1、关于电子商务环境下物流配送方面的英文文献
楼上这位的英文文献是google华文文献而来的,很不通顺。。。
电子商务环境下物流配送
Logistics Distribution under E-business Environment
楼上译成了E-business environment under the logistics and distribution
电子商务环境下的物流配送
摘要:本文从阐述电子商务与物流配送的相互关系出发,就如何建立与我国国情发展相适应的物流配送模式,降低物流成本,提高配送效率,解决配送问题进行探讨。
关键词:电子商务;物流配送;第三方物流
在互联网技术的不断发展及全球电子商务大环境的引导下,跨国物流和跨区域物流更加频繁,对物流的需求也更加强烈。但电子商务在我国的发展却具有其不成熟性的特点,物流基础设施及技术水平落后,供应商(或制造商)以及客户之间没有形成供应链,配送效率低下,所以电子商务要在中国继续发展必须解决——"物流瓶颈"。
一、电子商务与物流配送
电子商务是在Internet开放的网络环境下,基于浏览器/服务器的应用方式,实现消费者的网上购物、企业之间的网上交易和在线电子支付的一种新型的交易方式。电子商务与传统商务本质区别,就是它以数字化网络为基础进行商品、货币和服务交易,目的在于减少信息社会的商业中间环节,缩短周期,降低成本,提高经营效率,提高服务质量,使企业有效地参与竞争。
物流配送定位在为电子商务的客户提供服务,根据电子商务的特点,对整个物流配送体系实行统一的信息管理和调度,按照用户订货要求,在物流基地进行理货工作,并将配好的货物送交收货人的一种物流方式。这一先进的、优化的流通方式对流通企业提高服务质量、降低物流成本、优化社会库存配置,从而提高企业的经济效益及社会效益具有重要意义。
二、电子商务环境下的物流配送模式
发展现代物流配送,是转变经济增长方式,促进经济增长由粗放型向集约型转变的需要。过去我国长期实行计划经济体制,几乎每个工业企业都建立了仓库、车队负责包装、运输等业务,大而全、小而全、粗放管理问题比较突出,造成企业原材料和产成品库存过大,占压大量资金;自备仓储和自备运输利用率低,成本过高;销售配送体系不健全,产品实体分配效率不能满足售后和服务要求。市场经济条件下,企业要在激烈的竞争中站稳脚跟,必须集中精力发展其核心业务,对传统的物流管理模式进行改革,提高物流管理的社会化和组织程度,变粗放管理为集约经营,才能使企业真正适应市场经济的发展。
发展现代物流配送,是适应加入WTO,提高企业市场竞争能力的需要。目前世界上大多数地区,约1/3的物流运作是承包给第三方的,发达国家甚至达5-8成。而我国的物流服务行业竞争力很弱,没有形成一定的规模优势和资本优势,服务质量与国外企业相比也存在着很大差距。加入WTO后,根据协议,我国将进一步开放物流服务行业,国外成熟的物流企业会大举进入我国,因此,面对经济全球化趋势和我国加入WTO的挑战,实施物流改造,发展现代物流配送是企业参与竞争,赢得竞争优势的必然选择。
在电子商务条件下,构建我国物流配送体系,可以有以下三种模式:一是电子商务与传统商务共用一套物流系统;二是由电子商务企业组建自己的物流系统;三是电子商务企业将所有的物流业务以外包的形式委托第三方物流企业运作。所谓第三方物流是指根据供应商或销售商的委托,由供应商和销售商以外的第三方负责对物流的中间环节进行有效管理,提供从货源供应到最终商品销售之间的全方位物流服务。鉴于发达国家的成功经验和目前我国物流业的发展状况,我认为,委托第三方物流企业运作是我国电子商务企业最理想的物流模式。其理由如下:
(1)物流通常不是大多数的电子商务企业的核心业务,电子商务企业把物流业务运作外包于第三方物流企业,可以把资源集中在自身的核心竞争力业务上,以获取最大的投资回报。
(2)第三方物流企业拥有发达的物流网络和针对不同物流市场的专业能力,包括运输、仓储和其它增值服务,同时第三方物流企业还拥有信息技术,他们与独立的软件供应商结盟或者开发了内部信息系统,这使其能够最大限度地利用运输和分销网络,有效进行跨运输方式的货物追踪。
(3)第三方物流企业具有规模经济优势。由于其可以从运输商那里大批量购买运输能力,然后集中配载许多客户的货物,大幅度降低单位运输成本。
(4)通过“共享租用”模型,多个电子商务企业可以共享分发和售后服务。外包也缓和了内部物流执行并减少建造和装备仓库。内部完成电子物流费用高,耗时多,并且由于不具备第三方的专业技术,许多公司会严重损害花很多时间建立的客户关系。
诚然,第三方物流企业的运作不仅要针对生产厂家能否合理经营并优化库存结构,还要针对客户,保证商品来源于最佳路线,以切实降低物流成本,提高产品附加值,同时真正使客户省钱,省力,省时。
三、我国发展第三方物流应注意的问题
(1)物流业务的范围不断扩大。商业机构和各大公司面对日趋激烈的竞争不得不将主要经理放在核心业务,将运输、仓储等相关业务环节交由更专业的物流企业进行操作,以求节约和高效;同时,物流企业为提高服务质量,也在不断拓宽业务范围,提供配套服务。
(2)提供客户定制的物流服务。很多成功的物流企业根据第一方、第二方的谈判条款,分析比较自理的操作成本和代理费用,灵活运用自理和代理两种方式。
(3)物流产业的发展潜力巨大,具有广阔的发展前景。长期以来,由于受计划经济的影响,我国物流社会化程度低,物流管理混乱,机构多元化,物资、商业、经贸、交通、建设等部门均有各自的物流系统。这种分散的多元化物流格局,导致社会化大生产、专业化流通的集约化经营优势难以发挥,规模经营、规模效益难以实现,设施利用率低,布局不合理,重复建设,资金浪费严重。由于利益冲突及信息不通畅等原因,造成余缺物资不能及时调配,大量物资滞留在流通领域,造成资金沉淀,产生大量库存费用。另外,我国物流企业与物流组织的总体水平低,设备陈旧,损失率大,效率低,运输能力严重不足,形成了瓶颈,制约了物流的发展。
在电子商务飞速发展的21世纪,谁掌握了物流和配送,谁就掌握了市场。建立电子商务模式下的物流配送体系,客观上需要那种放网全国,点指世界超强的物流服务企业。当前,我国的一些传统物流企业(如,中远,中外运等)应积极加大市场调研和开拓力度,加大与跨国公司、大型制造商等行业企业以及与连锁、超市零售行业等的合作,与其建立伙伴关系,为其提供一体化的物流配送服务,并尽快发展电子商务,从而提供高质量的、高水平的电子商务环境下的现代物流配送服务,为我国建立良好的现代配送机制贡献自身的一份力量。
参考文献:
《中国物流与采购》
《我国物流企业如何迎接电子商务》 张铎
《电子商务配送问题浅析》 关洪杰、
http://www.chinawuliu.com.cn/cflp/newss/content1/200709/805_24938.html
2、求一个电子商务方面的英文文献及翻译3000字左右的
http://www.cecb.cn/simple/index.php?t25601.html
或许有你想要的
3、电子商务英文文献
Electronic commerce, commonly known as e-commerce, consists of the buying and selling of procts or services over electronic systems such as the Internet and other computer networks. The amount of trade concted electronically has grown extraordinarily since the spread of the Internet. A wide variety of commerce is concted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as e-mail as well.
A large percentage of electronic commerce is concted entirely electronically for virtual items such as access to premium content on a website, but most electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as e-tailers and online retail is sometimes known as e-tail. Almost all big retailers have electronic commerce presence on the World Wide Web.
Electronic commerce that is concted between businesses is referred to as Business-to-business or B2B. B2B can be open to all interested parties (e.g. commodity exchange) or limited to specific, pre-qualified participants (private electronic market).
Electronic commerce is generally considered to be the sales aspect of e-business. It also consists of the exchange of data to facilitate the financing and payment aspects of the business transactions.
History
Early development
The meaning of electronic commerce has changed over the last 30 years. Originally, electronic commerce meant the facilitation of commercial transactions electronically, using technology such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT). These were both introced in the late 1970s, allowing businesses to send commercial documents like purchase orders or invoices electronically. The growth and acceptance of credit cards, automated teller machines (ATM) and telephone banking in the 1980s were also forms of electronic commerce. From the 1990s onwards, electronic commerce would additionally include enterprise resource planning systems (ERP), data mining and data warehousing.
Perhaps it is introced from the Telephone Exchange Office, or maybe not.The earliest example of many-to-many electronic commerce in physical goods was the Boston Computer Exchange, a marketplace for used computers launched in 1982. The first online information marketplace, including online consulting, was likely the American Information Exchange, another pre-Internet online system introced in 1991.
Timeline
1990: Tim Berners-Lee wrote the first web browser, WorldWideWeb, using a NeXT computer.
1992: J.H. Snider and Terra Ziporyn published Future Shop: How New Technologies Will Change the Way We Shop and What We Buy. St. Martin's Press. ISBN 0312063598.
1994: Netscape released the Navigator browser in October under the code name Mozilla. Pizza Hut offered pizza ordering on its Web page. The first online bank opened. Attempts to offer flower delivery and magazine subscriptions online. Alt materials were also commercially available, as were cars and bikes. Netscape 1.0 in late 1994 introced SSL encryption that made transactions secure.
1995: Jeff Bezos launched Amazon.com and the first commercial-free 24 hour, internet-only radio stations, Radio HK and NetRadio started broadcasting. Dell and Cisco began to aggressively use Internet for commercial transactions. eBay was founded by computer programmer Pierre Omidyar as AuctionWeb.
1998: Electronic postal stamps can be purchased and downloaded for printing from the Web.
1999: business.com was sold for US $7.5 million, which was purchased in 1997 for US $150,000. The peer-to-peer filesharing software Napster was launched.
2000: The dot-com bust.
2003: Amazon.com had its first year with a full year of profit.
Business applications
Some common applications related to electronic commerce are:
E-mail and messaging
Documents, spreadsheets, database
Accounting and finance systems
Orders and shipment information
Enterprise and client information reporting
Domestic and international payment systems
Newsgroup
On-line Shopping
Messaging
Conferencing
Government regulations
In the United States, some electronic commerce activities are regulated by the Federal Trade Commission (FTC). These activities include the use of commercial e-mails, online advertising and consumer privacy. The CAN-SPAM Act of 2003 establishes national standards for direct marketing over e-mail. The Federal Trade Commission Act regulates all forms of advertising, including online advertising, and states that advertising must be truthful and non-deceptive.[1] Using its authority under Section 5 of the FTC Act, which prohibits unfair or deceptive practices, the FTC has brought a number of cases to enforce the promises in corporate privacy statements, including promises about the security of consumers’ personal information.[2] As result, any corporate privacy policy related to e-commerce activity may be subject to enforcement by the FTC.
Forms
Contemporary electronic commerce involves everything from ordering "digital" content for immediate online consumption, to ordering conventional goods and services, to "meta" services to facilitate other types of electronic commerce.
On the consumer level, electronic commerce is mostly concted on the World Wide Web. An indivial can go online to purchase anything from books, grocery to expensive items like real estate. Another example will be online banking like online bill payments, buying stocks, transferring funds from one account to another, and initiating wire payment to another country. All these activities can be done with a few keystrokes on the keyboard.
On the institutional level, big corporations and financial institutions use the internet to exchange financial data to facilitate domestic and international business. Data integrity and security are very hot and pressing issues for electronic commerce these days.
电子商务或EC(英语: E-Commerce)是指在互联网(Internet)、企业内部网 (Intranet) 和增值网(VAN,Value Added Network)上以电子交易方式进行交易活动和相关服务活动,是传统商业活动各环节的电子化、网路化。电子商务包括电子货币交换、供应链管理、电子交易市场、网路营销、在线事务处理、电子数据交换(EDI)、存货管理和自动数据收集系统。在此过程中,利用到的信息技术包括:互联网、外联网、电子邮件、资料库、电子目录和行动电话。
而广义上的电子商务—电子业务或EB(英语: E-Business)则是指对整个商业活动实现电子化,也就是指应用电脑与网路技术与现代信息化通信技术,按照一定标准,利用电子化工具(有时甚至指整个电子媒介领域,包括广播、电视、电话通讯等等)来实现包括电子商务(或电子交易)在内的商业交换和行政作业的商贸活动的全过程。
发展历史
在过去的30年间,电子商务的概念发生了很大的变化. 最初,电子商务意味著利用电子化的手段,将商业买卖活动简化,通常使用的技术包括电子数据交换(EDI)和电子货币转帐,这些技术均是在20世纪70年代末期开始应用。典型的应用是将采购订单和发票之类的商业文档通过电子数据的方式发送出去。
电子商务中的“电子”指的是采用的技术和系统,而“商务”指的是传统的商业模式。电子商务被定义为一整套通过网路支持商业活动的过程。在70年代和80年代,信息分析技术进入电子商务。80年代,随著信用卡、自动柜员机和电话银行的逐渐被接受和应用,这些也成为电子贸易的组成部分。进入90年代,企业资源计划(ERP)、数据挖掘和数据仓库也成为电子商务的一个部分。
在“.COM”时代,电子商务增加了新的组成部分——“网路贸易”,客户在数据加密传输技术支持下,利用网上商店的虚拟购物车和信用卡等电子货币支付形式,通过互联网完成商品和服务的采购。
如今,电子商务的涵盖十分广泛的商业行为,从电子银行到信息化的物流管理。电子商务的增长促进了支持系统的发展和进步, 包括后台支持系统、应用系统和中间件,例如宽频和光纤网路、供应链管理模块、原料规划模块、客户关系管理模块、存货控制模块和会计核算/企业财务模块。
当互联网在1994进入公众的视线时,很多记者和学者预测电子贸易将很快成为主要的商业应用模式。然而,安全协议(例如HTTPS)用了四年的时间才发展的足够成熟并获得大范围的应用。接下来,在1998年和2000年之间,大量的美国和西欧公司开发了许多不成熟的网站。
虽然大量的“纯电子商务”公司在2000年和2001年的“.COM”衰退期消失了,还是有很多传统的“水泥加砖块”的零售企业认识到这些“.COM”公司揭示了潜在的有价值的市场空间,开始将电子商务的功能增加到网站上。例如,在在线食品销售公司Webvan倒闭后,两家传统的连锁超级市场Albertsons和Safeway都开始了附属的电子商务功能,消费者可以直接在线订购食品。
电子商务的成功因素
技术和组织方面
在很多案例中,一个电子商务公司存活下来,不仅仅是基於自身的产品,而且还拥有一个有能力的管理团队、良好的售前服务、组织良好的商业结构、网路基础和一个安全的,设计良好的网站,这些因素包括:
足够的市场研究和分析。电子商务需要有可行的商业计划并遵守供需的基本原理。在电子商务领域的失败往往和其他商业领域的一样,缺乏对商业基本原则的领会。
一支出色的被信息技术策略武装起来的管理团队。一个公司的信息战略需要成为商业流程重组的一个部分。
为客户提供一个方便而且安全的方式进行交易。信用卡是最互联网上普遍的支付手段,大约90%的在线支付均使用信用卡的方式完成。在过去,加密的信用卡号码信息通过独立的第三方支付网关在顾客和商户之间传递,现在大部分小企业和个体企业还是如此。如今大部分规模稍大的公司直接在网站上通过与商业银行或是信用卡公司之间的协议处理信用卡交易。
提供高可靠性和安全性的交易。例如利用并行计算、硬体冗余、失败处理、信息加密和网路防火墙技术来达到这个需求。
提供360度视角的客户关系,即确保无论是公司的雇员、供应商还是伙伴均可以获得对客户完整和一致的视角,而不是被选择或者过滤得信息。因为,客户不会对在权威主义(老大哥)监视的感觉有好的评价。
构建一个商业模型。如果在2000年的教科书上有这麼一段,很多“.com”公司可能不会破产。
设计一个电子商务价值链,关注在数量有限的核心竞争力上,而不是一个一站购齐的解决方案。如果合适的编制程序,网路商店可以在专业或者通用的特性中获得其中一个。
运作最前沿或者尽可能的接近最前沿的技术,并且在紧紧跟随技术的变化。(但是需要记住,商业的基本规则和技术的基本规则有很大的区别,不要同样在商业模式上赶时髦)
建立一个足够敏感和敏捷的组织,及时应对在经济、社会和环境上发生的任何变化。
提供一个有足够吸引力的网站。有品味的使用颜色、图片、动画、照片、字体和足够的留白空间可以达到这一目标。
流畅的商业流程,可以通过流程再造和信息技术来获得。
提供能完全理解商品和服务的信息,不仅仅包括全部产品信息还有可靠的顾问建议和挑选建议。
自然,电子商务供应商行业需要履行普世的原则,例如保证提供的商品的质量和可用性、物流的可靠性,并且及时有效的处理客户的投诉。在网路环境下,有一个独一无二的特点,客户可以获得远多於传统的“砖块+水泥”地商业环境下关於商家
顾客为先
一个成功的电子商务机构必须提供一个既满意而又具意义的经验给顾客。都由各种顾客为先因素构成,包括以下:
提供额外的利益给顾客: 电子销售商如要做到这一点,可提供产品或其产品系列,以一个较低的价格吸引潜在的客户、如传统商贸一样.
提供优质服务: 提供一个互动及易於使用的购买经验及场所,亦如传统零售商一样, 都有助某程度上达至上述目标。为鼓励顾客再回来购买。可利用赠品或促销礼券、优惠及折扣等。 还可以互相连接其他相关网站和广告联盟等。
提供个人服务: 提供个人化的网站、购买建议、个人及特别优惠的方式,有助增加互动、人性化来代替传统的销售方式。
提供社区意识: 可以聊天室、讨论板以及一些忠诚顾客计划(亦称亲和力计划)都对提供社区意识有一定的帮助。
令顾客拥有全面性的体验: 提供电子个人化服务,根据顾客的喜好,提供个别服务,使顾客感受与别不同的体验,便可成为公司独特的卖点及品牌。
自助方式: 提供自助式服务网站、易用及无须协助的环境,都有一定的帮助。包括所有的产品资料,交叉推销信息、谘询产品补替、用品及配件选择等。
提供各种资讯: 如个人电子通讯录、网上购物等。透过丰富的比较资料及良好的搜索设备,提供信息和构件安全、健康的评论给顾客。可协助个人电子服务来确定更多潜在顾客。
失败因素
个人资料的外泄是最大的因素,如果有骇客破解网页原始码,并在网页上种下木马或是病毒,只要你登入并打上个人资料,骇客便可以马上知道你在网页上打下哪些个人资料。所以如何保护顾客的个资等是电子商务最大的问题,如果不妥善处理,那此电子店家便会被淘汰。
4、求两篇关于电子商务英文参考文献
http://59.42.244.59/Readers/Index.aspx
http://www.nstl.gov.cn/index.html
5、急求英文文献及其翻译 电子商务C2C方面
电子商务实验室建设对专业课程教学效果的影响和作用
A Study of Construction of Electronic Commerce Laboratory
http://www.ilib2.com/A-ISSN~1008-9764(2008)03-0083-04.html
电子商务技术发展综述
An Overview of Development in E-Commerce Technology
http://www.ilib2.com/A-ISSN~1009-3044(2006)11-0168-02.html
电子商务中的热点新技术
New and Hot Point Technologies in Electronic Commerce
http://www.ilib2.com/A-QCode~jsjkx200407031.html
企业电子商务成熟度的组合评价
Combination Evaluation of Enterprise Maturity Degree of Electronic Commerce
http://www.ilib2.com/A-ISSN~1001-148X(2004)12-0173-04.html
6、求一篇关于电子商务的英文文献及翻译,急~!!!!
A
7、电子商务 论文翻译
Summary: as the information technology advancing development, human beings are entering to network-oriented information age, launch based on the Internet for e-commerce are constantly influenced people's daily life, behavioral habits, etc.E-commerce paved the way people work styles, Club style, shopping manner, and even ecation mode changes.E-commerce brings to the changes in human life, so that mankind has a completely new life experience and higher quality of life.
Keywords: everyday life; electronic commerce; online shopping; impact; distance ecation; divided into
8、电子商务摘要翻译
[Abstract] the twenty-first century is the information technology, the proportion of tertiary instry in the country is rising, particularly in services, information services into the 21st century, the leading instry, which has led business generation and, in the general trend of the global information technology The next drive, countries continued to improve and perfect the e-commerce, e-commerce to become various countries and major companies competing for attention. To explore the status quo and development of e-commerce e-commerce implementation of appropriate policies will be very urgent. In China, machines and technology popularization and development of the rapid rise of e-commerce, many information technology, venture capital companies, proction and circulation enterprises have e-commerce. This article from our e-commerce technology development environment, existing problems, the development trend of China's three aspects of e-commerce to explore the status of e-commerce development in China
[Key words] e-commerce, development status, trend analysis
9、求电子商务方面的英文文献或论文,翻译成汉字大约3000字。要有明确正规出处
Ecommerce Security Issues
Customer Security: Basic Principles
Most ecommerce merchants leave the mechanics to their hosting company or IT staff, but it helps to understand the basic principles. Any system has to meet four requirements:
privacy: information must be kept from unauthorized parties.
integrity: message must not be altered or tampered with.
authentication: sender and recipient must prove their identities to each other.
non-repudiation: proof is needed that the message was indeed received.
Privacy is handled by encryption. In PKI (public key infrastructure) a message is encrypted by a public key, and decrypted by a private key. The public key is widely distributed, but only the recipient has the private key. For authentication (proving the identity of the sender, since only the sender has the particular key) the encrypted message is encrypted again, but this time with a private key. Such proceres form the basis of RSA (used by banks and governments) and PGP (Pretty Good Privacy, used to encrypt emails).
Unfortunately, PKI is not an efficient way of sending large amounts of information, and is often used only as a first step — to allow two parties to agree upon a key for symmetric secret key encryption. Here sender and recipient use keys that are generated for the particular message by a third body: a key distribution center. The keys are not identical, but each is shared with the key distribution center, which allows the message to be read. Then the symmetric keys are encrypted in the RSA manner, and rules set under various protocols. Naturally, the private keys have to be kept secret, and most security lapses indeed arise here.
:Digital Signatures and Certificates
Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as throughout this page), a plain text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plain text encrypted with the recipient's public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied hash function to that the message digest value remains unchanged (message has not been tampered with). Very often, the message is also timestamped by a third party agency, which provides non-repudiation.
What about authentication? How does a customer know that the website receiving sensitive information is not set up by some other party posing as the e-merchant? They check the digital certificate. This is a digital document issued by the CA (certification authority: Verisign, Thawte, etc.) that uniquely identifies the merchant. Digital certificates are sold for emails, e-merchants and web-servers.
:Secure Socket Layers
Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. Indivial packets are sent by different routes. TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and digital certificates to ensure privacy and authentication. The procere is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client negotiate to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.
:PCI, SET, Firewalls and Kerberos
Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable to outsiders hacking into the server and accompanying network. A PCI (peripheral component interconnect: hardware) card is often added for protection, therefore, or another approach altogether is adopted: SET (Secure Electronic Transaction). Developed by Visa and Mastercard, SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant, customer and bank. More importantly, sensitive information is not seen by the merchant, and is not kept on the merchant's server.
Firewalls (software or hardware) protect a server, a network and an indivial PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees.
Transactions
Sensitive information has to be protected through at least three transactions:
credit card details supplied by the customer, either to the merchant or payment gateway. Handled by the server's SSL and the merchant/server's digital certificates.
credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway.
order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates (and payment gateway sometimes).
Practical Consequences
1. The merchant is always responsible for security of the Internet-connected PC where customer details are handled. Virus protection and a firewall are the minimum requirement. To be absolutely safe, store sensitive information and customer details on zip-disks, a physically separate PC or with a commercial file storage service. Always keep multiple back-ups of essential information, and ensure they are stored safely off-site.
2. Where customers order by email, information should be encrypted with PGP or similar software. Or payment should be made by specially encrypted checks and ordering software.
3. Where credit cards are taken online and processed later, it's the merchant's responsibility to check the security of the hosting company's webserver. Use a reputable company and demand detailed replies to your queries.
4. Where credit cards are taken online and processed in real time, four situations arise:
You use a service bureau. Sensitive information is handled entirely by the service bureau, which is responsible for its security. Other customer and order details are your responsibility as in 3. above.
You possess an ecommerce merchant account but use the digital certificate supplied by the hosting company. A cheap option acceptable for smallish transactions with SMEs. Check out the hosting company, and the terms and conditions applying to the digital certificate.
You possess an ecommerce merchant account and obtain your own digital certificate (costing some hundreds of dollars). Check out the hosting company, and enter into a dialogue with the certification authority: they will certainly probe your credentials.
You possess a merchant account, and run the business from your own server. You need trained IT staff to maintain all aspects of security — firewalls, Kerberos, SSL, and a digital certificate for the server (costing thousands or tens of thousands of dollars).
Security is a vexing, costly and complicated business, but a single lapse can be expensive in lost funds, records and reputation. Don't wait for disaster to strike, but stay proactive, employing a security expert where necessary.
Sites on our resources page supplies details.