and communications services to the air transport industry. Today, SITA links 600 airline companies and around 2000 organizations that are tied to them.
  2. SABRE, an airline reservation system that was formerly owned by American Airlines, while in 1987, Air France, Iberia, and Lufthansa, established a centralized interactive system for reservations of air transport (Amadeus) to link travel agents, airline companies, hotel chains, and car rental companies. The settlement of travel documents among airline companies (changing airline companies after the ticket had been issued, trips of several legs on different airlines) is done through the Bank Settlement Payment (BSP) system.
  3. Society for Worldwide Interbank Financial Telecommunications (SWIFT), whose network was established in 1977 to exchange standardized messages for the international transfer of funds among banks.
  4. Banking clearance and settlement systems as discussed in Chapter 2.
Standardization of business-to-business e-commerce networks started with the X12 standard in North America and Electronic Data Interchange for Administration, Commerce and Transport (EDIFACT) in Europe. In the early 1980s, the U.S. Department of Defense (DOD) launched the Continuous Acquisition and Life-cycle Support (CALS) to improve the flow of information with its suppliers. In 1993, President Bill (William) Clinton initiated the exchange of commercial and technical data electronically within all branches of the federal government (Presidential Executive Memorandum, 1993). The Federal Acquisition Streamlining Act of October 1994 required the use of EDI in all federal acquisitions. A taxonomy was later developed to describe various entities and assign them a unique identifier within the Universal Data Element Framework (UDEF). With the installation of the Federal Acquisition Computer Network (FACNET) in July 1997, federal transactions can be completed through electronic means from the initial request for proposal to the final payment to the supplier.
Today, the adoption of the Internet as the worldwide network for data exchange is encouraging the migration toward open protocols and new standards, some of which will be presented in Chapter 4.

1.1.2 Examples of Business-to-Consumer Commerce

Interest in business-to-consumer e-commerce started to grow in the 1980s, although this interest varied across different countries. In Germany, remote banking services were conducted through the Bildschirmtext (BTX) system. The users of BTX were identified with a personal identifi­cation code and a six-digit transaction number (Turner, 1998).
In France, the Minitel service was undoubtedly one of the most successful pre–World Wide Web online business-to-consumer systems, lasting more than 40 years from the 1980s till its retirement in June 2012. Access was through a special terminal connected to an X.25 data network called Transpac via the public switched telephone network (PSTN). Until 1994, the rate of penetration of the Minitel in French homes exceeded that of personal computers in the United States (France Télécom, 1995; Hill, 1996). The crossover took place in 2002, when Internet users in France exceeded those using the Minitel (41%–32%), while turnover dropped from €700 billion in 2000 to €485 billion in 2002 (Berber, 2003; Selignan, 2003).
The Minitel uses the kiosk mode of operation. According to this model, the provider of an online service delegates the billing and the collection to the telephone operator for a percentage of the amounts collected. After collection of the funds, the operator compensates the content providers. Collection of small amounts by a nonbank could be justified because banks could not propose a competing solution for consolidating, billing, and collecting small amounts from many subscribers. At the same time, the financial institutions benefit from having a unique interface to consolidate individual transactions. However, because of the 30-day billing cycle, the telephone company was in effect granting an interest-free loan to its subscribers, a task that is usually associated with banks.
The role of a carrier as a payment intermediary has been carried over into many of the models for mobile commerce or commerce. One of the first examples was the i-mode® service from the Japanese mobile telephony operator NTT DoCoMo (Enoki, 1999; Matsunaga, 1999).
It is worth noting that originally communications were not encrypted but users did not mind giving their banking coordinates over the links. This shows that the sense of security is not merely a question of sophisticated technical means but that of a trust between the user and the operator.
Let us now look closer at three business-to-consumer applications over the web. These are the site auction eBay®, Amazon, and Stamps.com™ or Neopost.
1.1.2.1 eBay
The auction site eBay illustrates a successful pure player that established a virtual marketplace. The site supplies a space for exhibiting merchandises that overcome the geographic dispersion of the potential buyers and the fragmentation of the supply. In this regard, eBay provides a space to exhibit merchandises and to negotiate selling conditions; in particular, it provides a platform that links the participants in return of a commission on the selling price. The setup is characterized by the following properties:
  • Participants can join from anywhere they may be, and the site is open to all categories of merchandises or services. The market is thus fragmented geographically or according to the commercial offers.
  • Buyers have to subscribe and establish an account on eBay to obtain a login and define their password.
  • The operator depends on the evaluation of each participant by its correspondents to assign them a grade. The operators preserve the right to eliminate those that do not meet their obligations.
  • The operator does not intervene in the payment and does not keep records of the account information of the buyers.
These conditions have allowed eBay to be profitable, which is exceptional in consumer-oriented sites.
1.1.2.2 Amazon
Amazon started in 1995 as ...

Table of contents