web technology and commerce unit-4 by arun pratap singh

8/12/2019 Web Technology and Commerce Unit-4 by Arun Pratap Singh

1/60

UNIT : IV

PREPARED BY ARUN PRATAP SINGH

WEB TECHNOLOGY AND COMMERCE (MCSE 201)


2/60

PREPARED BY ARUN PRATAP SINGH 1

1

INTERNET PAYMENT SYSTEM :

Internet payment systems refer to the various methods by which individuals and companies doingbusiness online collect money from their customers in exchange for the goods and services theyprovide. A number of different forms of payment exist for online purchases, and more are beingdeveloped all the time. After all, it is in the best interest of both consumers and merchants to make

electronic commerce as safe and easy as possible. "The low cost of entry has attracted hundredsof companies, large and small, to the level playing field ofcyberspace," Paul J. Dowling, Jr. notedin his book Web Advertising and Marketing. "On the Internet, a small, one-man operation can lookas good or better than a large, multinational corporation. But whether it's an individual workingout of a virtual office, or a CEO sitting in an expensive downtown office building, they're goingonline for one purposeto sell. And they're leaving no stone unturned in their efforts to make itsafe and easy for their customers to buy."

Customers who physically visit retail establishments can choose among a variety of paymentmethods, including cash, checks, credit cards, and debit cards. Customers who shop on theInternet are beginning to expect online merchants to offer the same variety and convenience inpayment terms. Credit cards remain the most common form of payment for online purchases,although the options have expanded to include digital cash, smart cards, electronic checks, andother technologies. In addition, some customers continue to make online purchases usingtraditional payment methods, such as placing orders by telephone or fax,or sending a checkvia snail mail. Dowling recommends that companies conducting sales online make as manypayment methods available as possible and advertise their acceptance of those methods on theirWeb sites. He claims that small businesses can add value to their product or service offerings bymaking payment easy, comfortable, and secure for their customers. "Getting paid on the Webultimately testifies to your marketing plan's effectiveness," Dowling wrote. "And when everythinggoes as it should, customers will place the order."

Perhaps the biggest issue affecting online payment systemsfrom both the sellers' and the

buyers' perspectivesis maintaining the security of f inancial information sent over the Internet. Asurvey conducted by Visa showed that 91 percent of consumers were concerned about privacyand security on the Internet. Another study, conducted by the Boston Consulting Group andquoted in Computerworld, indicated that 28 percent of consumers' online purchase efforts failedmeaning that they intended to buy online but did not complete the transaction. "Concerns aboutsecurity and the perception that online credit card transactions are extremelyunsafe seem to beamong the biggest issues keeping many retailers and consumers from closing saleselectronically," Lorna Pappas wrote in Chain Store Age Executive.

Internet payment system is also known as Electronic Payment system.

What Electronic Payment system is?

Electronic Payment is a financial exchange that takes place online between buyers and sellers.The content of this exchange is usually some form of digital financial instrument (such asencrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or anintermediary, or by a legal tender.

Electronic payment system is a system which helps the customer or user to make online paymentfor their shopping.

UNIT : IV
http://www.answers.com/topic/cyberspacehttp://www.answers.com/topic/debithttp://www.answers.com/topic/faxhttp://www.answers.com/topic/snail-mailhttp://www.answers.com/topic/unsafehttp://www.answers.com/topic/unsafehttp://www.answers.com/topic/snail-mailhttp://www.answers.com/topic/faxhttp://www.answers.com/topic/debithttp://www.answers.com/topic/cyberspace


3/60


2

Requirements For E-payments

The various factors that have lead the financial institutions to make use of electronic paymentsare:

1. Decreasing technology cost: The technology used in the networks is decreasing day by

day.2. Reduced operational and processing cost:Due to reduced technology cost the processingcost of various commerce activities becomes very less. A very simple reason to prove thisis the fact that in electronic transactions we save both paper and time.

3. Increasing online commerce:

Some Examples Of EPS:-

Online Reservation

Online Bill Payment

Online Order Placing (Nirulas)

Online Ticket Booking ( Movie)

Major Internet Payment Methods :

Secure Electronics Transaction (SET) Protocol for implementing credit card payment

An Electronic Check system for supporting check payment

An Electronic funds transfer and Electronic Cash system for emulating physical cashpayment

Other methods

Micropayment methods and Smart card methods

Two Storage Methods

On-line

Individual does not have possession personally of electronic cash

Trusted third party, e.g. online bank, holds customers cash accounts

Off-line

Customer holds cash on smart card or software wallet

Fraud and double spending require tamper-proof encryption


4/60


3

E-Cash :

A system that allows a person to pay for goods or services by transmitting a numberfrom one computer to another.

Like the serial numbers on real currency notes, the E-cash numbers are unique.

This is issued by a bank and represents a specified sum of real money.

It is anonymous and reusable.

Electronic Cash Security :

Complex cryptographic algorithms prevent double spending

Anonymity is preserved unless double spending is attempted

Serial numbers can allow tracing to prevent money laundering

E-Cash Processing :


5/60


4

E-Wallet :

The E-wallet is another payment scheme that operates like a carrier of e-cash and otherinformation.

The aim is to give shoppers a single, simple, and secure way of carrying currencyelectronically.

Trust is the basis of the e-wallet as a form of electronic payment.

Procedure for using an e-wallet :

1. Decide on an online site where you would like to shop.

2. Download a wallet from the merchants website.

3. Fill out personal information such as your credit card number, name, address and phonenumber, and where merchandise should be shipped.

4. When you are ready to buy, click on the wallet button, the buying process is fullyexecuted.


6/60


5

Smart Cards :

A smart card, is any pocket-sized card with embedded integrated circuits which can

process data

This implies that it can receive input which is processed and delivered as an output

Smart card Processing :


7/60


6

Smart Card Applications

Ticketless travel

Seoul bus system: 4M cards, 1B transactions since 1996

Planned the SF Bay Area system

Authentication, ID

Medical records

Ecash

Store loyalty programs

Personal profiles

Government

Licenses

Mall parking

Credit cards :

It is a Plastic Card having a Magnetic Number and code on it.

It has Some fixed amount to spend.

Customer has to repay the spend amount after sometime.


8/60


7

Processing a Credit cards payment

Risk in using Credit cards -

Operational Risk

Credit Risk

Legal Risk

Secure Electronic Transaction (SET) Protocol :

Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM,GTE, SAIC, and others

Designed to provide security for card payments as they travel on the Internet

Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumersand merchants in addition to providing secure transmission

SET specification

Uses public key cryptography and digital certificates for validating bothconsumers and merchants


9/60


8

Provides privacy, data integrity, user and merchant authentication, and consumernonrepudiation

The SET Protocol

What Is Payment Gateways??

A payment gatewayis an e-commerce application service provider service that

authorizes payments for e-businesses, online Shopping, etc.


10/60


9

Payment gateway protects credit cards details encrypting sensitive information, suchas credit card numbers, to ensure that information passes securely between thecustomer and the merchant and also between merchant and payment processor.

How It works???....

Payments In India

Going the e-way

e-PAYMENT SYSTEM IN INDIA :

Ever-increasing technology changes.

Growing Internet access and mobile subscriber base

Rising consumer confidence.

Convenient delivery/payment models

India has been one of the fastest growing country for payment cards in the Asia-Pacific

region. India currently has approximately 130 million cards (both debit and credit) in circulation.


11/60


10

GROWTH IN e-PAYMENT SYSTEM

REGULATION-

The Reserve Bank of India (RBI) has been supportive in the development of electronicpayments.

In this direction, the Payments and Settlement System Act was enacted .

Apart from being supporting, the RBI has also initiated various programs to encourage e-payments.

CHANNELS OF PAYMENT-

Indian banks have put in place various channels of electronic payments in place toencourage customers to adopt the electronic mode.

Channels like the Internet, mobile, ATMs, and drop boxes are some of the mostfrequently used channels apart from bank branches.

MARKET MAPPING-

E-payments processing market has two major players, namelyTech Process, and Bill Desk, which is a pure play electronic transaction processing company.

The Indian Payment System Is Transforming From Paper Mode To Electronic Mode.

Two main reasons for such shift are:-


12/60


11

1. The regulator has mandated routing all high-value transactions electronically to minimizemovement of money and risk.

2. At the retail end, customers are realizing the efficiency of electronic payments.

SHIFTS IN THE PAYMENT SYSTEM

TECHNOLOGICAL ADVANCEMENT IN e-PAYMENT

Electronic Clearing Service (Credit and Debit).

National Electronic Fund Transfer (NEFT).

THE RULING PLASTIC MONEY

Credit cards

Debit cards

ATM Cards

PayPal :

PayPal is a global e-commerce business allowing payments and money transfers to be madethrough the Internet. Online money transfers serve as electronic alternatives to paying withtraditional paper methods, such as checks and money orders. It is subject to the US economicsanction list and other rules and interventions required by US laws or government. PayPal is anacquirer, performing payment processing for online vendors, auction sites, and other commercial


13/60


12

users, for which it charges a fee. It may also charge a fee for receiving money, proportional to theamount received. The fees depend on the currency used, the payment option used, the countryof the sender, the country of the recipient, the amount sent and the recipient's account type. Inaddition, eBay purchases made by credit card through PayPal may incur extra fees if the buyerand seller use different currencies. On October 3, 2002, PayPal became a wholly ownedsubsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay'sNorth First Street satellite office campus. The company also has significant operations in Omaha,Scottsdale, Charlotte and Austin in the United States; Chennai in India; Dublin in Ireland;Kleinmachnow in Germany; and Tel Aviv in Israel. From July 2007, PayPal has operated acrossthe European Union as a Luxembourg-based bank

Google Wallet :

Google Wallet was launched in 2011, serving a similar function as PayPal to facilitate paymentsand transfer money online. It also features highly robust security and additional features, such asthe ability to send payments as attachments via email.


14/60


13

CHARACTERISTICS OF PAYMENT SYSTEM :

There is no paper involved, so electronic payments can be effected directly from home or office Fast, efficient, safe, secure and generally less costly than paper-based alternatives, e.g. cheques Electronic payments are fully traceable In Ireland, the clearing time for standard electronic payments is next day value for interbank

transfers, subject to the payment instruction being received ahead of shut-off times which canvary from bank to bank. Payment instructions received after the shut -off time will be processedone working day later

Most banks offer same day value for payments made to other accounts held in that same bank Many banks offer same day money transfer inter-bank services for large value payments Unlike cheques, electronic payments dont bounce as payments will not be effected unless the

funds are available in the first place


15/60


14

Features of Payment Methods :

Anonymity : whether the payment method is anonymous

Security : whether the payment method is secure

Overhead cost: the overhead cost of processing a payment

Transferability: whether a payment can be carried out without the involvement of athird party

Divisibility : whether a payment can be divided into arbitrary small payments whose

sum is equal to the original payment

Acceptability : whether the payment method is supported globally

4C PAYMENTS METHODS :

To make the e-commerce system functional, we also need to incorporate paymentfunctions into the system

In the physical world, there are 4types of payment methods

Cash

Credit card

Check

Credit/debit (Fund Transfer)

Payment method should be

Very secure

Having Low overhead cost

Transferable

Acceptable anywhere

Divisible

Anonymous

Comparison of the 4C payment methods


16/60


15

SET PROTOCOL FOR CREDIT CARD PAYMENT :

The credit card is one of the most commonly used payment methods in e-

commerce, in particular B2C e-commerce Before the introduction SET protocol, secure credit card payment was usuallycarried out over an SSL connection

Advantage of SSL :

It ensures the secure transmission of credit card information over the internet

Disadvantage of SSL :

It is not a complete credit card payment method.

For example, it cannot support on-line credit card authorization

SET is specially developed to provide secure credit card payment over the internet

It is now widely supported by major credit card companies including Visa andMasterCard


17/60


16

SET aims at satisfying the following security requirements in the context of credit cardpayment :

Confidentiality- Sensitive messages are encrypted so that they are kept

confidential

Integrity- Nearly all messages are digitally signed to ensure content integrity Authentication- Authentication is performed through a public key infrastructure

SET network architecture

Merchant : a seller, which is connected to an acquirer

Cardholder: a registered holder of the credit card who is a buyer

Issuer : the bank that issues the credit card to a cardholder

Acquirer : the bank that serves as an agent to link a merchant to multiple issuers

A merchant can process various credit cards through a single acquirer

Payment Gateway : This is typically connected to the acquirer

The payment gateway is situated between the SET system and the financialnetwork of the current credit card system for processing the credit card payment

SET Digital Certificate System


18/60


17

Dual signature generation and verification

In the physical credit card system

the Payment Instructions (PI) including the cardholders credit card number and

signature are not kept confidential

data integrity can basically be ensured by using printed receipts

cardholders authentication relies on simple signature checking only

In an electronic credit card system

the Order Information (OI) and PI can be digitally signed to ensure data integrity

the sensitive credit card information may still be disclosed to other people

SET introduces a novel method called the dual signature (DS) to ensure data integritywhile protecting the sensitive information


19/60


20/60


19

Step 3: Finally, he compares the two terms H[H[PI] || H[OI]] and

DRSA[DS | keypublic_sign,cardholder ]

They should be the same if the transmitted DS has not been changed; otherwise the order isnot valid

The payment gateway is provided with PI, H[OI], andDS

By using the dual signature method, each cardholder can link OI and PI while releasingonly the necessary information to the relevant party

If either the OI or PI is changed, the dual signature will no longer be valid

DIGITAL ENVELOPE


21/60


20

SET PROTOCOL

SET protocol has four phases: initiation, purchase, authorization, and capture

First the cardholder sends a purchase initiation request to the merchant for initializingthe payment

Then the merchant returns a response message to the cardholder

In the second phase, the cardholder sends the purchase order together with thepayment instruction to the merchant

In the third phase, the merchant obtains the authorization from the issuer via thepayment gateway

Finally, the merchant requests a money transfer to its account

E-CASH :

Electronic money is paperless cash. This money is either stored on a card itself or in an accountassociated with the card

The most common examples are transit cards, meal plans, and PayPal. E-Cash can also meanany kind of electronic payment.

Electronic payment systems come in many forms including virtual cheques, ATM cards, creditcards, and stored value cards. The usual security features for such systems are privacy,authenticity , and no repudiation.

There are four major components in an electronic cash system:

Issuers

Customers

Merchants or traders

Regulators.

Issuers can be banks, or non-bank institutions


22/60


23/60


22

This is a simple model of E-cash payment system. This gives us the idea of how e-cash

payment system works. The model is explained properly in upcoming slides

The customer approaches his issuer(banks) site for accessing his account. The issuer in returnissues the money in form of a token which is generally in form of tens and hundreds or as perspecified by the customer

In second phase the customer will endorse those tokens to the merchant for acquiring services,for which the customer will authenticate the payment for the trader.


24/60


23

In third phase the trader will approach the token issuer(customers bank) and after

authenticating the tokens the issuing bank will convert the tokens into electronic fund and thesame will be transferred into traders account

Finally after getting the payment for the respective services the trader provides the requisiteservice or product and also notifies the customer about the approval of payment made bycustomer in traders account.

A system that allows a person to pay for goods or services by transmitting a numberfrom one computer to another.

Like the serial numbers on real currency notes, the E-cash numbers are unique.

This is issued by a bank and represents a specified sum of real money.


25/60


24

It is anonymous and reusable.

Electronic Cash Security :

Complex cryptographic algorithms prevent double spending

Anonymity is preserved unless double spending is attempted

Serial numbers can allow tracing to prevent money laundering

E-Cash Processing :

E-cash security :

Security is of extreme importance while handling the online transactions. Faith in the security ofthe medium of exchange, whether paper or digital, is essential for the economy to function.

E-cash is much secure than other online payment modes because in this case no credential suchas card-passwords or anything such is involved. Its like simply the online fund transfer fromcustomers account to traders account.


26/60


25

However while accessing the customers account, the customer must keep in mind the internet

security sweep or theft. The online hacking and cracking can be avoided by using SSL and TSLwebsite security systems and keeping the website link with safe Https:// protocols and properinternet security softwares to keep aside the threats of malware, evasdrooping and other securitythreats.

Advantages :

We can transfer funds, purchase stocks, and offer a variety of other services withouthaving to handle physical cash or cheques

Electronic cash protects its user against theft With electronic cash, the customer doesnot need to provide financial information

E-cash supports small payments . Other online payment system charge a fee for everytransaction no matter how much high or low it is but e-cash has a specific limit for

additional charges thats why very low payments are not charged a fee.

Limitations :

Maybe how much secure the e-cash payment system is but still no one is safe againstthe online frauds. In this case the trader is referred as fraudulent. The trader may takethe amount but may not provide the services

While making the payment, its very important that the internet connection and powersupply should be active. If the payment is in process and internet supply fails in betweenit can lead to loss of information i.e amount will be charged but it wont reach to traderand the refund takes very long time in general the refund time is at least 30-45 days.

E-Cash is not for everyone. Low income segments without computer and internet accessare unable to enjoy the usage of E-Cash.

The rise of E-Cash is inevitable, but further improvements are needed. Tackling security,anonymity, low income group readiness and technology reliability issues will make E-Cash moreperfect. In countries such as India where people were hesitant to use such methods has showna tremendous use of online payments and E-cash payment system. Slowly but steadily the growthis seen and improving it technologically will make it more reliable and efficient for customers touse it.


27/60


26

E-CHECK :

What is an electronic check?

Its simply an electronic version of a paper check. When you convert a traditional check into anelectronic payment, you can process it through the Automated Clearing House (ACH) Network to

save time and moneyand because electronic checks have more security features than a papercheck, they better protect your business and customers. Another way to think of an electroniccheck is when a customer pays by entering in their bank account information online andelectronically sending the money. Electronic checks are becoming increasingly popular becausethey are so fast, efficient and secure.

Electronic checks are sometimes called eChecks, electronic check conversions, or Back OfficeConversions (BOCs). Read more on what you need to know as you consider using eChecks inyour business.

eCheck, a new payment instrument combining the security, speed and processing efficiencies ofall-electronic transactions with the familiar and well-developed legal infrastructure and business

processes associated with paper checks, is the first and only electronic payment mechanismchosen by the United States Treasury to make high-value payments over the public Internet.

How electronic checks work

The process is simple. First, you run a customers paper check through an electronic scannersystem supplied by your merchant service provider. This virtual terminal captures the customer'sbanking information and the payment amount. The information is then transferred electronicallyover the Federal Reserve Bank's ACH Network, which takes the funds from your customer'saccount and deposits them into yours.

After payment approval, the virtual terminal will print a receipt for the customer to sign and keep.

Your employee should then void the paper check and return it to the customer. Youll be able toview and report on your merchant transactions online, although features may vary depending onyour merchant service provider or your payment processing solution provider.

How does the ACH Network work with eChecks?

The ACH Network is a funds distribution system that moves funds electronically from one entityto another. Its a highly reliable and efficient nationwide electronic network governed by the rulesof the National Automated Clearing House Association (NACHA) and the Federal Reserve (Fed).

Given its ability to electronically transfer money directly to and from bank accounts, ACH is afaster payment method than traditional paper checks. The ACH payment process is close to the

paper check process, only faster. Clients give their bank routing or checking account number andafter verification, the payment is transferred quite immediately electronically through the ACHsystem. Besides checks, the ACH Network also handles debit card transactions, direct depositsof payroll, Social Security, and other government benefits, direct debit payments and business-to-business payments


28/60


27

Reaping the benefits of eChecks

Converting your customers paper checks into electronic checks helps save time and reduceshassle for your staff because you can submit payments electronically instead of making trips tothe bank. However, time saving and hassle reduction are not the only benefits. Read on for more:

1. Reduce processing costs by up to 60%.eChecks require less manpower to process anddont come with any deposit or transaction fees. As a result, processing an eCheck is generallymuch cheaper than processing a paper check or credit card transaction.

2. Receive funds sooner.Businesses that use electronic check conversion have their fundsdeposited almost twice as fast as those using traditional check processing. Billing companiesoften receive payments within one day.

3. Increase sales.If your business doesnt accept paper checks, offering eChecks expands yourcustomers options and can increase sales. If youre converting from paper checks to eChecks,

you can start accepting international and out-of-state checks while using account validation andcustomer authentication processes to protect your business from fraud.

4. Work smarter and greener.Electronic check conversion is easy to set up. It relies on thetrusted ACH Network. And eChecks help reduce the more than 67.4 million gallons of fuel usedand 3.6 million tons of greenhouse gas emissions created by transporting paper checks.

5. Decrease errors and fraud.eChecks reduce the potential for errors and fraud because fewerpeople handle them. Merchant service providers also maintain, monitor, and check files againstnegative account databases that store information about individuals or companies that haverecords of fraud.

Protecting your business

and your customers

Electronic check conversion is one of the most secure payment methods in the electronic paymentprocessing industry because it uses the latest information protection features:

1. Authentication. Merchants must verify that the person providing the checking accountinformation has the authority to use that account. Authentication services and products availableto merchants include digital signatures and public key cryptography.

Also known as digital certificates, digital signatures encrypt data in a way that gives the receivera more reliable indication that the information was actually sent by the sender. Theyre used onthe Internet to confirm the identity of a customer, much as a handwritten signature would. Because

digital signatures are difficult to tamper with or imitate and are easily transportable, theyre a goodway to verify identity. Digital signatures are often used to implement electronic signatures, whichinclude any electronic data that carries the intent of a signature.

Public key cryptography is a security method that uses keys to encrypt and decrypt a sentmessage. With electronic check conversion, the private key is a secret mathematical calculationused to create the digital signature on the echeck, and the public key is the key given to anyone


29/60


28

who needs to verify that the sender signed the echeck and that the electronic transfer has notbeen tampered with.

2. Duplicate detection.Financial institutions use software and operational controls to preventand detect duplication of the scanned electronic representations of customer checks.

3. Encryption. The ACH Network automatically encrypts messages using 128-bit encryption anda secure sockets layer (SSL).

How to get started with electronic checks

Heres how to implement electronic check conversion as quickly and easily as possible:

1. Choose a well-established processing company. Good pricing is important, but working with areliable processor is essential.

2. Notify your customers that your business will begin using electronic check conversion. Federallaws require you to post a notification about this change and give your customers a takeaway

copy. You must also provide customers with a phone number to request more information.

3. Look for a processor that makes it easy to align your current business processes with your newelectronic processing system, export customer data, and integrate your new system with yourbusiness management software.

4. QuickBooks Payments offers a complete payment processing solution. Businesses can takepayments from their customers in many ways- from ACH bank payments, electronic checks tocredit cards including Visa, MasterCard, Discover and American Express. In addition to offeringmany ways to get paid, QuickBooks Payments also enables businesses to email invoices to theircustomers with a Pay Now button. Our data shows us that businesses using QuickBooksPayments are getting paid twice as fast due to the e-invoicing feature.

This diagram illustrates how real-time, electronic check processing works using the CyberSourcePayment Service:

1. 'Payer' (customer/bill payer) is prompted to authorize electronic debit, enter bank routingnumber (ABA#) and account number.


30/60


29

2. Merchant's sales system securely transfers order information to CyberSource over theInternet.

3. CyberSource forwards bank routing number and account number to processor.4. The routing number and account number are validated, and the integrity of the account's

checking history is verified. Processor forwards approve/decline results to CyberSource.5. CyberSource returns approval/decline message to merchant.

6. If approved, CyberSource routes check for settlement through a processer to theAutomated Clearinghouse System (ACH). Funds are deposited in approximately 1-3business days.

Four Different Scenarios of the FSTC E-check System


31/60


30

MICROPAYMENT METHODS :

Traditional payment methods are called macropayment methods. A new type of payment method known as micropayment method is emerging to cater for

very low value transactions. Example:

Millicent (pre-payment/credit based) Paywords (post-payment)


32/60


31

MICRO PAYMENT IS -

Very small payments made over the Web. Transactions too small for credit cards. Can be as little as a fraction of a cent. Alternative to subscription and advertising. Can go in either direction.

A micropayment is an e-commerce transaction involving a very small sum of money in exchange

for something made available online, such as an application download, a service or Web-based

content.

Micropayments are sometimes defined as anything less than 75 cents and can be as low as a

fraction of a cent. A special type of system is required for such payments, which are too small tobe feasible for processing through credit card companies.

Here's one scheme for micropayment: The user and seller each establish an account with a third-

party service provider who monitors, collects and distributes micropayments. The seller encodes

per-fee links inside a Web page. When the user initiates a transaction, payment goes through an

Internetwallet account managed by the service provider. Micropayments accumulate until they

are collected as single, larger payments. Such a system is helpful when a user wants to make
http://whatis.techtarget.com/definition/wallethttp://whatis.techtarget.com/definition/wallet


33/60


32

one-time micropayments to multiple sellers. Seller-based accounts are more common for repeat

business with an individual enterprise.

Once a common micropayment standard has been established, some experts predict that

streaming media sites, music and application downloads, content vendors, sports access sites

and other specialized resources willmake pay-per-use common online.

Advantages and risks

With a micropayment system many small transactions are summarised over a defined period oftime and charged in one bill. For that reason micropayments are applicable for businesses whereeven small costs for every single transaction would be inefficient.4)The main benefits from thecustomer site in using micropayment are speed and flexibility. From the merchants site speed

and acceptable transaction fees are very important. As the transactions involve small capitalsecurity does not have the highest priority. Much more important than trust is security. User andmerchants are more likely to use an insecure payment system from a trusted company than asecure payment system from an untrusted (unknown) company. Therefore the market entrybarriers for new providers are high. Any company that wishes to enter this area must have plentyof capital and be willing to invest a lot beforereturn on investment as it is extremely difficult fornew payment systems to achieve widespread acceptance.

Payment options

Micropayment providers offer various payment modules. Merchants need to sign up for anaccount with a chosen provider and decide for a module that suits their needs. The customer getsan option (or options) how to pay for desired content or goods.

The most common micropayment options are listed below:6)

Call2payPayment by telephone. The customer is requested to call a toll number. The fee is set on a per-call basis for the desired payment amount.

HandypayPayment via mobile phone bill. The customer enters his or her cell phone number and receivesan SMS with a TAN in order to confirm payment.

Ebank2payPayment using online banking. The customer transfers the payment amount his or her onlinebanking access and a TAN. After making payment, the customer receives access to thepurchased product.

Credit cardPayment per credit card. The customer enters his credit card data and confirms the transaction.The transactions can be optionally carried out with the 3-D Secure method (verified by VISAand Mastercard SecureCode).

Direct debit
http://whatis.techtarget.com/definition/wallethttp://whatis.techtarget.com/definition/streaming-mediahttp://en.ecommercewiki.info/payment/micro_payment#fn__4http://en.ecommercewiki.info/payment/micro_payment#fn__4http://en.ecommercewiki.info/payment/micro_payment#fn__4http://en.ecommercewiki.info/glossary/m/market_entry_barriershttp://en.ecommercewiki.info/glossary/m/market_entry_barriershttp://en.ecommercewiki.info/glossary/r/return_on_investmenthttp://en.ecommercewiki.info/payment/micro_payment#fn__6http://en.ecommercewiki.info/payment/micro_payment#fn__6http://en.ecommercewiki.info/payment/micro_payment#fn__6http://en.ecommercewiki.info/payment/micro_payment#fn__6http://en.ecommercewiki.info/glossary/r/return_on_investmenthttp://en.ecommercewiki.info/glossary/m/market_entry_barriershttp://en.ecommercewiki.info/glossary/m/market_entry_barriershttp://en.ecommercewiki.info/payment/micro_payment#fn__4http://whatis.techtarget.com/definition/streaming-mediahttp://whatis.techtarget.com/definition/wallet


34/60


33

Payment by direct debit. The customer enters his or her bank ID and account number andconfirms the direct debit authorization.

PayPal MicroPayments is a micropayment system that charges payments to

user'sPayPal account and allows transactions of less than US$12 to take place. The service is,as of 2013, offered in select currencies only.

Micropayment Uses

Publishing

Marketing

Software

Entertainment

Web Services

SMART CARD :

A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with

embeddedintegrated circuits.Smart cards are made of plastic, generallypolyvinyl chloride,but

sometimes polyethylene terephthalate based polyesters, acrylonitrile butadiene

styrene orpolycarbonate. Since April 2009, a Japanese company has manufactured reusable

financial smart cards made from paper.

Smart cards can provide identification, authentication, data storage and application

processing.[2]Smart cards may provide strong securityauthentication for single sign-on (SSO)

within large organizations.

A smart card, is any pocket-sized card with embedded integrated circuits which canprocess data

This implies that it can receive input which is processed and delivered as an output

What is Smart Card?

Standard credit card-sized with microchip embedded on it

Two types

Memory-only chips

Microprocessor chips

Can hold up to 32,000 bytes

Newer smart cards have math co-processors
http://en.wikipedia.org/wiki/PayPalhttp://en.wikipedia.org/wiki/Integrated_circuithttp://en.wikipedia.org/wiki/Polyvinyl_chloridehttp://en.wikipedia.org/wiki/Polyethylene_terephthalatehttp://en.wikipedia.org/wiki/Polyestershttp://en.wikipedia.org/wiki/Acrylonitrile_butadiene_styrenehttp://en.wikipedia.org/wiki/Acrylonitrile_butadiene_styrenehttp://en.wikipedia.org/wiki/Polycarbonatehttp://en.wikipedia.org/wiki/Identity_documenthttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Smart_card#cite_note-2http://en.wikipedia.org/wiki/Smart_card#cite_note-2http://en.wikipedia.org/wiki/Smart_card#cite_note-2http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Single_sign-onhttp://en.wikipedia.org/wiki/Single_sign-onhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Smart_card#cite_note-2http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Identity_documenthttp://en.wikipedia.org/wiki/Polycarbonatehttp://en.wikipedia.org/wiki/Acrylonitrile_butadiene_styrenehttp://en.wikipedia.org/wiki/Acrylonitrile_butadiene_styrenehttp://en.wikipedia.org/wiki/Polyestershttp://en.wikipedia.org/wiki/Polyethylene_terephthalatehttp://en.wikipedia.org/wiki/Polyvinyl_chloridehttp://en.wikipedia.org/wiki/Integrated_circuithttp://en.wikipedia.org/wiki/PayPal


35/60


34

Perform complex encryption routines quickly

In 1968 German inventors patent combination of plastic cards with micro chips.

Construction of Smart Cards


36/60


35


37/60


36

Why Smart Cards

Improve the convenience and security of any transaction.

Provide tamper-proof storage of user and account identity.

Provide vital components of system security.

Protect against a full range of security threats

Advantages

Flexibility

Security

Portability

Increasing data storage capacity

Reliability.

Schematic overview of a smart card


38/60


37

Smart card Processing :

Smart Card Applications

Ticketless travel

Seoul bus system: 4M cards, 1B transactions since 1996 Planned the SF Bay Area system

Authentication, ID Medical records Ecash Store loyalty programs Personal profiles Government Licenses Mall parking

Example : Mondex


39/60


38

OVERVIEW OF MONDEX :

Mondex is a smart card electronic cash system which was originally developed by NationalWestminster Bank in theUnited Kingdom and subsequently sold to MasterCard International.Mondex launched in a number of markets during the 1990s, expanding from an original trial inSwindon, UK to Hong Kong, Guelph, and New York. It was also trialled on several British

university campuses from the late 1990s, including the University of Edinburgh, University ofExeter (between 1997 and 2001), University of York, University of Nottingham, AstonUniversity andSheffield Hallam University.

Direct transfer of electronic money between two cards

Transfer of electronic money over the Internet or telephone networks etc.

Keep transaction records

Password protection and lock card functions

Portable balance finder to check balance

Support multiple currencies
http://en.wikipedia.org/wiki/Smart_cardhttp://en.wikipedia.org/wiki/Electronic_cashhttp://en.wikipedia.org/wiki/National_Westminster_Bankhttp://en.wikipedia.org/wiki/National_Westminster_Bankhttp://en.wikipedia.org/wiki/United_Kingdomhttp://en.wikipedia.org/wiki/MasterCard_Internationalhttp://en.wikipedia.org/wiki/Swindonhttp://en.wikipedia.org/wiki/Hong_Konghttp://en.wikipedia.org/wiki/Guelphhttp://en.wikipedia.org/wiki/New_Yorkhttp://en.wikipedia.org/wiki/University_of_Edinburghhttp://en.wikipedia.org/wiki/University_of_Exeterhttp://en.wikipedia.org/wiki/University_of_Exeterhttp://en.wikipedia.org/wiki/University_of_Yorkhttp://en.wikipedia.org/wiki/University_of_Nottinghamhttp://en.wikipedia.org/wiki/Aston_Universityhttp://en.wikipedia.org/wiki/Aston_Universityhttp://en.wikipedia.org/wiki/Sheffield_Hallam_Universityhttp://en.wikipedia.org/wiki/Sheffield_Hallam_Universityhttp://en.wikipedia.org/wiki/Aston_Universityhttp://en.wikipedia.org/wiki/Aston_Universityhttp://en.wikipedia.org/wiki/University_of_Nottinghamhttp://en.wikipedia.org/wiki/University_of_Yorkhttp://en.wikipedia.org/wiki/University_of_Exeterhttp://en.wikipedia.org/wiki/University_of_Exeterhttp://en.wikipedia.org/wiki/University_of_Edinburghhttp://en.wikipedia.org/wiki/New_Yorkhttp://en.wikipedia.org/wiki/Guelphhttp://en.wikipedia.org/wiki/Hong_Konghttp://en.wikipedia.org/wiki/Swindonhttp://en.wikipedia.org/wiki/MasterCard_Internationalhttp://en.wikipedia.org/wiki/United_Kingdomhttp://en.wikipedia.org/wiki/National_Westminster_Bankhttp://en.wikipedia.org/wiki/National_Westminster_Bankhttp://en.wikipedia.org/wiki/Electronic_cashhttp://en.wikipedia.org/wiki/Smart_card


40/60


39

ADVANTAGES :

CONSUMER

Convenience

Accessibility

On chip record of recent transactions

Home load

Internet purchases

MERCHANT

Reliable-Off line payment

Higher security

Low transaction cost

Reduced cash handling

FINANCIAL INSTITUTION

Strengthen customer relationships

New financial and commercial partnerships

"Mondex" is a concept for an electronic payment system that provides an alternate to cash,particularly small currency and coins ("micro-payment"). The concept was invented in 1990 byTim Jones and Graham Higgins at National Westminster Bank (NatWest) in the UK.

In July 1996, initiated by NatWest and Midland Bank PLC, Mondex International Ltd. was officiallyestablished by 17 major banks from North America, Asia/Pacific, and Europe, and was grantedan exclusive licensing agreement with NatWest for the intellectual property rights to develop theMondex concept, technology, and brand. In the same year, MasterCard International acquired51% ownership of Mondex International and fully endorsed the Mondex technology architecture.

How does Mondex Protect Privacy

Principles protected:o Limits for collecting personal informationo limits for using, disclosing and keeping personal informationo keeping personal information accurateo safeguarding personal information


41/60


40

Limits for collecting personal informationo loads from accounto deposits into accounto lost transactions

Limits for using, disclosing and keeping personal information

o safeguard deposits

o to re-imburse for non-performance

Keeping personal information accurate

o load and unload are online

o rolling 10 transactions provides exact spend and retailer name

Safeguarding personal information

o firewalls in Multos - between applications - ITSEC 6 designation

o transaction data to retailer is deliberately limited

o individual transaction data is not collected by banks - Mondex is an unauditedsystem


42/60


41

The design of a Mondex smart card allows end users to transfer funds electronically onto the card

and then utilize the Mondex smart card to make purchases up to the total cash value held on the

card. Mondex smart cards provide an electronicpayment system using all the capabilities

associated with smart card technology. The Mondex smart card can be a convenient alternative

to cash.

Although the design was five years old at the time, the Mondex smart card was actually launched

in 1995two years beforeMasterCard assumed control of the technology.

The banks that currently support the Mondex smart card include National Bank of Canada,

Scotiabank, Canada Trust, Bank of Montreal, Le Mouvement des caisses Desjardins, and Toronto

Dominion Bank. With so many respected lending institutions banking on the idea, the Mondex

smart card is worth a closer look.

The Mondex smart card has the ability to make card-to-card transfers which is not possible with

standard credit or debit cards. When you use a credit/debit card to make a purchase,

communication is required between the bank and your card. However, Mondex cards contain an

embedded microprocessor, with sophisticated encryption methods and tamper-proof hardware

designed to protect them from hackers. The ability of the Mondex smart card to do offline

transactions means they are less dependent on expensive network infrastructure, reducing

transaction costs. Offline transactions may seem anonymous, however they actually are recorded

in the digital memory of the cards microprocessor and remain retrievable the next time the card

is used at an ATM, or as soon as the retailer uploads transaction data to the bank computer.A significant disadvantage with Mondex is that transactions arent truly anonymous. Unlike pre-

paid phone cards, which are also based on smart card technology, you cant purchase a Mondex

card without revealing your identity. Each card has a unique identification number through which

owners can easily be identified. Mondex smart cards have not been as successful as originally

predicted. Customers have not been especially satisfied with the card and its services. Unlike a

credit ordebit card,your money may be lost forever if you should lose a Mondex smart card.

Losing a Mondex card is just like losing a wallet full of cash. With a credit card youre protected

against any loss exceeding $50 dollars. This protection is not currently available with a Mondex

smart card.

According to the Mondex smartcard system,it is fully auditable. There is a log of the time, date,

amount, and participants of each transaction which hampers the privacy of users. Technically,

however, Mondex cant claim to be a fully auditable system. After a number of transactions,

overflow can occur as a result of limited memory in the Mondex smart-cards. This means that
http://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.htmlhttp://www.tech-faq.com/mondex-smart-card.html


43/60


42

significant data may be lost before Mondex is able to retrieve it. Critics say this loss of data is a

critical design flaw making it difficult for Mondex to reliably detect fraud.

While Mondex smart cards are not a hundred percent secure they do possess the ability to tolerate

minor fraud loss.

Mondex believes theirelectronic payment system is secure. They are convinced that critics who

have voice concern over security issues are mistaken and misinformed. Perhaps the use of a

Mondex smart card depends on a personal level of trust.

E-GOVERNANCE:

Although the term e-Governance has gained currency in recent years, there is no standarddefinition of this term. Different governments and organizations define this term to suit their own

aims and objectives. Sometimes, the term e-government is also used instead of e-Governance.

Several dimensions and factors influence the definition of e-governance or electronic

governance. The word electronic in the term e-governance implies technology driven

governance. E-governance is the application ofinformation and communication technology (ICT)

for delivering government services, exchange of information communication transactions,

integration of various stand-alone systems and services between government-to-customer (G2C),

government-to-business (G2B), government-to-government (G2G) as well as back office

processes and interactions within the entire government framework. Through e-governance,

government services will be made available to citizens in a convenient, efficient and transparentmanner. The three main target groups that can be distinguished in governance concepts are

government, citizens and businesses/interest groups. In e-governance there are no distinct

boundaries.

Generally four basic models are available government-to-citizen (customer), government-to-

employees,government-to-government andgovernment-to-business.

Difference between E-Government and E-Governance

Both the terms are treated to be the same, however, there is some difference between the two."E-government" is the use of the ICTs in public administration - combined with organizational

change and new skills - to improvepublic services and democratic processes and to strengthen

support to public. The problem in this definition to be congruence definition of e-governance is

that there is no provision for governance of ICTs. As a matter of fact, the governance of ICTs

requires most probably a substantial increase in regulation andpolicy-making capabilities, with

all the expertise and opinion-shaping processes among the various social stakeholders of these
http://www.tech-faq.com/mondex-smart-card.htmlhttp://en.wikipedia.org/wiki/Information_and_communication_technologyhttp://en.wikipedia.org/wiki/Government_serviceshttp://en.wikipedia.org/wiki/Back_officehttp://en.wikipedia.org/wiki/Government-to-citizenhttp://en.wikipedia.org/wiki/Government-to-employeeshttp://en.wikipedia.org/wiki/Government-to-employeeshttp://en.wikipedia.org/wiki/Government-to-governmenthttp://en.wikipedia.org/wiki/Government-to-businesshttp://en.wikipedia.org/wiki/Public_serviceshttp://en.wikipedia.org/wiki/Policy_makinghttp://en.wikipedia.org/wiki/Policy_makinghttp://en.wikipedia.org/wiki/Public_serviceshttp://en.wikipedia.org/wiki/Government-to-businesshttp://en.wikipedia.org/wiki/Government-to-governmenthttp://en.wikipedia.org/wiki/Government-to-employeeshttp://en.wikipedia.org/wiki/Government-to-employeeshttp://en.wikipedia.org/wiki/Government-to-citizenhttp://en.wikipedia.org/wiki/Back_officehttp://en.wikipedia.org/wiki/Government_serviceshttp://en.wikipedia.org/wiki/Information_and_communication_technologyhttp://www.tech-faq.com/mondex-smart-card.html


44/60


43

concerns. So, the perspective of the e-governance is "the use of the technologies that both help

governing and have to be governed". ThePublic-Private Partnership (PPP) based e-governance

projects are hugely successful inIndia.United Telecoms Limited known as UTL is a major player

in India on PPP based e-governance projects. Each project had mammoth state wide area

networks in these states.E-governance is the future, many countries are looking forward to for a corruption-free

government. E-government is one-way communication protocol whereas e-governance is two-

way communication protocol. The essence of e-governance is to reach thebeneficiary and ensure

that the services intended to reach the desired individual has been met with. There should be an

auto-response to support the essence of e-governance, whereby the Government realizes the

efficacy of its governance. E-governance is by the governed, for the governed and of the

governed.

Establishing the identity of the end beneficiary is a challenge in all citizen-centric services.

Statistical information published by governments and world bodies does not always reveal the

facts. The best form of e-governance cuts down on unwanted interference of too many layers

while delivering governmental services. It depends on good infrastructural setup with the support

of local processes and parameters for governments to reach their citizens or end

beneficiaries.Budget for planning, development and growth can be derived from well laid out e-

governance systems

Why e-Governance :

E-Government can transform citizen service, provide access to information to empower citizens,enable their participation in government and enhance citizen economic and social opportunities,

so that they can make better lives, for themselves and for the next generation.

BASIC ARCHITECTURE :
http://en.wikipedia.org/wiki/Public-Private_Partnershiphttp://en.wikipedia.org/wiki/Indiahttp://en.wikipedia.org/wiki/United_telecoms_limitedhttp://en.wikipedia.org/wiki/Corruption_(political)http://en.wikipedia.org/wiki/Communication_protocolhttp://en.wikipedia.org/wiki/Beneficiaryhttp://en.wikipedia.org/wiki/Beneficiaryhttp://en.wikipedia.org/wiki/Budgethttp://en.wikipedia.org/wiki/Budgethttp://en.wikipedia.org/wiki/Beneficiaryhttp://en.wikipedia.org/wiki/Beneficiaryhttp://en.wikipedia.org/wiki/Communication_protocolhttp://en.wikipedia.org/wiki/Corruption_(political)http://en.wikipedia.org/wiki/United_telecoms_limitedhttp://en.wikipedia.org/wiki/Indiahttp://en.wikipedia.org/wiki/Public-Private_Partnership


45/60


44

A suggested architecture for e-Governance is shown in the diagram where it is illustrated thatApplications from various departments can be integrated together, so as to be accessed by anyterminal or computer from any other department or anywhere through the network. This isbecause of the characteristics of CORBA - it is location transparent, language independent,implementation independent, architecture and Operating System independent. The applicationsconnected through CORBA/IIOP could be legacy applications wrapped around to suit CORBAspecifications or any new Web application, or could be even a data base environment usingOracle, etc. Seamless interconnection and thereby effective utility of the entire system of e-Governance is possible, if the middleware is designed to have the necessary services like

Transactions, Data Base, Management, Messaging and Naming.Regarding security aspects, CORBA Security standard is built around existing securityspecifications such as Distributed Computing Environment (DCE), the Kerberos Protocol andGeneric Security Service (GSS) API. While these technologies are heavily weighted, Public KeySecurity with Secured Socket Layer (SSL) is popular with Internet based transactions.

Types of Interactions in e-Governance:

e-Governance facilitates interaction between different stake holders in governance. Theseinteractions may be described as follows:

G2G (Government to Government)

In this case, Information and Communications Technology is used not only to restructurethe governmental processes involved in the functioning of government entities but also toincrease the flow of information and services within and between different entities. Thiskind of interaction is only within the sphere of government and can be both horizontal i.e.between different government agencies as well as between different functional areaswithin an organization, or vertical i.e. between national, provincial and local governmentagencies as well as between different levels within an organization. The primary objectiveis to increase efficiency, performance and output.


46/60


45

G2C (Government to Citizens)

In this case, an interface is created between the government and citizens which enablesthe citizens to benefit from efficient delivery of a large range of public services. Thisexpands the availability and accessibility of public services on the one hand and improvesthe quality of services on the other. It gives citizens the choice of when to interact with the

government (e.g. 24 hours a day, 7 days a week), from where to interact with thegovernment (e.g. service centre, unattended kiosk or from ones home/workplace) andhow to interact with the government (e.g. through internet, fax, telephone, email, face-to-face, etc). The primary purpose is to make government, citizen-friendly.

G2B (Government to Business)

Here, e-Governance tools are used to aid the business community providers of goodsand servicesto seamlessly interact with the government. The objective is to cut red tape,save time, reduce operational costs and to create a more transparent businessenvironment when dealing with the government. The G2Binitiatives can be transactional,such as in licensing, permits, procurement and revenue collection. They can also be

promotional and facilitative, such as in trade, tourism and investment. These measureshelp to provide a congenial environment to businesses to enable them to perform moreefficiently.

G2E (Government to Employees)Government is by far the biggest employer and like any organization, it has to interact withits employees on a regular basis. This interaction is a two-way process between theorganization and the employee. Use of ICT tools helps in making these interactions fastand efficient on the one hand and increase satisfaction levels of employees on the other.

Difference between G2B and B2G :

Government to business (G2B)- Refers to the conducting of transactions between

government bodies and business via internet.

Business to government (B2G)- Professional affairs conducted between companies and

regional, municipal, or federal governing bodies. B2G typically encompasses the

determination and evaluation of proposal and completion of contract.

PUBLIC PRIVATE PARTNERSHIPS :

Agreement between Government and the Private Sector for the Provision of a Public

Good or Service by the Latter.

Generally but not always involving:

Long Term Contracts

User Charges and/or Payments flowing between the Parties

Shared Investments but Mainly Private


47/60


46

Risk Sharing by the Parties

Must be a Partnership

A public-private partnership exists when public sector agencies (federal, state, or local) join withprivate sector entities (companies, foundations, academic institutions or citizens) and enter into abusiness relationship to attain a commonly shared goal that also achieves objectives of theindividual partners.

Why do them :

Fiscal Head Room

As a Way of Financing the Project

Separate Policy & Regulation from Operations


48/60


47

Make the Good or Service Available

Pay for Performance and Output

Introduce CompetitionFor and In the Market


49/60


48

The Need to Set the Right Priorities

Four Basic Dimensions of P3 :

Although each is unique, all P3s include four basic characteristics:

Shared goals

Shared resources (time, money, expertise, people)

Shared risks

Shared benefits

Benefits :

Expedited project completion

Project cost savings

Improved quality

Use of private resources

Access to new sources of private capital

Two Major Steps :


50/60


49

Crafting the Partnership

Implementing the Partnership

Project Management -

Six Distinct Phases :

Genesis :

Whats the need

Whats driving the need, rationale

Facility non-compliance, natural disaster, budget deficit

Is there a need for a Public/Private Partnership?


51/60


50

Preliminary Project Definition

Feasibility :

Is a Public/Private Partnership feasible, not only financially, but practically? Can it be

done?

Market Research

Economic/Financial Analysis

Program, Budget and Schedule

Risk Analysis

Plan and Test :

Final project definition

What is the best way to complete the project?

Has the plan been thoroughly tested to assess market demand, public and stakeholderfeedback and economics?

Master Schedule/Budget

Political Climate

Any potential fatal flaws that could derail the project?

Procurement and Contracting :

How do you choose and contract with the best-value private partner?

Whats the best delivery method?

Design-Bid-Build

Design-Build

Finance-Design-Build

What do current statutes allow?

Procurement Approach

Sole Source, RFP, Low Bid

Risk Allocation between Public and private Partners

Structuring of Contract/Risks and Rewards


52/60


53/60


54/60


53

Protecting software applications used to process personal data Preventing unauthorized access to personal data during transmission thereof, including

transmission via telecommunication means and networks; Ensuring effective methods of blocking, destruction, erasure, or anonymization of

personal data; Enabling subsequent determination of when individual personal data were entered into a

filing system, used or otherwise processed, and the person responsible, for the periodcovered by statutory protection of the rights of an individual with regard to unauthorizedsupply or processing of personal data.

Despite trusted security and privacy measures constitutes a crucial success factor for e-Government that has not been yet addressed as UN 2012 Survey shows only 20% of nationalportals clearly indicate the presence of security features. Europe is leading with 44% countriesdisplaying secure links on their national websites but survey do not consider regional and localwebsites and neither the many decentralized public organization web portals.

3. INFORMATION SECURITY THREATSServices provided by e-Government to citizens, enterprise, public officer, government

administration and agencies via Internet and mobile connections are vulnerable to a variety ofthreats. Detailed examples of cyber attacks using techniques like packet sniffer, probe,malware, internet infrastructure attack, denial of services attack, remote to local attack and userto root attack. The successful adoption of an ISMS is important to protect information assets,allowing an organization to:

Achieve greater assurance that its information assets are adequately protected againstinformation security risks on a continual basis

Maintain a structured and comprehensive framework for identifying and assessinginformation security risks, selecting and applying applicable controls, and measuring andimproving their effectiveness;

Continually improve its control environment Effectively achieve legal and regulatory compliance.

There are simple and well-known web application vulnerabilities that could be avoided but e-Government webs are still vulnerable. A research work found 81.6% e-Government web sitesfrom 212 different countries were vulnerable to Cross Site Scripting (XSS) and Structured QueryLanguage (SQL) injection. SQL injection attack can compromise data integrity while XSS is avulnerability, which attackers may exploit to steal users' information.

Specific security measures like firewalls, intrusion detection software, encryption, and securenetworks must be defined designed and implemented for government agencies to provide theappropriate levels of security. But information security must also take into consideration thepeople and processes that rely on the systems. Employees with daily access to e-Governmentsystems must be trained on cybersecurity and this aspect must become part of their job. Astudy by the Department of Computer Science at Columbia University shows how the humanfactor influences cybersecurity policies and how that work could be used to train governmentemployees to improve the security posture of government departments and agencies.


55/60


56/60


55

Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access

to private personal and financial information from the public for the purpose of financial reward.

The term is a combination of Voice" and phishing. Vishing exploits the public's trust in landlinetelephone services.

Vishing is typically used to steal credit card numbers or other information used in identity theft

schemes from individuals.

A rapid ly growing onl ine user base

121 Mill io n Internet Users

65 Mil l ion Ac tive Internet Users, up by 28% from 51 mil l ion in 2010

50 Mil l ion users shop online on Ecommerce and Online Shopping Sites

46+ Mil l ion Social Network Users

346 mil l ion m obile users had sub scribed to Data Packages.


57/60


58/60


57

Any information which he knows to be false, but for the purpose of causing annoyance,inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or

ill will, persistently makes by making use of such computer resource or a communication

device;

Any electronic mail or electronic mail message for the purpose of causing annoyance or

inconvenience or to deceive or to mislead the addressee or recipient about the origin ofsuch messages;

Shall be punishable with imprisonment for a term which may extend to three years and with

fine.

S. 66C - Punishment fo r identi ty theft

Whoever, fraudulently or dishonestly make use of the electronic signature, password or

any other unique identification feature of any other person, shall be punished with imprisonment

of either description for a term which may extend to three years and shall also be liable to fine

which may extend to rupees one lakh

S. 66D - Punishm ent for cheating by personation by u sing com puter resource

Whoever, by means of any communication device or computer resource cheats by

personation, shall be punished with imprisonment of either description for a term which may

extend to three years and shall also be liable to fine which may extend to one lakh rupees.

S. 66E - Punishm ent for violat ion of priv acy.

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private

area of any person without his or her consent, under circumstances violating the privacy of thatperson, shall be punished with imprisonment which may extend to three years or with fine not

exceeding two lakh rupees, or with both

S. 67 A - Punishment for p ubl ishin g or transm itt ing of material containing sexual ly

expl ic i t act, etc. in electronic form

Whoever publishes or transmits orcauses to be published or transmitted in the electronic form

any material which contains sexually explicit act or conduct shall be punished on first conviction

with imprisonment of either description for a term which may extend to five years and with fine

which may extend to ten lakh rupees

S. 67 C - Preservation and Retention o f inform ation by intermediaries.

(1) Intermediary shall preserve and retain such information as may be specified for such

duration and in such manner and format as the Central Government may prescribe.

(2) Any intermediary who intentionally or knowingly contravenes the provisions of sub section

(1) shall be punished with an imprisonment for a term which may extend to three years and shall

also be liable to fine.


59/60


58

IT ACT :

The Information Technology Act 2000(also known as ITA-2000, or the IT Act) is an Act of

theIndian Parliament (No 21 of 2000) notified on October 17, 2000. This act is being opposedbySave Your Voice campaign and other civil society organizations in India. User-review andconsumer social networking siteMouthShut.com has filed a writ petition in the Supreme Court of

India to repeal and nullify parts of IT Act 2000.

TheUnited Nations General Assembly by resolution A/RES/51/162, dated the 30 January 1997has adopted the Model Law onElectronic Commerce adopted by theUnited Nations Commissionon International Trade Law.This is referred to as the UNCITRAL Model Law on E-Commerce.Following the UN Resolution India passed the Information Technology Act 2000 in May 2000,which came into force on October 17, 2000. The Information Technology Act 2000 has beensubstantially amended through the Information Technology (Amendment) Act 2008 which waspassed by the two houses of the Indian Parliament on December 23, and 24, 2008. It got thePresidential assent on February 5, 2009 and came into force on October 27, 2009. The amended

Act has provided additional focus on information security. It has added several new sections onoffences includingcyber terrorism anddata protection.A set of Rules related to sensitive personalinformation and reasonable security practices (mentioned in section 43A of the ITAA, 2008) wasnotified in April 2011.

Provisions

Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four

schedules form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding

5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II

have been replaced. Schedules III and IV are deleted.

Information Technology Act 2000 addressed the following issues:

1. Legal recognition of electronic documents

2. Legal Recognition of digital signatures

3. Offenses and contraventions

4. Justice dispensation systems forcybercrimes

Offences

Section Offence Punishment

65 Tampering with computer source documents - Intentional

concealment, destruction or alteration of source code when the

Imprisonment up to

three years, or/and
http://en.wikipedia.org/wiki/Indian_Parliamenthttp://en.wikipedia.org/wiki/Save_Your_Voicehttp://en.wikipedia.org/wiki/MouthShut.comhttp://en.wikipedia.org/wiki/United_Nations_General_Assemblyhttp://en.wikipedia.org/wiki/Electronic_Commercehttp://en.wikipedia.org/wiki/United_Nations_Commission_on_International_Trade_Lawhttp://en.wikipedia.org/wiki/United_Nations_Commission_on_International_Trade_Lawhttp://en.wikipedia.org/wiki/Coming_into_forcehttp://en.wikipedia.org/wiki/Cyber_terrorismhttp://en.wikipedia.org/wiki/Data_protectionhttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Data_protectionhttp://en.wikipedia.org/wiki/Cyber_terrorismhttp://en.wikipedia.org/wiki/Coming_into_forcehttp://en.wikipedia.org/wiki/United_Nations_Commission_on_International_Trade_Lawhttp://en.wikipedia.org/wiki/United_Nations_Commission_on_International_Trade_Lawhttp://en.wikipedia.org/wiki/Electronic_Commercehttp://en.wikipedia.org/wiki/United_Nations_General_Assemblyhttp://en.wikipedia.org/wiki/MouthShut.comhttp://en.wikipedia.org/wiki/Save_Your_Voicehttp://en.wikipedia.org/wiki/Indian_Parliament


60/60

59

computer source code is required to be kept or maintained by

law for the time being in force

with fine up to 2 lakh

rupees

66 Hacking

Imprisonment up tothree years, or/and

with fine up to 5 lakh

rupees

66-A

Sending offensive message through electronic means -

Sending any information through an electronic message that is

grossly offensive or has menacing character and might cause

insult, injury, criminal intimidation, enmity, hatred, or ill will, etc.

or sending such mail intended to deceive or to mislead the

addressee or recipient about the origin of such messages

Imprisonment up to

three years, and with

fine.

Criticisms-

The 2008 Amendment Act was passed in an eventful Parliamentary session on 23 December

2008 with no discussion in the House. Some of the cyber law observers have criticized the

amendments on the ground of lack of legal and procedural safeguards to prevent violation of civil

liberties of Indians. There have also been appreciation about the amendments from many

observers because it addresses the issue of Cyber Security.

Section 69 empowers the Central Government/State Government/ its authorized agency to

intercept, monitor or decrypt any information generated, transmitted, received or stored in any

computer resource if it is necessary or expedient so to do in the interest of the sovereignty or

integrity of India, defence of India, security of the State, friendly relations with foreign States or

public order or for preventing incitement to the commission of any cognizable offence or for

investigation of any offence. They can also secure assistance from computer personnel in

decrypting data (seemandatory decryption), under penalty of imprisonment.

Section 66A is widely criticized. It has led to numerous abuses reported by the press. Section 66Ahas also been criticised and challenged in Lucknow and Madras High Courts for its constitutional

validity. Based on Section 66A, Bombay High Court has held that creating a website and storing
http://en.wikipedia.org/wiki/Mandatory_decryptionhttp://en.wikipedia.org/wiki/Mandatory_decryption

web technology and commerce unit-4 by arun pratap singh

Documents