Alternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours

Transcription

1 Alternative Frameworks of E-Commerce and Electronic Payment Systems Specially Suitable for the Developing Countries Likes Ours ABSTRACT With the rapid growth of Information and Communication Technology (ICT), e-commerce and online transactions are gaining more popularity in the western world. But in the third world countries like Bangladesh, the scenario is different; e-commerce or electronic payment is of no use excepting a few exceptions. Technical laggings, dearth of infrastructure and infeasibility of the existing frameworks are the main reasons behind this. There are several alternative ways of e-commerce and online transaction. But the establishment and maintenance overheads associated with them are not viable for the developing countries like Bangladesh. In this paper, we analyzed the existing systems from the aspect of developing countries, focused on their limitations and presented alternative frameworks for e-commerce and electronic payments, which may be convincingly suitable for the third world countries Keywords E-commerce, Electronic payment, Online transaction, Framework. 1. INTRODUCTION Electronic commerce is one of the most common business terms in use as we embark on 2 1 st century. E- commerce is developing day-by-day and spreading all over the world. Now it is very much popular in the First world country. People are purchasing product through e-commerce using credit card payment system. However, in the developing country like ours it is not popular or developed yet. The underlying reason behind this is the complexity and problems associated with the credit card processing. Because credit card processing by third party or establishing merchant account is costly and cumbersome task. Transaction by this way will increase product price and in the developing country, people will not be attracted by such circumstance. By this procedure both have to make transaction through bank account which might not attract buyer for online

2 shopping. Considering these issues, we design a system where we omitted the third party and instead of using credit card, we offer a prepaid card which is maintained by the prepaid card company. And this card company removes extra complexity associated with the third party. Because here processing levels decrease and no extra charge is needed to pay by customer and merchant. And the system is designed with considering various aspects of security and firewalls related to processing. 2 THIRD PARTY PROCESSOR AND CREDIT CARDS Third party credit card processor is a company that can accept credit card orders on behalf of the customers or his company and charge an amount for every transaction. Here processing, consumers register with a third party on the Internet to verify electronic micro transactions. It is known as on-line third-party processor (OTPPs). OTPPs have created a six-step process that they believe it will be a fast and efficient way to buy information online: 1. The consumer acquires an OTPP account number by filling out a registration form. 2. To purchase an article, software, or other information online, the consumer request the item from the merchant by quoting her OTPP account number. The purchase can take place in one of the two ways: The consumer can automatically authorize the merchant via browser settings to access her OTPP account and bill her, or she can type in the account information. 3. The merchant contacts the OTPP payment server with the customer s account number. 4. The OTPP payment server verifies the customer s account number for the vendor and checks for sufficient funds.

3 5. The OTPP payment server sends an electronic message to the buyer. This message could be an automatic WWW form that is sent by the OTPP server or could be a simple . The buyer responds to the form or e- mail in one of the three ways: Yes, I agree to pay; No, I will not pay; Fraud, I never asked for this. 6. If the OTPP server gets a Yes from the customer, the merchant is informed and the customer is allowed to purchase the item. 7. The OTPP will not debit the buyer s account until it receives confirmation of purchase completion. 3. MERCHANT ACCOUNT This is the most professional method for accepting credit cards online. A merchant account is an account with a bank (sometimes arranged through an authorized agent) which allows us to accept charge cards as payment for products and services. The account is set up in merchant s business name and approved based on his business credit standing. 4. PROBLEM WITH THIRD PARTY/ MERCHANT ACCOUNT a)problems with current structure: Current structure of e-commerce includes credit cards, where many of the users of developing countries are not experienced with credit cards. And at that situation clients cannot make e-commerce transaction. b) Additional fees: Third parties take a charge for every transaction from both the buyer and seller. This will indirectly increase the price of the product, which will discourage buyer to buy the product. d) Micro-transactions face problem:

4 As the merchants/sellers need to pay some charge for every product, for this, sellers don t get profit by selling low price products. So they don t keep low-price products in their catalog. As a result, the buyers can not buy low-price products and thus the benefit of e-commerce shrinks. e)problem with processing steps: Most third party processors will redirect a customer to their own site to make payment on orders.. Thus, the involvement of third party makes the processing steps of an online marketing more longer than it should be. As for every transaction both buyer and seller go through third party verification processes, this includes the additional sequences. To maintain these additional steps during transaction is quite cumbersome task for the user and it also increases the time duration of online marketing. 5. OUR PROPOSED SYSTEM INFRASTRUCTURE 5.1Consideration In our proposed framework, we are considering that the Government will inaugurate permission for some e- commerce sites and prepaid card companies conform with some reliabilities. The components of our system include: Vendors E-commerce site Prepaid card company E-commerce site We are considering that there will be some e-commerce sites facilitating on-line shopping. A user can interact with these sites where the user can buy the products according to his need. When the user finishes his shopping, a bill voucher and the prepaid cards varieties are provided to the user. The user selects one prepaid card company, then merchant s site s function is to redirect the user to the card company server, at the same time the

5 bill is encrypted with the shop s private key and the card company s public key. It is encrypted with the shop s private key, which ensures that the bill is only redirected by the shop only. Moreover, it is encrypted with the public key of Card Company because only Card Company can decrypt the bill and only that company can watch the bill Pre Paid Card Company Three things must be associated with the prepaid card company Decryption Query user account Redirect Decryption When the pre paid card company receives the encrypted bill its first task is to decrypt it with the public key of the shop and then by the private key of the prepaid card company. Then it gets the original information Query user account When a user buys a card from the market, user s first task is to register himself with the prepaid card company. At that time, a login name and password is given to the user. Then when the user is redirected to the card company, then user s first task is to log on to the card company. Then the company shows the bill information that is redirected from the shop. If the user accepts the bill then the corresponding amount is deducted from the user account Redirect One acknowledgement is redirected to the e-shop that bill is paid, so the shop now can deliver the product and at the same time, a confirmation is sent to the user by a transaction number that he can take/receive the product from the shop Actions in case of disruption

6 After the transaction is completed, it is the responsibility of e-shop to deliver the product and the e-shop will take a receipt from the customer. In case of any disruption the customer will be able to contact with the prepaid card company with the transaction number and will query the e-shop to provide receipt of the customer. In case Fig 1: Our proposed system infrastructur of failure to show the receipt, the amount be again balanced from both sites. 5.2 ADVANTAGES OF THE PROPOSED SYSTEM Our system overcome the problem of Third Party and its functionality is convenient than the third party and the overall operation of the system is very much simple and easy to implement. Several advantages are listed below 1) No extra charge from customers: Our proposed system does not charge any amount from the customer, where in other credit card systems vendors need to pay some extra charge over the cost price of the items. 2) No monthly statement:

7 In credit card based payment system, users need to have a monthly statement of all transactions. And after that users have to pay their bill to the bank account, but here in our proposed system the users don t need to face this type of bill statement, all transactions are current. 3) Micro-transaction is possible: As the merchants need to pay a little percentage to the card company, so that merchants will also get profit by selling products of low prices.as a result, they will include low-price product s in their product catalog and buyers will be benefited. 4) Less processing time: Here processing time is lower than current e-commerce transaction policies. No extra verification is considered like credit-card based payment system. 5) Commerce with local currency: All the transactions performed now a day are by foreign currency. Therefore, it s quite cumbersome task to determine the price of product according to foreign currency like dollars. However, in our proposed system all the transactions are by local currency. It will encourage both buyers and merchants. 5.3 SECURITY ISSUE FOR OUR PROPOSED FRAMEWORK As the internet became mainstream and the number of companies, individuals, and government agencies using it grew, so did the number of and type of transactions that needed protection. Three requirements are necessary to carry on secure communication on the internet: confidentiality, integrity and authentication. There are three different techniques that we have imposed for our security issue. They are as follows: 1)RSA 2)SSL

8 5.4 RSA ALGORITHM RSA is named after its inventors, Rivest, Shamir, and Adleman.It is a public key cryptographic algorithm that does encryption as well as decryption. The key length is variable. Anyone using RSA can choose a long key for enhanc First we need to generate a public key and a corresponding private key. Choose two large primes p and q (probably around 256 bits each).multiply them together and call the result n.the factors p and q will remain secret. To generate our public key, choose a number e that is relatively prime to Φ (n).since we know p and q,we know Φ(n)- its (p-1)(q-1).our public key is (e,n). To generate our private key, find the number d that is the multiplicative inverse of e mod Φ(n).(d,n) is our private key. To encrypt a message m (<n), someone using our public key should compute cipher text c=m e mod n.only we will be able to decrypt c, using our private key to compute m=c d mod n How does RSA work? RSA does arithmetic mod n,where n=pq.we know that Φ(n)=(p-1)(q-1).We have chosen d and e such that de=1 mod Φ(n).Therefore for any x,x de =x mod n.an RSA encryption consists of of taking x and raising it to e.if we take the result and raise it to the d(perform RSA decryption),we will get (x e ) d,which equals x ed.which is the same as x.so we see decryption reverses the encryption Why is RSA Secure? We don t know for sure that RSA is secure. We can only depend on the Fundamental Tenet of Cryptography-lots of smart people are trying to figure out to break RSA and they haven t come up with anything yet. The real premise behind RSA s security is the assumption that factoring a big number is hard. The best known factoring methods are really slow. To factor a 512 bit number with the best known techniques would take about thirty thousand MIPS-year. 5.5 SSL(SECURE SOCKETS LAYER) SSL stands for Secure Sockets Layer. It is a family of protocols that is originally designed to provide security for HTTP transactions, but that also can be used for a variety of other Internet protocols such as IMAP and NNTP.HTTP

9 running over SSL is referred to as secure HTTP. We want to connect to a server using SSL by replacing http with https in the protocol component of a URI. The default port for HTTP over SSL is SSL Protocol Summary: The Process to establish an SSL connection is the following: The user uses his browser to connect to the remote apache server. The handshake phase begins-the browser and server exchange keys and certificate information. The browser checks the validity of the server certificate, including that it has not expired, that it has been issued by trusted CA and so on. Optionally, the server can require the client to present a valid certificate as well. Server and client use each other s public key to securely agree on a symmetric key. The Handshake phase concludes and transmission continues using symmetric cryptography Obtaining and Installing SSL Tools: SSL support is provided by mod_ssl, an Apache module.this module requires the OpenSSL library-an open-source implementation of the SSL/TLS protocols and a variety of the other cryptographic algorithms OpenSSL: All files and instructions necessary for installing OpenSSL can be found at Users of Linux/Unix will find the installation of the OpenSSL software to be familiar to installing other system tools For Linux/Unix Users: We are running a recent LINUX that s why OpenSSL is already be installed in our system. In the past, SSL extensions for Apache had to be distributed separately because of export restrictions.currently; mod_ssl is bundled with Apache 2.0, but only as part of the source distributions. While not an issue for Linux/Unix users, Windows users will find they must build Apache from source in order to build the mod_ssl module; mod_ssl is not distributed in the precompiled and distributed binaries.the mod_ssl module depends on the OpenSSL library, so a valid OpenSSL installation is required.

10 5.5.5 Managing Certificates: After installing and configuring OpenSSL and mod_ssl, the next step for a working SSL server implementation is to create a server certificate. We are using SSL for an e-commerce site, encryption prevents customer data from eavesdroppers, and the certificate enables customers to verify that we are who claim to be. We must have a public/private key pair before we can create a certificate request. Assume that the FQDN for the certificate we want to create is then we can create the keys by using the following command: # /usr/local/ssl/bin/openssl genrsa des3 rand file1:file2:file3 \ -out Example of SSL Configuration: We can add the following configuration snippet to our Apache Configuration file: Listen 443 <VirtualHost_default_:443> <ServerName SSLEngine on SSLCertificateFile \ /usr/local/ssl/openssl/certs/ SSLCertificateKeyFile \ /usr/loca/ssl/openssl/certs/ </Virtual Host> Starting the Server: Now we can stop the server if it is running, and start it again. If we compiled and installed Apache our self then we can see an <ifdefine SSL> block surrounds the SSL directives. That allows for conditional starting of the server in

11 SSL mode. Finally if we always want to start Apache with SSL support, we can just remove the <ifdefine> section and start Apache in the usual way. 6 CONCLUSION In this research we have depicted all the relative advantages and disadvantages of the existing hardware based transaction system and clarify the reasons behind choosing our proposed one. Its a great boon for developing country like us. We have considered different types of security measures so that it can deter any fraudulent access to our site and take necessary steps. Customer doesn t have to go a long way for purchasing. Surfing on to the respective site customer can get access onto the online shopping site and order as required. With proper prepaid card a valid customer is identified and make proceeded. Cards are available on the market and users have different options in money value. Websites are designed in such user-friendly that customers can see their way clear while accessing. All the daily necessary stuffs and house-hold appliances are available to be ordered. Customer s satisfactions are fulfilled by blaze of colorful designing. Sites are designed in such a way that they will entice people into purchasing the product very easily. After completion of purchasing, customers are assured of delivering by a confirmation generated from the respective card companies to the authority of online shopping site. After all we wish our proposed works will be a commodity from our country s point of view. REFERENCES: [1]. Sharma & Sharma, Developing e-commerce Sites. [2] Ravi Kalakata, Andrew B Whinston, Frontiers of Electronic Commerce. [3] Macgregor, R.; Ezvan, C.; Liguori, L.; and Han, J. Secure Electronic Transaction Credit Card Payment on the web in theory and Practice. [4] Greenstein; Feinman: Electronic Commerce; security, risk management and Control [5] Christopher Negus Red Hat Linux 7.3 Bible [6] [7]