Chapter 12  Rapid creation of business partnerships to fill emerging

Electronic Commerce Systems market niches

 Reductions in retail prices through lower marketing costs
What is E-Commerce?  Reductions in procurement costs
The electronic processing and transmission of business data.  Better customer service
 electronic buying and selling of goods and services
 on-line delivery of digital products
 electronic funds transfer (EFT) The Internet Business Model
 electronic trading of stocks 1. Information level
 direct consumer marketing a. using the Internet to display and make accessible
 electronic data interchange (EDI) information about the company, its products, services,
 the Internet revolution and business policies
2. Transaction level
Internet Technologies b. using the Internet to accept orders from customers
 Packet switching and/or to place them with their suppliers
o messages are divided into small packets 3. Distribution level
o each packet of the message takes a different routes c. using the Internet to sell and deliver digital products to
 Virtual private network (VPN) customers
o a private network within a public network
 Extranets Areas of General Concern
o a password controlled network for private users  Data Security: are stored and transmitted data adequately
 World Wide Web protected?
o an Internet facility that links users locally and  Business Policies: are policies publicly stated and
globally consistently followed?
 Internet addresses  Privacy: how confidential are customer and trading partner
o e-mail address data?
o URL address  Business Process Integrity: how accurately, completely, and
o IP address consistently does the company process its transactions?

Protocol Functions Intranet Risks

 Facilitate The Physical Connection Between The Network  Interception of network messages
Devices. o sniffing: interception of user IDs, passwords,
 Synchronize The Transfer Of Data Between Physical Devices. confidential e-mails, and financial data files
 Provide A Basis For Error Checking And Measuring Network  Accessing corporate databases
Performance. o connections to central databases increase the risk
 Promote Compatibility Among Network Devices. that data will be accessible by employees
 Promote Network Designs That Are Flexible, Expandable,  Unauthorized or illegal employee activity
And Cost-Effective.  Prosection
o fear of negative publicity leads to such reluctance
Internet Protocols but encourages criminal behavior
 Transfer Control Protocol/Internet Protocol (TCP/IP) -
controls how individual packets of data are formatted, Internet Risks to Businesses
transmitted, and received  IP spoofing: masquerading to gain access to a Web server
 Hypertext Transfer Protocol (HTTP) - controls web browsers and/or to perpetrate an unlawful act without revealing one’s
 File Transfer Protocol (FTP) - used to transfer files across the identity
internet  Denial of service (DOS) attacks: assaulting a Web server to
 Simple Network Mail Protocol (SNMP) - e-mail prevent it from servicing users
 Secure Sockets Layer (SSL) and Secure Electronic o particularly devastating to business entities that
Transmission (SET) - encryption schemes cannot receive and process business transactions
o Three Common Types of DOS Attacks
Open System Interface (OSI) The International Standards  SYN Flood – when the three-way
Organization developed a layered set of protocols called OSI. The handshake needed to establish an Internet
purpose of OSI is to provide standards by which the products of connection occurs, the final
different manufacturers can interface with one another in a seamless acknowledgement is not sent by the DOS
interconnection at the user level. attacker, thereby tying-up the receiving
server while it waits.
Benefits of E-Commerce  Smurf – the DOS attacker uses numerous
 Access to a worldwide customer and/or supplier base intermediary computer to flood the target
 Reductions in inventory investment and carrying costs computer with test messages, “pings”.
  Distributed DOS (DDOS) – can take the
 form of Smurf or SYN attacks, but
distinguished by the vast number of
“zombie” computers hi-jacked to launch
the attacks.
 Other malicious programs: viruses, worms, logic bombs, and
Trojan horses pose a threat to both Internet and Intranet
users

Internet Risks to Customers

Implications for Accounting

1. Continuous auditing
 Auditors Review Transactions At Frequent Intervals
Risk of Electronic Commerce
Or As They Occur
 you have to control and protect resources
 Intelligent Control Agents: Heuristics That Search
 loss or injuring that can reduce or eliminate an
Electronic Transactions For Anomalies
organization's ability to achieve its objectives
2. Electronic audit trails
 Electronic Transactions Generated Without Human
E-Commerce Security: Data Encryption
Intervention
o Encryption. A computer program transforms a clear
 No Paper Audit Trail
message into a coded (ciphertext) form using an
3. Confidentiality of data
algorithm.
 Open System Designs Allow Mission-Critical
E-Commerce Security: Digital Authentication
Information To Be At The Risk To Intruders
o Digital signature. Electronic authentication technique
4. Authentication
that ensures that the transmitted message originated
 In E-Commerce Systems, Determining The Identity
with the authorized sender and that it was not
Of The Customer Is Not A Simple Task
tampered with after the signature was applied
o Digital certificate. Like an electronic identification card 5. Nonrepudiation
that is used in conjunction with a public key encryption  Repudiation Can Lead To Uncollected Revenues Or
system to verify the authenticity of the message Legal Action
sender  Use Digital Signatures And Digital Certificates
E-Commerce Security: Firewalls 6. Data integrity
o Firewalls. Software and hardware that provide security  Determine Whether Data Has Been Intercepted
by channeling all network connections through a And Altered
control gateway 7. Access controls
o Network level firewalls. A low cost/low security access  Prevent Unauthorized Access To Data
control, uses a screening router to its destination, does 8. Changing legal environment
not explicitly authenticate outside users and penetrate  Provide Client With Estimate Of Legal Exposure
the system using an IP spoofing technique
o Application level firewalls. A high level/high cost Local Area Networks (LAN). A
customizable network security, allows routine services federation of computers located close
and e-mail to pass through and performs sophisticated together (on the same floor or in the
functions such as logging or user authentication for same building) linked together to
specific tasks share data and hardware

The physical connection of workstations to the LAN is

achieved through a network interface card (NIC) which fits into
a PC’s expansion slot and contains the circuitry necessary for
inter-node communications.
 A server is used to store the network operating
system, application programs, and data to be
shared.
 Client-Server Topology.
Wide Area Network (WAN). A WAN  This configuration
is a network that is dispersed over a distributes the
wider geographic area than a LAN. It processing between
typically requires the use of: the user’s (client’s)
 gateways to connect computer and the
different types of LANs central file server.
 bridges to connect  Both types of
same-type LANs computers are part
of the network, but
Star Topology. each is assigned
 A network of IPUs with a functions that it
large central computer best performs.
(the host)  This approach reduces data communications traffic,
 The host computer has thus reducing queues and increasing response time.
direct connections to
smaller computers,
typically desktop or Network Control Objectives
laptop PCs.  establish a communications session between the
 This topology is popular sender and the receiver
for mainframe computing.  manage the flow of data across the network
 All communications must go through the host  detect errors in data caused by line failure or signal
computer, except for local computing. degeneration
 detect and resolve data collisions between competing
Hierarchical Topology. A host computer is connected to several nodes
levels of subordinate smaller computers in a master-slave
relationship.

Ring Toplogy. This configuration

eliminates the central site. All
nodes in this configuration are of
equal status (peers). Carrier Sensing. A random access technique that detects
collision when they occur
Responsibility for  This technique is widely used--found on Ethernets.
managing communications is  The node wishing to transmit listens to the line to
distributed among the nodes. determine if in use. If it is, it waits a pre-specified time
Common resources that are shared by all nodes can be to transmit.
centralized and managed by a file server that is also a node.  Collisions occur when nodes listen, hear no
transmissions, and then simultaneously transmit. Data
Bus Topology. The nodes are all connected to a common cable- collides and the nodes are instructed to hang up and
the bus. Communications and file transfers between try again.
workstations are controlled by a server. It is generally less  Disadvantage: The line may not be used optimally
costly to install than a ring topology. when multiple nodes are trying to transmit
simultaneously.
What is Electronic Data Interchange (EDI)?
 The exchange of business transaction information:
o between companies
o in a standard format (ANSI X.12 or EDIFACT)
o via a computerized information system
 In “pure” EDI systems, a human involvement is not
necessary to approve transactions.

Communications Links
 Companies may have internal EDI
translation/communication software and hardware.
OR
 They may subscribe to VANs to perform this function
without having to invest in personnel, software, and
hardware.

Advantages of EDI
 Reduction or elimination of data entry
 Reduction of errors
 Reduction of paper
 Reduction of paper processing and postage
 Reduction of inventories (via JIT systems)