1. 1 Chapter 12 Electronic Commerce Systems COPYRIGHT © 2007 Thomson South-Western, a part of The Thomson Corporation. Thomson, the Star logo, and South- Western are trademarks used herein under license

2. Objectives for Chapter 12 zTopologies that are employed to achieve connectivity across the Internet zProtocols and understand the specific purposes served by several Internet protocols zBusiness benefits associated with Internet commerce and be aware of several Internet business models zRisks associated with intranet and Internet electronic commerce zIssues of security, assurance, and trust pertaining to electronic commerce zElectronic commerce implications for the accounting profession

3. Internet Technologies zPacket switching ymessages are divided into small packets yeach packet of message takes different route zVirtual private network (VPN) ya private network within a public network yyou may connect to UTEP via a VPN zExtranets ypassword controlled network for private users – often outside the company, but includes trading partners (vendors & customers) zWorld Wide Web yan Internet facility that links users locally and globally zInternet addresses ye-mail address yURL address yIP address

4. What is E-Commerce? The electronic processing and transmission of business data zelectronic buying and selling of goods and services zon-line delivery of digital products zelectronic funds transfer (EFT) zelectronic trading of stocks zdirect consumer marketing zelectronic data interchange (EDI) zthe Internet revolution

5. 5 Benefits of E-Commerce zAccess to worldwide customer and/or supplier base zReductions in inventory investment and carrying costs zReductions in procurement costs zBetter customer service zRapid creation of business partnerships to fill emerging market niches zReductions in retail prices through lower marketing costs

6. 6 Risks Associated with E-commerce

7. 7 General Concerns zData Security: Are stored and transmitted data adequately protected? zBusiness Policies: Are policies publicly stated and consistently followed? zPrivacy: How confidential are customer and trading partner data? zBusiness Process Integrity: How accurately, completely, and consistently does company process its transactions?

8. 8 Intranet Risks zIntercepting Network Messages ysniffing: interception of user IDs, passwords, confidential e-mails, and financial data files zAccessing Corporate Databases yconnections to central corporate databases increase risk that data will be viewed, corrupted, changed, or copied by employees zUncontrolled Expansion yill-conceived network decisions create serious threat

9. 9 Internet Risks to Businesses zIP Spoofing: masquerading to gain access to Web server and/or to perpetrate unlawful act without revealing one’s identity zTechnology Failures: disruption caused by hardware failure causes e-business to lose customer credibility and sales revenues zMalicious Programs: viruses, worms, logic bombs, and Trojan horses pose threats to both Internet and Intranet users

10. DOS Attack Sender Receiver Step 1: SYN messages Step 2: SYN/ACK Step 3: ACK packet code In a DOS Attack, the sender sends hundreds of messages, receives the SYN/ACK packet, but does not response with an ACK packet. This leaves the receiver with clogged transmission ports, and legitimate messages cannot be received.

11. 11 Controls

12. 12 Network Control Objectives zestablish communications session between sender and receiver zmanage flow of data across network zdetect errors in data caused by line failure or signal degeneration (static) zdetect and resolve data collisions between competing nodes

13. POLLING METHOD OF CONTROLLING DATA COLLISIONS MASTER Locked Polling Signal Data Transmission The “master” polls “slave” sites to determine if they have data to transmit. If a slave responds in affirmative, Master locks network while data are transmitted. Allows priorities to be set for data communications across the network SLAVE WAN

14. Server Token Ring Node Central Files Local Files Contains data Empty token

15. 15 Carrier Sensing zRandom access technique that detects collisions when they occur (stepping out in traffic) zWidely used--found on Ethernets. zNode wishing to transmit “listens” to line to determine if it is in use. If line is busy, it waits a pre-specified amount of time (seconds) to transmit. zCollisions occur when two nodes listen, hear no messages transmitting, and then simultaneously begin transmitting. Data collides and two nodes are instructed to hang up and try again. zDisadvantage: Becomes a problem as network traffic increases. Line may not be used optimally when multiple nodes are trying to transmit simultaneously.

16. 16 Encryption Techniques zIn general --- yPrivate Key (less secure) yPublic Key (more secure)

17. 17 Encryption Program Encryption Program Communication System Communication System Cleartext Message Cleartext Message Data Encryption Ciphertext Company A Company B Private Key

18. 18 Public Key Encryption zTwo keys ySender encodes message with Public key yRecipient decrypts with Private key yAfter encryption, Sender cannot decrypt Company ACompany B

19. E-Commerce Security: Digital Authentication zDigital signature: electronic authentication technique that ensures that transmitted message originated with authorized sender and that it was not tampered with after the signature was applied zDigital certificate: like an electronic identification card that is used in conjunction with a public key encryption system to verify authenticity of the message sender

20. 20 E-Commerce Security: Firewalls zFirewalls - software and hardware that provide focal point for security by channeling all network connections through controlled gateway zNetwork level firewalls - low cost/low security access control. Uses screening router to its destination. This method does not explicitly authenticate outside users. Hackers may penetrate system using an IP spoofing technique. zApplication level firewalls - high level/high cost customizable network security. Allows routine services and e-mail to pass through, but can perform sophisticated functions such as logging or user authentication for specific tasks.

21. Assurance z“Trusted” third-party organizations offer seals of assurance that businesses can display on their Web site home pages: yBBB yTRUSTe yVeri-Sign, Inc yICSA yAICPA/CICA WebTrust yAICPA/CICA SysTrust

22. Implications for Accounting zPrivacy violation ymajor issues: xa stated privacy policy xconsistent application of stated privacy policies xwhat information is the company capturing xsharing or selling of information xability of individuals and businesses to verify and update information on them y1995 Safe Harbor Agreement xestablishes standards for information transmittal between US and European companies

23. Implications for Accounting zAudit implication for XBRL ytaxonomy creation: incorrect taxonomy results in invalid mapping that may cause material misrepresentation of financial data yvalidation of instance documents: ensure that appropriate taxonomy and tags have been applied yaudit scope and timeframe: impact on auditor responsibility as a consequence of real-time distribution of financial statements

24. Implications for Accounting zContinuous process auditing yauditors review transactions at frequent intervals or as they occur yintelligent control agents: heuristics that search electronic transactions for anomalies zElectronic audit trails yelectronic transactions generated without human intervention yno paper audit trail

25. Implications for Accounting zConfidentiality of data yopen system designs allow mission-critical information to be at the risk to intruders zAuthentication yin e-commerce systems, determining the identity of the customer is not a simple task zNonrepudiation yrepudiation can lead to uncollected revenues or legal action yuse digital signatures and digital certificates

26. Implications for Accounting zCertification authority (CA) licensing ytrusted 3 rd party vouches for identity zData integrity ydetermine whether data has been intercepted and altered zAccess controls yprevent unauthorized access to data zChanging legal environment yprovide client with estimate of legal exposure

27. 27 Protocols

28. 28 Protocol Functions zFacilitate physical connection between network devices. zSynchronize transfer of data between physical devices. zProvide basis for error checking and measuring network performance. zPromote compatibility among network devices. zPromote network designs that are flexible, expandable, cost-effective.

29. 29 Internet Protocols zTransfer Control Protocol/Internet Protocol (TCP/IP) - controls how individual packets of data are formatted, transmitted, received zHypertext Transfer Protocol (HTTP) - controls web browsers – not the same as HTML zFile Transfer Protocol (FTP) - used to transfer files across Internet zSimple Network Mail Protocol (SNMP) - e-mail zSecure Sockets Layer (SSL) and Secure Electronic Transmission (SET) - encryption schemes

30. HTML: Hyper Text Markup Language zFormat used to produce Web pages yDefines page layout, fonts, and graphic elements yused to lay out information for display in an appealing manner like one sees in magazines and newspapers yusing both text and graphics (including pictures) appeals to users zHypertext links to other documents on the Web yEven more pertinent is HTML’s support for hypertext links in text and graphics that enable the reader to ‘jump’ to another document located anywhere on World Wide Web.

31. XML: eXtensible Markup Language zXML is meta-language for describing markup languages. zExtensible means that any markup language can be created using XML. yIncludes creation of markup languages capable of storing data in relational form, where tags (formatting commands) are mapped to data values ycan be used to model the data structure of an organization’s internal database

32. Comparing HTML and XML

33. XBRL: eXtensible Business Reporting Language zXBRL is an XML-based language for standardizing methods for preparing, publishing, and exchanging financial information, e.g., financial statements. zXBRL taxonomies are classification schemes. zAdvantages: yBusiness offer expanded financial information to all interested parties virtually instantaneously. yCompanies that use XBRL database technology can further speed the process of reporting. yConsumers import XBRL documents into internal databases and analysis tools to greatly facilitate their decision-making processes.

34. 34 Networks

35. 35 Local Area Network (LAN) zComputers located close together (in same building/campus) linked together to share data/software/hardware zPhysical connection of workstations to LAN is achieved through network interface card (NIC) zServer stores network operating system, application programs, and data to be shared.

36. 36 Topologies

37. 37 Star Topology zNetwork of workstations with large central computer (host) zHost computer has direct connections to workstations zAll communications must go through host computer. Can do local processing even if host is down.

38. Local Data Central Data TopekaSt. Louis Kansas City Dallas Tulsa Star Network

39. 39 Ring Topology zConfiguration eliminates central site. All nodes are of equal status (peers). zResponsibility for managing communications is distributed among nodes. zCommon resources shared by all nodes can be centralized/managed by file server that is also node.

40. Server Ring Topology Local Files Local Files Local Files Local Files Local Files Central Files

41. 41 Bus Topology zNodes are all connected to common cable - the bus. zCommunications and file transfers between workstations are controlled by server. zGenerally less costly to install than ring topology.

42. Server Bus Topology Node Local Files Node Central Files Print Server

43. Client-Server Topology zThis configuration distributes the processing between user’s (client’s) computer and central file server. zBoth types of computers are part of network, but each is assigned functions that it best performs. zThis approach reduces data communications traffic, thus reducing queues and increasing response time.

44. Server Client-Server Topology Client Record Searching Capabilities Data Manipulation Capabilities Client Data Manipulation Capabilities Data Manipulation Capabilities Data Manipulation Capabilities Data Manipulation Capabilities Common Files

45. 45 Wide Area Network (WAN) zWAN is network dispersed over wider geographic area than LAN. Typically requires use of: ygateways to connect different types LANs ybridges to connect same type LANs zWANs may use common carrier facilities ytelephone lines or Value Added Network (VAN).

46. LAN Bridge Gateway LAN WAN Gateway

47. 47 Electronic Data Interchange (EDI) zExchange of business transaction information: ybetween companies yin standard format yvia computerized information system zIn “pure” EDI systems, human involvement is not necessary to approve transactions. (Very few pure EDI systems.)

48. EDI System Purchases System EDI Translation Software EDI Translation Software Communications Software Communications Software Other Mailbox Other Mailbox Wal-Mart’s mailbox Our Company’s mailbox Sales Order System Application Software Application Software Direct Connection VAN Wal-Mart Our Company Direct Connection for Many Transactions VAN for Few Transactions

49. 49 Advantages of EDI zReduction or elimination of data entry zReduction (not elimination) of yerrors ypaper ypaper processing and postage yinventories (via JIT systems)

50. 50