SICS 3653: E-COMMERCE AND E-BUSINESS

Ebenezer Nortey Yebuah (ETONY)

outline

Introduction to E-Commerce
• • • •

Definition of E-Commerce and E-business Major types of E-Commerce (briefly) History of E-Commerce Benefits of E-Commerce to
  


The digital economy
• • • • • •

Limitations of E-Commerce The new Business environment Business pressures Organizational responses E-marketing issues Economics of E-marketing Effects of marketing on organizations

Organizations Consumers society

E-Marketing

  

E-Commerce technology/infrastructure Communications network Security and legal issues
• • • • • Need for E-Commerce security Basic security issues Types and treats and attacks Security risk management Securing E-Commerce communication

 

Business models for E-Commerce Implementation of E-business systems

Definition of E-Commerce and business

E-Commerce: the process of buying, selling, or exchanging products, services, and information through computer networks.
• • • • • • • Communication: the delivery of goods, services, information, or payment electronically Commercial: the ability to buy and sell products, services, and information electronically Business process: completing business process electronically i.e. replacing physical process with information Services: tool for improving the quality of customer services, and increasing the speed of service delivery whiles cutting cost learning: enables online training and educations Collaborative: supports inter and intraorganizational collaboration Community: provides a meeting place for members to learn and collaborate.

Definition of E-Commerce and business

Commerce: transactions between business partners. (electronically=ecommerce) E-business: the buying and selling of goods and services and also serving customers, collaboration with business partners, and conducting electronic transactions with an organization.

Definition of E-Commerce and business

Various forms of E-Commerce based on the level of digitalization,
  

Of the products/services The process The delivery agent

Brick and mortar organization: Virtual organizations : Click and mortar:

pure physical organization. • Conduct all their business activities on physically

zero digitalization i.e.

digitalization of 1 i.e. (pure play) • Does all business tractions inline. partial digitalization i.e. click and mortar • Has an online presence, but does basic business processes physically

Types of E-Commerce

The nature or transaction or interaction is mostly used to class the E-Commerce
• Business-to-business B2B: transactions between business partners • Business-to-consumer C2C: transactions between business organizations and individual shoppers • Consumer-to-business C2B: transaction in which individuals sell products and services to business • Consumer-to-consumer C2C: transactions between individual consumers

Interdisciplinary nature of E-Commerce: computer science, marketing, consumer behavior, finance, economics, management information systems, accounting, management, business, law, robotics, public administration and engineering.

History

Electronic funds transfer (early 1970s)

“It use was mostly limited to large organizations, financial institutions, and a few hardcore business”

Electronic Data Interchange,

“use to transfer routine documents, which expanded electronic transfers from financial institutions to manufacturers, retailers, services industries etc”

Internet and the world wide web: the commercialization of the internet, saw the coining of the term E-COMMERCE.

E-Commerce applications quickly multiplied due to the rapid development of new networks, protocols, and EC software, due to increase in competition and other business pressures

There has been many innovative applications, ranging from online direct sales to E-learning.

Benefits of E-Commerce

The E-Commerce revolution is as profound as the change that accompanied the industrial revolution (Clinton and Gore 1997) E-Commerce enormous potential benefits to organizations, individuals and society, considering
• • • • • The global nature of the technology The opportunity to reach millions of people Its interactive nature The variety of possibilities for its use The resourcefulness and rapid growth of its supporting infrastructure (especially the web)

Benefits of E-Commerce

Organizational benefits
• • • • • • • • • • • • • Global reach: can easily and quickly locate the best suppliers, more customers and more suitable business partners. i.e. buy cheaper and sell more. Cost reduction: EC decreases the cost of creating, processing, distribution, storing and retrieving paper-based information. Supply chain improvement: supply chain inefficiencies can be minimized e.g.. Inventory and deliver delays Extended hours:24/7/365 Customization: pull-type production (build-to-order) New business models: tendering (reverse auction), name-your-own-price model, affiliate marketing, viral marketing etc. Vendors’ specialization: EC enables high degree of specialization Lower communication cost: EC lowers telecommunications cost. Efficient procurement: EC can reduce administrative cost, purchasing prices, and reducing cycle time. Improved customer relations: EC enable close customer relations Up-to-date company material: EC enables company information to be updated by the minute No city business permits and fees etc

Benefits of E-Commerce

Consumer benefits
• ubiquity: EC allows shopping 24/7/365 from almost any location. • More products and services: EC gives more choices. • Cheaper products and services: EC providers price variety for goods and services • Instant delivery: e.g. digitized product • Information availability: relevant and detailed information in seconds • Participate in auctions: virtual auctions • Electronic communities: consumers can interact with other consumers • Get it you way: customization and personalization of products and services • No sales tax: most online sales are tax free

Benefits of E-Commerce

Societal benefits
• Telecommuting: more people work and shop at home • Higher standard of living: competitive prices allow lower income earners to shop more • Hope for the poor: great opportunity for the poor to sell, buy and learn new skills • Availability of public services: health care, education, and distribution of government social services can be done at a reduce cost to a large number of people.

Limitations

Technological
• Lack of universally accepted standards for quality, security, and reliability • Telecommunication bandwidth is insufficient (mostly for m-commerce) • Software development tools are still evolving. • Difficulties in integrating the internet and EC software applications and databases. • Special web servers are needed in addition to the network servers (added cost) • Internet accessibility is still expensive and/ or inconvenient • Order of fulfillment of large-scale B2C requires special automated warehouses

Limitations

Non-technological

• Security and privacy concerns deter some customer from buying • Lack of trust in EC and in unknown sellers hinder buying • Many legal and public policy issues, including taxations, remain unresolved • National and international government regulations sometimes get in the way • Difficulty in measuring some benefits in EC. (e.g. advertising,) lack of matured measurement methodology • Some customers like to touch and feel the product • Adamant to change from physical to virtual store • Lack of trust in paperless, faceless transactions • Insufficient number (critical mass) of sellers and buyers (some cases) needed to make profit • Increasing number of fraud on the net • Difficulty to obtain venture capital due to the dot-com disaster

Digital Economy

The Digital revolution

Digital Economy: an economy that is based on digital technologies, including digital communications networks, computers, software, and other related information technologies.

Digital networking and communications infrastructures provides the global platform over which people and other organizations interact, communicate,, collaborate and search for information. Choi and whinston says this platform is characterized by
• • A vast array of digital products: databases, news & information, books, software ETC, that delivered over a digital infrastructure any time, anywhere in the world Consumers and firms conducting financial transaction digitally through digital currencies or financial tokens that are carried via network computers and mobile devices Microprocessors and networking capabilities embedded in physical goods such as home appliances and automobiles

Digital Economy

Digital economy: the convergence of computing and communications technology on the internet and other networks and the resulting flow of information and technology that is stimulating e-commerce and vast organizational changes. This convergence is enabling all types of information (data, audio, video, etc) to be stored, processed, and transmitted over networks to many destinations worldwide The digital economy is creating a digital revolution, evidence by unprecedented economy performance and the longest period of uninterrupted economic expansion in certain parts of the world. Web-based E-Commerce systems are accelerating the digital revolution by providing competitive advantage to organizations

The new business environment

Highly competitive (due to economic, societal, legal and technological factors) Quick and sometimes unpredictable change The need for more production, faster and with fewer resources

The new business environment

Huber (2003) “new business environment created due to accelerated advances in science” This advances creates scientific knowledge This scientific knowledge feeds on itself resulting in more and more technology Rapid growth in technology results in a large variety of more complex systems.

The new business environment

As a result the business environment is characterized by
• A more turbulent environment ( more business problems and opportunity) • Stronger competition • Frequent decision making by organizations • Large scope for decisions considerations (market, competition, political and global) • More information/knowledge needed for decisions

Pressure on businesses

Market and economic
• Strong competition • Global economy • Regional trade agreement • Extremely low labour cost in some regions • Frequent and significant changes in markets • Increase power of consumers

Pressure on businesses

Societal
• Changing nature of workforce • Government deregulation- more competition • Shrinking government subsidies • Increased importance of ethical and legal issues • Increased social responsibility of organizations • Rapid political changes

Pressure on businesses

Technological
• Increasing innovations and new technologies • Rapid technological obsolescence • Rapid decline in technology cost versus performance ratio

Pressure on businesses

Business as usual no more enough (price reduction & closure of unprofitable facilities) Need for new innovations (critical response activities)
• • • Customization Creating new products Providing superb costumers services

E-commerce facilitate most of these responses

Organizational responses

Strategic systems: provides org. with strategic adv.
• • • Increase their market share Better negotiation with their suppliers Prevent competitors from entering their territory e.g. FedEx tracking system

Continuous improvement efforts & BPR: continuous efforts to improve productivity, quality and customer services
• E.g. Dell ERP and Intel’s customer tracking

Organizational responses

Customer relationship management: e.g. personalization, salesforce automation Business alliances: org. enter collaborate for mutual benefit aided mostly by e-commerce. Electronic markets Reduction in cycle time & time to market: e.g. use of extranet Empowerment of employees: the ability to take decision on costumers (decentralization) Supply chain improvement:
• • • Reduce supply chain delays Reduce inventories Eliminate inefficiencies

Organizational responses

Mass customization: production of large customized items ( in an efficient way) Intra-business: from sales force to inventory control Knowledge management: the process creating or capturing knowledge, storing and protecting it, updating, maintaining and using it.

Combining it

How can org. turn digital to gain competitive adv by using EC?
• Right connective networks

Brick & mortar against digital

Brick & mortar
• • • • • • • • • • • • • • • •

Selling in physical stores Selling tangible goods Internal inventory/production planning Paper catalogs Physical marketplace Physical & limited auctions Broker-based service transactions Paper-based billing Paper-based tendering Push production Mass production (standard) Physical based commission marketing Word-of-mouth slow advertisement Linear supply chain Large amount of capital needed Cost>value

Digital
• • • • • • • • • • • • • • • •

Selling online Selling digital goods Online collaborative inventory forecasting Smart e-catalogs Electronic market-space Online auctions everywhere, anytime Electronic Info-mediaries, value added services Electronic billings Pull production Mass customization Affiliate, viral marketing Explosive viral marketing Hub-based supply chain Less capital needed Small fixed cost Cost=value

Electronic marketplaces

Electronic marketplace: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically. Functions of markets:
• matching buyers and sellers • Facilitating exchanges of goods/services and payments associated with market transactions • Provide institutional infrastructure

Electronic marketplaces

Together with IT, EC has greatly increased market efficiencies
• by expediting or improving the functions of market • And lowering transaction and distribution cost • Leading to a well-organized “frictionfree” markets

Market-space components

Customers: the hundreds of millions of people surfing the web are potential buyers of goods/services offered on the net. They looking for
• • • • good deals Customized items Collectors items Entertainment etc

Organizations are the major consumers of EC activities. (85%)

Sellers: millions of storefronts on the Web offering a huge variety of products. ( sells can be done directly from sellers site or from Emarketplaces Products: both physical and digital products (what are the advantages of a digital product?) Infrastructure: hardware, software, networks etc.

Market-space components

Front end: the portion of an e-seller’s business processes through which customers interact, e.g. seller’s portal, e-catalogs, shopping cart, search engine and payment gateway Back end: activities that support online order-taking. E.g. order aggregation and fulfillment, inventory management, purchasing from suppliers, payment processing, packaging and delivery Intermediaries: create and manage online markets. Match buyers and sellers, provide some infrastructure services to and help buyers/sellers to institute and complete transaction. (mostly operate as computerized systems) Other business partners: includes business collaboration mostly along supply chain. Support services: ranging from certification to trust services

Types of electronic markets

There are various types of marketplaces
• B2C
 

Electronic storefronts Electronic malls Private e-marketplace
• Sell-side • Buy-side

• B2B

 

Public e-marketplaces consortia

Types of electronic markets

B2C

• Electronic storefronts: single company’s Web site where product/services are sold (electronic store)

A storefront has various mechanism for conducting sale

• Electronic catalogs (presentation of product information in an electronic form) • A search engine ( a program that can access a database of Internet resources, search for specific information/keywords, and report the result) • An electronic shopping cart: order processing technology that allow shoppers to accumulate items they wish to buy while they continue to shop) • E-auction facilities • A payment gateway etc.

• Electronic malls: an online shopping center where many stores are located

Types of electronic markets

B2B

• Private E-Marketplace: owned by a single company

Sell-side E-Marketplace: a private e-market in which a company sells either standard or customized to qualified companies Buy-side: a private e-market in which a company buys from invited suppliers

• Public E-Marketplace: e-market usually owned by am independent 3rd party with many buyers and many sellers (exchanges) • Consortia: usually owned by a small group of major sellers or buyers usually in the same industry • What is a vertical and horizontal e-market place?

Auctions

Auctions: a market mechanism by which a seller places an offer to sell a product and buyers make bids sequentially and competitively until a final price is reached. Limitations to offline auctions:
• Short time for each item (little time to make decision to bid or not) • Sellers don’t get the right price (or buyers pay more) • Little time to examine product • Physical presences limits the potential bidders • Difficulty in moving goods to auction sites • Pay of rents or auction sites, advertisement and payment of auctioneers and employees add to cost

E-Auctions

Electronic auctions (e-auctions): auctions conducted online.
• Dynamic pricing: change in price due to demand and supply relationships at any given time.
 

Dynamic pricing has several forms (bargaining and negotiations) There are 4 major forms of dynamic pricing depending on how many buyers or sellers there are,
• • • • One buyer, one seller One seller, many potential buyers One buyer, many potential sellers Many buyers, many sellers

E-Auctions

One seller, one buyer: negotiations, bargaining and bartering usually used. (Prices mostly determined by each party’s bargaining power as well as demand and supply in the market and possibly the business environment) One seller, many buyers: (forward auction) a seller entertains bids from buyers.
• • English and Yankee auctions: prices increase as auctions progress Dutch and free fall: prices go down as auctions progress

Assignment (what is English, Yankee, Dutch and free fall auctions) to be submitted before mid-day 29th Feb.. 2008

One buyer, many sellers:
• •

Reverse auctions: a buyer places an item for bidding (tendering) on a request for quote (RFQ) system, potential sellers bid for the item with price reducing sequentially until no more reductions and the lowest bidder wins (mostly B2B G2B mechanism) Name-your-own-price model: a buyer specifies the price ( and other terms) they willing to buy to able suppliers. (mostly C2B model started by priceline.com)

Many sellers, many buyers: (double auction) multiple buyers and their bids are much with their multiple sellers and their asking prices, considering the quantities.

E-Auctions
Benefit to sellers Increase revenues from broadening customer base and shortening cycle time.

Benefits to buyers Opportunity to find unique items and collectible.
 

Benefits to e-auctioneers

Higher repeat purchase

Chance to bargain instead of a buying at a fixed price.

Entertainment.

High stickiness to the web site

Optimal price setting determined by the market

Anonymity, with help of a 3rd party, buyers can be anonymous

Expansion of the auction business.

Can liquidate large quantities quickly

Convenience, can bid from anywhere with any connected gadget. No need to travel to the auction site

Improved customer relationship and loyalty

E-Auctions

Limitations: major limitations are,
• Lack of security • Possibility of fraud • Limited participation

Types of E-Auction Fraud

  

Bid shielding: having fake (phantom/ghost) bidders bid at very high prices and then later pull out at the last minute Shilling: placing fake bids on auction items to artificially jack up the bidding price Fake photos and misleading descriptions Improper grading techniques Selling reproductions

Types of E-Auction Fraud
      

Failure to pay Failure to pay the auction house Inflated shipping and handling cost Failure to ship merchandise Loss and damage claims Switch and return Other frauds, e.g. sale of stolen goods, the use of fake ids, selling to multiple buyers

Protecting against E-Auction Fraud
         

User id verification Authentication service Grading services Feedback Insurance policy Escrow service Nonpayment punishment Appraisal Physical verification

Communications and networks

The extranet is the major network structure used in e-market place and exchanges.

Internet: a public, global communications network that provides direct connectivity to anyone over a LAN through an ISP or directly though ISP Intranet: a corporate LAN or WAN that uses internet technology and is secured behind a company’s firewall.

• Extranets connects both the internet and the companies individual intranets.

• It operates as a private network with limited access (only employees with authorization can use it) • It usually contains sensitive information • It can be used to enhance communication and collaboration among authorized employees, customers, suppliers, and other business partners • Because access is though the net, it doesn’t require any additional implementation of leased network

Communications and networks

Extranets: a network that uses a virtual private network (VPN) to link intranets in different locations over the internet (extended internet)
• VPN: a network that creates tunnels of secured data flows, using cryptography and authorization algorithms, to provide communications over the public internet.

• Provides secured connectivity between a corporation’s intranet and the intranets of its business partners, material suppliers, financial services, government, and customer. • Access is mostly limited and highly controlled

Benefits of Extranets

Szuprowics’s five benefits categories of extranets

• Enhanced communication: enables improve internal communications, improved business partnership channels, effective marketing, sales, and customer support, facilitated collaborative activities support • Productivity enhancements: enables just-in-time information delivery, reduction of information overload, productive collaboration between work groups, and training on demand. • Business enhancements: enables faster time to market, potential for simultaneous engineering and collaboration, lower design and production cost, improved client relationships and creation of new business opportunities • Cost reduction: results in fewer errors, improved comparison shopping, reduced travel and meeting time and cost, reduced administrative and operational cost, and elimination of paper-publishing cost • Information delivery: enables low-cost publishing, leveraging of legacy systems, standard delivery systems, ease of maintenance and implementation, and elimination of paper-based publishing and mailing costs.

Benefits of Extranets

Rihao-Ling and Yen, added other benefits such as,
• Ready access to information, ease of use, freedom of choice, moderate setup cost, simplified workflow, lower training cost, and better group dynamics. • They also listed disadvantages such as, difficult to justified the investment (measuring cost and benefits), high user expectations, and drain on resouces.

E-Marketing

Marketing is an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders. E-Marketing is essentially a part of marketing E-marketing=one aspect of an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders

E-Marketing

Customer-centric e-marketing=
• Applying, digital technologies which from online channels ( web, e-mail, database, plus mobile/wireless and digital tv) • To, contribute to marketing activities aimed at achieving profitable acquisition and retention of customers • Through, improving our customers knowledge ( of their profiles, behavior, value and loyalty drivers), then delivering integrated targeted communications and online services that match their individual needs.

Hence e-marketing=achieving marketing objectives through the use of electronic communications technology

E-Marketing

E-marketing simply put is the application of marketing principles and techniques through electronic media and more specifically the internet. Can also be looked at as, a way of marketing a brand using the internet. Basically it is all the activities a business undertakes using the worldwide web, with the sole aim of attracting new businesses, retaining current business and developing its brand identity.

Internet tools for marketers
 

 

Distribution: a company can distribute through the internet A company can use the internet to build and maintain a customer relationship Money collection part of a transaction can be done online Leads can be generated by through short trial periods, before long-term signing Advertising Avenue for collecting direct response.

Benefits of e-marketing
  

If and when properly and effectively implemented, the ROI from emarketing will far exceed that of traditional marketing. It is at the forefront of reengineering or redefining the way businesses interact with their customers. Most of the benefit can be derived from the
• • • • • •

Other benefits include,
• • •

REACH: truly global reach and cost reduction Scope: wide range of products and services Interactivity: two way communication path Immediacy: provide an opportunity for immediate impact targeting: savvy marketers can easily have access to the niche markets they need for targeted marketing Adaptivity: real time analysis of customer responses leading to minimal advertising spend wastage. Access to unlimited information to customers without human intervention personalization Enables transaction between firms and customers that will typically require human intervention

Limitations of e-marketing

Some of the limitations of e-marketing includes
• • • • Lack of personal approach Dependability on technology Security, privacy issues Maintenance costs due to a constantly evolving environment • Higher transparency of pricing and increased price competition • Worldwide competition through globalization

E-Commerce framework
E-Commerce applications Direct marketing, online Banking, E-government, E-purchasing, job search, M-commerce, auctions, consumer services, etc PILLARS
People Buyers, sellers, Intermediaries, IS people, and management Public policy Support services Marketing & Adv. Partnerships Taxes, legal, Logistics, pay’t, Market’g research, Joint ventures, privacy issues, Content, & promotions, Exchanges, Regulations and security & web content E-marketplace Tech. standards systems dev. & consortia

Business

INFRASTRUCTURAL SUPPORT
Multimedia cont’t & network Publishing Infrastructure (html, java, xml, Vrml etc.)

Common business Massaging & Serv. Infrast’ture info dist. (security, Infrast’ture smart cards/ (EDI, e-mail, Authentication Hypertext, Electronic payment

Network infrastructure (telecom, cable tv Wireless, Internet)

Interfacing Infrastructure (with database, Business partners Applications)

The need for E-Commerce security
 

There is need for E-Commerce security due to the increasing cyber attacks and cyber crimes. A recent survey of security practitioners yielded the following results,
• Organizations continue to have cyber attacks from both in and outside of the organization • The cyber attacks varied, e.g. computer virus, Net abuse ( unauthorized users of the internet) by employees, denial of services • The financial losses from cyber attacks can be substantial • Takes more then one type of technology to defend against cyber attacks.

Basic security issues

EC security involves more than just preventing and responding to cyber attacks and intrusion. e.g. a user connects to a Web server at a market site to obtain some product literature (Loshin 1998).
• To get the literature, he is asked to fill out a Web form providing some demographic and other personal information.

What are the security concerns that can/will arise in a situation like that?

Basic security issues

From the user’s perspective,
• How can he know, that, the Web server is own and operated by legitimate company? • How does he know that the Web page and form do not contain some malicious or dangerous codes or content? • How does he know that the Web server will not distribute the information to some third party?

Basic security issues

From the company’s perspective,
• How does the company know that the user will not attempt to break into the Web server or alter the pages and content at the site? • How does the company know that the user will not try to disrupt the server so that it isn’t available to others?

Basic security issues

from both parties perspective,
• How does the parties know that the network connection is free from eavesdropping by a third party “listening” on the line? • How do they both know that the information sent back and forth between the server has not been altered

Basic security issues

With transactions that involves E-payments, additional types of security must be confronted. • • • • • • • Authentication: the process by which one entity verifies that another entity is who they claim to be. Authorization: the process that ensures that a person has the right to access certain information Auditing: the process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions Confidentiality (privacy): keeping a private or sensitive information from being disclosed to unauthorized individual, entities, or processes. Integrity: the ability to protect data from being altered or destroyed in an unauthorized or accidental manner. Availability: the ability of a person or a program to gain access to the pages, data, or services provided by the site when they need it. Nonrepudiation: the ability to limit parties from refuting that a legitimate transaction took place usually by the means of a signature

Types of threats and attacks

There are two types of attacks:
• Technical and non-technical.

Technical attacks: an attack perpetrated using software and systems knowledge or expertise Non-technical attacks: an attack that uses deceit to trick people into revealing sensitive information or performing actions that compromise the security of a network.
• (social engineering): an attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access. There are two types:  Human based: based on traditional mode of communication. ( in person or over the phone)  Computer based: technical ploys used to get individuals to provide sensitive information

Types of threats and attacks

social engineering cont. • The key to successful social engineering rest with the victims. combating it also rest with the victims.  Certain positions are more vulnerable than others, ( employees who deals with both confidential information and the public. E.g. secretaries, and executive assistants, database and network administrators, computer operators and call-center operators. How to deal with it: multi-prong approach should be used to combat it. ( Damle 2002) • Education and training: all staff ( mostly those in vulnerable positions) must be educated about the risk, techniques used by hackers and how to combat it. • Policies and procedures: for securing confidential information and measures needed to respond to and report any social engineering breaches. • Penetration and testing: on regularly bases by outside expect playing the role of hackers. Staff must be debriefed after penetration test and any weaknesses corrected.

Types of threats and attacks

Technical attacks: experts usually use methodical approach. Many software tools are easily and readily available over the internet that enables a hacker to expose a systems vulnerabilities.
• In 1999, Mitre corporation (cve.mitre.org) and 15 other security-related organizations started to count all publicly known CVEs ( common (security) vulnerabilities and exposures. • CVEs: publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations.

Types of threats and attacks

The two very well known technical attacks that have affected the lives of millions are:
1. DDoS ( Distributed Denial of Service) attack: an attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the users computer.

DoS (Denial-of-Services) attack: an attack on the web site in which an attacker uses specialized software to send a flood of data packets to the targeted computer with the aim of overloading its resources. DDoS software are loaded on machines known as Zombies

2.

Malware (malicious codes): they are mostly classified by the way they are propagated. They all have the potential to damage.
Malware takes a variety of forms and their names are mostly from the real–world pathogens they look-like,

Types of threats and attacks

Viruses: a piece of software code that inserts itself into a host, including the operation system, to propagate. It requires the running of the host program to activate it. Can’t run independently

Worms: a program that can run independently, will consume the resources of its host from within in order to maintain itself, and can propagate a complete working version of itself onto another machine.
Major difference between a worm and a viruses: a worm can propagate between systems (mostly through a network) whiles viruses propagate locally.

Viruses have two components:  Propagation mechanism by which it spreads  A payload refers to the what it does once it is executed Some viruses simply spread and infect, others do substantial damage ( e.g. deleting files or corrupting the hard ware)

Macro viruses or macro worms: executes when the application object that contains the macro is open or a particular procedure is executed. Trojan horse: a program that appears to have a useful function but that contains a hidden function that presents a security risk.

There are various forms of Trojan horse, but the one of interest is the one that makes it possible for someone else to gain access and control a persons computer other the net. This types of Trojans have two parts: server and clients. The serve is the program that runs on the computer under attack, and the client is used by the person perpetrating the attack.

Managing Security

Some basic mistakes in managing security risk, includes
• Undervalued information. Few organizations have a clear understanding of the value of specific information asset • Reactive security management. Most companies focus on security after an incident • Narrowly defined security boundaries. Most organization are just interested in securing their internal network and don’t try to understand the security issues of their supply chain partners • Dated security management processes. Some organizations hardly update or change their security practices or update the security knowledge and skill of their employees • Lack of communication about security responsibility. Security is often view as an IT problem and not a company problem.

Security risk management

Security risk management: is a systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks. It has four stages:
• Assessment: organization evaluate their security risks by determining their assets, the vulnerability of their system and the potential treats to these vulnerabilities. This can be done,
  

By relying the knowledge and skill of the IT personnel By using outside IT consultant or By using a honeynet to study the types of attack to which a site is being actively subjected to.

Security risk management

Honeynet: is a way to evaluate vulnerability of an organization by studying the types of attack to which a site is subjected, using a network of systems called honeypots. Honeypots: production systems ( e.g. firewalls, routers, web servers, database servers) designed to do real work but to be watched and studied as network intrusions occur.

• Planning: the aim here is to arrive at a set policies defining which threats are tolerable and which aren’t and what is to be done in both cases.

a tolerable threat is one with a very high cost of safeguarding or the risk too low.

• Implementation: involves the choose and use of particular technologies to counter the high-priority threats. • Monitoring: ongoing process to determine successful or unsuccessful measures, need for modification, find new threats, find advances in technology and locate which new business assets needs securing.

Securing EC communications

there are two types of technology to secure communication on a network.
• Technologies for securing communications across the network and for securing communication on the network.

EC of all sorts rests on the concept of trust, and PAIN is used to represent the key issues of trust that arises.

Securing EC communications

Information security requires
• • • the identification of legitimate parties to a transaction, the actions they are allowed to perform determined and limited to only those necessary to initiate and complete the transaction.

This can be achieved through an authentication system

Authentication system: is a system that identifies the legitimate parties to a transaction, determines the actions they are allowed to perform, and limits their actions to only those that are necessary to initiate and complete the transaction

Securing EC communications

Authentication system have five key elements, namely,
• A person or group to be authenticated • A distinguishing characteristic that asides the person or the group apart • A proprietor responsible for the system being used • An authentication mechanism for verifying the presence of the differentiating characteristic • An access control mechanism ( a mechanism that limits the actions that can be perform by an authenticated person or group) for limiting the actions performed by the authenticated person or group

Securing EC communications

Distinguishing characteristic in an authentication system can be something

• One knows (e.g. password, pass phrase, PIN ) • One has (e.g. ID card, a security token, software, cell phone ) • One is (e.g. fingerprint, DNA, signature, voice recognition)

Traditionally authentication systems has mostly been passwords (which are very insecure) Stronger security can be achieved by combining what someone knows with something one has ( technique know as two factor authentication T-FA)

Securing EC communications

Tokens: there are two types of
• Passive tokens: storage devices used in a two-factor authentication system that contain a secret code • Active tokens: small stand-alone electronic devices in a two-way authentication system that generate one-time passwords.

Securing EC communications

Biometric Systems: authentication systems that identifies a person by measuring biological characteristic such as fingerprints, iris (eye) pattern, facial features or voice There are two forms of biometrics
• Physiological biometrics: measurements derived directly from different parts of the body (e.g. fingerprints, iris, hand, facial characteristics) • Behavioral biometrics: measurement derived from various actions and indirectly from various body parts (e.g. voice scan or keystroke monitoring)

Securing EC communications

Fingerprinting scanning: measurement of the discontinuities of a person fingerprint, converted to a set of numbers that are stored as a template and use to authenticate identity Iris scanning: measurement of the unique spots in the iris (colored part of the eye) converted to a set of numbers that are stored as a template and used to authenticate identity Voice scanning: measurement of the acoustical patterns in speech production, converted to a set of numbers that be stored as a template and used to authenticate identity. Keystroke monitoring: measurement of the pressure, speed, and rhythm with which a word is typed, converted to a set of numbers and stored as a template and used to authenticate identity.

Securing EC communications

Public key infrastructure (PKI): a scheme for securing e-payments using public key encryption and various technical components. Encryption: the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an authorized person to unscramble (decrypt) it.
All encryptions has four basic parts.

Securing EC communications

Plaintext: an unencrypted message in human-readable form. Encryption algorithm: mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa Key: secret code used to encrypt and decrypt a message Ciphertext: a plaintext message after it has been encrypted into a machine readable form
• There are two form of encryption systems
 

Symmetric system and Asymmetric system

Securing EC communications

Symmetric (private) Key system: an encryption system that uses the same key to encrypt and to decrypt the message.

The key is only know to the sender and the receive (hence the name private key)

Asymmetric (public) key encryption: encryption that uses a pair of matched keys, a public key to encrypt and a private key to decrypt it or vise versa.
• Public key: encryption code that is publicly available to anyone • Private key: encryption code that is know only to the sender and the receiver (owners).

Securing EC Networks

Many technologies exist to ensure that an organization’s networks is secured or detected when intruded.

• Firewall: a network node consisting of both hardware and software that isolates a private network from a public network. • Personal firewall: a network node designed to protect an individual user’s desktop system from the public network by monitoring the traffic that passes through the computers network interface. • Virtual private networks (VPN): a network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network • Intrusion detection systems (IDS): a special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated actions based on what it sees.

Business models in E-Commerce

Business model: a method of doing business by which a company can generate revenue to sustain itself. Structure of business models: structure of business models varies greatly based on the company, and the industry environment.
• Weill and Vitale (2001) 8 atomic business model
       

Direct marketing, intermediary, content provider, full service provider, shared infrastructure, value net integrator, virtual community, and consolidator of services (for large organizations)

Business models in E-Commerce
• Each of this models is characterized by
Strategic objectives  Source of revenue  Critical success factors  Core competencies required

• These models must specified
Their revenue models  Value propositions

Revenue model

Revenue model: how an EC project or company will make or earn money. Major revenue models are,
• Sales: revenue from selling on their web site or providing services • Transaction fees: commissions based on the volume of transactions made. ( fixed or incremental) • Subscription: payment of fees usually monthly or quarterly to get some type of service • Advertising fees: companies charge others for placing ads on their sites • Affiliate fee: companies get paid for referring customers to other sites • Other revenue models: game sites, licensing fees etc.

Value proposition

Value proposition: the benefits a company can derive from using EC. (B2C EC e.g. defines how a company’s product or service fulfills the needs of customers.
• Specifically how does for example e-marketplaces create value?

• Amit & Zott (2001) identified 4 sets of values  Search & transaction cost efficiency: • Enables faster and more informed decision making, wider product and service selection etc  Complementarities: bundling some goods and services together to provide more value than when offered separately  Lock-in: high switching cost that ties customers to certain suppliers  Novelty: developing innovative ways for structuring transactions, connecting partners, and fostering new markets

Value proposition
• Bakos (1991) values,  Reduced search cost  Significant switching cost  Economics of scale and scope  Network externality • Other value propositions,  Demand (and/ supply) aggregation: affords suppliers with wider market access and buyers with more choices and both with competitive prices and

Interfirm collaborations: enables business participants to deepen their business relationships leading to improvement in individual business processes and overall supply chain performance

Types of business models in EC

Online direct marketing: selling online from a manufacturer to a customer (e-tailing) Electronic tendering system: (tendering, reverse auction) buyers request would be sellers to submit bids for an item/service/project and the lowest bidder wins Name-your-own price: a buyer sets the price he wants to pay for a product/service Find the best price: a buyer submits its needs and an intermediate matches it against a database of sellers, locates the lowest price and submit it to the buyer to accept or reject. Affiliate marketing: marketing partner refers consumers to a selling company’s web site for a commission (virtual commissioned sales force)

Types of business models in EC

Viral marketing: Web-based word-of-mouth marketing in which a customers promotes a product or service to friends or other people Group purchasing: quantity purchasing that enables groups of purchasers to obtain a discount price on the products purchased (demand aggregation) Online auctions: bidding for products and services with the highest bidder getting the item. Product and service customization: creation of a product or service to meet the buyers specifications. Electronic marketplaces and exchangers: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically.

Electronic payments (e-payment)

E-payments: payments made electronically rather than by paper (cash, checks, vouchers, etc) Electronic payments methods expedite payments online and reduces processing costs, but must it must be safe and trusted by users. The major methods of e-payments in use includes,

Electronic payments (e-payment)
    

Electronic payment cards (credit, debit, charge) Virtual credit cards E-wallets (or e-purses) Smart cards Electronic cash (several variations)
• • • • • Wireless payments Stored-valued cards payment Loyalty cards Person-to person payment cards

Payments made electronically at kiosk Electronic checks Purchasing cards Electronic letters of credit Electronic funds transfer (ETF) Electronic benefit transfer (EBT) Etc

Other methods used mostly for B2B payments

     

The underling similarity is the ability to transfer or make a payment from one person or party to another person or party over a network without face-to-face interaction.

Electronic payments (e-payment)

Whatever the payment method is, five parties may be involved,

• Customer/payer/buyer: the party making the e-payment in exchange for goods or services • Merchant/payee/seller: the party receiving the e-payment in exchange for goods or services • Issuer: the banks or the non-banking institutions that issued the epayment instrument used to make the purchase • Regulator: usually a government agency whose regulations control the e-payment process • Automated Clearing House (ACH): an electronic network that transfers money between bank accounts. • Issuers play a key role in online purchases for 2 reasons,
 

Customers must obtain their e-payment accounts from an issuer Issuers are mostly involved in authenticating a transaction and approving the amount involved. Because buyers and seller are not at the same place to exchange their goods and services, issues of trust arise, and PAIN has been devised to address such issues.

Electronic payments (e-payment)

Characteristic of successful e-payment methods
• • How do u get buyers to adopt a method when there are few sellers using it? And how do you get sellers to adopt a method when very few buyers are using it? (chicken and egg problem)

Some factors or characteristics or successful e-payment are,
• • • • • • • independence: e-payment that require the payer to install specialized components are less likely to succeed Interoperability and portability: an e-payment system must mesh with existing interlinked systems and applications and must be supported by standard computing platforms Security: the risk for the payee must be higher the payer (must be very safe) Anonymity: e-payment systems must be anonymous to hide the identity of those who wants to remain so Divisibility: must be usable for both high and low purchases Ease of use: must be pretty easy to use Critical mass: a critical mass of vendors must be willing to accept the payment, conversely a critical mass of places to acquire the payment methods must exist

Electronic payments (e-payment)
  

Using e-payment reduces transaction cost by 30 to 50 percent compared to off-line payments It is faster Makes it possible to conduct business across geographical and political boundaries (greatly enhancing the possibility of international deals and transactions E-payment is very important in EC because,
• There is no trade without a payment system • A good and secured payment system increases the trust and confidence of buyers

Electronic payments (epayment)
Electronic cards: are plastic cards that contain digitized information, that can be used for payment and for other purposes such as identification and access to secure locations.
• Payment cards: electronic cards that contains information that can be used for payment purposes. there three types of payment cards

Credit cards: providers the holder with a credit to make purchases up to a limit fixed by the issuers. (users normally don’t pay any fee for using it, just a high interest on their unpaid balance) Charge cards: are like monthly loans given to the user, that he/she is required to pay back in full at the end of the month or upon receipt of monthly statement. (usually no interest is paid on such cards, just an annual fee and or severe penalty for failure to pay balance in full) Debit cards: with a card the money for a transact comes directly from the users account

Electronic payments (e-payment)

Virtual credit cards: a payment system in which the issuer gives a special transaction number that can be used online in place of a regularly credit card number. E-wallets: is a software component in which a user stores credit card numbers and other information; when shopping online, the user simply clicks the e-wallet to automatically fill in information needed to make a purchase.

Electronic payments (e-payment)

Smart Cards: an electronic card contains an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card.
• Some applications of smart cards:

 

Loyalty cards; retailers are using loyalty cards to identify their loyal customers and reward them Financial application; financial institutions, payment associations, credit cards, debit cards, charge card issuers are all using smart cards to extend the traditional card payment services Transportation Identification; smart cards fits perfectly in the identification market

Electronic payments (e-payment)

Electronic cash: the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items.
• E-cash has various variations;
   

Wireless payments Stored-value cards E-loyalty P2P payment: e-payment schemes that allows the transfer of funds between two individuals

Payment made electronically at kiosk; customers acting as cashiers and checking themselves out.

Electronic payments (e-payment)

Sign up to vote on this title
UsefulNot useful