CHAPTER 4

E-COMMERCE, M-COMMERCE
AND EMERGING
TECHNOLOGIES

LEARNING OUTCOMES
After reading this chapter, you will be able to -
r Understand the meaning, components and architecture of
E-commerce.
r Grasp the knowledge about the process flows in
E-commerce transactions.
r Comprehend the various aspects of risks and controls in
E-commerce.
r Recognise applicable laws and guidance governing
E-Commerce.
r Acknowledge a basic understanding on the paradigms of
various Computing Technologies like Cloud Computing,
Grid Computing, Mobile Computing, Green Computing
and BYOD etc.
© The Institute of Chartered Accountants of India
 4.2 ENTERPRISE INFORMATION SYSTEMS

CHAPTER OVERVIEW

Components

Architecture

E-COMMERCE AND M-COMMERCE Process Flow Diagrams

Risks and Controls

Laws and Guidelines

• Virtualization
• Grid Computing
• Cloud Computing
• Mobile Computing
EMERGING TECHNOLOGIES • Green IT
• BYOD
• Web 3.0
• Artificial Intelligence
• Machine Learning

4.1 INTRODUCTION TO E-COMMERCE

E-Commerce: “Sale / Purchase of goods / services through electronic mode is
e-commerce.” This could include the use of technology in the form of Computers,
Desktops, Mobile Applications, etc.
The greatest change due to technology innovations in last five years has been the
way users perform their daily chores / activity of life. E-Commerce and its related
technologies are unquestionably the current leading-edge business and finance
delivery systems.

© The Institute of Chartered Accountants of India

 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.3

The explosion in the application of technologies and the delivery of these technologies
in to the hands of consumers has made the vision, the dream, the fantasy of conducting
business electronically, anywhere in the global community, a reality. E-commerce is
no longer just a concept; it is a market force to be reckoned with. As more and more
organizations launch Internet/ World Wide Web (WWW) home pages and intranets
to disseminate company/product information, and expand their customer base,
countless yet unnamed companies are just beginning to investigate this alternative.
These companies are realizing that business via the Internet is inevitable that they
will not be able to ignore. The lure of reaching additional customers, expanding
market shares, providing value-added services, advancing technological presence, and
increasing corporate profits is just too valuable to disregard, and will eventually attract
companies to electronic commerce like moths to a flame.
E-Commerce is the process of doing business electronically. It refers to the use of
technology to enhance the processing of commercial transactions between a company,
its customers and its business partners. It involves the automation of a variety of
Business-To-Business (B2B) and Business-To-Consumer (B2C) transactions through
reliable and secure connections.
A recent report on India’s e-Commerce growth forecasts that as a result of rising
internet penetration as roughly 350 million Indian citizens are already online and that
number is expected to nearly double to 600 million by 2020*. This number is more than
projected users in USA by that time. Above fact is an indicator that India’s e-business
shall be growing very fast as internet penetration increases.
4.1.1 Traditional Commerce and E-Commerce
The greatest change due to technology innovations in last five years has been the way
users perform their daily chores / activity of life. An illustrative Table 4.1.1 shows how
technology has entered every aspect of human life.
Table 4.1.1: Example of how Technology has entered every aspect of human life
S. No. Activity Then Now
1 Wake up Alarm clocks with Mobile alarms, multiple types.
snooze buttons.
Some forcing you to solve mathematical
quiz before you snooze them.
Ensuring you wake up.

2 Morning chores Make / Cook Multiple home delivery solutions

Breakfast available where you can order online.

© The
*Source Institute of Chartered
: www.indianexpress.com Accountants of India
 4.4 ENTERPRISE INFORMATION SYSTEMS

3 Going to office In small towns in Now even in small towns you have a
India, there was mobile APP through which you can
AUTO RICKSHAW call a JUGNOO auto / bike, an OLA or
UBER auto / cab.
4 Office Admin All jobs to be Now you book through online APP,
done by assigned the courier agency picks up POST at
service provider. For designated time and place.
example: Courier’s
need to be sent to
courier agency
5 Procurements of Go shop by shop Now it is possible to search all products
all items: Items to check price and online, buyer can compare prices and
include Electronic, quality order online.
Furniture, Mobiles,
Few online sellers are giving facility of
Grocery, Cars and
delivery within 12 hours of ordering.
Bikes etc. all items
covered here.
Above is the way consumer / customers are buying products / services. This has forced
organization to change their product / service delivery channels. The previous product
delivery channel which was typically defined by the Fig. 4.1.1 has moved to the new
product delivery model Fig. 4.1.2.

Manufacturer 1
Whole Seller
(or Agent) 1
Manufacturer 2

RETAILER
Manufacturer 3
Value added:
Whole Seller
(or Agent) 2 • Breaking bulk
Products • Consolidating supplies
from other • Holding inventory
Manufacturers

Fig. 4.1.1: Old Model

Fig. 4.1.1 illustrates the old traditional model of doing business with multiple layers
before product is finally delivered to customer. Fig. 4.1.2 illustrates the new business
model enabled by technology. In this model the link to consumer and supplier is
virtually direct.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.5

Order Placed by User Shopping Cart Credit Card is Order is Completed

Charged

Shipping Carrier Sent to Warehouse for fulfilment Email is sent to

picks up shipment Customer & Merchant

Fig. 4.1.2: New Model of E-Commerce

4.1.2 Difference between Traditional Commerce and E-Commerce
Table 4.1.2 highlights the difference between Traditional Commerce and E-Commerce.
Table 4.1.2: Traditional Commerce Vs. E-Commerce
BASE FOR TRADITIONAL E-COMMERCE
COMPARISON COMMERCE
Definition Traditional commerce E-Commerce means carrying out
includes all those activities commercial transactions or exchange of
which encourage exchange, information, electronically on the internet.
in some way or the other of
goods / services which are
manual and non-electronic.
Transaction Manual Electronically
Processing
Availability for For limited time. This time 24×7×365
commercial may be defined by law. Like
transactions special stores which may
run 24 hours, but in general
available for limited time.
Nature of Goods can be inspected Goods cannot be inspected physically
purchase physically before purchase. before purchase.
Customer Face-to-face Screen-to-face
interaction
Business Scope Limited to particular area. Worldwide reach
Information No uniform platform for Provides a uniform platform for information
exchange exchange of information. exchange.
Resource focus Supply side Demand side
© The Institute of Chartered Accountants of India
 4.6 ENTERPRISE INFORMATION SYSTEMS

Marketing One way marketing One-to-one marketing

Payment Cash, cheque, credit card, Credit card, fund transfer, Cash in Delivery,
etc. Payment Wallets, UPCI application etc.
Delivery of Instantly Takes time, but now e-commerce websites
goods have created options of same day delivery,
or delivery within 4 hours. This option is
restricted to number of cities as of now.
AMAZON has already started delivery in
United States of America through drones.
Layers of Reduced layers of delivery (i) Increases the profit margin of
Delivery (Profit from manufacturer to manufacturers.
Impact) customers.
(ii) Above (i) allow manufacturers to give
discounts to customers.
(iii) Customers get better prices.
Layers of Reduced layers of delivery (i) This helps customers get faster
Delivery (Time from manufacturer to product deliveries.
Impact) customers.
(ii) Manufacturers can have better
inventory management. As they
will always know what products
customers are buying. They shall be
able to maintain inventory on JIT (Just
in Time) basis.
This has a flip side also, manufacturers will
have to reduce product manufacturing cycle
time, i.e time between order receipt and
goods delivered.
4.1.3 Illustration of E-Commerce Transaction
STEP 1: Go to website (like www.snapdeal.com, www.flipkart.com, www.amazon.in, etc)
and create your user ids (identifications). Those who have social media ids, can directly
link through those ids.
OR
Go to Google Play Store in your hand-held device and download the special software
needed for e-commerce transaction called as APP (Application). Once downloaded,
user needs to press OPEN. The APP is installed on the handheld device. For example:
OYO (Hotel Booking APP), IRCTC (Train ticket booking APP), Foodpanda (Food ordering
APP) and millions of APP like this.
STEP 2: Select the type of product you wish to buy. Each such e-commerce vendor has
huge display of product inventory. User needs to make sure that s/he selects the right
product type.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.7

STEP 3: From the products listed, user needs to select the correct product s/he needs
to buy.
STEP 4: User makes the final choice and goes for making payment online.
STEP 5: At the time of making payment, e-commerce vendor shows all details including
the product being bought and the final price of the same for review of the customer
and confirmation before final payment.
STEP 6: Once user goes for online payment, the e-commerce vendor displays the
payment options. Payment options can be cash on delivery, Payment by Debit/Credit
Cards, etc.
STEP 7: Once the user selects the payment option, he is directed to the payment
gateway where he enters the OTP or the password and the payment is made vide the
Credit Card. Once the payment is made, the confirmation email / SMS are received by
the user.
STEP 8: Based on the delivery terms, the product is delivered to the customer in
specified time.
The first e-commerce transaction vide mobile is supposed to have been done in
Norway in 1997, when a Coco-Cola vending machine were configured to respond to
mobile messages received from customers. The vending machine delivered products
on receiving text messages.
4.1.4 Benefits of E-Business
E-business benefits individuals, businesses, government and society at large. The major
benefits from e-business are as follows:
A. Benefits to Customer / Individual / User
w Convenience: Every product at the tip of individual’s fingertips on internet.
w Time saving: No. of operations that can be performed both by potential buyers
and sellers increase.
w Various Options: There are several options available for customers which are
not only being easy to compare but are provided by different players in the
market.
w Easy to find reviews: There are often reviews about a particular site or product
from the previous customers which provides valuable feedback.
w Coupon and Deals: There are discount coupons and reward points available for
customers to encourage online transaction.
w Anytime Access: Even midnight access to the e commerce platforms is available
which brings in customer suitability.
© The Institute of Chartered Accountants of India
 4.8 ENTERPRISE INFORMATION SYSTEMS

B. Benefits to Business / Sellers

w Increased Customer Base: Since the number of people getting online is
increasing, which are creating not only new customers but also retaining the old
ones.
w Recurring payments made easy: Each business has number of operations being
homogeneous. Brings in uniformity of scaled operations.
w Instant Transaction: The transactions of e commerce are based on real time
processes. This has made possible to crack number of deals.
w Provides a dynamic market: Since there are several players, providing a dynamic
market which enhances quality and business.
w Reduction in costs:
¾ To buyers from increased competition in procurement as more suppliers
are able to compete in an electronically open marketplace.
¾ To suppliers by electronically accessing on-line databases of bid
opportunities, on-line abilities to submit bids, and on-line review of
rewards.
¾ In overhead costs through uniformity, automation, and large-scale
integration of management processes.
¾ Advertising costs.
w Efficiency improvement due to:
¾ Reduction in time to complete business transactions, particularly from
delivery to payment.
¾ Reduction in errors, time, for information processing by eliminating
requirements for re-entering data.
¾ Reduction in inventories and reduction of risk of obsolete inventories as
the demand for goods and services is electronically linked through just-in-
time inventory and integrated manufacturing techniques.
w Creation of new markets: This is done through the ability to easily and cheaply
reach potential customers.
w Easier entry into new markets: This is especially into geographically remote
markets, for enterprises regardless of size and location.
w Better quality of goods: As standardized specifications and competition have
increased and improved variety of goods through expanded markets and the
ability to produce customized goods.
w Elimination of Time Delays: Faster time to market as business processes are
linked, thus enabling
© The Institute seamless
of Chartered processing
Accountants of Indiaand eliminating time delays.
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.9

C. Benefits to Government
w Instrument to fight corruption:-In line with Government’s vision, e commerce
provides a pivotal hand to fight corruption.
w Reduction in use of ecologically damaging materials through electronic
coordination of activities and the movement of information rather than physical
objects).
Clearly, the benefits of corporate-wide implementation of e-business are many, and
this list is by no means complete. With the benefits, however, also come the risks.
An organization should be cautious not to leap blindly into e-business, but rather
first develop an e-business strategy, and then organize a corporate-wide team to
implement that strategy.
4.1.5 E-Commerce Future
From 1997, E-commerce has increased in leaps and bounds. Data by The Economist
magazine for 2013 as shown in Fig. 4.1.3 is a pointer that E-commerce vide mobiles
is not only limited to developed world. Looking to data, developing / third world
countries have adopted is faster.

Mobile money in developing countries

Active accounts per 1,000 adults, selected countries, 2013

0 100 200 300 400 500

Kenya 55

Tanzania 65

Botswana 0.8

Zimbabwe 21

Cameroon 0.1

Philippines 1.9

Bangladesh 5.6

Congo 0.4

Pakistan 4.0

Malaysia 0.1

Afghanistan Value of 18
transactions
South Africa as% of GDP 0.1

Source : IMF

Fig. 4.1.3: E-Commerce widespread in Developing Countries*

© The
*Source Institute of Chartered
: www.economist.com Accountants of India
 4.10 ENTERPRISE INFORMATION SYSTEMS

4.2 COMPONENTS FOR E-COMMERCE

Referring to the Fig, 4.2.1, E-commerce components include the following:
(i) User: This may be individual / organization or anybody using the e-commerce
platforms. As e-commerce, has made procurement easy and simple, just on a
click of button e-commerce vendors needs to ensure that their products are
not delivered to wrong users. In fact, e-commerce vendors selling products like
medicine / drugs need to ensure that such products are not delivered to wrong
person/user.
TECHNOLOGY INFRASTRUCTURE

Electronic Document Interchange

Electronic Fund Electronic Data

T Transfer(EFT) Interchange(EDI)
E V
C Information Marketing E
H Sharing Advertising N
Corporate
N Electronic
Digital E-Commerce D
O Publishing
Library E
L Collaborative Sales, Customer
R
O Work Support
Email Fax S
G
Y
Electronic Messaging

USERS / INTERNET / WEB PORTAL / MOBILE APPS

Fig. 4.2.1: Components of E - Commerce

(ii) E-commerce Vendors: This is the organization / entity providing the user,
goods/ services asked for. For example: www.flipkart.com. E-commerce Vendors
further needs to ensure following for better, effective and efficient transaction.
- Suppliers and Supply Chain Management: These being another important
component of the whole operations. For effectiveness, they need to ensure that -
w They have enough and the right goods suppliers.
w They (suppliers) financially and operational safe.
w Suppliers are able to provide real-time stock inventory.
w The order to deliver time is very short.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.11

- Warehouse operations: When a product is bought, it is delivered from the

warehouse of e-commerce vendor. This place is where online retailers pick
products from the shelf, pack them as per customer’s specification / pre-decided
standards and prepare those products to be delivered. These operations have
become very critical to the success of the whole e-commerce business. Many
e-commerce companies are investing huge amounts of money in automating
the whole warehouses.
- Shipping and returns: Shipping is supplementary and complementary to whole
warehouse operations. Fast returns have become Unique Selling Preposition
(USP) for many e-commerce vendors, so these vendors need very effective and
efficient return processing.
- E - Commerce catalogue and product display: Proper display of all products
being sold by vendor including product details, technical specifications, makes
for a better sales conversion ratio. These help customers gauge the products/
services being sold. A good catalogue makes a lot of difference to whole customer
experience.
- Marketing and loyalty programs: Loyalty programs establish a long-term
relationship with customer. The best examples can be customer loyalty programs
being run by airline industry. In airline industry, customer can get good discount/
free tickets based on loyalty points accumulated. The same concept is being
used by e-commerce vendors to ensure customer loyalty.
- Showroom and offline purchase: Few e-commerce vendors over period have
realized that their products can be sold fast if customers are able to feel / touch /
see those products. These vendors have opened outlets for customer experience
of their products.
- Different Ordering Methods: These are the way customer can place his/her
order, say Cash on Delivery is today most preferred method.
- Guarantees: The product / service guarantee associated with product / service
being sold. Money back guarantees help generate a security in customer’s mind
that in case of any problems, their money shall be safely returned back.
- Privacy Policy: Represents policy adopted by the e-commerce vendor vis-à-vis
customer data / information. E-commerce website must have a privacy policy.
Customers are very concerned about the information that they are sharing. E -
commerce vendors need to clearly explain them what the vendor plan to do with
the various information that is collected from its customers
- Security: Represents the security policy adopted by the e-commerce vendors.
Vendor website needs to state that online data used to transact is safe that
vendors is using appropriate security including security systems like SSL (Secure
© The Institute of Chartered Accountants of India
 4.12 ENTERPRISE INFORMATION SYSTEMS

Socket Layer). This guarantees that the data provided by customer will not fall
into the hand of a malicious hacker while transferring from his / her computer to
the web server.
Privacy Policy and Security are also gaining importance under the Information
Technology Act, 2000 (as amended 2008). The act specifically states that security
of such data (the one collected by e-commerce vendor from customer) shall be
responsibility of e-commerce vendor.
(iii) Technology Infrastructure: The computers, servers, database, mobile apps,
digital libraries, data interchange enabling the e-commerce transactions.
(a) Computers, Servers and Database
- These are the backbone for the success of the venture. Big e-commerce
organization invest huge amount of money / time in creating these
systems. They store the data / program used to run the whole operation of
the organization.
- As cloud computing is increasingly being used, many small / mid-sized
e-commerce originations have started using shared infrastructures.
(b) Mobile Apps
Just as with the personal computer, mobile devices such as tablet computers
and smart phones also have operating systems and application software.
In fact, these mobile devices are in many ways just smaller versions of
personal computers. A mobile app is a software application programmed
to run specifically on a mobile device.
Smartphone’s and tablets have become a dominant form of computing,
with many more smartphones being sold than personal computers. This
means that organizations will have to get smart about developing software
on mobile devices in order to stay relevant. These days, most mobile
devices run on one of two operating systems: Android or iOS. Android
is an open-source operating system supported by Google whereas iOS
is Apple’s mobile operating system. There are other mobile Operating
systems like BlackBerry OS, Windows Mobile, Tizen and FireFox OS.
As organizations consider making their digital presence compatible with
mobile devices, they will have to decide whether to build a mobile app. A
mobile app is an expensive proposition, and it will only run on one type of
mobile device at a time. For example, if an organization creates an iPhone
app, those with Android phones cannot run the application. Each app takes
several thousand dollars to create, so this is not a trivial decision for many
companies. One option many companies have is to create a website that
© The Institute of Chartered Accountants of India
E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.13

is mobile-friendly. A mobile website works on all mobile devices and costs

about the same as creating an app.
It includes the following:
- Mobile store front modules are an integral part of m-commerce apps,
where all commodities and services are categorized and compiled in
catalogs for customers to easily browse through the items on sale and get
essential information about the products.
- Mobile ticketing module is an m-commerce app component that is closely
linked to promotional side of commercial business and enables vendors to
attract customers by distributing vouchers, coupons and tickets.
- Mobile advertising and marketing module empowers merchants to
leverage m-commerce channels in order to manage its direct marketing
campaigns, which are reported to be very effective especially when
targeted at younger representatives of digital information consumers.
- Mobile customer support and information module is a point of reference
for information about a particular retailer, its offerings and deals. The
news about the company, current discounts, shop locations and other
information is either pushed to users’ m-commerce apps or can be found
in m-commerce app itself.
- Mobile banking is inextricably linked to selling process via m-commerce
apps, because no purchase can be finalized without a payment. There are
various options for executing mobile payments, among which are direct
mobile billing, payments via SMS, credit card payments through a familiar
mobile web interface, and payments at physical POS terminals with NFC
technology.
(c) Digital Library: A Digital Library is a special library with a focused
collection of digital objects that can include text, visual material, audio
material, video material, stored as electronic media formats (as opposed to
print, microform, or other media), along with means for organizing, storing,
and retrieving the files and media contained in the library collection. Digital
libraries can vary immensely in size and scope, and can be maintained
by individuals, organizations, or affiliated with established physical library
buildings or institutions, or with academic institutions. The digital content
may be stored locally, or accessed remotely via computer networks. An
electronic library is a type of information retrieval system.
(d) Data Interchange: Data Interchange is an electronic communication of
data. For ensuring the correctness of data interchange between multiple
players in e-commerce, business specific protocols are being used. There
© The Institute of Chartered Accountants of India
 4.14 ENTERPRISE INFORMATION SYSTEMS

are defined standards to ensure seamless / exact communication in

e-commerce.
(iv) Internet / Network: This is the key to success of e-commerce transactions.
- This is the critical enabler for e-commerce. Internet connectivity is important for
any e-commerce transactions to go through. Net connectivity in present days
can be through traditional as well as new technology.
- The faster net connectivity leads to better e-commerce. Many mobile companies
in India have launched 4G services.
- The success of e-commerce trade depends upon the internet capability of
organization. At a global level, it is linked to the countries capability to create
a high speed network. The latest communication technologies like 4G, 5G have
already made in-roads in India.
(v) Web portal: This shall provide the interface through which an individual /
organization shall perform e-commerce transactions.
- Web Portal is the application through which user interacts with the e-commerce
vendor. The front end through which user interacts for an e-commerce transaction.
These web portals can be accessed through desktops / laptops / PDA / hand-
held computing devices / mobiles and now through smart TVs also.
- The simplicity and clarity of content on web portal is directly linked to customer
experience of buying a product online. E-commerce vendors put a lot of money
and effort in this aspect.
(vi) Payment Gateway: The payment mode through which customers shall make
payments. Payment gateway represents the way e-commerce / m-commerce
vendors collects their payments. The payment gateway is another critical
component of e-commerce set up. These are the last and most critical part of
e-commerce transactions. These assures seller of receipt of payment from buyer
of goods / services from e-commerce vendors. Presently numerous methods
of payments by buyers to sellers are being used, including Credit / Debit Card
Payments, Online bank payments, Vendors own payment wallet, Third Party
Payment wallets, like SBI BUDDY or PAYTM, Cash on Delivery (COD) and Unified
Payments Interface (UPI).

4.3 ARCHITECTURE OF NETWORKED SYSTEMS

Architecture is a term to define the style of design and method of construction, used
generally for buildings and other physical structures. In e-commerce, it denotes the
way network architectures are build.
E-commerce runs through network-connected systems. Networked systems can have
two types
© The of architecture
Institute namely;
of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.15

(i) Two tier, and

(ii) Three tier.
4.3.1 Two Tier Client Server
In a Two-tier network, client (user) sends request to Server and the Server responds
to the request by fetching the data from it. The Two-tier architecture is divided into
two tiers- Presentation Tier and Database Tier as shown in the Fig. 4.3.1:
Client Applications
Two
TwoTier
TierArchitecture
Architecture Data Source
Data Source

Two Tier Architecture

Data Source

Two Tier Architecture

Data Source
Client Applications
Presentation Tier Database Tier
Presentation Tier Database Tier
Fig. 4.3.1: Two Tier Client Server Architecture
Fig. 4.3.1: Two Tier Client Server Architecture
Client Applications
(i) Presentation Tier (Client Application/Client Tier): This is the interface that
Presentation Tier Database Tier
allows user to interact withFig. 4.3.1: Two Tier Client/Server
the e-commerce Architecture
m-commerce vendor. User can
Client Applications
login to an e-commerce vendor through this tier. This application also connects
to database tier and displays the various products / prices to customers.
Presentation Tier Database Tier
Fig. 4.3.1: Two Tier Client Server Architecture
(ii) Database Tier (Data Tier): The product data / price data / customer data and
other related data are kept here. User has not access to data / information at
this level but he/she can display all data / information stored here through
application tier.
The Advantages of Two-Tier Systems are as follows:
- The system performance is higher because business logic and database are
physically close.
- Since processing is shared between the client and server, more users could
interact with system.
- By having simple structure, it is easy to setup and maintain entire system
smoothly.
The Disadvantages of Two-Tier Systems are as follows:
w Performance deteriorates if number of users’ increases.
w There is restricted flexibility and choice of DBMS, since data language used in
server
© The is proprietary
Institute to Accountants
of Chartered each vendor.of India
 4.16 ENTERPRISE INFORMATION SYSTEMS

4.3.2 Three Tier Client Server

Three - Tier architecture is a software design pattern and well-established software
architecture. Its three tiers are the Presentation Tier, Application Tier and Data Tier.
Three-tier architecture is a client-server architecture in which the functional process
logic, data access, computer data storage and user interface are developed and
maintained as independent modules on separate platforms. The three-tier architecture
are as follows:
(i) Presentation Tier: Occupies the top level and displays information related
to services available on a website. This tier communicates with other tiers by
sending results to the browser and other tiers in the network.
(ii) Application Tier: Also, called the Middle Tier, Logic Tier, Business Logic or
Logic Tier; this tier is pulled from the presentation tier. It controls application
functionality by performing detailed processing. In computer software, business
logic or domain logic is the part of the program that encodes the real-world
business rules that determine how data can be created, displayed, stored, and
changed.

Client(s) Presentation Tier

Laptop Workstation
Desktop

Application
Tier

Server

Database
Tier Database
Database Database
Database

Fig. 4.3.2: Three Tier Client Server Architecture

(iii) Database Tier: This tier houses the database servers where information is
stored and retrieved. Data in this tier is kept independent of application servers
or business logic. The data tier includes the data persistence mechanisms
©(database servers,
The Institute file shares,
of Chartered etc.) and
Accountants the data access layer that encapsulates
of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.17

the persistence mechanisms and exposes the data. The data access layer should
provide an Application Programming Interface (API) to the application tier that
exposes methods of managing the stored data without exposing or creating
dependencies on the data storage mechanisms. Avoiding dependencies on the
storage mechanisms allows for updates or changes without the application tier
clients being affected by or even aware of the change.
To conclude, in Three Tier Architecture three layers like Client, Server and Database
are involved. In this, the Client sends a request to Server, where the Server sends
the request to Database for data, based on that request the Database sends back
the data to Server and from Server the data is forwarded to Client.
The following are the Advantages of Three-Tier Systems:
w Clear separation of user-interface-control and data presentation from
application-logic: Through this separation more clients can have access
to a wide variety of server applications. The two main advantages for client-
applications are quicker development through the reuse of pre-built business-
logic components and a shorter test phase.
w Dynamic load balancing: If bottlenecks in terms of performance occur, the
server process can be moved to other servers at runtime.
w Change management: It is easy and faster to exchange a component on the
server than to furnish numerous PCs with new program versions.
The Disadvantages of Three-Tier Systems are as follows:
w It creates an increased need for network traffic management, server load
balancing, and fault tolerance.
w Current tools are relatively immature and are more complex.
w Maintenance tools are currently inadequate for maintaining server libraries. This
is a potential obstacle for simplifying maintenance and promoting code reuse
throughout the organization.
4.3.3 Which Architecture is used?
In two tier architecture, application performance will be degraded upon increasing
the users and it is cost in-effective whereas a three-tier architecture provides High
performance, lightweight persistent objects, flexibility, maintainability, reusability
and scalability, performance, high degree of flexibility in deployment, better Re-use,
improved data integrity, improved security wherein client does not have direct access
to database, easy to maintain and application performance is good. Apart from the
usual advantages of modular software with well-defined interfaces, the three-tier
architecture is intended to allow any of the three tiers to be upgraded or replaced
independently in response to changes in requirements or technology.
© The Institute of Chartered Accountants of India
 4.18 ENTERPRISE INFORMATION SYSTEMS

All e-commerce applications follow the three-tier network architecture.

4.3.4 E-Commerce Architecture Vide Internet
Fig. 4.3.3 depicts the E-commerce architecture vide Internet and Table 4.3.1 elaborates
the functioning of each layer.

Order placed Shopping Cart Credit Cart is charged

by User

Client End/User
Order is
completed

Shipment
sent to
Application Layers
Customer

Shopping carrier Sent to Warehouse for fulfilment Email is sent to

picks up shipment Customer & Merchant
Database layers

Fig. 4.3.3: E-commerce Vide Internet

Table 4.3.1: Description of each Layer as per Fig. 4.3.3.
S. No. Layer Includes Purpose
1 Client / User Web Server, Web Browser and Internet. This layer helps the
Interface For example: In example (Fig. 4.3.3) e-commerce customer
where user buys a mobile phone from an connect to e-commerce
e-commerce merchant it includes - merchant.
- User
- Web Browser (Internet Explorer /
Chrome)
- Web Server
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.19

2 Application Application Server and Back End Server. Through these application’s
Layer For example - In the same example, it customer logs to merchant
includes systems. This layer allows
- E-merchant customer to check the
- Reseller products available on
- Logistics partner merchant’s website.
3 Database The information store house, where all This layer is accessible to
Layer data relating to products, price it kept. user through application
layer.

4.3.3 E-Commerce Architecture Vide Mobile Apps

User Retail Transaction

Management System
Merchant

Payment
Mobile
processing
Wallet

Merchant Bank

Fund Transfer

Consumer Bank Internet

Processing Bank

Fig. 4.3.4: E- commerce Vide Mobile Apps

M-Commerce (Mobile Commerce): M-commerce (mobile commerce) is the buying
and selling of goods and services through wireless handheld devices such as cellular
telephone and Personal Digital Assistants (PDAs). M-commerce enables users to access
the Internet without needing to find a place to plug in. Refer Fig. 4.3.4 for E-Commerce
vide Mobile Apps.

© The Institute of Chartered Accountants of India

 4.20 ENTERPRISE INFORMATION SYSTEMS

Table 4.3.2 : Description of Fig. 4.3.4

S. No. Layer Includes Purpose

1 Client / User Mobile Web Browser and Internet. This layer helps the
Interface For example: In example e-commerce customer connect
discussed above where user buys to e-commerce merchant.
a mobile phone from e-commerce
merchant it includes,
- Mobile APP (Application)
- User

2 Application Application Server and back end Through these application’s

Layer server. For example: In the same customer logs to merchant
example, it includes systems. This layer allows
- E-merchant customer to check the products
- Reseller available on merchant’s
website.
- Logistics partner
- Payment Gateway

3 D a t a b a s e The information store house, This layer is accessible to user

Layer where all data relating to through application layer.
products, price it kept.

4.4 WORK FLOW DIAGRAM FOR E-COMMERCE

Pays through Order sent to Shipping is
Submits
Credit Card Warehouse Scheduled and
Online
Sent to
Order Transaction for Shipping
Customer

Customer

Submit order
via phone

Fig. 4.4.1: E-Commerce Workflow Diagram*

Refer Fig. 4.4.1 for E-Commerce Work Flow and Table 4.4.1 for its description

© :The
*Source Institute of Chartered
www.juanribon.com Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.21

Table 4.4.1: Description of E-Commerce Work Flow Diagram

S. No. Step Activities
1 Customers login Few e-commerce merchants may allow same transactions to be done
through phone, but the basic information flow is e-mode.
2 Product / Service Customer selects products / services from available options.
Selection
3 Customer Places Order is placed for selected product / service by customer. This step
Order leads to next important activity PAYMENT GATEWAY.
4 Payment Gateway Here customer makes a selection of the payment method. In case
payment methods is other than cash on delivery(COD), the merchant
gets the update from payment gateway about payment realisation
from customer. In case of COD, e-commerce vendor may do an
additional check to validate customer.
5 Dispatch and This process may be executed at two different ends. First if product /
Shipping Process service inventory is managed by e-commerce vendor, then dispatch
shall be initiated at merchant warehouse.
Second, many e-commerce merchants allow third party vendors to
sale through merchant websites. For example: FLIPKART states that
it has more than 1 lac registered third party vendors on its website.
6 Delivery Tracking Another key element denoting success of e-commerce business is
timely delivery. Merchants keep a track of this. All merchants have
provided their delivery staff with hand held devices, where the
product / service delivery to customers are immediately updated.
7 COD tracking In case products are sold on COD payment mode, merchants need to
have additional check on matching delivery with payments.
Numerous services are of the nature which does not have a separate delivery need, for example
booking a train ticket through irctc.co.in. In this case, there is no separate delivery of service, tickets
booking updates are generated as soon as payments are received by irctc.co.in payment gateways.

4.5 RISKS AND CONTROLS

4.5.1 Risk
Risk is possibility of loss. The same may be result of intentional or un-intentional action
by individuals. Risks associated with e-commerce transactions are high compared to
general internet activities. These include the following:
(i) Privacy and Security: Comes in the point of hacking. There are often
issues of security and privacy due to lack of personalized digital access
and knowledge.
(ii) Quality issues: There are quality issues raised by customers as the original
product differs from
© The Institute of Chartered the one of
Accountants that was ordered.
India
 4.22 ENTERPRISE INFORMATION SYSTEMS

(iii) Delay in goods and Hidden Costs: When goods are ordered from another
country, there are hidden costs enforced by Companies.
(iv) Needs Access to internet and lack of personal touch: The e commerce
requires an internet connection which is extra expensive and lacks personal
touch.
(v) Security and credit card issues: There is cloning possible of credit cards
and debit cards which poses a security threat.
(vi) Infrastructure: There is a greater need of not only digital infrastructure but
also network expansion of roads and railways which remains a substantial
challenge in developing countries.
(vii) Problem of anonymity: There is need to identify and authenticate users
in the virtual global market where anyone can sell to or buy from anyone,
anything from anywhere.
(viii) Repudiation of contract: There is possibility that the electronic transaction
in the form of contract, sale order or purchase by the trading partner or
customer maybe denied.
(ix) Lack of authenticity of transactions: The electronic documents that are
produced during an e-Commerce transaction may not be authentic and
reliable.
(x) Data Loss or theft or duplication: The data transmitted over the Internet
may be lost, duplicated, tampered with or replayed.
(xi) Attack from hackers: Web servers used for e-Commerce maybe vulnerable
to hackers.
(xii) Denial of Service: Service to customers may be denied due to non-
availability of system as it may be affected by viruses, e-mail bombs and
floods.
(xiii) Non-recognition of electronic transactions: e-Commerce transactions,
as electronic records and digital signatures may not be recognized as
evidence in courts of law.
(xiv) Lack of audit trails: Audit trails in e-Commerce system may be lacking
and the logs may be incomplete, too voluminous or easily tampered with.
(xv) Problem of piracy: Intellectual property may not be adequately protected
when such property is transacted through e-Commerce.
4.5.2 Case Studies
Case 1: Return of Mobile
©AThe
person in Hyderabad
Institute of Charteredwas caught for
Accountants returning mobiles with defective parts.
of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.23

Modus operandi:
- He used to buy new mobile online from India’s largest m-commerce
vendor.
- Return them with complaint that mobile purchased is defective.
- He used to replace the new mobiles internal components with defective
components.
- He kept on doing this for two years before being caught.
What control lapse lead to above fraud?
- Entities poor policy documentation regarding accepting mobile returns as
defective.
- Within the organization there must have been a person putting a red mark
when the same person was returning mobiles as defective. This reflects
poor audit mechanism.
Case 2: Purchase fake / inferior products online.
Certain websites allow anybody to sell products on, which creates a market
for fake and bootleg products. It is important to check the history of the seller
and read all the details to ensure the product is the brand name product you
originally intended to buy. A good rule of thumb is that if it’s too good to be true,
it usually is. Designer headphones, purses, and watches will always cost around
retail price online.
4.5.3 Control
Internal control, as defined in accounting and auditing, is a process for assuring
achievement of an organization’s objectives in operational effectiveness and efficiency,
reliable financial reporting, and compliance with laws, regulations and policies.
For example:
- Company may have a policy to force employees to change their passwords
every 30 days.
- A CA firm may not allow office staff access to social sites during office
hours.
In an e-business environment, controls are necessary for all persons in the chain,
including-
A. Users: This is important to ensure that the genuine user is using the e-commerce/
m-commerce platform. There is risk if user accounts are hacked and hackers buy
products / services.
B. Sellers / Buyers / Merchants: These people need to proper framework in place
to ensure success of business. Many e-commerce businesses have lost huge
© The Institute of Chartered Accountants of India
 4.24 ENTERPRISE INFORMATION SYSTEMS

amount of money as they did not have proper controls put in place. These
include controls on:
a. Product catalogues
b. Price catalogues
c. Discounts and promotional schemes
d. Product returns
e. Accounting for cash received through Cash on Delivery mode of sales.
C. Government: Governments across the world and in India have few critical
concerns vis-à-vis electronic transactions, namely:
a. Tax accounting of all products / services sold.
b. All products / services sold are legal. There have been instances where
narcotics drugs have found to be sold and bought through electronic
means.
D. Network Service Providers: They need to ensure availability and security of
network. Any downtime of network can be disastrous for business.
E. Technology Service Providers: These include all other service provider other
than network service provider, for example, cloud computing back-ends,
applications back-ends and like. They are also prone to risk of availability and
security.
F. Logistics Service Providers: Success or failure of any e-commerce / m-commerce
venture finally lies here. Logistics service providers are the ones who are finally
responsible for timely product deliveries.
G. Payment Gateways: E-commerce vendors’ business shall run only when their
payment gateways are efficient, effective and foolproof.
Each participant needs to put in place controls in an e-commerce environment. Any
lack of exercising controls by anyone can bring the risk to whole chain. All participants
as discussed above need to trained and educated for proper controls. Each participant
needs to put in place policies, practices and procedures in place to protect from
e-commerce / m-commerce related risks. These will include the following:
1. Educating the participant about the nature of risks.
Every participant needs to be educated / sensitized towards risk associated with
such transactions. Organizations need to put in place infrastructure / policy
guidelines for the same. These policies may include the following:
- Frequency and nature of education programs.
- The participants for such program.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.25

For example: All bank in India, allowing on line payments put ads on their websites
“Dos and Don’ts for online payments.” The more informed your organisation is, the
easier it will be to combat online threats and to carry out risk mitigating measures.
2. Communication of organizational policies to its customers.
To avoid customer dissatisfaction and disputes, it is necessary to make the
following information clear throughout your website:
- Privacy Policies: These should be available through links on any website.
- Information security: Create a page that educates customers about any
security practices and controls.
- Shipping and billing policies: These should be clear, comprehensive and
available through a link on the home page during online purchase.
- Refund policies: Establish and display a clear, concise statement of a
customer’s refund and credit policy.
3. Ensure Compliance with Industry Body Standards.
All e-Commerce organisations are required to be complying with and adhere to
the rules outlined by the law of land. In India Reserve Bank of India, has been
releasing these standards from time to time.
4. Protect your e-Commerce business from intrusion.
a. Viruses: Check your website daily for viruses, the presence of which can
result in the loss of valuable data.
b. Hackers: Use software packages to carry out regular assessments of how
vulnerable your website is to hackers.
c. Passwords: Ensure employees change these regularly and that passwords
set by former employees of your organization are defunct.
d. Regular software updates: Your site should always be up to date with the
newest versions of security software. If you fail to do this, you leave your
website vulnerable to attack.
e. Sensitive data: Consider encrypting financial information and other
confidential data (using encryption software). Hackers or third parties will
not be able to access encrypted data without a key. This is particularly
relevant for any e-Commerce sites that use a shopping cart system.
f. Know the details of your payment service provider contract.

© The Institute of Chartered Accountants of India

 4.26 ENTERPRISE INFORMATION SYSTEMS

4.5.4 Cyber Security Risk Considerations

The business and technological environment in which the entities operate are rapidly
changing on account of the E-Commerce platforms on which most of them now operate.
Therefore, it is imperative for the consideration of Cyber Security Risks in the audit procedures.
Risk Assessment is always a very important part and parcel of the audit procedures. One
of the most important aspects to be kept in mind during the risk assessment process is
giving due consideration to the changing risks in the entity and its environment due to
the ever-evolving technology landscape which can have a potential impact on the financial
statements. There could be cyber security risks with Direct as well as Indirect impact.
w A Direct Financial Impact could be if the Application at the Company’s Retailers
which contains financial information has weak passwords at all OSI layers
resulting in harming the integrity of data.
w An Indirect Operational Impact could be if the sensitive customer information
in the form of Bank Account Numbers Recipes of Patented products, etc. could
be breached which would result in legal and regulatory actions on the Company
on account of breach of confidential information.
(Standard on Auditing) SA 315 recognizes that IT poses specific risks to an entity’s
internal control in the form of the following:
w Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
w Unauthorized access to data that may result in destruction of data or improper
changes to data, including the recording of unauthorized or non-existent
transactions, or inaccurate recording of transactions. Particular risks may arise
where multiple users access a common database.
w The possibility of IT personnel gaining access privileges beyond those necessary
to perform their assigned duties thereby breaking down segregation of duties.
w Unauthorized changes to data in master files.
w Unauthorized changes to systems or programs.
w Failure to make necessary changes to systems or programs.
w Inappropriate manual intervention.
w Potential loss of data or inability to access data as required.

© The Institute of Chartered Accountants of India

 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.27

Application

Data

Operating System

Internal Network

Perimeter Network

Fig. 4.5.1: Levels through Cyber breach can occur

Referring to the Fig. 4.5.1, it is interesting to note that cyber breach incidents usually
occur through the Perimeter and Internal Network and then go on to the Application
and Database which store the financial information.
Illustrations of the considerations as controls addressing key cyber security risks are as
under:
(i) A Network Diagram detailing servers, databases, hubs, routers, internal and
external network, etc.
(ii) List of the Digital Assets used by the Company and the IT Managers responsible
for the protection for those digital assets alongwith the physical location of those
assets.
(iii) Policy and Procedure document of the criticality of the Digital Assets, the use of
those digital assets, any direct impact on the financial statements of the company,
access restrictions to those assets.
(iv) Any incidents of cyber security breach which occurred and the actions taken and
controls built in to avoid them from occurring again.
(v) Annual review by the CIO, based on the Company’s digital assets and the IT
Environment in which it operates assessing which are the most critical cyber
security risks and designing controls to address the same.
(vi) Are the IT managers responsible for the safeguarding of the assets from cyber-
attacks, adequately skilled and trained to perform the functions.
(vii) The Entity should have a IT Security Policy circulated to all Employees detailing
the procedures to be adhered to when accessing IT systems/resources like
© The Institute of Chartered Accountants of India
 4.28 ENTERPRISE INFORMATION SYSTEMS

password security, restricted use of internet, etc.

(viii) Periodical review of access rights to all IT resources to ensure that the access to
the users is commensurate with their functional roles and responsibilities.
(ix) Adequate approvals exist before the access is granted to any IT resources.
(x) Timely employee awareness campaigns focusing on methods of intrusion which
can be stopped based on individual actions.
(xi) Use of firewalls by the Company to allow internet activity in accordance with the
rules defined.
(xii) Any baseline security configurations established by the Company under any
security standards which are periodically reviewed.
(xiii) All remote access logins are configured for two factor authentication using of
username, password, pin, token, etc.
(xiv) Any vulnerability scans or penetration testing performed by the Company and
any findings noted.
(xv) Are the backups scheduled properly and timely checked by restoration of data?
The above procedures are even to be considered for the assets not owned by the
Company but where the Company is utilizing services from another service provider like
the Server maintenance and security is outsourced to an outsourced service provider.

4.6 GUIDELINES AND LAWS GOVERNING E-COMMERCE

4.6.1 Guidelines for E-Commerce
All entity going for e-commerce / m-commerce business needs to create clear policy
guidelines for the following:
1. Billing: The issues are -
a. Format of bill
b. The details to be shared in bills.
c. Applicable GST.
2. Product guarantee / warranty: Proper display of product guarantee / warranty
online as well as documents sent along with the products.
3. Shipping: The shipping time, frequency of shipping, the packing at time of
shipping, all these needs to be put in policy documents. This will ensure products
are properly packed and timely shipped.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.29

4. Delivery: Policy needs to be defined for:

a. Which mode of delivery to be chosen? Say through courier / third party
had delivery / own staff hand delivery
b. When deliveries to be made? Say time of day.
c. Where deliveries to be made? Say buyer’s office / home or through
dedicated delivery shops. Many e-commerce companies in India have
started creating delivery shops in metro cities. These delivery centres are
in big residential townships. The buyer shall take delivery of products from
these centres.
5. Return: Policy for return of goods need to be put in place defining:
a. Which goods to be accepted in return? Food products would generally not
be accepted.
b. The number of days within which returns can be accepted.
c. The process of verifying the authenticity of products received back.
d. The time within which buyer shall be paid his/her amount back for goods
returned.
6. Payment: Policy guidelines need to be created for the following payment related
issues:
a. Mode of payment.
b. For which products, specific payment mode shall be there. Organisation
restricts cash on delivery for few consumable products.
4.6.2 Commercial Laws Governing E-Commerce
All e-commerce transactions are commercial business transactions. All these
transactions are covered under multiple laws, including commercial laws. Following
commercial laws are applicable to e-commerce and m-commerce transactions.
w Income Tax Act, 1961: Income Tax Act, has detailed provisions regarding taxation
of income in India. In respect of e-commerce / m-commerce transactions, the
issue of deciding place of origin transaction for tax purpose is critical.
w Companies Act, 2013: Companies Act, 2013, regulates the corporate sector. The
law defines all regulatory aspects for companies in India. Most of the merchants
in e-commerce / m-commerce business are companies, both private and public.

© The Institute of Chartered Accountants of India

 4.30 ENTERPRISE INFORMATION SYSTEMS

w Foreign Trade (Development and Regulation) Act, 1992: An Act to provide

for the development and regulation of foreign trade by facilitating imports
into, augmenting exports from, India and for matters connected therewith or
incidental thereto. Amazon has recently allowed Indian citizens to purchase from
its global stores. All these shall be regulated through above law.
w The Factories Act, 1948: Act to regulate working conditions of workers. The act
extends to place of storage as well as transportation. Most of the merchants in
e-commerce / m-commerce business need to comply with provisions of the act.
w The Custom Act, 1962: The act that defines import / export of goods / services
from India and provides for levy of appropriate customs duty. India being a
signatory to General Agreement on Trade and Tariff (GATT) under World Trade
Organisation, cannot levy any custom duty that GATT non-compliant. This one
law is subject to debate across the world. For example: An Indian company
downloads software being sold by a foreign company whether the same shall be
chargeable to duty of import.
w The Goods and Services Tax Act, 2017 (GST): This Act requires each applicable
business, including e-commerce/ m-commerce, to upload each sales and
purchase invoice on one central IT infrastructure, mandating reconciliations of
transactions between business, triggering of tax credits on payments of GST,
facilitating filling of e-returns, etc.
w Indian Contract Act,1872: The act defines constituents of a valid contract. In
case of e-commerce / m-commerce business it becomes important to define
these constituents.
w The Competition Act, 2002: Law to regulate practices that may have adverse
effect on competition in India. Competition Commission have been vigilant to
ensure that e-commerce / m-commerce merchants do not engage in predatory
practices.
w Foreign Exchange Management Act (FEMA 1999): The law to regulate foreign
direct investments, flow of foreign exchange in India. The law has important
implications for e-commerce / m-commerce business. With a view to promote
foreign investment, as per regulations framed under Foreign Exchange
Management Act, (FEMA) 1999, FDI up to 100% under the automatic route is
permitted in companies engaged in e-commerce provided that such companies
would engage in Business to Business (B2B) e-commerce. Foreign investment
in Business to Customer (B2C) e-commerce activities has been opened in a
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.31

calibrated manner and an entity is permitted to undertake retail trading through

e-commerce under the following circumstances:
(i) A manufacturer is permitted to sell its products manufactured in India
through e-commerce retail.
(ii) A single brand retail trading entity operating through brick and mortar
stores, is permitted to undertake retail trading through e-commerce.
(iii) An Indian manufacturer is permitted to sell its own single brand products
through e-commerce retail. Indian manufacturer would be the investee
company, which is the owner of the Indian brand and which manufactures
in India, in terms of value, at least 70% of its products in house, and sources,
at most 30% from Indian manufacturers.
w Consumer Protection Act, 1986: The law to protect consumer rights has been
source of most of litigations for transaction done through e-commerce and
m-commerce.
All laws above have same nature of applicability as in a normal commercial transaction.
The fact that transactions are done electronically gives rise to issues which are unique
in nature. Few of issues have been put to rest by court decisions but new issues crop
up every day. An illustrative list of such issues is discussed in the Table 4.6.1.
Table 4.6.1: Illustrative List of Issues during an Online Transaction

S. No. Event Legal questions out of event

1 Product ordered by ‘A’ 1. What if ‘B’ accepts the products and starts using?
delivered to ‘B’. (For 2. ‘A’ had ordered the product to gift to spouse on
example a DEO). ‘A’ had his/her birthday. What of the mental agony caused?
made payment online. 3. The product is a medicine necessary of treatment of
‘A’s dependent parents. In case of any complication
to ‘A’s parent due to delayed delivery who bears
the additional medical costs?
Above is only an illustrative list. Imagine numerous
possible combinations based on fact of in-correct
delivery.

2 Service ordered by ‘A’ not 1. Who bears the loss that may be incurred by ‘A’?
provided by online vendor.
For example: ‘A’ courier
company does not collect
an important document.

© The Institute of Chartered Accountants of India

 4.32 ENTERPRISE INFORMATION SYSTEMS

3 ‘A’ auction website sales in- 1. What is the legal liability if seller of products?
advertently sales products 2. What is legal liability of buyers of such products?
which cannot be sold at all, 3. What is the legal liability of auction web-site?
or sale of those products is
illegal. For example: Guns/
Narcotics Drugs.

4 ‘A’ downloads a software 1. Whether such a download is import?

from a server in USA. ‘A’ 2. If ‘A’ re-exports can s/he claim benefits under
is in state of MP and then customs?
s/he sells the software to a
person in Mumbai or Sells
the same to another person
in Singapore.

4.6.3 Special Laws governing E-Commerce

E-commerce are covered under few other laws as these transactions are done
electronically.
- Information Technology Act, 2000 (As amended 2008)
- Reserve Bank of India, 1932.
I. Information Technology Act, 2000
This law governs all internet activities in India. The law is applicable to all online
transactions in India, and provides for penalties, prosecution for non-compliances. The
important issues dealt in by the law includes:
- Legality of products / services being offered online.
- Data Protection
- Protecting Your Customer’s Privacy Online
- Online Advertising Compliance
- Compliance with Information Technology Act, provisions.
II. Reserve Bank of India, 1932
Reserve Bank of India (RBI), from time to time frames guidelines to be followed
by e-commerce / m-commerce merchants allowing online payments through various
modes. The merchant needs to comply with these guidelines. For example:
- The conversion of all Credit / Debit cards to be made CHIP based.
- An OTP / PIN for all transactions done on point of sale machines through debit /
credit cards.
- The compliance with capital adequacy norms for payments wallet like SBI BUDDY/
PAYTM etc.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.33

Case 1: Delivering soap instead of mobile phone.

The police in Mumbai have registered a case of cheating against online shopping
portal for delivering a bar of soap to a customer who had ordered a Samsung Galaxy
Note 4. Mr. AB, a resident of Walkeshwar, was excited to receive the parcel, but was
shocked to find a bar of Nirma soap instead. Mr. AB, who works at a leading global IT
firm, decided to register the complaint after the company initially said his complaint
was not genuine.
“I had ordered a Samsung Galaxy Note 4 on May 25 and the product was delivered
on May 30. I had opted for cash-on-delivery and paid ` 29,900 to the delivery boy,”,
Mr. AB informed.
Minutes later, he opened the box and saw it contained a bar of soap in place of
the smartphone. “The box contained a soap bar and an Android phone charger. I
telephoned the deliveryman immediately. He was 10 minutes away from my home but
said I would have to call Flipkart’s customer care number to lodge a complaint”.
He called the customer care but was shocked when he was told his complaint was not
genuine. He reported the matter to the Malabar Hill police and lodged a complaint,
after which a first-information report under Section 420 (cheating and dishonestly
inducing delivery of property) of the Indian Penal Code was registered.
“My experience with online retailer has been disgusting. I received Nirma soap instead
of a smartphone. Over the next few days I called them several times to inquire about
the issue but received neither the cell phone nor my money. They initially denied me
a refund or replacement, claiming that my complaint was not genuine. This was very
annoying, so I filed a complaint with the police and on various customer complaint
websites, after which they refunded my money on Tuesday,” Mr. AB said.
“We will begin our investigation by taking the statement of the delivery boy, after
which we will look into other aspects of the case,” police sub-inspector said.
For its part, online retailer said in written statement: “The company observes a zero-
tolerance policy on incidents that impact customer trust. We are conducting an internal
investigation into this case and are putting all efforts to find out the real facts of this
incident. Meanwhile, as a responsible marketplace, the money has been refunded to
the customer in good faith.”
Case 2: Online Retailer not being paid by companies putting ads on online
retailer’s portal.
India’s top online retailer filed first such case in the Delhi High Court against a US-
based computer data storage company WD for allegedly not paying more than
` 1 crore for placing advertisements on the retailer’s website.

© The Institute of Chartered Accountants of India

 4.34 ENTERPRISE INFORMATION SYSTEMS

4.7 DIGITAL PAYMENTS

Digital Payment is a way of payment which is made through digital modes. In digital
payments, payer and payee both use digital modes to send and receive money. It is
also called electronic payment. No hard cash is involved in the digital payments. All the
transactions in digital payments are completed online. It is an instant and convenient
way to make payments.
New digital payment platforms such as UPI and IMPS are becoming increasingly
popular. Using these new platforms, banks have been scaling rapidly. Every Bank is
impacted by new digital disruptions, so new banking services and ways should be
adapted to use various digital channels to interact and provide services to customers.
To reach out to customers at their convenience, banks are aggressively going digital.
For millennials, banking is all about convenience – a seamless user interface akin to
that of games or app. They value transparency and minimal processes. Convenience
can be delivered through mobile apps and digital banking, the latter is provided by
relationship managers, who need to be proficient in products and process knowledge.
A high level of adaptability is a must for banking sector in this highly digital and tech-
savvy age, where banking transactions can happen even on a mobile or tablet with a
few clicks.
4.7.1 Different Types of Digital Payments
From traditional digital payment methods, India is moving towards newer methods of
digital payments.
I. New Methods of Digital Payment
(i) UPI Apps: Unified Payment Interface (UPI) and retail payment banks are
changing the very face of banking in terms of moving most of banking to digital
platforms using mobiles and apps. UPI is a system that powers multiple bank
accounts (of participating banks), several banking services features like fund
transfer, and merchant payments in a single mobile application. UPI or unified
payment interface is a payment mode which is used to make fund transfers
through the mobile app. User can transfer funds between two accounts using
UPI apps. User must register for mobile banking to use UPI apps. Currently, this
service is only available for android phone users. User need to download a UPI
app and create a VPA or UPI ID. There are too many good UPI apps available
such as BHIM, SBI UPI app, HDFC UPI app, iMobile, PhonePe app etc. as shown
©in the
The Fig. 4.7.1.
Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.35

Fig. 4.7.1 : UPI Apps

(ii) Immediate Payment Service (IMPS): It is an instant interbank electronic fund
transfer service through mobile phones. It is also being extended through other
channels such as ATM, Internet Banking, etc.
(iii) Mobile Apps: BHIM (Bharat Interface for Money) is a Mobile App developed
by National Payments Corporation of India (NPCI) based on UPI (Unified Payment
Interface). It facilitates e-payments directly through banks and supports all Indian
banks which use that platform. It is built on the Immediate Payment Service
infrastructure and allows the user to instantly transfer money between the bank
accounts of any two parties. BHIM works on all mobile devices and enables users
to send or receive money to other UPI payment addresses by scanning QR code
or using account number with Indian Financial Systems Code (IFSC) code or
MMID (Mobile Money Identifier) Code for users who do not have a UPI-based
bank account.
(iv) Mobile Wallets: It is defined as virtual wallets that stores payment card
information on a mobile device. Mobile Wallets provide a convenient way for a
user to make-in-store payments and can be used that merchants listed with the
mobile wallet service providers. There are mobile wallets like PayTm, Freecharge,
Buddy, Mobikwik etc. Some of these are owned by banks and some are owned
by private companies.
(v) Aadhar Enabled Payment Service(AEPS): Government of India, is planning
to launch this in near future. AEPS is an Aadhaar based digital payment mode.
Customer needs only his or her Aadhaar number to pay to any merchant. AEPS
allows bank to bank transactions. It means the money you pay will be deducted
from your account and credited to the payee’s account directly. Customers will
need to link their AADHAR numbers to their bank accounts. APES once launched
can be used at POS terminals also.

© The Institute of Chartered Accountants of India

 4.36 ENTERPRISE INFORMATION SYSTEMS

(vi) Unstructure Supplementary Service Data(USSD): A revolutionary idea,

where to make payments through mobiles there is neither need for internet nor
any smart phone. USSD banking or *99# Banking is a mobile banking based
digital payment mode. User does not need to have a smartphone or internet
connection to use USSD banking. S/he can easily use it with any normal feature
phone. USSD banking is as easy as checking of mobile balance. S/he can use
this service for many financial and non-financial operations such as checking
balance, sending money, changing Mobile Banking Personal Identification
number (MPIN) and getting Mobile Money Identifier (MMID).
II. Traditional Methods of Digital Payment
(i) E-Wallet: E-wallet or mobile wallet is the digital version of physical wallet with
more functionality. User can keep his / her money in an E-wallet and use it when
needed. Use the E-wallets to recharge phone, pay at various places and send
money to friends. If user’s have a smartphone and a stable internet connection,
they can use E-wallets to make payments. These E-Wallets also give additional
cashback offers. Some of the most used E-wallets are State bank buddy, ICICI
Pockets, Freecharge, Paytm etc. as shown in the Fig. 4.7.2.

Fig. 4.7.2: E-Wallets

(ii) Cards: Cards are provided by banks to their account holders. These have been
the most used digital payment modes till now. Various types of cards are as
follows:
o Credit Cards: A small plastic card issued by a bank, or issuer etc., allowing
the holder to purchase goods or services on credit. In this mode of
payment, the buyer’s cash flow is not immediately impacted. User of the
card makes payment to card issuer at end of billing cycle which is generally
a monthly cycle. Credit Card issuer charge customers per transactions / 5%
of transaction as transaction fees.

© The Institute of Chartered Accountants of India

 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.37

o Debits Cards: A small plastic card issued by a bank. Allowing the holder to
purchase goods or services on credit. In this mode of payment, the buyer’s
cash flow is immediately affected that as soon as payment is authorized
buyers account is debited.
(iii) Net Banking: In this mode, the customers log to his / her bank account and
makes payments. All public sectors, large private sector banks allow net banking
facilities to their customers.
4.7.2 Advantages of Digital Payments
(i) Easy and convenient: Digital payments are easy and convenient. Person do not
need to take loads of cash with themselves.
(ii) Pay or send money from anywhere: With digital payment modes, one can pay
from anywhere anytime.
(iii) Discounts from taxes: Government has announced many discounts to
encourage digital payments. User get 0.75% discounts on fuels and 10% discount
on insurance premiums of government insurers.
(iv) Written record: User often forgets to note down his / her spending, or even
if nothing is done it takes a lot of time. These are automatically recorded in
passbook or inside E-Wallet app. This helps to maintain record, track spending
and budget planning.
(v) Less Risk: Digital payments have less risk if used wisely. If user losses mobile
phone or debit/credit card or Aadhar card, no need to worry a lot. No one can
use anyone else’s money without MPIN, PIN or fingerprint in the case of Aadhar.
It is advised that user should get card blocked, if lost.
4.7.3 Drawbacks of Digital Payments
Every coin has two sides so as the digital payments. Despite many advantages, digital
payments have a few drawbacks also.
(i) Difficult for a Non-technical person: As most of the digital payment modes
are based on mobile phone, the internet and cards. These modes are somewhat
difficult for non-technical persons such as farmers, workers etc.
(ii) The risk of data theft: There is a big risk of data theft associated with the digital
payment. Hackers can hack the servers of the bank or the E-Wallet a customer is
using and easily get his/her personal information. They can use this information
to steal money from the customer’s account.
(iii) Overspending: One keeps limited cash in his/her physical wallet and hence
© The Institute of Chartered Accountants of India
 4.38 ENTERPRISE INFORMATION SYSTEMS

thinks twice before buying anything. But if digital payment modes are used, one
has an access to all his/her money that can result in overspending.
4.8 COMPUTING TECHNOLOGIES
Recently, emerging technologies are seen to be having enormous potential to meet the
global challenges. One of the high-potential technologies is informatics. It is expected
to revolutionize the value-additions to the huge information component, which is
growing exponentially. Technological innovations in the field of storage, mining
and services may be the key to address emerging challenges. Though several other
advance technologies include synthetic biology, Nano-scale design, systems biology,
wireless networks, ICT (Information and Communications Technology) enhanced
educational systems etc. ICT appears to be spearheading all such developments at
one or the other levels. To add some flavour to address the challenges, some of the
technologies, which have recently emerged and are being rapidly adapted include
cloud, grid, mobile, and green computing.
4.8.1 Virtualization
In computing, Virtualization means to create a virtual version of a device or resource,
such as a server, storage device, network or even an operating system where the
framework divides the resource into one or more execution environments. Virtualization
refers to technologies designed to provide a layer of abstraction between computer
hardware systems and the software running on them. By providing a logical view of
computing resources, rather than a physical view; virtualization allows its’ users to
manipulate their systems’ operating systems into thinking that a group of servers is
a single pool of computing resources and conversely, allows its users to run multiple
operating systems simultaneously on a single machine.
I. Concept of Virtualization
The core concept of Virtualization lies in Partitioning, which divides a single physical
server into multiple logical servers. Once the physical server is divided, each logical
server can run an operating system and applications independently. For example -
Partitioning of a hard drive is considered virtualization because one drive is partitioned
in a way to create two separate hard drives. Devices, applications and human users are
able to interact with the virtual resource as if it were a real single logical resource.
II. Application Areas of Virtualization
w Server Consolidation: Virtual machines are used to consolidate many physical
servers into fewer servers, which in turn host virtual machines. Each physical
server is reflected as a virtual machine “guest” residing on a virtual machine host
system. This is also known as “Physical-to-Virtual” or ‘P2V’ transformation.
w Disaster Recovery: Virtual machines can be used as “hot standby” environments
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.39

for physical production servers. This changes the classical “backup-and-

restore” philosophy, by providing backup images that can “boot” into live
virtual machines, capable of taking over workload for a production server
experiencing an outage.
w Testing and Training: Virtualization can give root access to a virtual machine.
This can be very useful such as in kernel development and operating system
courses.
w Portable Applications: Portable applications are needed when running an
application from a removable drive, without installing it on the system’s main
disk drive. Virtualization can be used to encapsulate the application with a
redirection layer that stores temporary files, windows registry entries and other
state information in the application’s installation directory and not within the
system’s permanent file system.
w Portable Workspaces: Recent technologies have used virtualization to create
portable workspaces on devices like iPods and USB memory sticks.
III. Common Types of Virtualization
w Hardware Virtualization: Hardware Virtualization or Platform Virtualization
refers to the creation of a virtual machine that acts like a real computer with
an operating system. Software executed on these virtual machines is separated
from the underlying hardware resources. For example, a computer that
is running Microsoft Windows may host a virtual machine that looks like a
computer with the Linux operating system; based software that can be run on
the virtual machine.
The basic idea of Hardware virtualization is to consolidate many small physical
servers into one large physical server so that the processor can be used more
effectively. The software that creates a virtual machine on the host hardware
is called a hypervisor or Virtual Machine Manager. The hypervisor controls
the processor, memory and other components by allowing several different
operating systems to run on the same machine without the need for a source
code. The operating system running on the machine will appear to have its own
processor, memory and other components.
w Network Virtualization: Network Virtualization is a method of combining the
available resources in a network by splitting up the available bandwidth into
channels, each of which is independent from the others, and each of which can
be assigned (or reassigned) to a particular server or device in real time. This
allows a large physical network to be provisioned into multiple smaller logical
networks and conversely allows multiple physical LANs to be combined into a
larger logical network. This behaviour allows administrators to improve network
© The Institute of Chartered Accountants of India
 4.40 ENTERPRISE INFORMATION SYSTEMS

traffic control, enterprise and security. Network virtualization involves platform

virtualization, often combined with resource virtualization.
Various equipment and software vendors offer network virtualization by
combining any of the Network hardware such as switches and Network
Interface Cards (NICs); Network elements such as firewalls and load balancers;
Networks such as virtual LANs (VLANs); Network storage devices; Network
machine-to-machine elements such as telecommunications devices; Network
mobile elements such as laptop computers, tablet computers, smart phones
and Network media such as Ethernet and Fibre Channel. Network virtualization
is intended to optimize network speed, reliability, flexibility, scalability, and
security.
w Storage Virtualization: Storage Virtualization is the apparent pooling of data
from multiple storage devices, even different types of storage devices, into what
appears to be a single device that is managed from a central console. Storage
virtualization helps the storage administrator perform the tasks of backup,
archiving, and recovery more easily and in less time by disguising the actual
complexity of a Storage Area Network (SAN). Administrators can implement
virtualization with software applications or by using hardware and software
hybrid appliances. The servers connected to the storage system aren’t aware
of where the data really is. Storage virtualization is sometimes described as
“abstracting the logical storage from the physical storage.
4.8.2 Grid Computing
The computing resources in most of the organizations are underutilized but are
necessary for certain operations. The idea of Grid computing is to make use of such
non-utilized computing power by the needy organizations, and thereby the Return on
Investment (RoI) on computing investments can be increased.
Grid Computing is a computer network in which each computer’s resources are
shared with every other computer in the system. It is a distributed architecture of large
numbers of computers connected to solve a complex problem. In the grid computing
model, servers or personal computers run independent tasks and are loosely linked by
the Internet or low-speed networks. A typical Grid Model is shown in Fig. 4.8.1.
It is a special kind of distributed computing. In distributed computing, different
computers within the same network share one or more resources. In the ideal grid
computing system, every resource is shared, turning a computer network into a
powerful supercomputer. With the right user interface, accessing a grid computing
system would look no different than accessing a local machine’s resources. Every
authorized computer would have access to enormous processing power and storage
capacity.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.41

Grid Node
Control Server

Task

Fig. 4.8.1: Grid Computing Scenario

I. Benefits of Grid Computing
w Making use of Underutilized Resources: In most organizations, there are
large amounts of underutilized computing resources including even the
server machines. Grid computing provides a framework for exploiting these
underutilized resources and thus has the possibility of substantially increasing
the efficiency of resource usage. Grid computing (more specifically, a data grid)
can be used to aggregate this unused storage into a much larger virtual data
store, possibly configured to achieve improved performance and reliability over
that of any single machine.
w Resource Balancing: For applications that are grid-enabled, the grid can offer
a resource balancing effect by scheduling grid jobs on machines with low
utilization. This feature of grid computing handles occasional peak loads of
activity in parts of a larger organization. An unexpected peak can be routed to
relatively idle machines in the grid; and if the grid is already fully utilized, the
lowest priority work being performed on the grid can be temporarily suspended
or even cancelled and performed again later to make room for the higher priority
work.
w Parallel CPU Capacity: The potential for usage of massive parallel CPU capacity
is one of the most common visions and attractive features of a grid. A CPU-
intensive grid application can be thought of as many smaller sub-jobs, each
executing on a different machine in the grid. To the extent that these sub-jobs
do not need to communicate with each other, the more scalable the application
becomes. A perfectly scalable application will, for example, finish in one tenth of
the time if it uses ten times the number of processors
w Virtual resources and virtual organizations for collaboration: Grid computing
provides
© The anofenvironment
Institute for collaboration
Chartered Accountants of India among a wider audience. The users
 4.42 ENTERPRISE INFORMATION SYSTEMS

of the grid can be organized dynamically into a number of virtual organizations,

each with different policy requirements. These virtual organizations can share
their resources such as data, specialized devices, software, services, licenses,
and so on, collectively as a larger grid. The grid can help in enforcing security
rules among them and implement policies, which can resolve priorities for both
resources and users.
w Access to additional resources: In addition to CPU and storage resources, a
grid can provide access to other resources as well. For example, if a user needs to
increase their total bandwidth to the Internet to implement a data mining search
engine, the work can be split among grid machines that have independent
connections to the Internet. In this way, total searching capability is multiplied,
since each machine has a separate connection to the Internet.
w Reliability: High-end conventional computing systems use expensive hardware
to increase reliability. The machines also use duplicate processors in such a way
that when they fail, one can be replaced without turning the other off. Power
supplies and cooling systems are duplicated. The systems are operated on special
power sources that can start generators if utility power is interrupted. All of this
builds a reliable system, but at a great cost, due to the duplication of expensive
components.
w Management: The goal to virtualize the resources on the grid and more
uniformly handle heterogeneous systems create new opportunities to better
manage a larger, more distributed IT infrastructure. The grid offers management
of priorities among different projects. Aggregating utilization data over a larger
set of projects can enhance an organization’s ability to project future upgrade
needs. When maintenance is required, grid work can be rerouted to other
machines without crippling the projects involved.
II. Types of Resources
A grid is a collection of machines, sometimes referred to as nodes, resources, members,
donors, clients, hosts and many other such terms. They all contribute any combination
of resources to the grid as a whole. Some resources may be used by all users of the
grid, while others may have specific restrictions.
w Computation: The most common resource is Computing Cycles provided
by the processors of the machines on the grid where processors can vary in
speed, architecture, software platform, and other associated factors such as
memory, storage, and connectivity. There are three primary ways to exploit the
computation resources of a grid.
o To run an existing application on an available machine on the grid rather
than locally;
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.43

o To use an application designed to split its work in such a way that the
separate parts can execute in parallel on different processors; and
o To run an application, that needs to be executed many times, on many
different machines in the grid.
w Storage: The second most common resource used in a grid is Data Storage. A
grid providing an integrated view of data storage is sometimes called a Data
Grid. Each machine on the grid usually provides some quantity of storage for
grid use, even if temporary. Storage can be memory attached to the processor or
it can be secondary storage, using hard disk drives or other permanent storage
media. More advanced file systems on a grid can automatically duplicate sets of
data, to provide redundancy for increased reliability and increased performance.
w Communications: Communications within the grid are important for sending
jobs and their required data to points within the grid. The bandwidth available
for such communications can often be a critical resource that can limit utilization
of the grid. Redundant communication paths are sometimes needed to better
handle potential network failures and excessive data traffic. In some cases, higher
speed networks must be provided to meet the demands of jobs transferring
larger amounts of data.
w Software and Licenses: The grid may have software installed that may be too
expensive to install on every grid machine. Some software licensing arrangements
permit the software to be installed on all of the machines of a grid but may limit
the number of installations that can be simultaneously used at any given instant.
License management software keeps track of how many concurrent copies of the
software are being used and prevents more than that number from executing at
any given time.
w Special equipment, capacities, architectures, and policies: Platforms on the
grid will often have different architectures, operating systems, devices, capacities,
and equipment. Each of these items represents a different kind of resource that
the grid can use as criteria for assigning jobs to machines. For example, some
machines may be designated to only be used for medical research. These would
be identified as having a medical research attribute and the scheduler could be
configured to only assign jobs that require machines of the medical research
resource.
III. Application Areas of Grid Computing
w Civil engineers collaborate to design, execute, & analyze shake table experiments.
w An insurance company mines data from partner hospitals for fraud detection.
w An application service provider offloads excess load to a compute cycle provider.
© The Institute of Chartered Accountants of India
 4.44 ENTERPRISE INFORMATION SYSTEMS

w An enterprise configures internal & external resources to support e-Business

workload.
w Large-scale science and engineering are done through the interaction of people,
heterogeneous computing resources, information systems and instruments, all
of which are geographically and organizationally dispersed.
IV. Grid Computing Security
To develop security architecture, following constraints are taken from the characteristics
of grid environment and application.
w Single Sign-on: A user should authenticate once and they should be able to
acquire resources, use them, and release them and to communicate internally
without any further authentication.
w Protection of Credentials: User passwords, private keys, etc. should be protected.
w Interoperability with local security solutions: Access to local resources should
have local security policy at a local level. Despite of modifying every local resource
there is an inter-domain security server for providing security to local resource.
w Exportability: The code should be exportable i.e. they cannot use a large amount
of encryption at a time. There should be a minimum communication at a time.
w Support for secure group communication: In a communication there are
number of processes which coordinate their activities. This coordination must be
secure and for this there is no such security policy.
w Support for multiple implementations: There should be a security policy
which should provide security to multiple sources based on public and private
key cryptography.
4.8.3 Cloud Computing
To understand cloud computing, we first have to understand what the cloud is. “The
Cloud” refers to applications, services, and data storage on the Internet. These service
providers rely on giant server farms and massive storage devices that are connected
via Internet protocols. Cloud computing is the use of these services by individuals
and organizations. You probably already use cloud computing in some forms. For
example, if you access your e-mail via your web browser, you are using a form of cloud
computing. If you use Google Drive’s applications, you are using cloud computing.
While these are free versions of cloud computing, there is big business in providing
applications and data storage over the web. Salesforce is a good example of cloud
computing as their entire suite of CRM applications are offered via the cloud. Cloud
computing is not limited to web applications: it can also be used for services such
as phone or video streaming. The best example of cloud computing is Google Apps
where any application can be accessed using a browser and it can be deployed on
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.45

thousands of computers through the Internet.

Cloud computing, simply means the use of computing resources as a service through
networks, typically the Internet. The Internet is commonly visualized as clouds; hence
the term “cloud computing” for computation done through the Internet. With Cloud
Computing, users can access database resources via the Internet from anywhere, for as
long as they need, without worrying about any maintenance or management of actual
resources. Besides these, databases in cloud may be highly dynamic and scalable. In
fact, it is a very independent platform in terms of computing.
Cloud computing is both, a combination of software and hardware based computing
resources delivered as a networked service. This model of IT enabled services enables
anytime access to a shared pool of applications and resources. These applications and
resources can be accessed using a simple front-end interface such as a Web browser,
and thus enabling users to access the resources from any client device including
notebooks, desktops and mobile devices.
Cloud computing provides the facility to access shared resources and common
infrastructure offering services on demand over the network to perform operations
that meet changing business needs (shown in Fig. 4.8.2). The location of physical
resources and devices being accessed are typically not known to the end user. It also
provides facilities for users to develop, deploy and manage their applications ‘on the
cloud’, which entails virtualization of resources that maintains and manages itself.

Tablet Laptop
Documents Training

Finance Contacts
Spreadsheets Email Calendar
Database Presentations
Collaboration Storage
Smartphone

Desktop
Having secure access to all your application and
data from any network device

Fig. 4.8.2: Cloud Computing Scenario

With cloud computing, companies can scale up to massive capacities in an instant
without having to invest in new infrastructure, train new personnel or license new
software. Cloud computing is of benefit to small and medium-sized business systems,
© The Institute of Chartered Accountants of India
 4.46 ENTERPRISE INFORMATION SYSTEMS

who wish to completely outsource their data-center infrastructure; or large companies,

who wish to get peak load capacity without incurring the higher cost of building larger
data centers internally. In both the instances, service consumers use ‘what they need
on the Internet’ and ‘pay only for what they use’.
The service consumer may no longer be required to pay for a PC, use an application
from the PC, or purchase a specific software version that’s configured for smart phones,
PDAs, and other devices. The consumers may not own the infrastructure, software,
or platform in the cloud based schemes, leading to lower up-fronts, capital, and
operating expenses. End users may not need to care about how servers and networks
are maintained in the cloud, and can access multiple servers anywhere on the globe
without knowing ‘which ones and where they are located’.
I. Characteristics of Cloud Computing
The following is a list of characteristics of a cloud-computing environment. Not all
characteristics may be present in a specific cloud solution. However, some of the key
characteristics are given as follows:
w Elasticity and Scalability: Cloud computing gives us the ability to expand and
reduce resources according to the specific service requirement. For example, we
may need a large number of server resources for the duration of a specific task.
We can then release these server resources after we complete our task.
w Pay-per-Use: We pay for cloud services only when we use them, either for the
short term (for example, for CPU time) or for a longer duration (for example, for
cloud-based storage or vault services).
w On-demand: Because we invoke cloud services only when we need them, they
are not permanent parts of the IT infrastructure. This is a significant advantage
for cloud use as opposed to internal IT services. With cloud services there is no
need to have dedicated resources waiting to be used, as is the case with internal
services.
w Resiliency: The resiliency of a cloud service offering can completely isolate the
failure of server and storage resources from cloud users. Work is migrated to
a different physical resource in the cloud with or without user awareness and
intervention.
w Multi Tenancy: Public cloud service providers often can host the cloud services
for multiple users within the same infrastructure. Server and storage isolation
may be physical or virtual depending upon the specific user requirements.
w Workload Movement: This characteristic is related to resiliency and cost
considerations. Here, cloud-computing providers can migrate workloads across
servers both inside the data center and across data centers (even in a different
©geographic
The Institutearea). This migration
of Chartered might
Accountants be necessitated by cost (less expensive to
of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.47

run a workload in a data center in another country based on time of day or power
requirements) or efficiency considerations (for example, network bandwidth). A
third reason could be regulatory considerations for certain types of workloads.
II. Advantages of Cloud Computing
w Achieve economies of scale: Volume output or productivity can be increased
even with fewer systems and thereby reduce the cost per unit of a project or
product.
w Reduce spending on technology infrastructure: Data and information can be
accessed with minimal upfront spending in a pay-as-you-go approach, which is
based on demand.
w Globalize the workforce: People worldwide can access the cloud with Internet
connection.
w Streamline business processes: Getting more work done in less time with less
resources are possible.
w Reduce capital costs: Not required to spend huge money on hardware, software,
or licensing fees.
w Pervasive accessibility: Data and applications can be accesses anytime,
anywhere, using any smart computing device, making our life so much easier.
w Monitor projects more effectively: It is feasible to confine within budgetary
allocations and can be ahead of completion cycle times.
w Less personnel training is needed: It takes fewer people to do more work on a
cloud, with a minimal learning curve on hardware and software issues.
w Minimize maintenance and licensing software: As there is no too much of
non-premise computing resources, maintenance becomes simple and updates
and renewals of software systems rely on the cloud vendor or provider.
w Improved flexibility: It is possible to make fast changes in our work environment
without serious issues at stake.
III. Drawbacks of Cloud Computing
w If Internet connection is lost, the link to the cloud and thereby to the data and
applications is lost.
w Security is a major concern as entire working with data and applications depend
on other cloud vendors or providers.
w Although Cloud computing supports scalability (ie. quickly scaling up and down
computing resources depending on the need), it does not permit the control on
these resources as these are not owned by the user or customer.
© The Institute of Chartered Accountants of India
 4.48 ENTERPRISE INFORMATION SYSTEMS

w Depending on the cloud vendor or provide, customers may have to face restrictions
on the availability of applications, operating systems and infrastructure options.
w Interoperability (ability of two or more applications that are required to support
a business need to work together by sharing data and other business-related
resources) is an issue wherein all the applications may not reside with a single
cloud vendor and two vendors may have applications that do not cooperate with
each other.
IV. Cloud Computing Environment
The Cloud Computing environment can consist of multiple types of clouds based on
their deployment and usage. Such typical Cloud computing environments, catering to
special requirements, are briefly described as follows (given in Fig. 4.8.3).

Hybrid The Cloud

Private / Internal
Public/
External

Off Premise/Third Party

On Premise/Internal

Fig. 4.8.3: Cloud Deployment Models

(A) Private Cloud: This cloud computing environment resides within the boundaries
of an organization and is used exclusively for the organization’s benefits. These
are also called Internal Clouds or Corporate Clouds. Private Clouds can either
be private to the organization and managed by the single organization (On-
Premise Private Cloud) or can be managed by third party (Outsourced Private
Cloud). They are built primarily by IT departments within enterprises, who
seek to optimize utilization of infrastructure resources within the enterprise by
provisioning the infrastructure with applications using the concepts of grid and
virtualization.
Characteristics of Private Cloud
w Secure: The private cloud is secure as it is deployed and managed by the
organization itself, and hence there is least chance of data being leaked out of
©the
Thecloud.
Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.49

w Central Control: As usually the private cloud is managed by the organization

itself, there is no need for the organization to rely on anybody and its controlled
by the organization itself.
w Weak Service Level Agreements (SLAs): SLAs play a very important role in any
cloud service deployment model as they are defined as agreements between
the user and the service provider in private cloud. In private cloud, either Formal
SLAs do not exist or are weak as it is between the organization and user of the
same organization. Thus, high availability and good service may or may not be
available.
Advantages of Private Cloud
w It improves average server utilization; allow usage of low-cost servers and
hardware while providing higher efficiencies; thus, reducing the costs that a
greater number of servers would otherwise entail.
w It provides a high level of security and privacy to the user.
w It is small and controlled and maintained by the organization.
Moreover, one major limitation of Private Cloud is that IT teams in the
organization may have to invest in buying, building and managing the clouds
independently. Budget is a constraint in private clouds and they also have loose
SLAs.
(B) Public Cloud: The public cloud is the cloud infrastructure that is provisioned
for open use by the general public. It may be owned, managed, and operated
by a business, academic, or government organizations, or some combination of
them. Typically, public clouds are administrated by third parties or vendors over
the Internet, and the services are offered on pay-per-use basis. These are also
called Provider Clouds. Public cloud consists of users from all over the world
wherein a user can simply purchase resources on an hourly basis and work with
the resources which are available in the cloud provider’s premises.
Characteristics of Public Cloud
w Highly Scalable: The resources in the public cloud are large in number and the
service providers make sure that all requests are granted. Hence public clouds
are considered to be scalable.
w Affordable: The cloud is offered to the public on a pay-as-you-go basis; hence
the user has to pay only for what he or she is using (using on a per-hour basis).
And this does not involve any cost related to the deployment.
w Less Secure: Since it is offered by a third party and they have full control over the
cloud, the public cloud is less secure out of all the other deployment models.
© The Institute of Chartered Accountants of India
 4.50 ENTERPRISE INFORMATION SYSTEMS

w Highly Available: It is highly available because anybody from any part of the
world can access the public cloud with proper permission, and this is not possible
in other models as geographical or other access restrictions might be there.
w Stringent SLAs: As the service provider’s business reputation and customer
strength are totally dependent on the cloud services, they follow the SLAs strictly
and violations are avoided.
Advantages of Public Cloud
w It is widely used in the development, deployment and management of enterprise
applications, at affordable costs.
w It allows the organizations to deliver highly scalable and reliable applications
rapidly and at more affordable costs.
w There is no need for establishing infrastructure for setting up and maintaining
the cloud.
w Strict SLAs are followed.
w There is no limit for the number of users.
Moreover, one of the limitation of Public cloud is security assurance and
thereby building trust among the clients is far from desired but slowly liable to
happen. Further, privacy and organizational autonomy are not possible.
(C) Hybrid Cloud: This is a combination of both at least one private (internal) and
at least one public (external) cloud computing environments - usually, consisting
of infrastructure, platforms and applications. The usual method of using the
hybrid cloud is to have a private cloud initially, and then for additional resources,
the public cloud is used. The hybrid cloud can be regarded as a private cloud
extended to the public cloud and aims at utilizing the power of the public cloud
by retaining the properties of the private cloud. It is typically offered in either of
two ways. A vendor has a private cloud and forms a partnership with a public
cloud provider or a public cloud provider forms a partnership/franchise with a
vendor that provides private cloud platforms. Fig. 4.8.4 depicts Hybrid Cloud.

Private Cloud Public Cloud

(Internal) (External)
Cloud

© The Institute of Chartered Fig. 4.8.4: Hybrid

Accountants of India Cloud
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.51

Characteristics of Hybrid Cloud

w Scalable: The hybrid cloud has the property of public cloud with a private cloud
environment and as the public cloud is scalable; the hybrid cloud with the help
of its public counterpart is also scalable.
w Partially Secure: The private cloud is considered as secured and public cloud
has high risk of security breach. The hybrid cloud thus cannot be fully termed as
secure but as partially secure.
w Stringent SLAs: Overall the SLAs are more stringent than the private cloud and
might be as per the public cloud service providers.
w Complex Cloud Management: Cloud management is complex as it involves
more than one type of deployment models and also the number of users is high.
The Advantages of Hybrid Cloud include the following:
w It is highly scalable and gives the power of both private and public clouds.
w It provides better security than the public cloud.
The limitation of Hybrid Cloud is that the security features are not as good as
the private cloud and complex to manage.
(D) Community Cloud: The community cloud is the cloud infrastructure that
is provisioned for exclusive use by a specific community of consumers from
organizations that have shared concerns (eg. mission security requirements,
policy, and compliance considerations). It may be owned, managed, and operated
by one or more of the organizations in the community, a third party or some
combination of them, and it may exist on or off premises. In this, a private cloud
is shared between several organizations. Fig. 4.8.5 depicts Community Cloud.
This model is suitable for organizations that cannot afford a private cloud and
cannot rely on the public cloud either.
Characteristics of Community Cloud
w Collaborative and Distributive Maintenance: In this, no single company has
full control over the whole cloud. This is usually distributive and hence better
cooperation provides better results.
w Partially Secure: This refers to the property of the community cloud where few
organizations share the cloud, so there is a possibility that the data can be leaked
from one organization to another, though it is safe from the external world.
w Cost Effective: As the complete cloud if being shared by several organizations
or community, not only the responsibility gets shared; the community cloud
becomes cost effective too.
© The Institute of Chartered Accountants of India
 4.52 ENTERPRISE INFORMATION SYSTEMS

Cloud

Private Organization Private Organization

User 1 User 2 User 3 User 1 User 2 User 3

Fig. 4.8.5: Community Cloud

Advantages of Community Cloud
w It allows establishing a low-cost private cloud.
w It allows collaborative work on the cloud.
w It allows sharing of responsibilities among the organizations.
w It has better security than the public cloud.
The limitation of the Community Cloud is that the autonomy of the organization
is lost and some of the security features are not as good as the private cloud. It
is not suitable in the cases where there is no collaboration.
V. Cloud Computing Service Models
Cloud computing is a model that enables the end users to access the shared pool
of resources such as compute, network, storage, database and application as an on-
demand service without the need to buy or own it. The services are provided and
managed by the service provider, reducing the management effort from the end user
side. The essential characteristics of the cloud include on-demand, self-service, broad
network access, resource pooling, rapid elasticity, and measured service. The National
Institute of Standards and Technology (NIST) defines three basic service models -
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service
(SaaS). These are pictorially presented in Fig. 4.8.6.
(A) Infrastructure as a Service (IaaS): IaaS, a hardware-level service, provides
computing resources such as processing power, memory, storage, and networks
for cloud users to run their application on-demand. This allows users to maximize

© The Institute of Chartered Accountants of India

 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.53

the utilization of computing capacities without having to own and manage their
own resources. The end-users or IT architects will use the infrastructure resources
in the form of Virtual machines (VMs) and design virtual infrastructure, network
load balancers etc., based on their needs. The IT architects need not maintain
the physical servers as it is maintained by the service providers. Examples of
IaaS providers include Amazon Web Services (AWS), Google Compute Engine,
OpenStack and Eucalyptus.

Software as
Service

Platform as
Service

Infrastructure as
Service

Fig. 4.8.6: Cloud Computing Basic Service Models

(i) Characteristics of IaaS
w Web access to the resources: The IaaS model enables the IT users to access
infrastructure resources over the Internet. When accessing a huge computing
power, the IT user need not get physical access to the servers.
w Centralized Management: The resources distributed across different parts
are controlled from any management console that ensures effective resource
management and effective resource utilization.
w Elasticity and Dynamic Scaling: Depending on the load, IaaS services can
provide the resources and elastic services where the usage of resources can be
increased or decreased according to the requirements.
w Shared infrastructure: IaaS follows a one-to-many delivery model and allows
multiple IT users to share the same physical infrastructure and thus ensure high
resource utilization.
w Metered Services: IaaS allows the IT users to rent the computing resources
instead of buying it. The services consumed by the IT user will be measured, and
the users will be charged by the IaaS providers based on the amount of usage.

© The Institute of Chartered Accountants of India

 4.54 ENTERPRISE INFORMATION SYSTEMS

(ii) Different instances of IaaS (as discussed in the Table 4.8.1)

Table 4.8.1: Instances of IaaS
Instance Description
Network • Provides users with needed data communication capacity to accommodate
as a bursts in data traffic during data-intensive activities such as video conferencing
Service or large file downloads.
(NaaS)
• It is an ability given to the end-users to access virtual network services that
are provided by the service provider over the Internet on a per-per-use basis.
• Allows network architects to create virtual networks; virtual network
interface cards (NICs), virtual routers, virtual switches, and other networking
components.
• Allows the network architect to deploy custom routing protocols and enables
the design of efficient in-network services, such as data aggregation, stream
processing, and caching. NaaS providers operate using three common service
models: Virtual Private Network (VPN), Bandwidth on Demand (BoD) and
Mobile Virtual Network (MVN).
Storage as • Provides storage infrastructure on a subscription basis to users who want a
a Service low-cost and convenient way to store data, synchronize data across multiple
(STaaS) devices, manage off-site backups, mitigate risks of disaster recovery, and
preserve records for the long-term.
• It is an ability given to the end users to store the data on the storage services
provided by the service provider.
• STaaS allows the end users to access the files at any time from any place.
STaaS provider provides the virtual storage that is abstracted from the
physical storage of any cloud data center.
Database • Provides users with seamless mechanisms to create, store, and access
as a databases at a host site on demand.
Service
• It is an ability given to the end users to access the database service without
(DBaaS)
the need to install and maintain it on the pay-per-use basis.
• The end users can access the database services through any Application
Programming Interfaces (APIs) or Web User Interfaces provided by the service
provider.
Backend as • Provides web and mobile app developers a way to connect their applications
a Service to backend cloud storage with added services such as user management,
(BaaS) push notifications, social network services integration using custom software
development kits and application programming interfaces.
Desktop as • Provides ability to the end users to use desktop virtualization without buying
a Service and managing their own infrastructure.
(DTaaS)
• It is a pay-per-use cloud service delivery model in which the service provider
manages the back-end responsibilities of data storage, backup, security and
upgrades.
• The end-users are responsible for securing for managing their own desktop
images, applications, and security. These services are simple to deploy, are
highly
© The Institute secure, andAccountants
of Chartered produce better experience on almost all devices.
of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.55

(B) Platform as a Service (PaaS): PaaS provides the users the ability to develop
and deploy an application on the development platform provided by the service
provider. In traditional application development, the application will be developed
locally and will be hosted in the central location. In stand-alone application
development, the application will be developed by traditional development
platforms result in licensing - based software, whereas PaaS changes the
application development from local machine to online. For example- Google
AppEngine, Windows Azure Compute etc.
Typical PaaS providers may provide programming languages, application
frameworks, databases, and testing tools apart from some build tools, deployment
tools and software load balancers as a service in some cases.
(C) Software as a Service (SaaS): SaaS provides ability to the end users to access an
application over the Internet that is hosted and managed by the service provider.
Thus, the end users are exempted from managing or controlling an application
the development platform, and the underlying infrastructure. SaaS changes the
way the software is delivered to the customers. SaaS provides users to access
large variety of applications over internets that are hosted on service provider’s
infrastructure. For example, one can make his/her own word document in Google
docs online, s/he can edit a photo online on pixlr.com so s/he need not install the
photo editing software on his/her system - thus Google is provisioning software
as a service. Different instances of SaaS are discussed in the Table 4.8.2.
Table 4.8.2: Instances of SaaS
Instance Description

Testing as a Service • Provides users with software testing capabilities such as generation
(TaaS) of test data, generation of test cases, execution of test cases and
test result evaluation on a pay-per-use basis.

API as a Service • Allows users to explore functionality of Web services such as

(APIaaS) Google Maps, Payroll processing, and credit card processing
services etc.

Email as a Service • Provides users with an integrated system of emailing, office

(EaaS) automation, records management, migration, and integration
services with archiving, spam blocking, malware protection, and
compliance features.

© The Institute of Chartered Accountants of India

 4.56 ENTERPRISE INFORMATION SYSTEMS

(D) Other Cloud Service Models (Table 4.8.3)

Table 4.8.3: Other Cloud Service Models
Instance Description
Communication • It is an outsourced enterprise communication solution that can be
as a Service leased from a single vender. The CaaS vendor is responsible for all
(CaaS) hardware and software management and offers guaranteed Quality of
Service (QoS). It allows businesses to selectively deploy communication
devices and modes on a pay-as-you-go, as-needed basis.
• This approach eliminates the large capital investments. Examples
are: Voice over IP (VolP), Instant Messaging (IM), Collaboration and
Videoconferencing application using fixed and mobile devices.
Data as a • Provides data on demand to a diverse set of users, systems or
Service (DaaS) application. The data may include text, images, sounds, and videos.
• Data encryption and operating system authentication are commonly
provided for security. DaaS users have access to high-quality data in a
centralized place and pay by volume or data type, as needed.
• However, as the data is owned by the providers, users can only perform
read operations on the data. DaaS is highly used in geography data
services and financial data services.
Security as • It is an ability given to the end user to access the security service
a Service provided by the service provider on a pay-per-use basis.
(SECaaS)
• It is a new approach to security in which cloud security is moved into
the cloud itself whereby cloud service users will be protected from
within the cloud using a unified approach to threats.
Identity as a • It is an ability given to the end users; typically an organization or
Service (IDaaS) enterprise; to access the authentication infrastructure that is built,
hosted, managed and provided by the third party service provider.
• Generally, IDaaS includes directory services, authentication services,
risk and event monitoring, single sign-on services, and identity and
profile management.
4.8.4 Mobile Computing
Mobile Computing refers to the technology that allows transmission of data via
a computer without having to be connected to a fixed physical link. Mobile voice
communication is widely established throughout the world and has had a very rapid
increase in the number of subscribers to the various cellular networks over the last few
years. An extension of this technology is the ability to send and receive data across
these cellular networks. This is the fundamental principle of mobile computing. Mobile
data communication has become a very important and rapidly evolving technology
as it allows users to transmit data from remote locations to other remote or fixed
locations. This proves to be the solution of the biggest problem of business people on
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.57

the move i.e. mobility. A primitive scenario of mobile computing in practice is given in
the Fig. 4.8.7.
Radio Link

Switching Centre Telephone Link

(Conversion)

Mobile Communications
Path
Mobile Participant

Fixed Participant

Fig. 4.8.7: Mobile Computing

I. Components of Mobile Computing
The key components of Mobile Computing are as follows:
w Mobile Communication: This refers to the infrastructure put in place to
ensure that seamless and reliable communication goes on. This would include
communication properties, protocols, data formats and concrete technologies.
w Mobile Hardware: Mobile Hardware includes mobile devices or device
components that receive or access the service of mobility. They would range
from Portable laptops, Smart Phones, Tablet PCs, and Personal Digital Assistants
(PDA) that use an existing and established network to operate on. At the back
end, there are various servers like Application Servers, Database Servers and
Servers with wireless support, WAP gateway, a Communications Server and/or
MCSS (Mobile Communications Server Switch) or a wireless gateway embedded
in wireless carrier’s network. The characteristics of mobile computing hardware
are defined by the size and form factor, weight, microprocessor, primary storage,
secondary storage, screen size and type, means of input, means of output, battery
life, communications capabilities, expandability and durability of the device.
w Mobile Software: Mobile Software is the actual programme that runs on the
mobile hardware and deals with the characteristics and requirements of mobile
applications. It is the operating system of that appliance and is the essential
component that makes the mobile device operates. Mobile applications popularly
called Apps are being developed by organizations for use by customers but
these apps could represent risks, in terms of flow of data as well as personal
identification risks, introduction of malware and access to personal information
of mobile
© The Instituteowner.
of Chartered Accountants of India
 4.58 ENTERPRISE INFORMATION SYSTEMS

II. Working of Mobile Computing

w The user enters or access data using the application on hand-held computing
device.
w Using one of several connecting technologies, the new data are transmitted from
hand-held to site’s information system where files are updated and the new data
are accessible to other system user.
w Now both systems (hand-held and site’s computer) have the same information
and are in sync.
w The process work the same way starting from the other direction.
The process is similar to the way a worker’s desktop PC access the organization’s
applications, except that user’s device is not physically connected to the organization’s
system. The communication between the user device and site’s information systems
uses different methods for transferring and synchronizing data, some involving the use
of Radio Frequency (RF) technology.
III. Benefits of Mobile Computing
In general, Mobile Computing is a versatile and strategic technology that increases
information quality and accessibility, enhances operational efficiency, and improves
management effectiveness. But, more specifically, it leads to a range of tangible
benefits, including the following:
w It provides mobile workforce with remote access to work order details, such as
work order location, contact information, required completion date, asset history
relevant warranties/service contracts.
w It enables mobile sales personnel to update work order status in real-time,
facilitating excellent communication.
w It facilitates access to corporate services and information at any time, from
anywhere.
w It provides remote access to the corporate Knowledge base at the job location.
w It enables to improve management effectiveness by enhancing information
quality, information flow, and ability to control a mobile workforce.
IV. Limitations of Mobile Computing
w Insufficient Bandwidth: Mobile Internet access is generally slower than direct
cable connections using technologies such as General Packet Radio Service
(GPRS) and Enhanced Data for GSM (Global System for Mobile Communication)
Evolution (EDGE), and more recently 3G networks. These networks are usually
available within range of commercial cell phone towers. Higher speed wireless
LANs are inexpensive but have very limited range.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.59

w Security Standards: When working mobile, one is dependent on public networks,

requiring careful use of Virtual Private Network (VPN). Security is a major concern
while concerning the mobile computing standards on the fleet. One can easily
attack the VPN through a huge number of networks interconnected through the
line.
w Power consumption: When a power outlet or portable generator is not
available, mobile computers must rely entirely on battery power. Combined with
the compact size of many mobile devices, this often means unusually expensive
batteries must be used to obtain the necessary battery life. Mobile computing
should also look into Greener IT in such a way that it saves the power or increases
the battery life.
w Transmission interferences: Weather, terrain, and the range from the nearest
signal point can all interfere with signal reception. Reception in tunnels, some
buildings, and rural areas is often poor.
w Potential health hazards: People who use mobile devices while driving are
often distracted from driving are thus assumed more likely to be involved in
traffic accidents. Cell phones may interfere with sensitive medical devices. There
are allegations that cell phone signals may cause health problems.
w Human interface with device: Screens and keyboards tend to be small,
which may make them hard to use. Alternate input methods such as speech or
handwriting recognition require training.
4.8.5 Green Computing
Green Computing or Green IT refers to the study and practice of environmentally
sustainable computing or IT. In other words, it is the study and practice of establishing/
using computers and IT resources in a more efficient and environmentally friendly
and responsible way. Computers consume a lot of natural resources, from the
raw materials needed to manufacture them, the power used to run them, and the
problems of disposing them at the end of their life cycle. This can include “designing,
manufacturing, using, and disposing of computers, servers, and associated subsystems
- such as monitors, printers, storage devices, and networking and communications
systems - efficiently and effectively with minimal or no impact on the environment”.
The objective of Green computing is to reduce the use of hazardous materials,
maximize energy efficiency during the product’s lifetime, and promote the recyclability
or biodegradability of defunct products and factory waste. Such practices include
the implementation of energy-efficient Central Processing Units (CPUs), servers and
peripherals as well as reduced resource consumption and proper disposal of electronic
waste (e-waste).

© The Institute of Chartered Accountants of India

 4.60 ENTERPRISE INFORMATION SYSTEMS

I. Green Computing Best Practices

Government regulation, however well-intentioned, is only part of an overall green
computing philosophy. The work habits of computer users and businesses can be
modified to minimize adverse impact on the global environment. Some of such steps
for Green IT include the following:
1. Develop a sustainable Green Computing plan
w Involve stakeholders to include checklists, recycling policies, recommendations
for disposal of used equipment, government guidelines and recommendations
for purchasing green computer equipment in organizational policies and plans;
w Encourage the IT community for using the best practices and encourage them to
consider green computing practices and guidelines.
w On-going communication about and campus commitment to green IT best
practices to produce notable results.
w Include power usage, reduction of paper consumption, as well as
recommendations for new equipment and recycling old machines in
organizational policies and plans; and
w Use cloud computing so that multiple organizations share the same computing
resources thus increasing the utilization by making more efficient use of hardware
resources.
2. Recycle
w Dispose e-waste according to central, state and local regulations;
w Discard used or unwanted electronic equipment in a convenient and
environmentally responsible manner as computers emit harmful emissions;
w Manufacturers must offer safe end-of-life management and recycling options
when products become unusable; and
w Recycle computers through manufacturer’s recycling services.
3. Make environmentally sound purchase decisions
w Purchase of desktop computers, notebooks and monitors based on environmental
attributes;
w Provide a clear, consistent set of performance criteria for the design of products;
w Recognize manufacturer efforts to reduce the environmental impact of products
by reducing or eliminating environmentally sensitive materials, designing for
longevity and reducing packaging materials; and
w Use Server and storage virtualization that can help to improve resource
utilization, reduce energy costs and simplify maintenance.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.61

4. Reduce Paper Consumption

w Reduce paper consumption by use of e-mail and electronic archiving;
w Use of “track changes” feature in electronic documents, rather than red line
corrections on paper;
w Use online marketing rather than paper based marketing; e-mail marketing
solutions that are greener, more affordable, flexible and interactive than direct
mail; free and low-cost online invoicing solutions that help cut down on paper
waste; and
w While printing documents; make sure to use both sides of the paper, recycle
regularly, use smaller fonts and margins, and selectively print required pages.
5. Conserve Energy
w Use Liquid Crystal Display (LCD) monitors rather than Cathode Ray Tube (CRT)
monitors;
w Develop a thin-client strategy wherein thin clients are smaller, cheaper, simpler for
manufacturers to build than traditional PCs or notebooks and most importantly
use about half the power of a traditional desktop PC;
w Use notebook computers rather than desktop computers whenever possible;
w Use the power-management features to turn off hard drives and displays after
several minutes of inactivity;
w Power-down the CPU and all peripherals during extended periods of inactivity;
w Try to do computer-related tasks during contiguous, intensive blocks of time,
leaving hardware off at other times;
w Power-up and power-down energy-intensive peripherals such as laser printers
according to need;
w Employ alternative energy sources for computing workstations, servers, networks
and data centers; and
w Adapt more of Web conferencing offers instead of travelling to meetings in order
to go green and save energy.
II. Green IT Security Services and Challenges
IT solution providers are offering green security services in many ways. What to look in
green security products, the challenges in the security services market and how security
services fare in a recession. If administered properly with other green computing
technologies, green security can be a cost-efficient and lucrative green IT service for
solution providers. The basic aim is to increase the customer’s energy savings through
green security services and assess that ‘how sustainable computing technology can
© The Institute of Chartered Accountants of India
 4.62 ENTERPRISE INFORMATION SYSTEMS

immediately help the environment’. Green IT services present many benefits for
clients as well as providers, but knowing ‘how to evaluate a client’s infrastructure to
accommodate green technology is really a vital issue’.
Moreover, apart from the common security issues, the green security emphasizes the
role of security tools, methods and practices that reduce a company’s environmental
impact. But to estimate the scope, to cope with the lack of green security services in the
market and get advice on conserving power and purchasing switches is very important
and needs a high level of sensitivity. Learning about the challenges of implementing
green security and the best practices is a major hope, as the artifacts are still evolving.
4.8.6 Bring Your Own Device (BYOD)
BYOD (Bring Your Own Device) refers to business policy that allows employees to
use their preferred computing devices, like smart phones and laptops for business
purposes. It means employees are welcome to use personal devices (laptops, smart
phones, tablets etc.) to connect to the corporate network to access information and
application. The BYOD policy has rendered the workspaces flexible, empowering
employees to be mobile and giving them the right to work beyond their required hours.
The continuous influx of readily improving technological devices has led to the mass
adoption of smart phones, tablets and laptops, challenging the long-standing policy
of working on company-owned devices. Though it has led to an increase in employees’
satisfaction but also reduced IT desktop costs for organizations as employees are
willing to buy, maintain and update devices in return for a one-time investment cost to
be paid by the organization.
In the early 1990s, executing different tasks necessitated the use of different devices.
For instance, an mp3 player was needed to listen to music; whereas chores, tasks and
schedules were tracked by a PDA. An addition to this, list was a bulky laptop and a
camera and it seemed waiting till eternity that we would ever have a single device
to suit our different needs. However, remarkable advances in technology in the last
decade have made it possible to perform all the above mentioned tasks using a single
hi-tech device. Different technologies can work in synergy with each other, which
improves user productivity and convenience.
I. Advantages of BYOD
w Happy Employees: Employees love to use their own devices when at work. This
also reduces the number of devices an employee has to carry; otherwise he
would be carrying his personal as well as organization provided devices.
w Lower IT budgets: Could involve financial savings to the organization since
employees would be using the devices they already possess thus reducing the
outlay of the organization in providing devices to employees.
w IT reduces support requirement: IT department does not have to provide end
©user supportofand
The Institute maintenance
Chartered for allofthese
Accountants India devices resulting in cost savings.
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.63

w Early adoption of new Technologies: Employees are generally proactive in

adoption of new technologies that result in enhanced productivity of employees
leading to overall growth of business.
w Increased employee efficiency: The efficiency of employees is more when the
employee works on his/her own device. In an organization provided devices,
employees have to learn and there is a learning curve involved in it.
II. Emerging BYOD Threats
Every business decision is accompanied with a set of threats and so is BYOD program
too; it is not immune from them. As outlined in the Gartner survey, a BYOD program
that allows access to corporate network, emails, client data etc. is one of the top
security concerns for enterprises. Overall, these risks can be classified into four areas
as outlined below:
w Network Risks: It is normally exemplified and hidden in ‘Lack of Device Visibility’.
When company-owned devices are used by all employees within an organization,
the organization’s IT practice has complete visibility of the devices connected to
the network. This helps to analyze traffic and data exchanged over the Internet.
As BYOD permits employees to carry their own devices (smart phones, laptops
for business use), the IT practice team is unaware about the number of devices
being connected to the network. As network visibility is of high importance, this
lack of visibility can be hazardous. For example, if a virus hits the network and all
the devices connected to the network need be scanned, it is probable that some
of the devices would miss out on this routine scan operation. In addition to this,
the network security lines become blurred when BYOD is implemented.
w Device Risks: It is normally exemplified and hidden in ‘Loss of Devices’. A lost or
stolen device can result in an enormous financial and reputational embarrassment
to an organization as the device may hold sensitive corporate information.
Data lost from stolen or lost devices ranks as the top security threats as per the
rankings released by Cloud Security Alliance. With easy access to company emails
as well as corporate intranet, company trade secrets can be easily retrieved from
a misplaced device.
w Application Risks: It is normally exemplified and hidden in ‘Application Viruses
and Malware’. A related report revealed that a majority of employees’ phones and
smart devices that were connected to the corporate network weren’t protected
by security software. With an increase in mobile usage, mobile vulnerabilities
have increased concurrently. Organizations are not clear in deciding that ‘who is
responsible for device security – the organization or the user’.
w Implementation Risks: It is normally exemplified and hidden in ‘Weak BYOD
Policy’. The effective implementation of the BYOD program should not only
cover
© The the technical
Institute issues
of Chartered mentioned
Accountants above but also mandate the development
of India
 4.64 ENTERPRISE INFORMATION SYSTEMS

of a robust implementation policy. Because corporate knowledge and data are

key assets of an organization, the absence of a strong BYOD policy would fail
to communicate employee expectations, thereby increasing the chances of
device misuse. In addition to this, a weak policy fails to educate the user, thereby
increasing vulnerability to the above mentioned threats.
4.8.7 Web 3.0
The term Web 3.0, also known as the Semantic Web, describes sites wherein the
computers will be generated raw data on their own without direct user interaction.
Web 3.0 is considered as the next logical step in the evolution of the Internet and Web
technologies. Initially, the Internet is confined within the physical walls of the computer,
but as more and more devices such as smartphones, cars and other household
appliances become connected to the web, the Internet will be omnipresent and could
be utilized in the most efficient manner.
I. Underlying Concept
Web 3.0 standard uses semantic web technology, drag and drop mash-ups, widgets,
user behavior, user engagement, and consolidation of dynamic web contents
depending on the interest of the individual users. Web 3.0 technology uses the “Data
Web” Technology, which features the data records that are publishable and reusable
on the web through query-able formats. The Web 3.0 standard also incorporates the
latest researches in the field of artificial intelligence.
An example of typical Web 3.0 application is the one that uses content management
systems along with artificial intelligence. These systems can answer the questions
posed by the users, because the application can think on its own and find the most
probable answer, depending on the context, to the query submitted by the user. In this
way, Web 3.0 can also be described as a “machine to user” standard in the internet.
II. Components of Web 3.0
w Semantic Web: This provides the web user a common framework that could be used
to share and reuse the data across various applications, enterprises, and community
boundaries. This allows the data and information to be readily intercepted by
machines, so that the machines are able to take contextual decisions on their own
by finding, combining and acting upon relevant information on the web.
w Web Services: It is a software system that supports computer-to-computer
interaction over the Internet. For example - the popular photo-sharing website
Flickr provides a web service that could be utilized and the developers to
programmatically interface with Flickr in order to search for images.
To conclude, Web 3.0 helps to achieve a more connected open and intelligent web
applications using the concepts of natural language processing machine learning,
machine
© Thereasoning
Institute ofand autonomous
Chartered agents.
Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.65

As technology evolves new application are coming into use. These applications are
further changing the way individuals / businesses / government interact with each
other and do business.
4.8.8 Internet of Things (IoT)
I. Definition: The Internet of Things (IoT) is a system of interrelated computing
devices, mechanical and digital machines, objects, animals or people that are
provided with unique identifiers and the ability to transfer data over a network
without requiring human-to-human or human-to-computer interaction. For
example:
(i) Washing machines with Wi-Fi networking capabilities can connect themselves
to home Wi-Fi. Once these machines are so connected, they can be controlled
through machine manufacturer mobile APP from anywhere in the world.
(ii) India’s living legend of cricket appearing in an Advertisement for water purifier
informs that, the water purifier is Wi-Fi enabled. When the purifying agents
deplete in the machine, it connects to home Wi-Fi and informs the service agents
of the company.
All above examples are from products being sold in India.
II. Future: Gartner, the technology researcher has projected that by 2020 the
IOT business across the world would increase to USD 1.9 Trillion. In rupee
terms at current exchange rate (INR::UDS=67.50::1) it comes to a staggering
` 1,34,0,00,00,00,00,000.00 or keeping it simple virtually equal to India’s GDP
today.
III. Applications: Some of the applications are as follows:
1. All home appliances to be connected and that shall create a virtual home.
a. Home owners can keep track of all activities in house through their hand
held devices.
b. Home security CCTV is also monitored through hand held devices.
2. Office machines shall be connected through net.
a. Human resource managers shall be able to see how many people have had
a cup of coffee from vending machine and how many are present.
b. How many printouts are being generated through office printer?
3. Governments can keep track of resource utilisations / extra support needed.
a. Under SWACHH mission government can tag all dustbins with IOT sensors.
They (dustbins) generate a message once they are full. Being connected to
wifi, they can intimate the cleaning supervisor of Municipal Corporation so
that BIN can be emptied.
© The Institute of Chartered Accountants of India
 4.66 ENTERPRISE INFORMATION SYSTEMS

4. As a research study, individuals have got themselves implanted with electronic

chips in their bodies. This chip allows him / her to connect to home / office
wifi. Once connected person can enter home / office and perform designated
function. This chip becomes individual’s authentication token.
The whole world becomes a connected world. Above may appear / read like science
fiction but same is reality.
IV. Risks: Internet of thing is an evolving phenomenon. The nature of risk is carries
is based on academic logics and available practical experiences. The risk listed
are those which are most discussed for IOT today. As technology evolves issues
shall crop up. The risk due to IOT has various facets to it:
(A) Risk to Product manufacturer
w Manufacturers may be out of business in few years if IOT becomes a
necessary product feature.
w Data storage and analytics: The manufacturers will to ensure the huge data
generated from IOT devices is kept secured. Hacking / Loosing this data
may be distractors for entity as well as the individual to whom it relates to.
(B) Risk to user of these products
w Security: This is the greatest risk due to IOT. As home devices / office
equipment’s are connected to network they shall be hit by all network
related risks, including hacking, virus attacks, stealing confidential data etc.
w Privacy, autonomy and control: There is a huge risk that individuals may
lose control over their personal life. Their personal life can be hacked and
made public. The other major concern is who has the ownership of this
personal data. For example: A person daily eats a burger at 12.00 in night
and takes bottle of chilled hard drink with it. S/he uses his / her mobile to
operate the griller and refrigerator. The griller and refrigerator are both
sold by say XYZ ltd. This data is available on XYZ database.
o Who owns this information?
o The data can be used by insurance companies to deny an insurance
claim saying the person was a habitual drinker or raise his / her
medical insurance premium as the person is having a risky life style.
Above illustrates the big risk IOT may create for individuals.
w Intentional obsolescence of devices: This may happen due to -
o Companies which want to bring a new product may force users to
dump the old products. This they can do by disabling the operating
software of old product.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.67

o A manufacturer is bought out by another manufacturer. The buyer

does not support old products sold.
(C) Technology Risk
Platform fragmentation and lack of technical standards are situations where the variety
of IoT devices, in terms of both hardware variations and differences in the software
running on them, makes the task of developing applications tough.
(D) Environmental Risk due to Technology
These studies are being done to see the impact on house air quality, due to use of
heavy earth metals in devices. There no definitive data available as of now, but the risk
is being considered.
4.8.9 Artificial Intelligence (AI)
I. Definition: Intelligence, as defined in Chambers dictionary; “The ability to use
memory, knowledge, experience, understanding, reasoning, imagination and
judgement to solve problems and adapt to new situations”. The ability described
above when exhibited by machines is called as Artificial intelligence (AI). It is
intelligence exhibited by machines. For example:
i. This technology is being used in autonomous vehicles, the google car.
ii. Apple online assistant Siri is supposed to use it.
II. Applications
Artificial Intelligence is being used in the following applications:
w Autonomous vehicles (such as drones and self-driving cars);
w Medical diagnosis, in cancer research. Predicting the chances of an
individual getting ill by a disease;
w Creating art (such as poetry);
w Proving mathematical theorems;
w Playing games (such as Chess or Go), and predicting the outcomes. Say
which number on a lottery ticket may win;
w Search engines (such as Google search);
w Online assistants (such as Siri);
III. Risks
1. AI relies heavily of data it gets. Incorrect data can lead to incorrect conclusions.
2. AI (robots) carries a security threats. Countries are discussing to have a KILL
button in all AI capable machines. This is important otherwise someday machine
may start controlling humans.
© The Institute of Chartered Accountants of India
 4.68 ENTERPRISE INFORMATION SYSTEMS

3. AI in long term may kill human skills of thinking the unthinkable. All data shall be
processed in a structured manner, where machines shall provide solution based
on their learning over a period of time. These machines shall not have capability
of thinking out of box.
IV. Controls
The set of controls in AI will be extremely complex because of the nature of processing
of information and must be dealt with based on the nature of the AI tool and the
purpose, etc.
4.8.10 Machine Learning
I. Definition: Machine Learning is a type of Artificial Intelligence (AI) that provides
computers with the ability to learn without being explicitly programmed. Machine
learning focuses on the development of computer programs that can change
when exposed to new data. The process of machine learning is similar to that of
data mining. For example:
w Machine learning has been used for image, video, and text recognition, as well as
serving as the power behind recommendation engines. Apple SIRI is a good example.
w This technology is being is being used in autonomous vehicles, the google car.
II. Applications: Virtually all applications were in AI using Machine learning so that
some value is added. It includes specifically following application:
1. Autonomous vehicles (such as drones and self-driving cars),
2. Medical diagnosis, in cancer research. Predicting the chances of an individual
getting ill by a disease.
3. Playing games (such as Chess or Go), and predicting the outcomes. Say which
number on a lottery ticket may win.
4. Search engines (such as Google search),
5. Online assistants (such as Siri),
III. Risk: Machine learning being an application based on AI, the nature of risk to it
remain similar to those posed by AI systems.

4.9 CASE STUDIES

I. Category: Flipkart started as e-commerce and has now moved to
m-commerce space.
Back in 2007, when Flipkart was launched, Indian e-commerce industry was taking its
beginner steps. The company is registered in Singapore, but their headquarters are in
the city of Bangalore, India. The promoters are Binny Bansal and Sachin Bansal. They
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.69

left their jobs in Amazon to start their own business. One can easily
call that a risky move.
Flipkart began selling books to begin with. It soon expanded and
began offering a wide variety of goods. Innovating right from
the start, Flipkart has been home to few of the striking features
of Indian e-commerce. Flipkart success in the first few years of its existence. Flipkart
raised funds through venture capital funding. As the company grew in stature, more
funding arrived.
Flipkart addressed to major issues in online purchasing in India. Indians love to pay
after checking the products so Flipkart was the first to implement the popular ‘Cash
On Delivery’ facility, which every online shopping website in India offers as an option
today. Second major issue Flipkart addressed was timely delivery. It was more of a
cultural revolution to ensure the whole supply chain was revamped and sensitized to
issue of timely delivery.
II. Category: JUGNOO started as a m-commerce company.
Jugnoo is an auto-rickshaw aggregator, focused on doubling
the driver’s efficiency and earnings, and providing affordable
transportation to the masses on a tap. There are around 5 million
auto-rickshaws in our country, whereas the utilization is only 30%.
It started operation in October 2014 from Chandigarh.
Despite being one of the most popular and economical modes of public transportation
in India, auto-rickshaws have remained highly underutilized due to inefficiencies
prevalent in the conventional hailing procedure such as availability and fares. Jugnoo
was started with a vision to overcome these roadblocks by bringing structure into
this space, aggregating auto-rickshaws via technology, thereby, enabling optimum
utilization of resources.
III. Category: OYO started as a m-commerce company.
OYO MEANS “ON YOUR OWN”. OYO Rooms was nothing but an idea to create
India’s largest chain of efficient, young, standardized rooms with an intention to build
the coolest chain of no add-on rooms which might not have Spa, Gym etc. like the star
hotels but will live upto the basic standards & high expectations for prices like never
before. They have few basic amenities including, clean rooms, clean linen, AC, clean
bathroom, free wifi, free breakfast.
The teenage boy – Ritesh Agarwal is the young Founder & CEO of OYO Rooms – fastest
growing Branded network of hotels offline & online. OYO rooms does nothing out of
the box but provides travellers the coolest yet cheapest efficient, young, standardized
rooms with no add-ons attached to it!
© The Institute of Chartered Accountants of India
 4.70 ENTERPRISE INFORMATION SYSTEMS

4.10 SUMMARY
Today electronic commerce is ruling the world. Every day there is a start-up in the
e-commerce / m-commerce space. This is forcing traditional businesses to adopt to
this new way of doing business. E-commerce / M-commerce both have related sets
of risks and necessary controls to be put in place. They are generating huge benefits
to society in terms of saving costs and time. E-commerce and M-commerce being
the new way doing business has its run ins with law also, The legality / implications
of such transactions are being tested in courts across the world including India. Laws
are being updated / amended to keep pace with these new business trends. Emerging
technology like Internet of Things, AI, Machine learning is changing the way humans
interact with technology. These technologies are automating human tasks and creating
options to carry those tasks which could not have done previously.

4.11 TEST YOUR KNOWLEDGE

4.11.1 Theory Questions
Q 1. Define the following:
(i) E- Commerce (Refer Section 4.1)
(ii) M-Commerce (Refer Section 4.3.4)
(iii) Machine learning (Refer Section 4.8.10)
(iv) Bring Your Own Device (BYOD) (Refer Section 4.8.6)
(v) Grid Computing Security (Refer Section 4.8.2)
Q 2 . Discuss in detail various components of E-Commerce.
(Refer Section 4.2)
Q 3. Discuss the architecture of Networked Systems.
(Refer Section 4.3)
Q 4. Differentiate Traditional Commerce and E- Commerce.
(Refer Section 4.1.2)
Q 5. What are the risks associated with E-Commerce Transactions that are high as
compared to general Internet activities?
(Refer Section 4.5)
Q 6. Explain efficiency improvement due to E- Business.
(Refer Section 4.1.4)

© The Institute of Chartered Accountants of India

 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.71

Q 7. Define the Guidelines for E - Commerce.

(Refer Section 4.6.1)
Q 8. Explain the types of Network Architecture.
(Refer Section 4.3)
Q 9. What are the ways of protecting your e-Commerce business from intrusion?
(Refer Section 4.5)
Q 10. Explain Digital Payments? Define different Types of Digital Payments?
(Refer Section 4.7)
Q 11. What are some drawbacks of Digital Payments?
(Refer Section 4.7.3)
Q 12. What do you mean by “Cloud Computing”? Discuss its characteristics.
(Refer Section 4.8.3)
Q 13. Differentiate between different types of clouds in Cloud Computing.
(Refer Section 4.8.3)
Q 14. Discuss various components of Mobile Computing.
(Refer Section 4.8.3)
Q 15. Discuss some best practices of Green Computing.
(Refer Section 4.8.3)
4.11.2 Multiple Choice Questions
1. Which one of the following is not an Operating system?
(a) Android
(b) Blackberry OS
(c) FireFox OS
(d) Chrome OS
2. In two-tier architecture, ______________ is an interface that allows user to interact
with the e-commerce / m-commerce vendor.
(a) Presentation Tier
(b) Database Tier
(c) Physical Tier
(d) Application Tier
© The Institute of Chartered Accountants of India
 4.72 ENTERPRISE INFORMATION SYSTEMS

3. FEMA stands for _____________.

(a) Foreign Exchange Management Activity
(b) Foreign Exchange Management Act
(c) Foreign Exchange Managerial Act
(d) Foreign Enterprise Management Act
4. UPI stands for ___________.
(a) Universal Payment Interface
(b) Unified Proximity Interface
(c) Unified Payment Interface
(d) Unified Payment Interaction
5. BHIM (Bharat Interface for Money) is an example of ___________.
(a) Mobile App
(b) Mobile Hardware
(c) Mobile Operating System
(d) Mobile Wallet
6. Which of the following is not a best practice under Green Computing?
(a) Dispose e-waste according to central, state and local regulations
(b) Purchase of desktop computers, notebooks and monitors based on
environmental attributes
(c) Power-down the CPU and all peripherals during extended periods of
inactivity
(d) Use Cathode Ray Tube (CRT) monitors than Liquid Crystal Display (LCD)
monitors
7. GSM stands for _____________.
(a) Global Service for Mobile Communication
(b) Global System for Mobile Communication
(c) Global Semantics for Mobile Communication
(d) Global System for Mobile Code
8. Which of the following is the correct sequence of Mobile Computing?
(i) The user enters or access data using the application on handheld computing
device.
© The Institute of Chartered Accountants of India
 E-COMMERCE, M-COMMERCE AND EMERGING TECHNOLOGIES 4.73

(ii) Now both systems (handheld and site’s computer) have the same
information and are in sync.
(iii) The process work the same way starting from the other direction.
(iv) Using one of several connecting technologies, the new data are transmitted
from handheld to site’s information system where files are updated and
the new data are accessible to other system user.
(a) (i), (ii), (iii), (iv)
(b) (iv), (iii), (ii), (i)
(c) (i), (ii), (iv), (iii)
(d) (i), (iv), (ii), (iii)
9. AEPS stands for _________________________.
(a) Aadhaar Enabled Payment Station
(b) Aadhaar Employed Payment Service
(c) Aadhaar Enabled Payment Service
(d) Aadhaar Enterprise Payment Service
10. Which instance of SaaS allows users to explore functionality of Web services
such as Google Maps, Payroll processing, and credit card processing services
etc.?
(a) Testing as a Service (TaaS)
(b) Communication as a Service (CaaS)
(c) Data as a Service (DaaS)
(d) API as a Service (APIaaS)
Answers
1 (d) 2 (a)
3 (b) 4 (c)
5 (a) 6 (d)
7 (b) 8 (d)
9 (c) 10 (d)

© The Institute of Chartered Accountants of India