Israel González-Carrasco, Jose Luis López-Cuadrado, Belen Ruiz-Mezcua, Angel García-Crespo
Department of Computer Science, Universidad Carlos III ,Madrid, Spain
Keywords: eCommerce, electronic purchase, virtual point of sale, legislation, security.
Abstract: eCommerce can be defined, in an ample sense, as any form of commercial transaction based on the remote
data transmission on communication networks. In order to facilitate this process, the market at the moment
offers an ample range of electronic payment systems that allow to make electronic purchases with simplicity
and transparency, being helped to harness the sales and to manage them of efficient way. This article
presents, in the first place, the current situation of the electronic commerce in Spain, detailing the state of
the used technology, its real possibilities of use, the new methods of payment, the security used in the
process and the influence that it has in the market. Secondly, is a proposal of virtual store in which different
technologies are integrated to make the process of purchase software product. The designed website
innovates in the implemented modality of payment, considers the effective legislation at the present time in
Spain, and it makes agile and assures the process purchase with the activation of each product in an
individual way.
eCommerce constitutes a new form of enterprise
strategy that is based on the use of the
communication networks to develop commercial
activities. In this new model of business
transactions, the involved parts exclusively interact
and make businesses through electronic way (Pastor,
Figure 3 shows the main places of purchase in
Spain, extracted from the last study on electronic
commerce B2C of AECE (AECE, 2004). The
traditional store with Web is the one that greater
uses, followed of the Web of the manufacturer. In
addition, the use of sites dedicated exclusively to
this service, at the moment is used moderately.
0,00% 5,00% 10,00% 15,00% 20,00%
Traditional Shop
Manufacturer Web
Virtual Community
Other s
Dont Know
Figure 1: Purchase places classification in Spain
In Spain the main electronic payment, is still the
credit card, on the contrary is losing use the payment
by direct debit, as well as the cash on delivery, and
appears the use for the first time of the card of the
own establishment (AECE, 2004).
González-Carrasco I., Luis López-Cuadrado J., Ruiz-Mezcua B. and García-Crespo A. (2005).
In Proceedings of the Second International Conference on e-Business and Telecommunication Networks, pages 159-163
DOI: 10.5220/0001411501590163
0,0% 10,0% 20,0% 30,0% 40,0% 50,0% 60,0% 70,0%
C ash on delivery
Payment by direct
Shop card
Dont Know
2003 2004
Figure 2: Electronic payment classification in Spain
The electronic payment par excellence actually
through Internet is the card, as much of debit as of
credit, and this has been possible thanks to the
appearance of the electronic payment systems, that
emulates of electronic form the normal transaction
between merchant and client, guaranteeing the good
aim of the operation.
The electronic payment systems or virtual points
of sale terminal (POS), acts in Internet like the
traditional payment systems of credit card (physical
POS) allowing that their clients can pay their
products through Internet using a credit card
(Bartolome, 2002).
It is important to consider that the system of
payment developed by the different banks does not
provide an application of commerce in himself, they
only implement a payment system. Anyone
connected to this network can acquire these
products, from any place and during the 24 hours of
the day, having a personal computer and a
connection to Internet.
The participants who take part in a transaction of
this type are the following ones:
Customer or client, is the one who initiates
the transaction, details the content of the
purchase and interact with the POS,
specifying in a secure form the data of his
Vendor or merchant, who recognizes the
identity of the client to send the merchandise
to him, once authorized the operation by the
POS. It is necessary to stand out that the
retailer does not have access to the economic
data of the transaction, these confidential data
are privatized between client and bank.
Customer Bank or financial organization of
the client, which receives the payment order,
consults the identity of the card and notifies
the viability of the operation
Merchant Bank or financial organization of
the retailer, which receives the money in its
Figure 3: Electronic purchase process participants
In Spain, the product sale and services through
Internet are basically regulated by the European
directors on electronic commerce and by Law 7/96
of Arrangement Commerce Retail (MAP, 1996).
To legal effects, the sale by Internet is governed
by the criteria that the remote sale and, therefore, it
has the same treatment that the sale by telephone,
catalogue or mail. The norm on the remote sale
gathers the possibility that the transactions of
purchase are rejected made by two reasons:
Disagreement of the buyer with the acquired
That the purchase has been made with credit
or debit cards by non-authorized people or
who they are not his holders.
In order to assure the transaction, the companies
that commercialize their products or services by
Internet, must obtain and verify all the possible
information about the buyer the data before deliver
the product. The more important basic norms that
they are applied to the electronic commerce and
transactions by Internet in Spain at the present time
are (Casas, 2003):
Law 7/96 of Arrangement of Retail
RD 1906/99 of 17/12/1999 to regulate the
general conditions of telephone or electronic
Director 200/31/CE of ecommerce.
Law 34/2002, Services of the Society of
Information and electronic commerce (LSSI)
of 11/07/2002.
Law of Protection of Personal character Data
of 13/12/1999 (LOPD).
RD 994/1999 that establishes the measures of
control of security of the automated files.
RD 195/2000 that establishes the time to
implement the measures of control of security
of the automated files.
Director 1999/93/CE on digital certification.
In a system of electronic commerce the following
characteristics are due to guarantee (Reynolds,
2000): anonymity, trazability, confidentiality,
authentication, data integrity, non repudiation and
reliability. Finally to comment that in addition to the
previously commented requirements of security,
exists other directed to make the mechanisms more
effective: low cost, independence of the hardware
and operating systems, scalability, effective
mechanisms of auditation, confidence on the part of
the consumer.
It is a fact that the electronic commerce has not
experienced the growth nor the acceptance that the
initial enthusiasm foretold for the immediate future.
Several factors act of brake to the expansion of the
commercial activity in Internet, being the main ones
(Meseguer, 2003):
The privacy: The end users feel threatened
their privacy, if they do not know if the
personal data that they provide to a servant of
electronic commerce will be dealed with
confidential form.
The authentication. The users doubt if the
person with whom they communicate he is
truely who claims to be.
The global security. The users fear that the
technology is not sufficiently robust to
protect as opposed to attacks and illegal
appropriations of confidential information,
specially in the payment process.
These fears have their real foundation and its
solution is not trivial. In the first case, the
technology, and in concrete the cryptography, offers
the necessary tools for the protection of stored
information in corporative databases. In the second
case, the immediate solution that it offers the
cryptography comes from the hand of digital
certificates. As far as the third fear, the modern
cryptography and the products of security provide
the solutions to the problems again. Therefore, it is
possible to be affirmed that the true barriers to the
electronic commerce are not as much technological
as human, since the technology has been able to
surpass the difficulties that have been appearing to
assure the process of electronic purchase.
In the article we present the designed and
implemented prototype. One is a virtual store, in
which a electronic payment system has been
integrated that allows the commercialization of
software for mobile devices. This type of
applications has a great importance in the present
market since they facilitate mobility, increase to the
range of users and the possibilities of use.
The created system includes a series of
interesting new features, first of them is the method
of electronic payment chosen to make the product
purchases in the site. In Spain the method payment
par excellence are the credit card (AECE, 2004),
being this including in most of sites. In our case we
have chosen a novel form to realize these operations,
for it the clients must associate the data of their
credit cards or current accounts with a resource that
allow the direct communication with us, in this case
the electronic mail or the mobile telephone. When
doing this, the client creates a payment portfolio that
only can be managed through the resource chosen,
allowing making payments and taking a detailed
control of the realized operations.
Another novel aspect is the necessity to activate
the product before being able to use it in the
movable device. Thanks to this, the system improves
the scalability, personalization and availability in
real time of the products, since at any moment the
unloaded and activated copies of software can be
In summary, to be able to begin to use anyone of
products, the clients must make the following
Download his compatible version of software
its device.
Make the purchase of the product through a
POS that use the electronic mail instead of
the credit card.
A purchase code is given back to the user.
To activate the bought product
The client must introduce the data of chosen
software and the code of purchase obtained
when paying
The site sends to the client the code of
activation to the specified email.
Figure 4: Purchase steps within the web site.
In order to assure this process unloading - sale -
activation, the products of the site are sold in
individual way giving back for each one of them a
purchase code that allows its later activation. By this
the concept of "shopping cart" has not been used, it
is to say products are sold separately and by means
of independent processes of purchase.
The data necessary to make the activation,
information of products and the client are stored in a
centralized data base. The architecture of the system
therefore is structured in three levels, light client -
servant of applications - database Server.
6.1 Personal data storage
The effective legislation in Spain, LOPD, establishes
that it is necessary to notify in the Data Protection
Agency all the files that contain personal character
data (clients, suppliers, associate, personnel, etc)
which they allow to identify physical people.
In the case of the created web site, the only data
that is stored is the email of the purchaser, which by
itself does not consider information that can cause
lost or damages to the client. This single data is used
to make the dispatch of the activation code, in this
sense is recommendable, but no obligatory, to
communicate the article 5 of the LOPD (MI, 1999),
including a clause in the own electronic mail (of this
form, a greater security about the origin of the data
and the identity of the file owner is obtained).
If the purpose of the email stored was to make
indiscriminate shipment of mails containing
publicity or promotions, is due to consider that its
prohibit from the approval of the LSSI (MITC,
2002). In this point LLSI, says that the Spam made
by Spanish companies or which they have an
establishment in Spain is prohibited.
On the contrary, if they only want to send
electronic advertising, it’s necessary to obtain the
express consent of the user (making click in a field
specifically prepared for it), not being valid those
abusive clauses that they suppose a consent no
emitted specifically.
In the case of collecting more personal data, as
for example the full name if it would be obligatory
to register the data base used to store the data of
activated products. To clarify in this point, that the
data gathered in this form are not going to be
provided to third parties and the user has the
possibility of modifying them or of eliminating them
through the contact section of the web site.
This paper make a revision of the aspects most
important to consider in the processes associated to
the electronic commerce. In this sense the electronic
commerce is a useful tool to make businesses, but
the existing distrust has put in doubt its
development. Therefore a very important aspect, due
to the type of information that is handled, is the
relative one to the security necessary to guarantee
the transactions.
Is an interesting fact that in all activity of
purchase, which continues worrying is the operation
of payment, that is to say, the moment in which the
buyer faces the window where has introduced its
credit card data and doubt at the time of pressing the
button "Send". Therefore, one of the main
conclusions extract is that the true barriers that
restrain the ecommerce development are not as
much technological as human. At the present time
the existing technology is able to guarantee the
privacy and the security of the made transactions.
As fundamental conclusion, the propose solution
innovates no single in the implemented modality of
payment, but that in addition considers the effective
legislation and makes agile and assures the process
purchase with the activation of each product in an
individual way. When activating the product we
improved the scalability, customisation and
availability in real time of the same one, since at any
moment it allows to know unloaded and activated
copies of software. The developed system has been
designed in such a way that in future new
functionalities and improvements can be introduced
easily and quickly. Among them, emphasizes the
possibility of including in all the pages of the site
compatibility with standard WAI
( and access multi device.
This would allow increasing the usability,
accessibility and mobility of the site users.
ACTS Guideline SII G9, 1998. Electronic Commerce.
Asociación Española de Comercio Electrónico (2004),
Estudio Comercio Electrónico B2C en España 2004.
Bartolomé, T., Iturraspe, U. (2002), Negocio Electrónico:
Pasarelas de Pago. Robotiker electronic review, n 11.
Casas, R. (2003), Legislación de Internet y comercio
electrónico, Ed. Tecnos.
Hayes, J., Finnegan, P. (2003), Electronic business
models: a synthesis and field study.
Meseguer, A. (2003), Situación y perspectivas del
comercio electrónico en España: Un análisis a través
del volumen del negocio electrónico, Esic market.
Ministerio de Administraciones Públicas. (1996), Ley
7/1996, de 15 de enero de Ordenación del Comercio
Pastor, C., Martinez, C. (2002), ABC del Comercio
Electrónico, Robotiker electronic review, n 0.
Pilioura, T. (1998), Electronic Payment Systems on Open
Computer Networks: A Survey. Electronic Commerce
Objects, D. Tsichritzis (Ed.), Centre Universitaire
d'Informatique, University of Geneva, July 1998, pp.
Pfleeger, C. (1996), Security in computing, Second
Edition. Englewood Cliffs, NJ: Prentice Hall.
Reynolds, Jonathan (2000), eCommerce: a critical review.
Internacional Journal of Retail and Distribution
Management, Vol. 28, N. 10. pp. 417-444.
Smith, M., Bailey J., Brynjolfsson E. (1999),
Understanding Digital Markets: Review and
Assessment. The Digital Economy, MIT Press,
Vázquez, E. y Berrocal, J. (2000), Comercio electrónico:
materiales para el análisis, Ministerio de Fomento.