1
How to Create
E-Commerce Web Site
BIS 3687: E-Banking and Payment System
Assumption University 1/2004
By A. Sittikorn Direksoonthorn
Quick Win Agenda
Be on the Web, or Be out of Business
Encryption in the real world 7 Steps to create E-commerce web site
Web Hosting / Secure Server ID Internet Payment Processing
2
Encryption in the Real
World
Symmetric-Key
Locks with One Key : Suffers from
LLSS (“ loose lips sink ships”)
Asymmetric-Key
Locks with Two Keys : Would not it
be great if we had a lock with two
keys, one locks and one that
unlocks?
In Practice
Public-key cryptography is orders of magnitude slower than
symmetric cryptography.
It requires computing a complex function of your document using very large integer numbers.
In Contrast
Symmetric encryption is very fast (up to tens of megabytes
per second).
So, when encrypting a document, it is encrypted using a symmetric algorithm seeded with a random encryption key (often called a Session key).
3
Public-key Encryption Protocol
Public-key Encryption Procedure
The Session Key is encrypted using the public-key of the intended recipient.
Since the Symmetric Key is small (typically less than 30 bytes), Public-key encryption of the session key is pretty fast
The encrypted document and encrypted session key is sent to the intended recipient.
The recipient decrypts the session key with their private-key and uses the decrypted session private-key to decrypt the document.
Public-key Encryption Protocol
Procedure Diagram
Sender Computer
Recipient Computer
Encrypt Symmetric Key with
Recipient Public Key
Decrypt Symmetric Key with
Recipient Private Key
Encrypted Document With
4
The Hacker’s Private Key will decrypt the encrypteddocument because the sender was duped into using this public key instead of recipient.
The problem is that there is no association between you and your public key (Recipient).
This is where Certificates come in. Before I use your public key, I require that a neutral, trusted third party has “ Verified ” that you are who you say you are and they associated your public-key with your name.
Certify What?
You are who you say you are
Improved Public Key Encryption
by using Certificate Authority
*Once you have proved your identity to the CA., they bind your public-key to your name and “Sign” the resulting certificate.
Sender
Computer
Recipient Computer Encrypted Document WithEncrypted Session Key
Encrypt Symmetric Key with
Recipient Public Key
Decrypt Symmetric Key with
Recipient Private Key
Recipient Public Key By
5
Firewall Architecture Protecting
Your Data
(Example)Web Server
Session ID
Encryption
Internet
Extranet
Database
Server
Firewall
Browser
Application
System
SSL
How they different between State-full and Stateless Connectivity?
Seven Steps to Build Your
E-Commerce Web Site
Managing Your Domain Name Choose the right site-building tools What to look for in a Web Hosting company Secure your site Internet Payment Processing System Test. Test. Test… Promote your site
6
*Data source from http://www.nectec.or.th/internet/map/
Step1: What is in a name?
Not only does your domain name tell customers exactly how to find your business on the Web, but also it
communicates and reinforces the name of your business to every Web Site visitor.
Keep these tips in mind before you choose Make it memorable
“Amazon.com” is much catchier than “booksonline.com”.
Describe your business
Another approach is to simply and logically describe your business such as “Flower.com”.
Keep it short
The best domain names are those that customers can remember and type onto their browsers after seeing or hearing only once.
7
Manage your Domain name
The Internet Corporation for Assigned Names and Numbers (ICANN)
Buy an Existing Domain Name
Register Domain Names Worldwide
Registering a name cost you as little as $35 a year ( Domain name register such as www.networksolutions.com ).
The Internet Corporation for Assigned
Names and Numbers (ICANN)
ICANN is a technical coordination body for the Internet. Created in October 1998 by a broad coalition of the Internet's business, technical, academic, and user communities, ICANN is assuming responsibility for a set of technical functions previously performed under U.S. government contract by Internet Assigned Numbers Authority (IANA) and other groups.
Specifically, ICANN coordinates the assignment of the following identifiers that must be globally unique for the Internet to function:
Internet domain names IP address numbers
8
Step2 : Choose the right site-building
tools
With a solid plan in hand, you are ready to start constructing your e-commerce site. Many e-commerce businesses turn to professional design studios to create their Web sites, But if your budget is limited, many web site building tools make I fast and easy for you to create a polished, professional-looking site
Java, XML etc...
Step3 : What to look for in a Hosting
Shared hosting or dedicated server?
Shared hosting is an arrangement in which your site is housed on the same host server with several other Web sites. This is an economical solution for smaller sites.
Dedicated server is a solution used by larger and busier sites, provides faster access and ensures that your site will be accessible to visitors 100% of the time (instead of sharing Web server speed and power with other sites).
9
Step3 : What to look for in a Hosting
Hard-disk storage space. Smaller sites may need only
300-500MB of Web site storage space, while busier e-commerce sites may need at least 9GB of space.
Availability. Make sure that your site must be accessible
to customers 24 hours a day.
Email accounts. Email account that match your domain
name are often availble
Step3 : What to look for in a Hosting
SSL Encryption: The security of the credit card numbers
and other personal information customers send you should be a top concern. Does your ISP or Web host protect your site with an SSL server ID?
Support. A big part of the value of turning to an ISP or
Web host is that you do not have to worry about keeping the Web server running. Does your hosting offer 24x7 customer service?
10
Step4: Secure Your Site
With your Internet identity established and your site built and hosted, it is time to turn your online storefront into a thriving e-commerce business. To do it, you must win your customers’ trust.
85% of Web users surveyed reported that a lack of security made them uncomfortable sending credit card numbers over the Internet. E-merchants who can win the confidence of these customers will gain their business and their loyalty.
Step4.1: The Trust Solution by SSL
SSL Server Ids for Authentication and Encryption:
Digital certificate for your Web site (or Server Ids) are the answer for these security question. Installed on your Web server, a Server ID is a digital credential that enables your customers to verify your site’s
authenticity and to provide customers with the world’s highest level of trust. A Server ID assures them that your Web sites is legitimate, that they are really doing business with you, and that confidential information.
11
Step4.2: How Sever IDs Work (40 or
128-bit)
1 A customer contacts your site and accesses a page secured by a Server ID (indicated by a URL that begin with “https” instead of just “http” or by a message from the browser).
2 Your server responds, automatically sending the customer your site’s digital certificate, which authenticates your site. 3 Your customer’s Web Browser generates a unique
“Session Key” to encrypt all communications with the sites. The user’s browser encrypts the session key itself with your site’s public key so only your site can read the session key. 4 A secure session is now established. It all takes only
seconds and requires no action by the customer. Depending on the browser, the customer may see a key icon becoming whole or a padlock closing, indicating the session is secure.
Step 5: Internet Payment
Processing System
Your Customer: A holder of a payment instrument - such
as credit card, debit cared, or electronic cash from issuer.
The Issuer: A financial institution, such as a bank, that
provides your customer with a payment instrument. The issuer is responsible for the cardholder’s debt payment.
The Merchant: Your e-commerce site, which sells goods
or services to the cardholder via a web, A merchant that accepts payment cards must have an Internet Merchant Account with an Acquirer.
12
Step 5: Internet Payment Processing
System
The Acquirer: A financial institution that establishes an
account with you, the merchant, and processes payment authorizations and payments. The acquirer provides authorization to the merchant that a given account is active and that the proposed purchase does not exceed the customer’s credit limit. The acquirer also provides electronic transfer of payments to your account, and is then reimbursed by the issuer via the transfer of electronic funds over a payment network.
Step 5: Internet Payment
Processing System
The payment gate way: Operated by a third-party
provider, the gateway system processes merchant payments by providing an interface between your e-commerce site and acquirer’s financial processing system.
The processor (Settlement Operator): A large data
center that processes credit card transactions and settles funds to merchants, the processor is connected to your site on behalf of an acquirer via a payment gateway.
13
Step 5.1: Basic steps of an online
payment
1 The customer places an order online by selecting items from your Web site and sending you a list. Your site often replies with an order summary of the items, their price, a total, and an order number.
2 The customer sends the order, including payment data to you. The payment information is usually encrypted by an SSL pipeline set up between the customer’s Web browser and your Web server’s SSL certificate.
Step 5.1: Basic steps of an online
payment
3 Your e-commerce site requests payment authorization from the payment gateway, which routes the request to banks and payment processors. Authorization is a request to charge a cardholder, and must be settled for the cardholder’s account to be charged. This ensures that the payment is approved by the issuer, and guarantees that you will be paid.
4 You confirm the order an supply the goods or services to the customer.
14
Step 5.1: Basic steps of an online
payment
5 You then request payment, sending the request to the payment gateway, which handles the payment processing with processor.
6 Transactions are settled, or routed by the acquiring bank to your acquiring bank for deposit.
So how do you implement a payment gateway to process payments on your site? Building your own dedicated pipeline to connect all the players isn’t a practical option, so for small- and medium-size businesses, outsourcing to a payment service provider is the best solution.
Step6: Test Test Test
You will only have one chance to make a first impression on each new visiting customer and broken links, incorrect phone numbers and grammatical or spelling errors diminish the professional polish you are striving for.
Make sure you use both Macintosh and PCs for testing and different browsers and modem speeds.
Do not forget about customer support: it is the key to creating loyal customers.
15
Step7: Promote Your Site
Register your site with search engines.
Put your domain name everywhere.
Advertise.
Push and Poll Strategies
Data Warehousing
Overview
A new paradigm for decision making,
with applications ranging from database
marketing and electronic commerce to
fraud detection, credit scoring, warranty
management, even auditing data before
storing it in a database
16
The Knowledge Discovery
Process
The building and implementing of a data mining
solution is referred to as KDD (Knowledge
Discovery Database).
