|SENECA COLLEGE, TORONTO|
|As Taught by Prof. Tim Richardson School of Marketing and e-Business, Faculty of Business|
IEC 719 "bare bones outline"
1. E-commerce payment systems
2. Electronic Commerce and Banking (B2B), (B2C)
what is covered under existing legislation, what is not
4. Security concerns
(It is not intended that
the presentation of these security topics will result in the participants
learning everything they need to know - but rather
1. create an awareness of the business and marketing consequence of these topics
2. identify resources they can access should they need to know a lot more)
Copyright Protection Techniques
principles of competitor monitoring
Competitor Intelligence, role in new product development
Security monitoring services
Firewall and other hardware and software considerations
viruses and electronic sabotage
Books and Textbooks used in IEC 719
Commerce: Security, Risk Management and Control by Greenstein
and Feinman. This is one of the few books specifically on the subject of
e-commerce security and was first made available to your professor (WTGR)
in the 2nd week of August 2000. It appears that this book is a
good match for IEC 719 but sufficient time has not been spent on
confirming how closely it fits the Course Outline for 719. At first glance
it is "recommended". We will work in relevant chapters to the course outline
as we move along.
A great web site, hosted by the publisher is at
Security: Weak Links, Best Defenses by Dr. Anup Ghosh of Reliable
Software Technologies www.rstcorp.com
It appears that this book is a good match for IEC 719 but sufficient time has not been spent on confirming how closely it fits the Course Outline for 719. (A review copy was received 3rd week in August 2000) At first glance it is "recommended" - though it is not so "text" oriented as the Greenstein/Feinman book. We will work in relevant chapters to the course outline as we move along.
Commerce: A Managerial Perspective.
book's publication date is listed as 2000. It is an exceptionally good
book. This text will be a key book used in IEC 702 in Sept 2000 and
is recommended for IEC 902 as well as IEC 719. One of the first books to
be written as a text with questions and exercises at the end of each chapter.
companion website was operating, including the
powerpoints when last checked in Aug 2000.
IEC 719 we will use
Commerce This book's publication date
is listed as Nov 1999. Copies were reviewed in February 2000 and it is
considered to be an excellent textbook. As part of the "Course
Technology"family it is well supported and the ccompanying web site
is extensive. This
text will be a key book used in IEC 702 and IEC 719 in Sept 2000 -
IEC 719 we will use
Business of the Internet, by Neal Hannon
This book was first published in Jan 1998. As part of the "Course Technology" family it is well supported and has an accompanying web site. There are some good chapters on Intranets and Business Security issues. We use this book in IEC 702, IEC 719 and IEC 802 www.course.com/downloads/mis/biznet/.
IEC 719 we will use
the Web to Compete in a Global Marketplace was finished by Browning
Rockwell in April 1998. Rockwell got several experts to write key chapters
so he is the editor, not author.. Browning Rockwell has created the
Information Network (GIN), an extensive companion Web site to support
this book. Rockwell also runs a consulting company.
IEC 719 we will refer to
||Kalakota and Whinston's
1996 book was one of the first books used across North America in e-commerce
courses. We used this book at Seneca in 1998 and 1999 but since then, more
recent publications have come out which are more up-to-date, however,,,,
there is still some material in this book which is worthwhile and in particular,
Chpt 6, which deals with the basics of e-payment systems
Copies of this book are available in the Seneca bookstore
|Before we begin
to discuss the different types of payment systems, let's take a perspective
from the introduction to Chapters 7 that Schneider and Perry wrote and
look at one of the big reasons why companies want to effect EPS.
The answer to that reason is the same fundamental answer to why all companies are trying variants of e-commerce - the answer is "to cut costs".
A substantial amount of the costs medium and large sized companies incur is the costs associated with billing. These costs include the printing and paper costs of making the invoice/bill and envelopes, as well as the postage costs for mailing the bills. Utility companies, for example, can spend $1 to $1.50 on each customer each month sending out tens our thousands of bills.
When you are able to implement an electronic payment system for these types of situations it can save a large company $X00,000's of dollars each billing cycle - in addition, you also have the environmental consideration of saving trees, literally.
|This text "Electronic
Commerce: A Managerial Perspective", is a required purchase, and will
also be used in IEC 702 and IEC 802 + it has an accompanying web site
+ dowloadable .ppt slides for each chapter
There are 36 slides in this .ppt and some of them deal very effectively with the current analysis of SET and whether SET is a success or failure.
The 4 Basic Security requirements in Electronic Payment Systems (from slide 6)
Non-repudiation: Merchants need protection against the customer’s unjustifiable denial of placed orders, and customers need protection against the merchants’ unjustifiable denial of past payment
in SET protocol there are 4 entities
Perry write in the beginning of chapter 7 a caution that still holds true
12 months after the book was released in Dec 1999;
"Implementation of electronic payment systems is in its infancy and still evolving. The technical, economic, cultural and legal components of electronic payment systems are not fully understood.. As a result there are a number of competing proposals for implementations of electronic payment systems"
"When customers arrive at a store's electronic checkout counter, merchants want to offer them payment options that are safe, covenient and widely accepted. The key is to figure out which choices work best for your company and for your customers"
Schneider and Perry page 212
Electronic Commerce: Security, Risk Management and Control by Greenstein and Feinman.
While we will use this textbook primarily for the 3rd and 4rth section of this course, Chapter 10 in this book has a good explanation of SET and also compares SET to SSL
One of the helpful things
about the web site for this text is the accompanying list of terms for
each chapter, for the terms associated with Chapter 10, go to
This text also has downloadable
powerpoints. The main site from the publisher is at
The particular powerpoint
for Chapter 10 is at
Explanation of SET - Secure Electronic Transaction Chpt 10, p. 295-296
"SET was developed jointly
by MasterCard and Visa with the goal of providing a secure payment environment
for the transmission of credit card data. SET specification Version 1.0
was published in May 1997..."
Secure Electronic Transaction vs. Secure Sockets Layer
According to Greenstein and Feinman (p. 297) "The initial version of SET protocol is considered to be a stronger security mechanism than other transmission protocols, such as SSL, because of SET's stronger authentification features"
Greenstein and Feinman point out that SSL is good at providing confidentiality during the transmission of the data, but alone it does not authenticate either the sender or the receiver of the message. As we discussed in Chpt 8 of the Turban book, Authentication is one of the 4 Basic Security requirements in Electronic Payment Systems.
|SET - Secure
The role of Certificate Authorities
Greenstein and Feinman explain, p. 298 that the "SET protocl requires that all parties involved in the transaction hold a valid digital certificate ... this means that both the buyer and seller must have a registered certificate from an approved certificate authority..."
Turban, Lee, King and Chung
in "Electronic Commerce: A Managerial Perspective", explain, Chapt
8, p. 280, that
|Our purpose in discussing
Verisign in this section of the course (we will also refer to the company
in the 4th section that deals with Security Concerns) relates to its role
as a CA - Certificate Authority.
"To date, VeriSign has issued
over 215,000 Web site digital certificates and over 3.9 million digital
certificates for individuals"
Verisign's affiliates in
Canada are CIBC and VPN
IEC matrix describing the different Electronic Payment
working on adding in additional information and updating existing information will be one of the tasks for incoming students to IEC 719
an additional reference - mb digital's matrix of Electronic Payment Systems
This electronic payment system is based on a smart card gift certificate. Scotiabank has been piloting a smart-card technology in the Barrie area of Ontario. 65,000 residents are using smart cards to do everything from debit transactions to keeping track of loyalty programs to buying things from vending machines.
The gift cetificates can be bought in any demonination and do not have to be spent all at once, they can also be "reloaded".
From the Scotiabank.com website
you can see their press release describing in more detail what they did
"The computer chip on the electronic gift card -- developed by Scotiabank's e-commerce subsidiary e-Scotia -- is read and adjusted with each purchase until the dollar amount runs out. Customers also have the option to re-load the card if they wish. "This marks the first time that a Canadian bank has used this smart card technology to offer electronic gift card gift certificates on a national scale," said Albert Wahbe, Chairman and CEO of e-Scotia and Scotiabank's Executive Vice-President Electronic Banking."
|Strategic Alliances in the Electronic Payment Systems community||
Electronic Commerce Modeling Language is an alliance of high-tech companies and financial companies to agree on a standard for electronic wallets
A search of the W3C site 04Sept2000 and a look through the ECML site dd not reveal any current information as to the status of how this alliance is progressing towards a situation where the process will become commonly used in transactions
|Online Shoppers Can Kiss
Credit Cards Goodbye
sourced from Yahoo! Singapore - News (Yahoo has since taken down the link so we have quoted below the essential points)
1999 November 20th By Sherman Fridman, Newsbytes.
Fridman writes that "Shopping online could become much easier for people without credit cards under a new Internet Automatic Teller Machine plan developed by Cash Technologies Inc.
Market: "Today nearly half of the US population, and one-fourth of those who qualify, do not have credit cards,"
"In order to turn these cardless customers into online spenders, Cash Technologies announced that it has reached agreements with MP3.com, an online digital music Website, and privately held Sensar Inc., a manufacturer of "iris recognition products," to begin a pilot project using ATM cards to purchase music products at MP3's Website." "Instead of credit cards, MP3 would use Sensar's iris recognition devices and Cash Technologies' EMMA (E-commerce Messaging Management Architecture) transaction processing system." "MP3 customers participating in the pilot project will be able to use their regular bank ATM card to shop securely over the Internet at MP3's Website. The use of Sensar's iris camera attached to the customer's PC will eliminate the need to send person ID numbers via the Internet, removing the key stumbling block that has prevented the use of ATM cards on the Internet. "
Why is this article interesting?
Because it reflects one one many around the world which highlight that
older payment systems cannot keep up with the changing demands of on-line
B2C and B2B situations
|The big three credit card
companies welcome e-business because in these early stages the primary
way that people buy products online in B2C situations is with a major credit
card - which is good for their business. What worries these companies is
percent involved online purchases. VISA projects this will quintuple to 10 percent by 2003
What you should look for
in reading the material in these next few boxes is information about new
products the bog three are bringing out as the forecast what the new payment
processes are moving towards. Also, look for ways they are trying to reinforce
use of their existing product mainstays - the credit card, at the same
time hedge their bets by striking alliances with new situations.
"Visa and MasterCard hold a 75 percent share of the general-purpose credit and charge card network market in the United States. In large part because board members of one serve on the governing committees of the other, Visa and MasterCard effectively act as a single entity, and have conspired to limit competition in the U.S. card industry.”
from the AMEX web site which also gleefully describes the current U.S. Justice Dept. case against VISA and MasterCard
Harvey Golub, chairman and chief executive officer of American Express...“Visa and MasterCard’s anticompetitive behavior has damaged the interests of consumers; eliminated banks’ freedom of choice to carry out business as they see fit; increased operating costs to merchants, particularly in the debit card arena; and retarded innovation in the credit card industry.”
|Visa's section on their
web site titled "Internet shopping" unfortunately is not about the business
aspects involved but simply a portal to a lot of web sites were you can
buy product using your Visa card
Electronic Wallets are one of the new features being used in electronic payment systems, unfortunately, the link on Visa's site which is supposed to explain this was down in August 2000 when we first checked
"Visa Sets new security rules for online purchases"
title of Reuters story Aug 10th, 2000
Visa announced it was setting 10 new security rules for transactions done over the internet
the full story is available
on Yahoo at
Read about Visa's product "Visa ePay"
One of the selling points of this product, targeted at vendors who want a better way of collecting money, is that , your customers' financial institutions secure funds from their accounts before sending payment orders to your financial institution. This authorization and settlement of transactions in good funds means payment assurance and one-time processing
How Visa ePay works
Visa has partnered with Palm. "The Palm VII organizer uses a wireless radio transmitter and web clipping technology along with the new Palm.Net(sm) service to let users get information, conduct e-commerce transactions, and perform instant messaging...Visa's ATM Locator pinpoints the location of any of Visa's 531,000 ATMs in 120 countries worldwide."
Single-use credit card numbers
"... By mid-October, consumers will be able to obtain a numer from a secure Web site and use it - just once - to buy from any online merchant accepting Visa."
full story from Rachel Ross,
Toronto Star Technology Reporter at
On this page, Mastercard have an interesting little demo about how e-wallets work plus they have a link to another page that has some very good explanations of the fundamentals of e-wallets
including points explaining the difference between Server Based and Client Based systems
It was also interesting to note that Mastercard had a special section on their site with various .gifs you could use on your own e-commerce site, and they made it quite easy to find this page - they call it their "brand center"
AMEX has a section on their
web site titled "Security on the Internet", some might think it is very
"lite" and CYA oriented
AMEX use of Digital Certificates
"AMEX currently offers a blue card embedded with a smart chip containing a digital certificate. "Smart chip technology is very flexible, and we specifically designed the blue card on a multi-application platform," says AMEX spokesperson Molly South.
The card is inserted into a free smart card reader plugged into the user's computer. The card, together with a PIN number, allows consumers to buy on the Net using their certificate. The card allows access to an online wallet, which contains information such as shipping and ordering preferences. This information is automatically transmitted to the merchant's online order forms. The system provides instant user-friendly security for both consumer and merchant. AMEX officials are hoping it will encourage more widespread consumer acceptance of online shopping. Initiatives like this could, however, eventually become the thin edge of the wedge for developing a universal digital signature for individuals."
by Paul Zaleski, a reporter
and staff researcher for Offshore Finance USA magazine.
Single-use credit card numbers
"Last week, (Sept 7th, 2000)
American Express announced it will issue single-use credit card numbers
to help reduce the risk posed by hackers who steal and reuse numbers from
full story from Rachel Ross,
Toronto Star Technology Reporter at