Chapter 31

Doing Commerce on an Intranet


In much of this book, we've seen how intranets and the Internet can help streamline the ways that companies do business, and change the way that people within a corporation communicate. For many companies, though, the biggest benefit of an intranet can be counted directly on the bottom line-intranets, used in conjunction with the Internet, help the companies do business with their customers. It allows the companies to better market their goods and services, and to take direct orders right online over the intranet. And it also allows the companies to order directly from other businesses as well.

Today, the amount of business done on the Internet and over intranets is relatively small. In the coming years, however, that business is expected to grow to many billions of dollars. The dramatic growth of the Internet has been fueled by business and consumers, and it shows no sign of letting up. The Internet may become one of the primary places that businesses operate-and is expected to be the place where many billions of dollars of goods and services will be bought and sold every year. Because of that, the ability to do commerce is a vital part of any intranet.

Businesses will use intranets as a way to market and sell their products and services. They will accept electronic payment using an intranet as well.

Increasingly, businesses will use the Internet to market and sell their products. Many people will buy things while at home and at their place of business instead of at retail stores-and they will use the Internet to browse through catalogs, and then make purchases online.

There is a major problem that has to be overcome with electronic commerce over the Internet and intranets, however. The nature of the Internet is that it's an unsecured network. As packets travel across it, anyone along the way could conceivably examine those packets. Because of that, there are potential dangers to doing business online-if you pay over the Internet with a credit card, someone could conceivably snoop at it and steal your credit card number and other identifying information. That means that businesses that expect to sell goods and services need some secure way to sell them.

A number of ways of making money payments across the Internet have sprung up to solve the problem. Probably the one that will be most used is the Secure Electronic Transaction protocol (SET)-a set of procedures and protocols designed to make financial transactions on the Internet as safe as possible. SET uses encryption technology to make sure that no one can steal your credit card number; only the sender and the receiver can decipher the numbers. See Chapter 17 for details on how encryption works. Major credit card companies such as VISA, MasterCard, and American Express support SET, as do software companies such as Microsoft and Netscape. With that backing, SET will almost certainly become the standard way for sending secure credit card information over the Internet.

There are other schemes for doing business over the Internet and intranets. In some of them, credit cards aren't used. Instead, people get electronic "tokens" that function as cash. Various terms are being used for this new form of money, partly from vendors offering electronic payment services, including NetCash, CyberCash, .eCash, and emoney. Someone purchases a certain amount of electronic money, and then can use it for online transactions, without having to go through credit card verification for each purchase. There will be other methods of electronic payments online as well.

There are people who believe that the Internet may transform the way that people buy goods and services at least to the same extent, and possibly more, as happened with the advent of mail-order catalogs. Almost any company that sells to the general public will certainly want to use their intranet as a way to help market and sell what they produce.

Doing this requires that a company use its intranet as well as the Internet. In general, the intranet is used as a way to market the goods and services, and the intranet is used as a way to let people actually buy the goods. Today, almost any major company you can name markets via the Internet, while few actually sell anything.

To market what they produce, companies create Web sites on the Internet, outside of the intranet's firewall. What most companies have found is that if all they do is create an advertisement on their Web site, they'll get very little traffic to their site. Few people want to spend their time reading ads online. Because of that, most businesses have found that they need to create compelling content, such as entertainment clips, videos, sounds, and news items. Once they draw people to their site, they can then market their goods and services. Commercial Web sites have also found that word of mouth isn't good enough to draw a crowd to their sites. To ensure that people visit them, they advertise on other Web sites. When someone clicks on an ad, they are immediately sent to the Web site.

While a variety of content such as videos and audio clips may draw people to a site, once people are there, businesses want them to learn about their goods, and ideally to order them. Companies build Web-based online catalogs that promote what is for sale. These catalogs can be as simple as text listings of what's available, or as complex as true multimedia catalogs that include sound and animations. Many companies now have Web sites that include online catalogs, such as L.L. Bean. In addition to catalogs, sites also make available a searchable database of their goods and services, so that people can target what they want to buy, and find information out about it quickly.

Bringing customers to the site and showing them what is available is only the first part of what a company wants to do. More important is to close the sale over the Internet. That's the difficult part, because many people still worry about performing financial transactions over the Internet. However, secure ways of commerce are being developed. At the point where someone actually places the order, they will send information to the intranet. They may not know that they've been transferred, but that's where their data eventually goes. There are a variety of ways to pay online, although the SET standard will undoubtedly become popular.

An intranet comes into play as well after the payment is made and authorized. Since the customer has entered the information about the products being ordered, there's no need for employees to key in an order. The order can be sent over the intranet via electronic mail or via a customized system to the fulfillment department, where the goods are shipped.

Selling directly to consumers is only one way that business can be done with intranets. Many billions of dollars are also spent every year on business-to-business transactions, in which businesses order goods and services from each other. In business-to-business transactions, companies can directly communicate with each other from intranet to intranet, sending data and orders between them over the public Internet. Since much of that data is generally confidential, there needs to be some way of keeping it from prying eyes. The answer is to use Very Secure Private Networks (VSPNs), a technology that allows intranets to use the Internet as if it were a private, secure communications channel. It does this by "tunneling" the private data through the intranet. See Chapter 20 for more information about VSPNs.

For years, a technology called Electronic Data Interchange (EDI) has allowed companies to do direct business with each other electronically. EDI allows businesses to fill out electronic forms and send them to each other, and then have the receiving business act on those forms. EDI is being brought to intranets and the Internet as a way to speed business-to-business transactions.

EDI is not the only way that companies can do business with each other over intranets, however. Intranets can help companies do business with each other in other ways as well. They can post information about what kinds of goods and services they need, and other companies can bid on providing them. They can use it as a way to better communicate with contractors and with businesses they buy goods from. In fact, intranets can help companies do business with each other in so many ways, that there are many people who believe that for many years, the main commercial use of the Internet and intranets will be for business-to-business transactions instead of for transactions between consumers and businesses.

How Financial Transactions Work on an Intranet

Intranets are used not merely to streamline businesses and make them more effective, but as a place to do business as well-to take orders for goods and services and to fill orders for goods and services. In order for this to happen, though, a secure way must be designed for credit card information to be sent over the notoriously unsecured Internet. There are many methods for doing this, but one standard, called the Secure Electronic Transaction protocol (SET), will probably be the primary method used. It has been endorsed by VISA, MasterCard, America Express, Microsoft and Netscape, among other companies. It is a system that will allow people with bank cards to do secure business over intranets. This illustration shows how a transaction using SET might work.

  1. Mia visits a Web site that contains an electronic catalog. After browsing through the catalog, she decides that she wants to buy a camcorder. In order to use SET to pay for it, she will have to have a credit card from a participating bank and have been issued a unique "electronic signature" for her computer that will be used to verify that it is she, and not an impostor, that is making the purchase. In SET, everyone involved in the transaction, including the merchant, needs to have electronic signatures identifying them and software that supports the SET protocol. SET also uses public-key encryption technology to encrypt all the information sent among everyone involved in the transaction. See Chapter 17 for details on encryption.
  2. Mia fills out an order form detailing what she wants to buy, its price, and any shipping, handling, and taxes. She then selects the method she wants to use to pay. In this case, she decides to pay electronically over the Internet, with her SET bank card. At this point, she doesn't send her precise credit card number, but instead the name of which credit card she wants to use. The information she sends includes her electronic signature, so that the merchant can verify it is really Mia who wants to do the ordering.
  3. The merchant receives the order form from Mia. A unique transaction identifier is created by the merchant's software, so that the transaction can be identified and tracked. The merchant's SET software sends back to Mia's computer this identifier along with two "electronic certificates" which are required to complete the transaction for her specific bank card. One certificate identifies the merchant, and the other certificate identifies a specific payment gateway-an electronic gateway to the banking system that processes online payments.
  4. Mia's software receives the electronic certificates and using them creates Order Information (OI) and Payment Instructions (PI). It encrypts these messages and includes Mia's electronic signature in them. The OI and the PI are sent back to the merchant.
  5. The merchant's software decrypts Mia's Order Information and, using the electronic signature that Mia sent, verifies that the order is from her. The merchant sends verification to Mia that the order has been made.
  6. The merchant's software creates an authorization request for payment, and includes with the merchant's digital signature, the transaction identifier and the Payment Instructions received from Mia's software. The software encrypts all of it and sends the encrypted request to the Payment Gateway.
  7. The Payment Gateway decrypts the messages, and using the merchant's digital signature verifies that the message is from the merchant. By examining the Payment Instructions, it verifies that they have come from Mia. The Payment Gateway then uses a bank card payment system to send an authorization request to the bank which issued Mia her bank card, asking if the purchase can be made.
  8. When the bank responds that the payment can be made, the Payment Gateway creates, digitally signs, and encrypts an authorization message, which is sent to the merchant. The merchant's software decrypts the message, and uses the digital signature to verify that it comes from the Payment Gateway. Assured of payment, the merchant now ships the camcorder to Mia.
  9. Some time after the transaction has been completed, the merchant requests payment from the bank. The merchant's software creates a "capture request," which includes the amount of the transaction, the transaction identifier, a digital signature, and other information about the transaction. The information is encrypted and sent to the Payment Gateway.
  10. The Payment Gateway decrypts the capture request and uses the digital signature to verify it is from the merchant. It sends a request for payment to the bank, using the bank card payment system. It receives a message authorizing payment, encrypts the message, and then sends the authorization to the merchant.
  11. The merchant software decrypts the authorization, verifies that it is from the Payment Gateway, and then stores the authorization which will be used to reconcile the payment when it is received as it normally is in credit card transactions from the bank.

Doing Business with Customers Using an Intranet

Intranets may revolutionize the way that businesses sell goods and services. Using an intranet, a company can inexpensively market its goods and services, take orders for them, and then fulfill the order. This illustration shows how a record company called CyberMusic could do business using an intranet.

Business-to-Business Transactions Using Intranets

Intranets can communicate with one another through the public Internet, instead of by using private leased lines. Leasing private lines can be very expensive, while using the Internet is inexpensive. However, of vital importance when companies do business with one another using in-tranets is that any transactions be kept private and secure. Virtual Secure Private Networks (VSPNs) allow intranets to communicate with one another over the Internet, while keeping all data secure, by using "tunneling" technology. See Chapter 20 for details on how VSPNs work.

  1. When a business wants to order goods from CyberMusic-such as a music store called The Music Box-it contacts the CyberMusic intranet using a VSPN. It can search through the database of CyberMusic records to find the records it wants to order. A CGI program gives them a special retailer's view of the data shown to regular customers.
  2. As a further way to en-sure that the transaction is kept secure, and that it is really The Music Box doing the ordering, a special electronic "token" (like the digital signatures described earlier in the chapter) may be required that proves that the purchaser is indeed The Music Box. The token is sent over the VSPN.
  3. When The Music Box finds the records it wants to order, it fills out a form. This form may be customized specifically for The Music Box, and will be different from the form used by the general public, and by other companies that do business with CyberMusic.
  4. Once it is verified that The Music Box is doing the ordering, the transaction is put through using a secure payment system. There are a variety of secure payment systems that can be used for business-to-business transactions. One is de-scribed in "How Financial Transactions Work on an Intranet."
  5. Information about the order is automatically transferred over the intranet to CyberMusic's fulfillment department, which ships out the records ordered.
  6. CyberMusic can also do business with its suppliers and contractors using an intranet. For example, it can post on its public Internet Web server the fact that it is looking to buy raw, uncut CDs that it will use in the manufacturing process, and have new suppliers submit bids over the Internet. Established suppliers can connect via a VSPN, and submit their bids which are then routed to the appropriate people within the intranet.