E C OMMERCE AND E LECTRONIC P AYMENTS ON THE I NTERNET

2 eCommerce eCommerce: the use of the Internet and Web to transact business; digitally enabled transactions Began in 1995 and grew exponentially; still growing at an annual rate of 25 percent On the Internet, the barriers of time, distance, and form are broken down, and businesses are able to transact 24 hours a day, 7 days a week, 365 days a year with consumers all over the world

3 E C OMMERCE More than just buying and selling products online Includes the entire online process of developing, marketing, selling, delivering, servicing and paying for products and services eCommerce transactions are carried out on the internetworked global marketplaces (market spaces ) of customers

B ENEFITS OF E C OMMERCE The Internet is ubiquitous, accessible and low cost eCommerce can be accessed through diverse forms of technology, e.g. computers, PDAs, mobile phones, digital TV, kiosks Existing card payment systems can be adapted No geographical constraints Middlemen are eliminated from the supply chain Stock holdings can be minimised or eliminated through JIT manufacturing processes

5 C ATEGORIES OF E C OMMERCE Business-to-Consumer (B2C) – retailing products and services to individual shoppers Examples: Amazon, booksfirst.co.ke, mamamikes.com Business-to-Business (B2B) – sales of goods and services among businesses Examples: Dell Computers Consumer-to-Consumer (C2C) – online auctions where consumers can buy and sell with each other Example: Ebay.com, KenyaMall.com

6 E LECTRONIC P AYMENT P ROCESSES The most common payment medium used in ecommerce transactions is the Credit Card. Web Payment Processes Using electronic cash (eCash) to settle payments Mobile money transfer Payment through mobile money e.g. Mpesa or Zap

E C ASH P AYMENTS Also known as Digital Cash or eMoney. a medium of transaction a technology that uses varied electronic methods to execute financial transactions. is a monetary value stored electronically on a technical device that can be used as a mode of payment during transactions. eCash is an attempt to construct an electronic payment system modelled after the paper cash system. eCash is used over the Internet, , or personal computer to other workstations in the form of secured payments of "cash". It is backed by real currency from real banks.

E C ASH P AYMENTS The designers of electronic cash are trying to replicate the features of paper cash. Paper cash has such features as being: portable (easily carried), recognizable (as legal tender) hence readily acceptable, transferable (without involvement of the financial network), untraceable (no record of where money is spent), anonymous (no record of who spent the money) and has the ability to make "change."

E C ASH P AYMENTS There are two varieties of eMoney: online eMoney With online eMoney, one needs to interact with an intermediary such as a bank or card network to conduct a transaction with a third party. E.g. credit-card transactions offline eMoney One can conduct a transaction without having to directly involve an intermediary. This is true digital cash.

S ECURITY OF E LECTRONIC P AYMENTS The necessary security properties are: Privacy protection against eavesdropping. This is obviously of importance for transactions involving, e.g., credit card numbers sent on the Internet. Authentication protection against impersonation. Any scheme for electronic commerce must require that a user knows with whom he/she is dealing (if only as an alias or credit card number). Nonrepudiation or protection against later denial of a transaction. This necessitates such things as digital receipts and payments.

I NTERNET S ECURITY Data transmission over the Internet Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. Individual packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. The Secure Socket Layer

For eCommerce transactions, these data packets need to be secured further. Digital signatures meet the need for authentication and integrity. A plain text message is run through a hash function and given a value referred to as the message digest. This digest, the hash function and the plain text is sent to the recipient. The recipient runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). To provide non-repudiation, the message is time-stamped.

The Public Key Infrastructure (PKI) is used to secure messages by encryption. It is a mathematical code in which each letter is changed to a different letter, number or symbol, creating a page of nonsense and preventing the message from being read even if it is intercepted. The message sent from the client’s computer (i.e. the digest, the hash function and the plain text) is encrypted with the recipient's public key.

The recipient uses a private key to decrypt the message sent from the client. Any changes in the message indicate a breach in security. The public key is widely distributed, but only the recipient has the private key. The sender and recipient use keys that are generated for the particular message by a third body: a key distribution centre.

A Certification Authority (CA) is a third party agency issues digital certificates to uniquely identify merchants. Examples of CAs: Verisign, Thawte Credit card networks use PKI for privacy, and digital certificates to authenticate the three parties involved in the transaction: merchant, customer and bank.

A typical eCommerce transaction proceeds as follows: the client sends a message to the server the server replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.