Electronic commerce is the Business transactions conducted by electronic means other than conventional telephone service, e.g., facsimile or electronic mail (E-mail). In short,  E-Commerce is "selling and buying on the Internet". While that is for the major part true, this is only a limited perception. Online stores are actually a small part of it. Companies also provide sales information, technical data, and customer support.

So, it can be said that E-Commerce are all those online activities that facilite the exchange of goods and services between businesses and indivividuals, and business to business, for financial and monetary gain.
Electronic business—the process of conducting business online using the technologies of the Internet—creates a powerful environment in which businesses, customers and suppliers are never more than a few mouse clicks away. In this dynamic environment, businesses can reach new customers, create new sales channels and win loyalty through innovative customer service. Key suppliers can be integrated into a company's internal business processes, leading to streamlined processes, cost savings, improved decision-making and faster times to market.
However, online sales is indeed where most of the companies hope to prosper from. Indeed, it is predicted that by the year 2001, e-commerce will explode from its current level of 450 million dollars to over 6.5 billion. That is over a ten fold growth in less tha 1000 days.

A STATISTIC ABOUT  E-COMMERCE

E-commerce sales increased dramatically as more people gained internet access and consumers overcame their fear of ordering online.
The recent holiday season proved to major consumer sites such as Amazon.com and Macys.com that the public is ready to spend on the Internet, having overcome the fear of using credit cards online.Small business sites with shopping cart  capabilities are also reporting dramatic increases in online sales.

98 Statistics:

230 %                        On line holidays up over 1997
200 %                        Annual sales growth
$ 55                           Average online order up to 6 percent over 1997
$ 13 Billion                 Projected online retail sales for 1998

Source: Boston Consulting Group and Shop.org Survey of online salesbetween November 23 and December 20, 1998
 

If 1998 was the year that electronic commerce went mainstream, 1999 will be the year that  e-commerce experiences truly explosive growth.
As more and more people gain access to the Internet, and credit card fraud continues to be a non-issue, e-commerce sales will continue to increase at dramatic level Growth is forecasted to jump from $13 billion in 1998 to $108 billion by 2003.

A look ahead at the year 2003

PRODUCT                                                                                     MARKET
Convenience items such as books and flowers                                       $ 32 billion
Researched purchases like travel and computers                                    $ 56 billion
Replenishment goods such as groceries                                                 $ 19 billion

TOTAL                                                                                             $ 108 billion

Source: Forester Research INC
 

POTENTIAL RISKS ASSOCIATED
As it is seen that e-commerce, v-markets and e-business spreads rapidly in overall the world. It has catched a big trend such that it plays important roles in daily life. Due to this development, serious risks and problems start to occur.

Few would argue the Internet is a particularly safe place to do business and its lack of security had long stood as a main hurdle to broad acceptance as a vehicle for commerce.The Internet is inherently insecure. By design, it is an open network, which facilitates the flow of information between computers.

The potential for abuse can range from simple fraud, like the use of stolen or manufactured credit card numbers to buy
merchandise from a retailer, to more sophisticated espionage launched from a terminal at a corporate supplier's network.

The international aspect of the Internet exposes businesses to cross-border liability, and the likelihood of an on-line business accidentally breaking a foreign country's commerce regulations is high.

Some of the more common potential problems of e-commerce, v-markets and e-business are as follows:
 

• Hacking
• Jamming
• Lax security
• Viruses / Malicious Programs
• Data Privacy and Confidentiality
• Data Integrity
• Authentication
• Non-repudiation
• Access Control/System Design
• System Architecture and Design
• Security Scanning Products
• Logical Access Controls
• Security Flaws and Bugs/Active Content Languages

Jamming:
Jammers use software routines to tie up a website's server communications, which prevents legitimate visitors from entering the site. Jamming -- also known as denial of service -- isn't common, but an attack on a New York Internet service provider last September drew national headlines.

Lax security:
Poor internal security -- uncontrolled access to computer hardware, poor protection of passwords and  lack of formal security policies -- is probably the biggest threat to information security of all kinds, including Internet security.

Viruses / Malicious programs:
Cyber-vandalism is becoming a big problem on the Internet. Viruses are probably the best-known form of online vandalism, though they are also among the easiest to defend against. Trojan horses posing as legitimate software can cause the host to divert confidential information to an unauthorized third person.Viruses and other malicious programs pose a threat to systems or networks that are connected to the Internet, because they may be downloaded directly. These programs could open a communication link with a network, allowing unauthorized system access, or initiating the transmission of data.
While many aspects of system performance will present additional challenges to the business, some will be beyond the business's control. The reliability of the Internet continues to improve, but situations including delayed or misdirected transmissions and operating problems involving Internet Service Providers (ISPs) could also have an effect on related aspects of the business.

Data Privacy and Confidentiality:
E-mail travels over the Internet and can be monitored or read by others. It is unlikely that a particular E-mail would be monitored at random. Programs, such as "sniffer" programs ( Sniffing is electronic eavesdropping. Sniffers use an easy-to-produce piece of software that sits somewhere between the website user and the site provider's server and intercepts passing information. This information may include credit card numbers and other confidential data. Sniffing can be prevented by encrypting information.) can and are set up at locations on a network, like Web servers (i.e., computers that provide services to other computers on the Internet), to simply look for and collect certain types of data. Data collected from such programs can include account numbers (e.g., credit cards, deposits, or loans) or passwords.

Due to the design of the Internet, data privacy and confidentiality issues extend beyond data transfer and include any connected data storage systems, including network drives. Proper security precautions need to be taken or any data stored on a Web server may be susceptible to compromise.

Data Integrity:
The design of the Internet can allow knowledgeable people, who have the proper tools to intercept and modify data during a transmission. Data integrity could also be compromised within the data storage system itself if proper security is not installed.

Authentication:
You need to ensure your e-comm request is legitimate. Computer systems on the Internet are identified by an Internet protocol (IP) address. Through a technique called "IP spoofing", one computer can claim to be another.Spoofers fraudulently represent themselves as other organizations. The spoofers set up false sites and collect confidential information from unsuspecting Web users. Spoofing can be prevented with certification programs. User identifications can also be misrepresented. In fact, it is relatively simple to send e-mail that appears to have come from someone else, or even send it anonymously. Therefore, authentication controls are necessary to establish the identities of all parties to a communication.

Non-repudiation:
Non-repudiation involves creating proof of the origin or delivery of data to protect users against false denial by the other party that data has been sent. Steps must be taken to prohibit parties from disputing the validity of, or refusing to acknowledge, legitimate communications.

Access Control / System Design:
Establishing a link between a business's internal network and the Internet can create a number of additional access points into your network. Because unauthorized access attempts might come from anywhere in the world, strong security measures are needed. The security of any network is only as strong as its weakest link. All related systems must be protected from attack and unauthorized access. Specific risks include the destruction, altering, or theft of data or funds; compromised data confidentiality; denial of service (system failures); a damaged public image; and legal implications. Perpetrators may include hackers, unscrupulous vendors, former or disgruntled employees.

System Architecture and Design:
Application layer protocols are sets of standards that determine how computers communicate across the Internet. Many application layer protocols, each with different functions and a wide array of data exchange capabilities, are used. Hypertext Transfer Protocol (HTTP) facilitates the movement of text and images. File Transfer Protocol (FTP) permits the transfer, copying, and deleting of files between computers. Telnet protocol enables one computer to log in to another.

The design of the Internet makes it easy for system attacks to be launched from anywhere in the world. Systems can even be accessed and then used to launch attacks against other systems. A typical attack would be a denial of service attack, which is intended to bring down a server, system, or application. This might be done by overwhelming a system with so many requests that it shuts down, or as simple as accessing and altering someones Web site.

Security Scanning Products:
There are software programs that run automated security scans against Web servers, firewalls, and internal networks. These programs are very effective at identifying weaknesses that may allow unauthorized system access or other attacks against the system. Although these products are marketed as security tools to system administrators and information systems personnel, they are available to anyone and may be used with malicious intent. Some products are available on the Internet.

Logical Access Controls:
A concern in controlling system access is the safeguarding of user IDs and passwords. Passwords can be obtained through "spoofing" techniques such as redirecting users to false Web sites where passwords or user names are entered, or creating shadow copies of Web sites where attackers can monitor all activities of a user. Many "spoofing" techniques are hard to identify and guard against which makes authentication processes an important defense mechanism.

The unauthorized retreival of data such as passwords, user IDs, e-mail addresses, phone numbers, names, and addresses, can facilitate an attempt at unauthorized access to a system. If passwords and user IDs are a derivative of someone's personal information, malicious parties could use the information in software programs designed to generate possible passwords. Default files on a computer, sometimes called "cache" files, can automatically retain images of such data received or sent over the Internet, making them a potential target for a system intruder.

Security Flaws and Bugs / Active Content Languages:
Vulnerabilities in software and hardware design also represent an area of concern. Security problems are often identified after the release of a new product, and solutions to correct security flaws commonly contain bugs. These bugs are often serious enough to compromise system integrity. Software marketed to the general public may not contain sufficient security controls for financial institution applications.

New languages and technologies also present security concerns, especially when dealing with network software or active content languages which allow computer programs to be attached to Web pages. Security flaws identified in Web browsers have included bugs, which may allow the installation of programs on a Web server, which could then be used to back into the business's system. Even if new technologies are regarded as secure, they must be managed properly. For example, if controls over active content languages are inadequate, hostile and malicious programs could be automatically downloaded from the Internet and executed on a system.
 

BUSINESS RISKS ASSOCIATED WITH E-COMMERCE - if you do not go E-Commerce

There are risks associated with E-Commerce. There are also risks that can be faced  if you don't go E-Commerce.
What could happen to you if you don't go electronic and, maybe even more importantly, what could happen to you if your competition does it first?

The flow of goods go from the raw materials supplier, to the manufacturer, to the distributor, to the retailer, and finally to the end-user. Electronic commerce is changing this flow. Instead of goods flowing from one business to the next, this new online marketplace allows businesses the opportunity to reduce costs, and bypass some of the other businesses. However, risks are still present for the businesses, and they may find that they are being bypassed.

The new supply chain is no longer regarded as an orderly procession from raw materials supplier, to manufacturer, to distributor, to retailer, to consumer. Rather, the new supply chain shows each business scrambling to be the connection to the party who pays for it all - the consumer.

Electronic commerce and the Internet are changing the way business is done. As E-Commerce evolves, it will present huge risks for those who don't take advantage of it.
The main potential risks that can be faced without using e-commerce, v-markets and e-business can be classified as follows:

• To Businesses
• To Retailers
• To Distributors
• To Manufacturers

To Businesses
How fast you can get information, and what you do with it are important issues in today's business world. You can miss huge opportunities by not making your information available electronically to potential users and clients.

To Retailers
Retailers rely on physical locations to store and sell products to consumers. Both the manufacturer and the distributor can bypass the retailer by eliminating the need for this physical store and selling directly to the consumer electronically.

To Distributors
The distributor is easily eliminated from the supply chain through Electronic Commerce. E-Commerce makes it much easier for the manufacturer to sell directly to the consumer and/or the retailer.

To Manufacturers
The manufacturer needs to own the mind share of the public in order for his brand to maintain its equity, and promote future sales. Electronic Commerce threatens this mind share ownership, because consumers have a wider range of product selection, and are not as influenced by physical placement of goods or their packaging, since sales occur in an electronic environment. The manufacturer is vulnerable to becoming a commodity.

The general potential risks about the e-commerce, v-markets and e-business are classified and explained briefly. Here are some examples of these risks about credit card security and viruses that convert to the real life problems:

SET(Secure Electronic Transaction) makes credit card companies breathe easier; others don't see need

There are big problems associated with e-commerce. The typical example of such problems are observed when using credit cards. Credit cards are used by huge amounts of people in all over the world. Furthermore, credit cards transactions take place via the internet. Just how safe are the millions of credit card transactions now taking place over the Internet? Credit card companies MasterCard International Inc. and Visa International Inc. Don't think they're as secure as they should be.

Both MasterCard and Visa are promoting the use of the emerging SET (Secure Electronic Transaction) security standard and have enlisted companies including IBM, Microsoft Corp., Netscape Communications Corp., RSA Data Security Inc., Terisa Systems Inc. and VeriSign Inc. to develop SET-compliant products. These vendors are starting to deliver products and have begun trials to determine how to roll out SET.

But not all electronic commerce suppliers see a need for additional security. They argue that browsers encrypt information before sending it over the Internet, which makes the likelihood of hackers tampering with information minuscule. They also point out that implementing SET can be a cumbersome task because the technology is complex and not easily integrated into existing applications.

Both sides agree that the Internet has become an important way to reach potential customers. Jupiter Communications Inc., a New York market researcher, predicts that the number of electronic commerce transactions will increase from 12 million in 1996 to 2.16 billion by 2000.

Today, most customers send their credit card numbers over the Internet to merchants' servers, which means there are several places along the way where hackers could intercept this information.

To thwart hacking, merchants encrypt information in two places. First, browsers from Microsoft and Netscape support the Secure Sockets Layer standard, which encrypts information as it flows from an end user to a Web server. Second, merchants encrypt credit card numbers as they store them on their servers.

But the danger is that an intruder will break into the corporate network and use a software program designed to break encryption codes to read credit card information.

How often this occurs is highly debatable. "One can log on to the Internet and find Web sites dedicated to developing encryption cracking programs," said Bill Campbell, a vice president of product development at Bank of America Monetary Services Inc., a San Francisco company and an SET supporter. "Unfortunately, this type of activity happens more than one would like."

Paul Graham, president of Viaweb Inc., a Cambridge, Mass., company that offers electronic commerce services, disagrees. "All the talk of break-ins and hackers stealing credit card numbers over the Internet is anecdotal," Graham said. "There has not been one documented case where a credit card number was stolen and used for a fraudulent transaction."

There are difficulties with this argument, however. First, companies are often unwilling to report security breaches for fear the publicity may spark additional attacks. In addition, expert hackers can break into a company's computer system without the organization realizing it. "I know enough about security to understand that no one really knows how often break-ins occur," said Ted Julian, Internet research manager at International Data Corp., a Framingham, Mass., market research company.

Public and private keys

Rather than working directly with credit card numbers, SET relies on digital certificates, which identify specific users to applications. In this case, MasterCard or Visa issues the certificates to banks, which provide one set to consumers and a second set to merchants.

The certificates rely on a two-key system to protect data. One is a public key, which is made available to authorized parties via a directory. The second is a private key, which the customer keeps for personal use. The two keys work together: Whatever data one of the keys locks, only the other can unlock.

Although Bank of America has begun a pilot SET program with Alaska Air Group Inc., in Seattle, Bank of America's Campbell admitted that a number of issues must be addressed before digital certificates can be widely used.

One problem is that merchants have designed complex inventory and shipment systems that rely on credit card numbers to identify customers. Rather than rebuilding these applications in order to deploy SET, companies would prefer that banks send a person's credit card number to the merchant after each transaction, but there is currently no system set up to do this.

IDC's Julian said performance has also been a problem in pilot programs. The software is not as efficient as companies would like, and customers have to wait longer for their transactions to be processed.

Merchants doing business on the Internet will benefit most because SET's improved security should lower fees for credit card sales, according to Alex Mehlman, director of fraud services at Open Markets Inc., a Cambridge, Mass., supplier of electronic commerce software. SET is expected to reduce the risk involved in Internet transactions, making them as safe as face-to-face sales. Credit card companies now lump Internet purchases in a high-risk group with catalog and telemarketing sales, for which they charge a higher fee.

Observers disagree about how widespread acceptance of SET will be. "Consumers are buying millions of dollars in merchandise over the Internet without SET. What will convince them to quickly adopt it?" asked Viaweb's Graham.

However, IDC's Julian noted that MasterCard and Visa do not encourage consumers to use their credit cards for Internet purchases. "As SET products mature, credit card companies and many large merchants will start to aggressively promote [SET]," he explained. "There are too many influential players behind the standard for it not to be adopted."

Experts assess risks surrounding 'Thursday' virus

Virus is one of the most important problems that is associated with e-commerce, v-markets and e-business.There are variety of viruses which extends in a high range of damages that viruses give. Some viruses give little damage that are easily overcomed while some of them give serious damages.

IT managers should be on the lookout for a nasty but easily contained virus that has infected PCs at eight financial institutions over the last several days.

The virus, called the "Thursday" or W97M/Thurs.A virus, was first discovered nearly two weeks ago. It wasn't given much notice until the last two days, when it was reported at financial institutions in the United States, the United Kingdom, Ireland, France, Poland, Switzerland, Austria, Germany, Latvia and Poland.

About 5,000 seats have been infected so far.

The Word 97-based virus carries a payload that will try to delete all files on a user's C: drive on the trigger date, December 13. It does not appear as though it will do any damage until that day, which oddly enough falls on a Monday this year.

Anti-virus updates already released from most companies should find and wipe it off the PC, said Allison Taylor, marketing manager for Total Virus Defense at Network Associates Inc. in Santa Clara, Calif.

Called 'high risk'

Network Associates upgraded its warning on the virus from "medium" to "high risk" after it was reported at the financial institutions. Only three other viruses -- Melissa, Chernobyl and ExplorerZip -- have received a "high risk" rating over the last year.

Users will see no obvious indications that a document has been infected. The macro virus is limited so far to Word 97, or possibly newer versions of Microsoft Corp.'s word processing application. If it is not detected, it can cause the deletion of all files on the C: drive, including subdirectories.

"One of the things that the virus also does is turn off macro virus warnings on the application. And so what the user needs to do, at a minimum, after running a virus checker, is to go in and change the option back for that warning," said Gary Grossman, vice president of research and development at Arca Systems, a security consulting subsidiary of Exodus Communications Inc.

Symantec: 'fairly unremarkable'

Researchers at Symantec Corp. said they do not expect the Thursday virus to spread very far since it does not have any internal method of transporting itself, other than Word 97 files.

"This is a fairly unremarkable virus," said Carey Nachenberg, chief researcher at Symantec's Antivirus Research Center. Compared to Melissa, which was a worm as well as a virus, the Thursday virus is a pretty basic, if destructive, piece of code, Nachenberg said.

The Thursday virus has lead many in the anti-virus community to ask: Are virus writers really busier these days? Or are they just making a better product?

ICSA Inc. said in a recent survey that the number of virus incidents has increased twofold each year for the last four years. Symantec's Nachenberg doesn't think viruses are necessarily being created faster than they were in the past. But he said the strains that have recently hit the Internet have been far more virulent, due mostly to the wide use of macro commands and Microsoft's Visual Basic language.

A whole new ballgame

The first widely known examples of Internet worms date to 1987 and 1988, when Cornell University student Robert Morris let a worm loose on the Internet, nearly crashing the national network. Not long after, an executable virus (or worm, there's always controversy about what an attack should be called) called ChristmaExec was let loose on the IBM e-mail network. In both instances, federal investigators got involved and virus writers became leery of running afoul of the Feds, said Nachenberg.

But in 1995, macro commands were introduced into Microsoft applications. This completely changed the way anti-virus companies had to think, said Roger Thompson, technical director of malicious code research at ICSA in Reston, Va.

"Until then, the old chestnut was that people didn't need to look at data files," Thompson said. "All of a sudden, there were data files with executable code imbedded in them, which could carry a virus."

That probably explains why the Concept macro virus, released in 1995, was at one point the most common computer virus in the world. Anti-virus software had to be completely rewritten because, in most cases, it did not have macro scanning capabilities.

Virus writers had a new start -- a new launch mechanism in macro commands and a great way to spread their malicious commands across the growing Internet.