E-Commerce - University of Cambridge

E-Commerce - University of Cambridge

E-Commerce Jack Lang Tim King Nicholas Bohm Aims Outline issues involved Lectures: Historic and Economic Background (JL) Business Strategy (JL) Technical Mechanisms (TJK) Nuts and bolts (TJK) The Law and E-commerce (NB)

Finance and future opportunities (JL) Resources Jack Lang High Tech Entrepreneurs Handbook FT.COM; ISBN: 0273656155 Ross Anderson Security Engineering John Wiley & Sons Inc; ISBN: 0471389226 Hal Varian Intermediate Microeconomics W.W. Norton; ISBN: 0393973700 + Carl Shapiro Information Rules Harvard Business School Press; ISBN: 087584863X

Tom Standage The Victorian Internet Orion Paperbacks; ISBN: 0753807033 John Kenneth Galbraith: A Short History of Financial Euphoria Penguin Books; ISBN: 0140238565 Online Resources Andrew Odlyzkos papers on ecommerce and network growth: http://www.dtc.umn.edu/~odlyzko/ Web Design: http://www.wowwebdesigns.com http://www.webpagesthatsuck .com

What is E-commerce? A course thought up by the Teaching committee Academic research on protocols, economics Mail-order (B2C)amazon.com etc New business modelsLastminute.com, ebay.com Re-badging of Electronic Document Interchange (EDI) B2B: SWIFT.CREST,BOLERO,Just-in-Time Disintermediation: E*Trade.com CRM: Call-centres, credit-cards, cost-dumping,

discrimination, customer aggravation, digital haves and have nots New opportunities for fraud This list is not exclusive! Bulla (Sumarian about 3500 BC) Business-to-business communications go back into antiquity believed to have driven the invention of writing and mathematics Trust system EDI (B2B) Typical instruments include: Warehouse receipts Bills of Lading (The holder is entitled to 100 amphorae of oil from the cargo of the ship Augusta)

Purchase orders and invoices Insurance certificates Certificates of debt Payment instructions: Bank-to-bank or bankcustomer-bank (cheques), letters of credit Banknotes Negotiable/guaranteed can be used for payment, security etc. Remote transaction 3. Order +LoC Customer 6. Bill of Lading 1. Please issue LoC: Here is deposi t

Manufacture r 4. Goods Shippe r 2. LoC: Pay bearer after 30 days if you have Bill of lading and Inspection Certificate Customers Bank 9. Goods

5. Bill of Lading 7. Bill of Lading Inspecto r Correspondent Bank Trust relationship and mutual accounts 8 Money B2B (2) The invention of the telegraph led to the development of business use

protocols Huge boom in telegraph construction and applications (Standage) Indirect effects included creation of national markets price differences drove rapid shipment + arbitrage Direct uses included purchase orders and queries. Easy where there is an exisiting relationship, otherwise intermediaries needed Huge expansion in banking Banks sent about 50% of telegraph traffic Trusted intermediaries Others (insurers, inspection agents, shipping agents) largely harnessed via bank mechanisms B2B 3- Wiring Money Interbank message e.g To: Lomarco Bank, Geneva. Please pay SFR 10,000

from our account to Herr Thilo Schmidt on presentation of his passport. Our test key is 254 The 254 is a primitive MAC computed on significant data such as money, currency code, date etc. SWIFT reimplement this using email and proper MAC in mid 70s. First big open EDI system Swift II added PKI to manage MAC keys in early 1990s. Adapted to CREST (UK equity clearing) Commercial transactions similar, but more complex conditions E.g LoC needs Bill of Lading, insurance certificate and inspection certificate B2B 4

Electronic Document Interchange (EDI) Proprietary systems built late 60s/early 70s General Motors ordering car components (EDS) Marks & Spencers clothes ordering Big problem not security or DoS or lost systems but standards 1980s agreeing common message formats UN, specific country/industry e.g NHS Being redone as XML e.g BOLERO (www.bolero.net) Many players slow progress B2C Mail Order Book printers in C15th Aldus Manutius of Venice 1498. His mail-order offerings included 15 texts that he had published.

(UK version) William Lucus, Gardener, 1667 Army and Navy Stores supplied British Forces and others in India ~1871 (US Version) Tiffany of Fifth Ave 1845 Montgomery Ward 1872 Sears, Roebuck made it possible to settle the West(1886) US Postal services subsidised shipping by having flat rates nationwide. Still critical in some places! Need guarantee to provide customer

confidence Brand (e.g Sears, Amazon) Sears unique innovation: Satisfaction guaranteed or your money back Industry (ABTA, MOPS) Intermediary (VISA, Access etc) Credit Cards Consumer credit goes back to 18 th Century The Tallyman Some US stores offer shopper's plate from 1920s Diners Club offered first credit card NY 1951: 27 Restaurants, 200 customers

Barclaycard offered as incentive to high-value Barclays customers in late 60s; Access started as rival Classic Network effect Need enough shops to attract customers and vice versa Took off in early 1980s suddenly turning from loss leader to main profit centre. Some countries (e.g. Germany, Japan) only just taking off Earnings from online trades starting to be significant Competition starting e.g Paypal Credit Cards 2 Brand e.g. VISA

Issuer Acquirer e.g. Bank Merchant Credit Cards 3 Merchant is paid for goods by acquiring bank, less merchant discount (typically 2-10%, often 4-5%) Transactions over floor limit checked with acquirer: hot card list or credit check with issuer Brand takes a cut; acquirer makes money from merchant discount; issuer

from selling revolving credit expensive money, often over 20% APR Credit Cards 4 Originally fraud risk borne by banks Introduction of mail order and telephone (and web) order (MOTO) risk for transactions with the cardholder not present passed to merchant. MOTO have lower floor limits, and in delivery only to cardholder address (but not possible to be checked for e-delivery or services like Worldpay) 40% fraud fro some sites Paypal fraud Traditional frauds: Stolen cards

Pre-issue Identity theft Cards 5 Evolution of forgery Attack Simple copy Alter embossing Emboss mag strip # Make up strip Skimming Free Lunch Countermeasure Hologram Check mag strip TDC CVV, CVC Intrusion detection

Cards 6 Overall cost of fraud Spain 0.01% UK 0.2% USA 1.0% Motivation who gets the reward? Huge hyoe Evil Hackers No case of fraud resulting from interception! Getting sense from mail is hard Real problem: hacked or crooked end systems Overall pattern cyclical: Best defences not always high-tech! Cards 7

Bigger problem: disputes Porn sites Paypal etc Incompetence, fraudulent denial by customers, outright fraud by merchants Control mechanisms poor and slow e.g acquirer call centre can only check country, not cardholder address Technology? SET failed Other formats, e.g stored value cards, cell-phones PKI

Hyped technology Verisign, Baltimore had 11 figure market caps Sanity returns Closed PKI, such as SWIFT or corporate network make sense (and ship with W2K) Open PKI (everyone has a certificate) less successful Masquerade not a real issue Who is Certification Authority? Why should Verisign certify Foo com is Foo Inc? Let a thousand CAs bloom Or why should your bank warrant your identity for a drivers licence? PKI 2

TSL (was SSL) Used for every secure web-page Certificate exchange -> session key Its the ends that leak: Transmission has adequate security Moving information by armoured truck from one cardboard box to another No known instance of commercial eavesdropping Anonymous money Chaum: e-cash Hettinga: Internet Bearer Underwriter Corp More theoretical than practical Stored value cards HK Octopus PKI 3

Hot topics: Who controls your identity? Government, Bank, or Microsoft? Identity cards, MS .Net Lots of issues: liability, control, civil liberties, protocol attacks, etc

Recently Viewed Presentations

  • Snímek 1 - RVP

    Snímek 1 - RVP

    1. díl Klikni na obrázky, které nepatří do zimy! Kliknutím vyber, co dáš sýkorkám do krmítka? Správná odpověď se označí zeleně. semínka slunečnice lůj neslané oříšky slané pečivo těstoviny uzeniny Označ kliknutím zvířata, která prospí zimu.
  • AAO-HNSF Clinical Practice Guideline: Otitis Media with Effusion

    AAO-HNSF Clinical Practice Guideline: Otitis Media with Effusion

    the global leader in optimizing quality ear, nose, and throat patient care www.entnet.org. the global leader in optimizing quality ear, nose, and throat patient care
  • Law of Tort - unizg.hr

    Law of Tort - unizg.hr

    Tort = a civil wrong. A harmful action or inaction that causes harm or damage to another person. DUTY OF CARE BREACH TORT
  • Data Warehouse Toolkit

    Data Warehouse Toolkit

    It illustrates the large number of possible source systems, ETL processes, sample products, the data warehouse, dependent data marts, meta data, data access tools and applications, and various kinds of users. Inmon calls a comprehensive architecture like this one a...
  • Did plate tectonic begin in Early Archean times?

    Did plate tectonic begin in Early Archean times?

    Basalts show no evidence for a subduction enriched source No boninites Felsic volcanics in lower part are not TTG or calc-alkaline rocks - they are fractionated tholeiites Vivid contrast with the East Pilbara Linear, structurally bound packages Geochronolgically and isotopically...
  • NSS evo2 RTM 3 0 Product Brief - Simrad Yachting

    NSS evo2 RTM 3 0 Product Brief - Simrad Yachting

    The RTM 3.8 software update brings many new improvements to the BSM sounder modules.This update is available free of charge from the Simrad yachting website.. Key Features for RTM 3.8: Transducer depth offset is now a networked setting. Increased sensitivity...
  • 1.1 Introduction

    1.1 Introduction

    The equals sign (=) indicates that the variable should be initialized with the result of the expression to the right of the equals sign. The new keyword creates an object. Standard input object, System.in, enables applications to read bytes of...
  • Alignments, alignments, everywhere… how, why, which one to use

    Alignments, alignments, everywhere… how, why, which one to use

    Comparative Sequence Analysis in Molecular Biology Martin Tompa Computer Science & Engineering Genome Sciences University of Washington Seattle, Washington, U.S.A.