Technologies for E-Commerce: An Overview

Text-only Preview

Technologies for E-Commerce: An Overview*
NN Murthy, BM Mehtre, KPR Rao, GSR Ramam, PKB Harigopal, & KS Babu
Center of Excellence for E-Commerce
CMC Center-R&D, CMC Limited
Old Mumbai Highway, Gachibowli
Hyderabad – 500 019, Andhra Pradesh
E-mail: {nnm, mehtre, keerthi, hgopal, ramam, suri}
The technologies for e-commerce comprise of all components required for transacting
businesses in electronic (digital) domain. The various components or subsystems making
up the e-commerce super system include Digital Payment Systems, Payment server,
Payment Gateway, Wallet, and security systems like Firewall and Intrusion Detection.
Digital Payment Systems include payment instruments like e-cheque, and credit cards. E-
Wallet is used to hold different payment instruments. Payment Server and Payment
Gateways help to realize the end-to-end payment in the electronic domain. Public Key
Infrastructure is the necessary infrastructure required for effective operation of e-
commerce in real life applications.
In this paper, we present a brief description of the aforementioned technologies for
e-commerce being developed at Center of Excellence for E-Commerce. This is referred to
as CMC's Suite of E-Commerce Technologies. We also present TWINS test-bed
application being developed as part of this project. TWINS (Twin Cities Information
Network Service), operational at twin cities of Hyderabad-Secunderabad, facilitates
payment of various utility bill payment (like water, electricity, etc.) through a single
window system. Payment of water bills through internet using E-Cheque will be
operational soon. This enables customers to pay their bills from anywhere, anytime.
Thus, realizing the benefits of e-commerce to the citizens.

Key Words: Digital Signature, Digital Certificate, E-Cheque, Payment Methods,
Certificate Server, Public Key Infrastructure, Payment Server, Payment Gateway,
Electronic Wallet, Digital Payment System, Certification Authority, Bill Payment, e-
* This project is funded by Ministry of Information Technology, Government of India,
for a period of 2 years from April 1999.
Presented at Informatica – 2001, National Seminar on Ecommerce, Hyderabad, Jan
20, 2001. An earlier version of this paper has been presented at the Institution of
Electronics and Telecommunication Engineers 43rd Annual Technical Convention
(ATC – 2000) on E-Commerce, 30 September – 01 October 2000, New Delhi.

1. Introduction
With deeper penetration and spread of Internet, more and more applications are becoming
available. E-commerce is one such enabling technology, which has wide spread utility
touching almost every body in society. It helps buyers and sellers, individuals and
business, retail and bulk suppliers. In fact, electronic commerce (e-commerce, for short)
has very attractive features like anywhere, anytime shopping / banking (24 hours x 365
days) and no holidays, zero inventory, no middlemen, and so forth. It helps customers to
compare various products in the range and class, study their features/performance and
make an informed decision about the merchandise before purchasing. On the other hand,
sellers/producers also get advantage of targeted customers without doing active
marketing. If information about goods/merchandise is made available on web (internet),
the intended buyer will get the information, without active advertisement of the goods by
the producer. Thus, both the parties, buyers and sellers, get unique advantages by e-
commerce technology.
The rest of the paper is organized as follows: section 2 is on Wallet and 3 on E-Cheque,
section 4 and 5 describe Payment Server and Payment Gateway respectively, section 6
describes on-line billing system, section 7 describes Public Key infrastructure, section 8
is on network security and Conclusions are given in section 9. The references are given at
the end.
2. CMC’s E-Wallet
With the growth of business on Internet, new electronic payment methods are
evolving. As the new payment methods are evolving quite rapidly, it is becoming highly
difficult for the end user to manage his payment instruments. Internet wallets help the
user in managing his payment instruments.
A number of electronic commerce applications allow end-users to purchase
goods and services using electronic wallets. The importance of Internet wallets is
growing as buyers shift their purchases to the Internet. Wallets benefit each participant of
an online transaction. The core function is to enable consumers (business or individual) to
pay online more conveniently and accurately than is otherwise possible. This is done by
storing the user’s payment instruments (typically e-cheque, credit or debit card,
addresses, etc.) securely within the wallet for easy use. In addition, they can also provide
transaction management for users.
In response to the needs of the electronic commerce community, the CMC Electronic
Wallet (CEW) has been developed to support nearly unlimited variety of payment
mechanisms, protocols, and electronic commerce operations for secure online
transactions. Once a user decides to make an online purchase, CEW guides the user
through the transaction by helping him choose a payment method and hide the
complexity of how the payment is executed.
CEW developed using the Java programming language, and runs on any computer
platform, realizing the Java credo “Write once, run anywhere.” CEW is extensible,
providing a framework in to which new payment methods can be integrated easily. It
© CMC Limited, 2000
2 of 20

provides an easy-to-use graphical user interface to add new payment methods. CEW
works with popular Web browsers and holds payment card accounts and digital
certificates. It is robust and easy to use, reducing support costs and increasing customer
satisfaction. It makes Web shopping more convenient for consumers, and much more
efficient for merchants and financial institutions.
• Works with all popular web browsers (which support Java 2.0)
• Allows consumers to make purchases on the Web quickly, conveniently, and with
greater security
• Features an easy-to-use graphical user interface
• Supports multiple users with protected individual accounts
• Supports multiple payment types and brands
• Provides for easy installation of new payment protocols (figure 1)
• Supports Electronic Commerce Modeling Language, a standard defined for
maintaining user information such as his billing and shipping addresses.
Figure 1 Wallet Configuration for Payment Methods
3. CMC's E-Cheque System
A Cheque is a signed paper document that orders the signer’s bank to pay an
amount of money to a person specified in the cheque or bearer from the signer’s account
on or after a specified date. Cheques have the advantage that payers (drawer) and payees
can be individuals, small businesses, brokerages, corporations, governments or almost
© CMC Limited, 2000
3 of 20

any other type of organization. They pass directly from the payer to the payee, so that the
timing and the purpose of the payment are clear to the payee. While cheques are usually
very simple, business cheques can require multiple signatures and can be accompanied by
lists of invoices being paid. The payee can deposit a Cheque in an account of his choice
or cash it. Banks operate extensive facilities to accept Cheques for deposit, process them
internally, and clear and settle between banks.
The electronic cheque, or e-cheque, is based on the idea that electronic documents
can be substituted for paper and public key cryptographic signatures can be substituted
for handwritten signatures. Therefore, the e-cheque can replace paper cheques without
the need to create a new payment instrument, along with the commercial practice changes
that a new payment instrument would imply. Instead, the e-cheque is designed to fit into
current cheque practices and systems with minimum impact on payers, payees, banks and
the financial system. The payer writes an e-cheque by structuring an electronic document
with the information legally required to be in a cheque and cryptographically signs it. The
payee receives the e-cheque, verifies the payer's signature, writes out a deposit, and signs
the deposit. The payee's bank verifies the payer's and payee's signatures, credits the
payee's account and forwards the cheque for clearing and settlement. This credit will not
be a clear credit, it will be a float or temporary credit, to be confirmed only after it has
been cleared by the paying bank, in the settlement process. The payer's bank verifies the
payer's signature and debits the payer's account. This process of e-cheque flow is
depicted in Figure 2. The advantage of e-cheque is that cryptographic signatures on every
e-cheque can be verified at all points, while in paper cheques handwritten signatures are
rarely verified.
The electronic cheque is designed to perform the payment and other financial
functions of paper cheques, by using cryptographic signatures and secure messaging over
the Internet. The electronic cheque system is designed with message integrity,
authentication and non-repudiation properties sufficient to prevent fraud against the
banks and their customers. It is compatible with either interactive web transactions or
with electronic mail. Since the electronic cheque does not depend on real-time
interactions or on third party authorizations, electronic cheques are better able to survive
outages of network links and computing nodes.
The result is a highly efficient electronic payments system, with a technology
base that is extensible to a variety of financial instruments and other high-integrity
document processing applications needed by the financial industry.
CMC’s Electronic Cheque System is a complete end-to-end payment providing
payment solutions to Customers, Merchants and Banks. It has been integrated with
CMC’s Wallet to provide the Customer better way of organizing multiple e-cheque books
from possibly different banks. Merchants can plug in business specific validation rules
into the e-cheque processing framework in addition to the generic signature and
certificate validations. Using CMC’s E-Cheque software, banks can issue e-Cheque
Books, validate and clear received e-cheques and process stop payment messages
Features :
• Can be used for web transactions
• Provides support for multiple chequebooks issued by multiple banks.
© CMC Limited, 2000
4 of 20

• No limitations on the location of the user – home, Internet kiosk or office
• Low priced floppy based solution - can be extended to support a smart card.
• Framework for processing the cheques at payee side.
• Support for Co-Sign, Endorse.
• E-Cheque can be re-sent. Payment will be made only once.
Figure 2. A Block schematic of E-Cheque flow.
4. CMC's Payment Server
Business on the Internet, especially in making and receiving payments, is a
serious matter for millions of buyers and sellers worldwide. Receiving payments is
critical to the health of a business and the growing importance of the Internet means that
businesses need effective ways to deal with Internet payments.
Any electronic commerce transaction involves the participation of the buyer,
issuer who provides the payment instrument (e.g. credit or debit card, electronic cheque)
used in it, the merchant who accepts payment, and the acquirer, who processes the
merchant’s transaction. As the new payment methods are evolving quite rapidly, it is
becoming highly difficult for the merchant to add support for new payment methods.
In response to the needs of the electronic commerce community, the CMC
Payment Server has been designed which provides payment functions for Internet
merchants. It helps merchants accept multiple payment methods, customize specific
payment methods with varied Financial Institutions, and adapt to rapidly changing
business requirements and technology by easily adding more payment type options as
© CMC Limited, 2000
5 of 20

they emerge. It separates payment management (the framework) from specific Payment
types (payment protocols) so that each can evolve independently.
The CMC Payment Server supports nearly unlimited variety of payment
mechanisms, protocols, and electronic commerce operations for secure online
transactions. The components designed for use within it, being written as Enterprise Java
Beans (EJB), can be deployed on any EJB server. It facilitates merchants to authorize and
deposit the payments, authorization reversal and deposit reversal of a payment and
facility for batch processing of payments.
• Support for multiple payment systems (Credit Card, E-cheque etc)
• Support for multiple payment protocols (SSL, SET...)
• Supports multiple merchants with protected individual accounts, each containing
its own configured payment methods, protocols and acquiring financial
• Support to connect to multiple Payment Gateways
• Smooth integration with existing Merchant Servers
5. CMC's Payment Gateway
CMC Payment Gateway is a secure payment gateway application that enables Acquirers
to accept credit card payments from Merchant storefronts on the Internet. On one side, it
connects the Payment Servers (which speaks to the Card Holder and Merchant systems)
and, on the other side it interacts with legacy payment processing systems of banks. The
Payment Server integrates the merchant’s Internet storefront. The Payment Gateway
extends existing credit card payment processing systems to accommodate the Internet
Payment Gateway supports all aspects of a credit card transactions, including
high-volume authorization, payment capture, authorization reversal, and credit
transactions. It receives payment authorization and payment capture requests from
Payment Servers or merchant servers, translates them into the protocol format used by an
acquirer's host system, routes these requests to the acquirer, and then relays responses
received from the acquirer back to the respective Payment Server or merchant server.
CMC’s Payment Gateway is a part of comprehensive Internet based payment
software suite. Popular protocols that are supported include SSL (Secure Sockets Layer
technology), and SET (Secure Electronic Transaction).

The SSL is widely used protocol over Internet for secure message transfer. SET
protocol is a standard defined by leading credit card organizations like VISA, Master
CMC’s Payment Gateway provides robust and flexible integration capabilities to
link Internet based merchandising with credit card financial networks. The credit card
transactions include Authorization, Capture, Credit and the respective reversals.
Built around an open architecture, CMC’s Payment Gateway can support multiple types
of payment instruments and transactions through the use of plug-in modules.
© CMC Limited, 2000
6 of 20

• An SSL network interface through which SSL messages are sent and received in
the industry-standard XML format.
• An administration interface through which administrators can access and
configure Payment Gateway.
• Manages both single and multiple acquirer scenarios
• Features multi-brand support
• Supports multiple Payment Servers
• Supports ISO 8583 and its variations
• Supports HTTP, TCP/IP, X.25, and LU6.2
• Supports multiple Messages formats on Payment Server side (XML, ASN, etc.)
• Provides full functionality for merchant transaction handling, including
authorization, capture, reversal, credit and settlement
• Accepts transactions from Web-based merchants with minimal changes to their
existing systems
• Accommodates large volumes of concurrent transactions channeled from multiple
Payment Servers
• Maintains a comprehensive log for transaction analysis
• Conducts certificate registration and management
Administrative Features
The Gateway Administration Manager provides a browser interface to the CMC®
Payment Gateway for a variety of administration functions:
• Starting, stopping, and restarting the gateway server
• Configuring the server's logs, URLs, ports, and databases
• Examining the gateway's logs
• Database support:
- Oracle®
- Microsoft SQL Server®
- Sybase®
- Informix®
• Provides browser-based user interface:
- Netscape 3.04 or higher, or Internet Explorer 4.0 or higher
- Common look and feel across platforms
- Remote administration
6. On-Line Billing System
With ever increasing spread of Internet, Bill presentment and payment is becoming a new
type of service area for periodic billers like Telephone Companies, Electricity etc.
Internet based bill presentment and payment system converts billing centers from cost
centers to revenue centers and for customers (payer) the system is a personalized service.
CMC’s Internet based bill presentment and payment system provides direct
personalized communication channel between Billers and Payers. Opens a new revenue
channel by cross-selling advertisements. Drastic reduction of costs that are associated
© CMC Limited, 2000
7 of 20

with paper based billing system. For customers or payers, receiving bills to payment of
bills at one window through a Personal Computer.

Figure 3. Entities involved in on-line Billing System
© CMC Limited, 2000
8 of 20

Figure 4 below depicts overall work flow of the system step by step.
1. Customer gets an Electronic Cheque Book (e-Cheque Book) from his/her
2. Customer sends registration request for online billing through biller’s World
Wide Web site.
3. Biller verifies credentials of the application and grants a subscription for
online billing and sends user-id and password through e-mail or immediately
when credentials are submitted. This enables the customer to view and pay
4. Customer logs in to his/her online billing account of the biller’s web site,
verifies the bill details and pays with an electronic cheque (generated from the
e-Cheque Book). The electronic cheque or e-cheque is sent to the Biller.
5. Biller system receives e-cheque and sends an acknowledgement for the
received e-cheque.
6. Biller checks for validity of electronic cheques (received from customers),
endorses, and sends them to bank for processing.
3 Grant Subscription
4 View Bills & Pay
6 Endorse & Send e-cheque
8 Cheque’s realization Information
1 Get Check Book
7 Honor or Dishonored
9 Cheque Clearance
Figure 4. Internet Billing System Work Flow
© CMC Limited, 2000
9 of 20

7. Bank (Biller’s) validates the received e-cheques and sends them to the
Customer’s bank for clearance. Honored or dishonored information is sent to
the Biller.
8. Biller’s billing system updates the customer billing data based on cheque
clearance status (as received from the bank) and sends appropriate information
to the customer through electronic mail.
The steps 1-3 above are done for registration, which is a one-time activity for a
given customer, whereas steps 4-8 are used for viewing/paying bills, which is an
on-going activity.
Biller Specific

Multiple Billers Support

Periodic Scheduling of Bills

Automatic Bill Notification through e-mail

Seamless integration with existing legacy system

Supports new internet payment methods like Electronic Cheques

Personal message alerts like advertisements

24 hours x 7days customers service
Customer Specific

Online registration

Current bills and previous bills details

Previous payment details

Bill settlement through online Customer Service

Security through SSL

eXtensible Markup Language (XML) for data interchange

Non repudiation through Digital Certificates

Java 2 Enterprise Edition (J2EE) application frame work

Built on Java’s “ Run any where “ Technology

Object Oriented Technology
The following figures (5-10) give a snapshot of the bill presentment and payment
© CMC Limited, 2000
10 of 20