1、關於電子商務環境下物流配送方面的英文文獻
樓上這位的英文文獻是google華文文獻而來的,很不通順。。。
電子商務環境下物流配送
Logistics Distribution under E-business Environment
樓上譯成了E-business environment under the logistics and distribution
電子商務環境下的物流配送
摘要:本文從闡述電子商務與物流配送的相互關系出發,就如何建立與我國國情發展相適應的物流配送模式,降低物流成本,提高配送效率,解決配送問題進行探討。
關鍵詞:電子商務;物流配送;第三方物流
在互聯網技術的不斷發展及全球電子商務大環境的引導下,跨國物流和跨區域物流更加頻繁,對物流的需求也更加強烈。但電子商務在我國的發展卻具有其不成熟性的特點,物流基礎設施及技術水平落後,供應商(或製造商)以及客戶之間沒有形成供應鏈,配送效率低下,所以電子商務要在中國繼續發展必須解決——"物流瓶頸"。
一、電子商務與物流配送
電子商務是在Internet開放的網路環境下,基於瀏覽器/伺服器的應用方式,實現消費者的網上購物、企業之間的網上交易和在線電子支付的一種新型的交易方式。電子商務與傳統商務本質區別,就是它以數字化網路為基礎進行商品、貨幣和服務交易,目的在於減少信息社會的商業中間環節,縮短周期,降低成本,提高經營效率,提高服務質量,使企業有效地參與競爭。
物流配送定位在為電子商務的客戶提供服務,根據電子商務的特點,對整個物流配送體系實行統一的信息管理和調度,按照用戶訂貨要求,在物流基地進行理貨工作,並將配好的貨物送交收貨人的一種物流方式。這一先進的、優化的流通方式對流通企業提高服務質量、降低物流成本、優化社會庫存配置,從而提高企業的經濟效益及社會效益具有重要意義。
二、電子商務環境下的物流配送模式
發展現代物流配送,是轉變經濟增長方式,促進經濟增長由粗放型向集約型轉變的需要。過去我國長期實行計劃經濟體制,幾乎每個工業企業都建立了倉庫、車隊負責包裝、運輸等業務,大而全、小而全、粗放管理問題比較突出,造成企業原材料和產成品庫存過大,占壓大量資金;自備倉儲和自備運輸利用率低,成本過高;銷售配送體系不健全,產品實體分配效率不能滿足售後和服務要求。市場經濟條件下,企業要在激烈的競爭中站穩腳跟,必須集中精力發展其核心業務,對傳統的物流管理模式進行改革,提高物流管理的社會化和組織程度,變粗放管理為集約經營,才能使企業真正適應市場經濟的發展。
發展現代物流配送,是適應加入WTO,提高企業市場競爭能力的需要。目前世界上大多數地區,約1/3的物流運作是承包給第三方的,發達國家甚至達5-8成。而我國的物流服務行業競爭力很弱,沒有形成一定的規模優勢和資本優勢,服務質量與國外企業相比也存在著很大差距。加入WTO後,根據協議,我國將進一步開放物流服務行業,國外成熟的物流企業會大舉進入我國,因此,面對經濟全球化趨勢和我國加入WTO的挑戰,實施物流改造,發展現代物流配送是企業參與競爭,贏得競爭優勢的必然選擇。
在電子商務條件下,構建我國物流配送體系,可以有以下三種模式:一是電子商務與傳統商務共用一套物流系統;二是由電子商務企業組建自己的物流系統;三是電子商務企業將所有的物流業務以外包的形式委託第三方物流企業運作。所謂第三方物流是指根據供應商或銷售商的委託,由供應商和銷售商以外的第三方負責對物流的中間環節進行有效管理,提供從貨源供應到最終商品銷售之間的全方位物流服務。鑒於發達國家的成功經驗和目前我國物流業的發展狀況,我認為,委託第三方物流企業運作是我國電子商務企業最理想的物流模式。其理由如下:
(1)物流通常不是大多數的電子商務企業的核心業務,電子商務企業把物流業務運作外包於第三方物流企業,可以把資源集中在自身的核心競爭力業務上,以獲取最大的投資回報。
(2)第三方物流企業擁有發達的物流網路和針對不同物流市場的專業能力,包括運輸、倉儲和其它增值服務,同時第三方物流企業還擁有信息技術,他們與獨立的軟體供應商結盟或者開發了內部信息系統,這使其能夠最大限度地利用運輸和分銷網路,有效進行跨運輸方式的貨物追蹤。
(3)第三方物流企業具有規模經濟優勢。由於其可以從運輸商那裡大批量購買運輸能力,然後集中配載許多客戶的貨物,大幅度降低單位運輸成本。
(4)通過「共享租用」模型,多個電子商務企業可以共享分發和售後服務。外包也緩和了內部物流執行並減少建造和裝備倉庫。內部完成電子物流費用高,耗時多,並且由於不具備第三方的專業技術,許多公司會嚴重損害花很多時間建立的客戶關系。
誠然,第三方物流企業的運作不僅要針對生產廠家能否合理經營並優化庫存結構,還要針對客戶,保證商品來源於最佳路線,以切實降低物流成本,提高產品附加值,同時真正使客戶省錢,省力,省時。
三、我國發展第三方物流應注意的問題
(1)物流業務的范圍不斷擴大。商業機構和各大公司面對日趨激烈的競爭不得不將主要經理放在核心業務,將運輸、倉儲等相關業務環節交由更專業的物流企業進行操作,以求節約和高效;同時,物流企業為提高服務質量,也在不斷拓寬業務范圍,提供配套服務。
(2)提供客戶定製的物流服務。很多成功的物流企業根據第一方、第二方的談判條款,分析比較自理的操作成本和代理費用,靈活運用自理和代理兩種方式。
(3)物流產業的發展潛力巨大,具有廣闊的發展前景。長期以來,由於受計劃經濟的影響,我國物流社會化程度低,物流管理混亂,機構多元化,物資、商業、經貿、交通、建設等部門均有各自的物流系統。這種分散的多元化物流格局,導致社會化大生產、專業化流通的集約化經營優勢難以發揮,規模經營、規模效益難以實現,設施利用率低,布局不合理,重復建設,資金浪費嚴重。由於利益沖突及信息不通暢等原因,造成餘缺物資不能及時調配,大量物資滯留在流通領域,造成資金沉澱,產生大量庫存費用。另外,我國物流企業與物流組織的總體水平低,設備陳舊,損失率大,效率低,運輸能力嚴重不足,形成了瓶頸,制約了物流的發展。
在電子商務飛速發展的21世紀,誰掌握了物流和配送,誰就掌握了市場。建立電子商務模式下的物流配送體系,客觀上需要那種放網全國,點指世界超強的物流服務企業。當前,我國的一些傳統物流企業(如,中遠,中外運等)應積極加大市場調研和開拓力度,加大與跨國公司、大型製造商等行業企業以及與連鎖、超市零售行業等的合作,與其建立夥伴關系,為其提供一體化的物流配送服務,並盡快發展電子商務,從而提供高質量的、高水平的電子商務環境下的現代物流配送服務,為我國建立良好的現代配送機制貢獻自身的一份力量。
參考文獻:
《中國物流與采購》
《我國物流企業如何迎接電子商務》 張鐸
《電子商務配送問題淺析》 關洪傑、
http://www.chinawuliu.com.cn/cflp/newss/content1/200709/805_24938.html
2、求一個電子商務方面的英文文獻及翻譯3000字左右的
http://www.cecb.cn/simple/index.php?t25601.html
或許有你想要的
3、電子商務英文文獻
Electronic commerce, commonly known as e-commerce, consists of the buying and selling of procts or services over electronic systems such as the Internet and other computer networks. The amount of trade concted electronically has grown extraordinarily since the spread of the Internet. A wide variety of commerce is concted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as e-mail as well.
A large percentage of electronic commerce is concted entirely electronically for virtual items such as access to premium content on a website, but most electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as e-tailers and online retail is sometimes known as e-tail. Almost all big retailers have electronic commerce presence on the World Wide Web.
Electronic commerce that is concted between businesses is referred to as Business-to-business or B2B. B2B can be open to all interested parties (e.g. commodity exchange) or limited to specific, pre-qualified participants (private electronic market).
Electronic commerce is generally considered to be the sales aspect of e-business. It also consists of the exchange of data to facilitate the financing and payment aspects of the business transactions.
History
Early development
The meaning of electronic commerce has changed over the last 30 years. Originally, electronic commerce meant the facilitation of commercial transactions electronically, using technology such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT). These were both introced in the late 1970s, allowing businesses to send commercial documents like purchase orders or invoices electronically. The growth and acceptance of credit cards, automated teller machines (ATM) and telephone banking in the 1980s were also forms of electronic commerce. From the 1990s onwards, electronic commerce would additionally include enterprise resource planning systems (ERP), data mining and data warehousing.
Perhaps it is introced from the Telephone Exchange Office, or maybe not.The earliest example of many-to-many electronic commerce in physical goods was the Boston Computer Exchange, a marketplace for used computers launched in 1982. The first online information marketplace, including online consulting, was likely the American Information Exchange, another pre-Internet online system introced in 1991.
Timeline
1990: Tim Berners-Lee wrote the first web browser, WorldWideWeb, using a NeXT computer.
1992: J.H. Snider and Terra Ziporyn published Future Shop: How New Technologies Will Change the Way We Shop and What We Buy. St. Martin's Press. ISBN 0312063598.
1994: Netscape released the Navigator browser in October under the code name Mozilla. Pizza Hut offered pizza ordering on its Web page. The first online bank opened. Attempts to offer flower delivery and magazine subscriptions online. Alt materials were also commercially available, as were cars and bikes. Netscape 1.0 in late 1994 introced SSL encryption that made transactions secure.
1995: Jeff Bezos launched Amazon.com and the first commercial-free 24 hour, internet-only radio stations, Radio HK and NetRadio started broadcasting. Dell and Cisco began to aggressively use Internet for commercial transactions. eBay was founded by computer programmer Pierre Omidyar as AuctionWeb.
1998: Electronic postal stamps can be purchased and downloaded for printing from the Web.
1999: business.com was sold for US $7.5 million, which was purchased in 1997 for US $150,000. The peer-to-peer filesharing software Napster was launched.
2000: The dot-com bust.
2003: Amazon.com had its first year with a full year of profit.
Business applications
Some common applications related to electronic commerce are:
E-mail and messaging
Documents, spreadsheets, database
Accounting and finance systems
Orders and shipment information
Enterprise and client information reporting
Domestic and international payment systems
Newsgroup
On-line Shopping
Messaging
Conferencing
Government regulations
In the United States, some electronic commerce activities are regulated by the Federal Trade Commission (FTC). These activities include the use of commercial e-mails, online advertising and consumer privacy. The CAN-SPAM Act of 2003 establishes national standards for direct marketing over e-mail. The Federal Trade Commission Act regulates all forms of advertising, including online advertising, and states that advertising must be truthful and non-deceptive.[1] Using its authority under Section 5 of the FTC Act, which prohibits unfair or deceptive practices, the FTC has brought a number of cases to enforce the promises in corporate privacy statements, including promises about the security of consumers』 personal information.[2] As result, any corporate privacy policy related to e-commerce activity may be subject to enforcement by the FTC.
Forms
Contemporary electronic commerce involves everything from ordering "digital" content for immediate online consumption, to ordering conventional goods and services, to "meta" services to facilitate other types of electronic commerce.
On the consumer level, electronic commerce is mostly concted on the World Wide Web. An indivial can go online to purchase anything from books, grocery to expensive items like real estate. Another example will be online banking like online bill payments, buying stocks, transferring funds from one account to another, and initiating wire payment to another country. All these activities can be done with a few keystrokes on the keyboard.
On the institutional level, big corporations and financial institutions use the internet to exchange financial data to facilitate domestic and international business. Data integrity and security are very hot and pressing issues for electronic commerce these days.
電子商務或EC(英語: E-Commerce)是指在互聯網(Internet)、企業內部網 (Intranet) 和增值網(VAN,Value Added Network)上以電子交易方式進行交易活動和相關服務活動,是傳統商業活動各環節的電子化、網路化。電子商務包括電子貨幣交換、供應鏈管理、電子交易市場、網路營銷、在線事務處理、電子數據交換(EDI)、存貨管理和自動數據收集系統。在此過程中,利用到的信息技術包括:互聯網、外聯網、電子郵件、資料庫、電子目錄和行動電話。
而廣義上的電子商務—電子業務或EB(英語: E-Business)則是指對整個商業活動實現電子化,也就是指應用電腦與網路技術與現代信息化通信技術,按照一定標准,利用電子化工具(有時甚至指整個電子媒介領域,包括廣播、電視、電話通訊等等)來實現包括電子商務(或電子交易)在內的商業交換和行政作業的商貿活動的全過程。
發展歷史
在過去的30年間,電子商務的概念發生了很大的變化. 最初,電子商務意味著利用電子化的手段,將商業買賣活動簡化,通常使用的技術包括電子數據交換(EDI)和電子貨幣轉帳,這些技術均是在20世紀70年代末期開始應用。典型的應用是將采購訂單和發票之類的商業文檔通過電子數據的方式發送出去。
電子商務中的「電子」指的是採用的技術和系統,而「商務」指的是傳統的商業模式。電子商務被定義為一整套通過網路支持商業活動的過程。在70年代和80年代,信息分析技術進入電子商務。80年代,隨著信用卡、自動櫃員機和電話銀行的逐漸被接受和應用,這些也成為電子貿易的組成部分。進入90年代,企業資源計劃(ERP)、數據挖掘和數據倉庫也成為電子商務的一個部分。
在「.COM」時代,電子商務增加了新的組成部分——「網路貿易」,客戶在數據加密傳輸技術支持下,利用網上商店的虛擬購物車和信用卡等電子貨幣支付形式,通過互聯網完成商品和服務的采購。
如今,電子商務的涵蓋十分廣泛的商業行為,從電子銀行到信息化的物流管理。電子商務的增長促進了支持系統的發展和進步, 包括後台支持系統、應用系統和中間件,例如寬頻和光纖網路、供應鏈管理模塊、原料規劃模塊、客戶關系管理模塊、存貨控制模塊和會計核算/企業財務模塊。
當互聯網在1994進入公眾的視線時,很多記者和學者預測電子貿易將很快成為主要的商業應用模式。然而,安全協議(例如HTTPS)用了四年的時間才發展的足夠成熟並獲得大范圍的應用。接下來,在1998年和2000年之間,大量的美國和西歐公司開發了許多不成熟的網站。
雖然大量的「純電子商務」公司在2000年和2001年的「.COM」衰退期消失了,還是有很多傳統的「水泥加磚塊」的零售企業認識到這些「.COM」公司揭示了潛在的有價值的市場空間,開始將電子商務的功能增加到網站上。例如,在在線食品銷售公司Webvan倒閉後,兩家傳統的連鎖超級市場Albertsons和Safeway都開始了附屬的電子商務功能,消費者可以直接在線訂購食品。
電子商務的成功因素
技術和組織方面
在很多案例中,一個電子商務公司存活下來,不僅僅是基於自身的產品,而且還擁有一個有能力的管理團隊、良好的售前服務、組織良好的商業結構、網路基礎和一個安全的,設計良好的網站,這些因素包括:
足夠的市場研究和分析。電子商務需要有可行的商業計劃並遵守供需的基本原理。在電子商務領域的失敗往往和其他商業領域的一樣,缺乏對商業基本原則的領會。
一支出色的被信息技術策略武裝起來的管理團隊。一個公司的信息戰略需要成為商業流程重組的一個部分。
為客戶提供一個方便而且安全的方式進行交易。信用卡是最互聯網上普遍的支付手段,大約90%的在線支付均使用信用卡的方式完成。在過去,加密的信用卡號碼信息通過獨立的第三方支付網關在顧客和商戶之間傳遞,現在大部分小企業和個體企業還是如此。如今大部分規模稍大的公司直接在網站上通過與商業銀行或是信用卡公司之間的協議處理信用卡交易。
提供高可靠性和安全性的交易。例如利用並行計算、硬體冗餘、失敗處理、信息加密和網路防火牆技術來達到這個需求。
提供360度視角的客戶關系,即確保無論是公司的雇員、供應商還是夥伴均可以獲得對客戶完整和一致的視角,而不是被選擇或者過濾得信息。因為,客戶不會對在權威主義(老大哥)監視的感覺有好的評價。
構建一個商業模型。如果在2000年的教科書上有這麼一段,很多「.com」公司可能不會破產。
設計一個電子商務價值鏈,關注在數量有限的核心競爭力上,而不是一個一站購齊的解決方案。如果合適的編製程序,網路商店可以在專業或者通用的特性中獲得其中一個。
運作最前沿或者盡可能的接近最前沿的技術,並且在緊緊跟隨技術的變化。(但是需要記住,商業的基本規則和技術的基本規則有很大的區別,不要同樣在商業模式上趕時髦)
建立一個足夠敏感和敏捷的組織,及時應對在經濟、社會和環境上發生的任何變化。
提供一個有足夠吸引力的網站。有品味的使用顏色、圖片、動畫、照片、字體和足夠的留白空間可以達到這一目標。
流暢的商業流程,可以通過流程再造和信息技術來獲得。
提供能完全理解商品和服務的信息,不僅僅包括全部產品信息還有可靠的顧問建議和挑選建議。
自然,電子商務供應商行業需要履行普世的原則,例如保證提供的商品的質量和可用性、物流的可靠性,並且及時有效的處理客戶的投訴。在網路環境下,有一個獨一無二的特點,客戶可以獲得遠多於傳統的「磚塊+水泥」地商業環境下關於商家
顧客為先
一個成功的電子商務機構必須提供一個既滿意而又具意義的經驗給顧客。都由各種顧客為先因素構成,包括以下:
提供額外的利益給顧客: 電子銷售商如要做到這一點,可提供產品或其產品系列,以一個較低的價格吸引潛在的客戶、如傳統商貿一樣.
提供優質服務: 提供一個互動及易於使用的購買經驗及場所,亦如傳統零售商一樣, 都有助某程度上達至上述目標。為鼓勵顧客再回來購買。可利用贈品或促銷禮券、優惠及折扣等。 還可以互相連接其他相關網站和廣告聯盟等。
提供個人服務: 提供個人化的網站、購買建議、個人及特別優惠的方式,有助增加互動、人性化來代替傳統的銷售方式。
提供社區意識: 可以聊天室、討論板以及一些忠誠顧客計劃(亦稱親和力計劃)都對提供社區意識有一定的幫助。
令顧客擁有全面性的體驗: 提供電子個人化服務,根據顧客的喜好,提供個別服務,使顧客感受與別不同的體驗,便可成為公司獨特的賣點及品牌。
自助方式: 提供自助式服務網站、易用及無須協助的環境,都有一定的幫助。包括所有的產品資料,交叉推銷信息、諮詢產品補替、用品及配件選擇等。
提供各種資訊: 如個人電子通訊錄、網上購物等。透過豐富的比較資料及良好的搜索設備,提供信息和構件安全、健康的評論給顧客。可協助個人電子服務來確定更多潛在顧客。
失敗因素
個人資料的外泄是最大的因素,如果有駭客破解網頁原始碼,並在網頁上種下木馬或是病毒,只要你登入並打上個人資料,駭客便可以馬上知道你在網頁上打下哪些個人資料。所以如何保護顧客的個資等是電子商務最大的問題,如果不妥善處理,那此電子店家便會被淘汰。
4、求兩篇關於電子商務英文參考文獻
http://59.42.244.59/Readers/Index.aspx
http://www.nstl.gov.cn/index.html
5、急求英文文獻及其翻譯 電子商務C2C方面
電子商務實驗室建設對專業課程教學效果的影響和作用
A Study of Construction of Electronic Commerce Laboratory
http://www.ilib2.com/A-ISSN~1008-9764(2008)03-0083-04.html
電子商務技術發展綜述
An Overview of Development in E-Commerce Technology
http://www.ilib2.com/A-ISSN~1009-3044(2006)11-0168-02.html
電子商務中的熱點新技術
New and Hot Point Technologies in Electronic Commerce
http://www.ilib2.com/A-QCode~jsjkx200407031.html
企業電子商務成熟度的組合評價
Combination Evaluation of Enterprise Maturity Degree of Electronic Commerce
http://www.ilib2.com/A-ISSN~1001-148X(2004)12-0173-04.html
6、求一篇關於電子商務的英文文獻及翻譯,急~!!!!
A
7、電子商務 論文翻譯
Summary: as the information technology advancing development, human beings are entering to network-oriented information age, launch based on the Internet for e-commerce are constantly influenced people's daily life, behavioral habits, etc.E-commerce paved the way people work styles, Club style, shopping manner, and even ecation mode changes.E-commerce brings to the changes in human life, so that mankind has a completely new life experience and higher quality of life.
Keywords: everyday life; electronic commerce; online shopping; impact; distance ecation; divided into
8、電子商務摘要翻譯
[Abstract] the twenty-first century is the information technology, the proportion of tertiary instry in the country is rising, particularly in services, information services into the 21st century, the leading instry, which has led business generation and, in the general trend of the global information technology The next drive, countries continued to improve and perfect the e-commerce, e-commerce to become various countries and major companies competing for attention. To explore the status quo and development of e-commerce e-commerce implementation of appropriate policies will be very urgent. In China, machines and technology popularization and development of the rapid rise of e-commerce, many information technology, venture capital companies, proction and circulation enterprises have e-commerce. This article from our e-commerce technology development environment, existing problems, the development trend of China's three aspects of e-commerce to explore the status of e-commerce development in China
[Key words] e-commerce, development status, trend analysis
9、求電子商務方面的英文文獻或論文,翻譯成漢字大約3000字。要有明確正規出處
Ecommerce Security Issues
Customer Security: Basic Principles
Most ecommerce merchants leave the mechanics to their hosting company or IT staff, but it helps to understand the basic principles. Any system has to meet four requirements:
privacy: information must be kept from unauthorized parties.
integrity: message must not be altered or tampered with.
authentication: sender and recipient must prove their identities to each other.
non-repudiation: proof is needed that the message was indeed received.
Privacy is handled by encryption. In PKI (public key infrastructure) a message is encrypted by a public key, and decrypted by a private key. The public key is widely distributed, but only the recipient has the private key. For authentication (proving the identity of the sender, since only the sender has the particular key) the encrypted message is encrypted again, but this time with a private key. Such proceres form the basis of RSA (used by banks and governments) and PGP (Pretty Good Privacy, used to encrypt emails).
Unfortunately, PKI is not an efficient way of sending large amounts of information, and is often used only as a first step — to allow two parties to agree upon a key for symmetric secret key encryption. Here sender and recipient use keys that are generated for the particular message by a third body: a key distribution center. The keys are not identical, but each is shared with the key distribution center, which allows the message to be read. Then the symmetric keys are encrypted in the RSA manner, and rules set under various protocols. Naturally, the private keys have to be kept secret, and most security lapses indeed arise here.
:Digital Signatures and Certificates
Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as throughout this page), a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also timestamped by a third party agency, which provides non-repudiation.
What about authentication? How does a customer know that the website receiving sensitive information is not set up by some other party posing as the e-merchant? They check the digital certificate. This is a digital document issued by the CA (certification authority: Verisign, Thawte, etc.) that uniquely identifies the merchant. Digital certificates are sold for emails, e-merchants and web-servers.
:Secure Socket Layers
Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. Indivial packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and digital certificates to ensure privacy and authentication. The procere is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.
:PCI, SET, Firewalls and Kerberos
Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted: SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server.
Firewalls (software or hardware) protect a server, a network and an indivial PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees.
Transactions
Sensitive information has to be protected through at least three transactions:
credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates.
credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway.
order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes).
Practical Consequences
1. The merchant is always responsible for security of the Internet-connected PC where customer details are handled. Virus protection and a firewall are the minimum requirement. To be absolutely safe, store sensitive information and customer details on zip-disks, a physically separate PC or with a commercial file storage service. Always keep multiple back-ups of essential information, and ensure they are stored safely off-site.
2. Where customers order by email, information should be encrypted with PGP or similar software. Or payment should be made by specially encrypted checks and ordering software.
3. Where credit cards are taken online and processed later, it's the merchant's responsibility to check the security of the hosting company's webserver. Use a reputable company and demand detailed replies to your queries.
4. Where credit cards are taken online and processed in real time, four situations arise:
You use a service bureau. Sensitive information is handled entirely by the service bureau, which is responsible for its security. Other customer and order details are your responsibility as in 3. above.
You possess an ecommerce merchant account but use the digital certificate supplied by the hosting company. A cheap option acceptable for smallish transactions with SMEs. Check out the hosting company, and the terms and conditions applying to the digital certificate.
You possess an ecommerce merchant account and obtain your own digital certificate (costing some hundreds of dollars). Check out the hosting company, and enter into a dialogue with the certification authority: they will certainly probe your credentials.
You possess a merchant account, and run the business from your own server. You need trained IT staff to maintain all aspects of security — firewalls, Kerberos, SSL, and a digital certificate for the server (costing thousands or tens of thousands of dollars).
Security is a vexing, costly and complicated business, but a single lapse can be expensive in lost funds, records and reputation. Don't wait for disaster to strike, but stay proactive, employing a security expert where necessary.
Sites on our resources page supplies details.