Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr.R.BASKARAN,DCSE1 E-Commerce Dr.R.BASKARAN Senior Lecturer Department of Computer Science and Engineering, Anna University, Chennai – 600025.

Published byAnna Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr.R.BASKARAN,DCSE1 E-Commerce Dr.R.BASKARAN Senior Lecturer Department of Computer Science and Engineering, Anna University, Chennai – 600025."— Presentation transcript:

1 Dr.R.BASKARAN,DCSE1 E-Commerce Dr.R.BASKARAN Senior Lecturer Department of Computer Science and Engineering, Anna University, Chennai – 600025. baaski@cs.annauniv.edu

2 Dr.R.BASKARAN,DCSE2 UNIT IV Transaction

3 Dr.R.BASKARAN,DCSE3 Transaction A transaction is an agreement, communication, or movement carried out between separate entities or objects, often involving the exchange of items of value, such as information, goods, services and money. –Financial transaction –Real estate transaction –Transaction cost –Database transaction –Atomic database transaction –Transaction processing –POS Transaction

4 Dr.R.BASKARAN,DCSE4 ELECTRONIC FUND TRANSFER Electronic funds transfer or EFT refers to the computer-based systems used to perform financial transactions electronically. The term is used for a number of different concepts: –Cardholder-initiated transactions, where a cardholder makes use of a payment card –Direct deposit payroll payments for a business to its employees, possibly via a payroll services company –Direct debit payments from customer to business, where the transaction is initiated by the business with customer permission

5 Dr.R.BASKARAN,DCSE5 ELECTRONIC FUND TRANSFER –Electronic bill payment in online banking, which may be delivered by EFT or paper check –Transactions involving stored value of electronic money, possibly in a private currency –Wire transfer via an international banking network (generally carries a higher fee) –Electronic Benefit Transfer

6 Dr.R.BASKARAN,DCSE6 EPOS Electronic Point of Sale – most larger shops have EPOS terminals. They are the cash registers which also act as terminals to a main computer system They produce itemised receipts. When you go to the cashier they often scan a bar code or tag into a machine. This records the sale, identifies the item being sold and sometimes updates a stock list.

7 Dr.R.BASKARAN,DCSE7 EFTPOS Electronic Funds Transfer at Point Of Sale – These are similar to EPOS terminals but with extra features that allow transfers of funds from customer bank accounts directly into the shop’s bank account when a credit or debit card is used. It is electronic processing system for credit cards, debit cards and charge cards.

8 Dr.R.BASKARAN,DCSE8 CARD BASED EFT EFT may be initiated by a cardholder when a payment card such as a credit card or debit card is used. This may take place at an automated teller machine (ATM) or point of sale (POS), or when the card is not present, which covers cards used for mail order, telephone order and internet purchases. Card-based EFT transactions are often covered by the ISO 8583 standard.

9 Dr.R.BASKARAN,DCSE9 TRANSACTION TYPES Sale: where the cardholder pays for goods or service Refund: where a merchant refunds an earlier payment made by a cardholder Withdrawal: the cardholder withdraws funds from their account, e.g. from an ATM. The term Cash Advance may also be used, typically when the funds are advanced by a merchant rather than at an ATM Deposit: where a cardholder deposits funds to their own account (typically at an ATM) Cashback: where a cardholder withdraws funds from their own account at the same time as making a purchase

10 Dr.R.BASKARAN,DCSE10 TRANSACTION TYPES Inter-account transfer: transferring funds between linked accounts belonging to the same cardholder Payment: transferring funds to a third party account Enquiry: a transaction without financial impact, for instance balance enquiry, available funds enquiry, linked accounts enquiry, or request for a statement of recent transactions on the account E top-up: where a cardholder can use a device (typically POS or ATM) to add funds (top-up) their pre-pay mobile phone Mini-statement: where a cardholder uses a device (typically an ATM) to obtain details of recent transactions on their account Administrative: this covers a variety of non-financial transactions including PIN change

11 Dr.R.BASKARAN,DCSE11 AUTHORISATION EFT transactions require communication between a number of parties. When a card is used at a merchant or ATM, the transaction is first routed to an acquirer, then through a number of networks to the issuer where the cardholder's account is held. A transaction may be authorised offline by any of these entities through a stand-in agreement. Stand-in authorisation may be used when a communication link is not available, or simply to save communication cost or time. Stand-in is subject to the transaction amount being below agreed limits, known as floor limits.

12 Dr.R.BASKARAN,DCSE12 AUTHORISATION These limits are calculated based on the risk of authorising a transaction offline, and thus vary between merchants and card types. Offline transactions may be subject to other security checks such as checking the card number against a 'hotcard' (stolen card) list, velocity checks (limiting the number of offline transactions allowed by a cardholder) and random online authorisation. Before online authorisation was standard practice and credit cards were processed using manual vouchers, each merchant would agree a limit ("floor limit) with his bank above which he must telephone for an authorisation code. If this was not carried out and the transaction subsequently was refused by the issuer ("bounced"), the merchant would not be entitled to a refund.

13 Dr.R.BASKARAN,DCSE13 AUTHENTICATION EFT transactions may be accompanied by methods to authenticate the card and the card holder. The merchant may manually verify the card holder's signature, or the card holder's Personal identification number (PIN) may be sent online in an encrypted form for validation by the card issuer. Other information may be included in the transaction, some of which is not visible to the card holder (for instance magnetic stripe data), and some of which may be requested from the card holder (for instance the card holder's address or the CVV2 value printed on the card).

14 Dr.R.BASKARAN,DCSE14 FIRST VIRTUAL PAYMENT SYSTEM First Virtual Holdings was a company formed in early 1994 to facilitate Internet commerce. The first product offering from First Virtual was an Internet payment system, which was developed quietly and publicly announced as a fully-operational open Internet service on October 15, 1994. First Virtual provided most of the features of both eBay and PayPal before those companies existed. Key people behind First Virtual were Nathaniel Borenstein, Marshall Rose, Einar Stefferud, and Lee Stein.

15 Dr.R.BASKARAN,DCSE15 FIRST VIRTUAL PAYMENT SYSTEM "The First Virtual approach is to create an automatic authorization system that requires no previous relationship between buyer and seller. In the era of electronic commerce, the new system may herald a shift comparable to the transition a generation ago, when the members-only department store credit card gave way to use-anywhere cards like Visa and Mastercard.” "The new company, based in San Diego, is the brainchild of Lee Stein, a San Diego lawyer and accountant who is its president, and three computer scientists long involved with the Internet global web of computer networks. First Virtual's big partners are Electronic Data Systems Inc., a division of General Motors, and First USA, a fast-growing credit card company in Dallas that will issue a Visa card for the new service."

16 Dr.R.BASKARAN,DCSE16 INTERNET EXCHANGE POINT IXP = Internet Exchange Point Places where ISPs come to interconnect with each other – “clearing house” for Internet traffic Keep local traffic local “IXPs are the keystone of the entire Internet economy.” - Cisco Systems

17 Dr.R.BASKARAN,DCSE17 INTERNET EXCHANGE POINT An Internet exchange point (IX or IXP) is a physical infrastructure that allows different Internet service providers (ISPs) to exchange Internet traffic between their networks (autonomous systems) by means of mutual peering agreements, which allow traffic to be exchanged without cost. IXPs reduce the portion of an ISP's traffic which must be delivered via their upstream transit providers, thereby reducing the Average Per-Bit Delivery Cost of their service. The primary purpose of an IXP is to allow networks to interconnect directly, via the exchange, rather than through one or more 3rd party networks. The advantages of the direct interconnection are numerous, but the primary reasons are cost, latency, and bandwidth.

18 Dr.R.BASKARAN,DCSE18 Local Infrastructure Local ISPs Gateways Internet Exchange Point

19 Dr.R.BASKARAN,DCSE19 IXP Benefits Better quality Cash savings Added value New revenue opportunities

20 Dr.R.BASKARAN,DCSE20 CYBER CASH CyberCash, Inc. was an internet payment service for electronic commerce, headquartered in Reston, Virginia. It was founded in August 1994 by Daniel C. Lynch (who served as chairman), William N. Melton (who served as president and CEO, and later chairman), Steve Crocker (Chief Technology Officer), and Bruce G. Wilson. The company initially provided an electronic wallet software to consumers and provided software to merchants to accept credit card payments. Later they also offered "CyberCoin", a micropayment system modeled after the NetBill research project at Carnegie Mellon University, which they later licensed.

21 Dr.R.BASKARAN,DCSE21 CYBER CASH In 1995, the company proposed RFC 1898, CyberCash Credit Card Protocol Version 0.8. The company went public on February 19, 1996 with the symbol "CYCH" and its shares rose 79% on the first day of trading. In 1998, CyberCash bought another online credit card processing company, ICVerify. In January 2000, a teenage Russian hacker nicknamed "Maxus" announced he had cracked CyberCash's ICVerify application; the company denied this. On January 1, 2000, CyberCash fell victim to the Y2K Bug, causing double recording of credit card payments through their system.

22 Dr.R.BASKARAN,DCSE22 SECURITY MODEL A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all. In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.

23 Dr.R.BASKARAN,DCSE23 ACL BASED SECURITY MODEL A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all. In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.

24 Dr.R.BASKARAN,DCSE24 CONSUMER PROTECTION 'Consumer protection' is a form of government regulation which protects the interests of consumers. –For example, a government may require businesses to disclose detailed information about products—particularly in areas where safety or public health is an issue, such as food. Consumer protection is linked to the idea of consumer rights (that consumers have various rights as consumers), and to the formation of consumer organizations which help consumers make better choices in the marketplace. Consumer interests can also be protected by promoting competition in the markets which directly and indirectly serve consumers, consistent with economic efficiency, but this topic is treated in Competition law. Consumer protection can also be asserted via non-government organizations and individuals as consumer activism.

25 Dr.R.BASKARAN,DCSE25 VIRTUAL TERMINAL In open systems, a virtual terminal (VT) is an application service that: 1.Allows host terminals on a multi-user network to interact with other hosts regardless of terminal type and characteristics, 2.Allows remote log-on by local area network managers for the purpose of management, 3.Allows users to access information from another host processor for transaction processing, 4.Serves as a backup facility. ITU-T defines a virtual terminal protocol based on the OSI application layer protocols. However, the virtual terminal protocol is not widely used on the Internet.

26 Dr.R.BASKARAN,DCSE26 SECURITY CONSIDERATIONS Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms.

27 Dr.R.BASKARAN,DCSE27 SECURITY CONSIDERATIONS BASIC PRINCIPLES –Key concepts - For over twenty years information security has held that confidentiality, integrity and availability (known as the CIA Triad) are the core principles of information security. –CONFIDENTIALITY –INTEGRITY –AVAILABILITY –AUTHENTICITY –NON-REPUDIATION

28 Dr.R.BASKARAN,DCSE28 SECURITY CONSIDERATIONS CONFIDENTIALITY –Ensures that only an authorised person can access the protected data of a message –It is the property of preventing disclosure of information to unauthorized individuals or systems. INTEGRITY –Ensures that transmitted messages are not manipulated during transmission –Integrity means that data cannot be modified without authorization.

29 Dr.R.BASKARAN,DCSE29 SECURITY CONSIDERATIONS AVAILABILITY –Information system to serve its purpose, the information must be available when it is needed. –This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. AUTHENTICITY –In computing, e-Business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine (i.e. they have not been forged or fabricated.).

30 Dr.R.BASKARAN,DCSE30 SECURITY CONSIDERATIONS NON-REPUDIATION –Ensures that a person cannot falsely deny later that he send a message –In law, non-repudiation implies one's intention to fulfill their obligations to a contract. –It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

31 Dr.R.BASKARAN,DCSE31 SECURITY CONSIDERATIONS RISK MANAGEMENT –The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.“ –the process of risk management is an ongoing iterative process. It must be repeated indefinitely. –the choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.

32 Dr.R.BASKARAN,DCSE32 SECURITY CONSIDERATIONS ISO/IEC 27002:2005 - risk assessment –security policy, –organization of information security, –asset management, human resources security, –physical and environmental security, –communications and operations management, –access control, –information systems acquisition, –development and maintenance, –information security incident management, –business continuity management, and –regulatory compliance.

33 Dr.R.BASKARAN,DCSE33 SECURITY CONSIDERATIONS CONTROLS –Administrative consist of approved written policies, procedures, standards and guidelines. Laws and regulations created by government bodies are also a type of administrative control because they inform the business. Administrative controls form the basis for the selection and implementation of logical and physical controls.

34 Dr.R.BASKARAN,DCSE34 SECURITY CONSIDERATIONS CONTROLS –Logical use software and data to monitor and control access to information and computing systems. principle of least privilege - an individual, program or system process is not granted any more access privileges than are necessary to perform the task. –Physical monitor and control the environment of the work place and computing facilities. separation of duties - an individual can not complete a critical task by himself.

35 Dr.R.BASKARAN,DCSE35 SECURITY GOVERNANCE "Governing for Enterprise Security (GES)", defines characteristics of effective security governance. –An Enterprise-wide Issue. –Leaders are Accountable. –Viewed as a Business Requirement. –Risk-based. –Roles, Responsibilities, and Segregation of Duties Defined. –Addressed and Enforced in Policy. –Adequate Resources Committed. –Staff Aware and Trained. –A Development Life Cycle Requirement. –Planned, Managed, Measurable, and Measured. –Reviewed and Audited. –CLIENT APPLICATION

Download ppt "Dr.R.BASKARAN,DCSE1 E-Commerce Dr.R.BASKARAN Senior Lecturer Department of Computer Science and Engineering, Anna University, Chennai – 600025."

Similar presentations

Chapter 8 Payment Systems: Getting the Money

Chapter 8 Payment Systems: Getting the Money
M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:

M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:
Copyright, 1996 © Dale Carnegie & Associates, Inc. BANK ON IT Money Smart Course Indiana Department of Financial Institutions.

Copyright, 1996 © Dale Carnegie & Associates, Inc. BANK ON IT Money Smart Course Indiana Department of Financial Institutions.
Take Charge of Your Finances

Take Charge of Your Finances
1.7.2.G2 Electronic Banking Trivia. 1.7.2.G2 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic.

1.7.2.G2 Electronic Banking Trivia G2 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic.
The Office Procedures and Technology

The Office Procedures and Technology
1.7.2.G1 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take.

1.7.2.G1 © Family Economics & Financial Education – Revised February 2008 – Financial Institutions Unit – Electronic Banking Funded by a grant from Take.
Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,

Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,
The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.

The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.
Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.

Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.
Warm-up: April 11 What’s the difference between a checking and savings account?

Warm-up: April 11 What’s the difference between a checking and savings account?
Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.

Checking Account & Debit Card Simulation Understanding Checking Accounts and Debit Card Transactions.
Checking Accounts Checking Accounts.

Checking Accounts Checking Accounts.
Copyright, 1996 © Dale Carnegie & Associates, Inc. WHAT IS ELECTRONIC BANKING MINI-LESSON INDIANA DEPARTMENT OF FINANCIAL INSTITUTIONS CONSUMER EDUCATION.

Copyright, 1996 © Dale Carnegie & Associates, Inc. WHAT IS ELECTRONIC BANKING MINI-LESSON INDIANA DEPARTMENT OF FINANCIAL INSTITUTIONS CONSUMER EDUCATION.
Prepare a deposit slip Record entries in a check register

Prepare a deposit slip Record entries in a check register
1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.
$$$$$$$ Know your Money! Financial Institutions and Services.

$$$$$$$ Know your Money! Financial Institutions and Services.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.

Similar presentations

Ads by Google