Introduction to E-Commerce E‡ ‡ ‡ ‡ Definition of E-Commerce and E-business EEMajor types of E-Commerce (briefly) EHistory of E-Commerce EBenefits of E-Commerce to E  

Organizations Consumers society


Limitations of E-Commerce EThe new Business environment Business pressures Organizational responses E-marketing issues Economics of E-marketing EEffects of marketing on organizations

The digital economy
‡ ‡ ‡ 

‡ ‡ ‡ 


E-Commerce technology/infrastructure Communications network Security and legal issues
‡ ‡ ‡ ‡ ‡ Need for E-Commerce security EBasic security issues Types and treats and attacks Security risk management Securing E-Commerce communication E- 

Business models for E-Commerce EImplementation of E-business systems E-

Definition of E-Commerce and Ebusiness 

E-Commerce: the process of buying, selling, or exchanging products, Commerce: services, and information through computer networks.
‡ ‡ ‡ ‡ ‡ ‡ ‡ Communication: Communication: the delivery of goods, services, information, or payment electronically Commercial: Commercial: the ability to buy and sell products, services, and information electronically Business process: completing business process electronically i.e. replacing process: physical process with information Services: Services: tool for improving the quality of customer services, and increasing the speed of service delivery whiles cutting cost learning: learning: enables online training and educations Collaborative: Collaborative: supports inter and intraorganizational collaboration Community: Community: provides a meeting place for members to learn and collaborate.

 . collaboration with business partners. and conducting electronic transactions with an organization.Definition of E-Commerce and Ebusiness  Commerce: Commerce: transactions between business partners. (electronically=e(electronically=ecommerce) E-business: the buying and selling business: of goods and services and also serving customers.

but does basic business processes physically . (pure play) ‡ Does all business tractions inline. ‡ Conduct all their business activities on physically  Brick and mortar organization: organization: Virtual organizations : Click and mortar: mortar: digitalization of 1 i.Definition of E-Commerce and Ebusiness  Various forms of E-Commerce based on the level Eof digitalization.    Of the products/services The process The delivery agent zero digitalization i.e.  partial digitalization i. click and mortar ‡ Has an online presence.e.  pure physical organization.e.

finance. law. Emarketing. robotics. economics. business. consumer behavior. management. . public administration and engineering.Types of E-Commerce E The nature or transaction or interaction is mostly used to class the E-Commerce ‡ Business-to-business B2B: transactions between business partners Business-toB2B: ‡ Business-to-consumer C2C: transactions between business Business-toC2C: organizations and individual shoppers ‡ Consumer-to-business C2B: transaction in which individuals sell Consumer-toC2B: products and services to business ‡ Consumer-to-consumer C2C: transactions between individual Consumer-toC2C: consumers  Interdisciplinary nature of E-Commerce: computer science. management information systems. accounting.

EE-Commerce applications quickly multiplied due to the rapid development of new networks. E- . retailers. ranging from online direct sales to E-learning. which expanded electronic transfers from financial institutions to manufacturers. and a few hardcore business´  Electronic Data Interchange. due to increase in competition and other business pressures  There has been many innovative applications.History  Electronic funds transfer (early 1970s) ³It use was mostly limited to large organizations. protocols. ³use to transfer routine documents. services industries etc´  Internet and the world wide web: the web: commercialization of the internet. Interchange. financial institutions. saw the coining of the term E-COMMERCE. and EC software.

individuals and society.Benefits of E-Commerce E The E-Commerce revolution is as profound as the Echange that accompanied the industrial revolution (Clinton and Gore 1997) E-Commerce enormous potential benefits to organizations. considering ‡ ‡ ‡ ‡ ‡ The global nature of the technology The opportunity to reach millions of people Its interactive nature The variety of possibilities for its use The resourcefulness and rapid growth of its supporting infrastructure (especially the web)  .

. Cost reduction: EC decreases the cost of creating. buy cheaper and sell more. improvement: Inventory and deliver delays Extended hours:24/7/365 Customization: pullCustomization: pull-type production (build-to-order) (build-toNew business models: tendering (reverse auction). Efficient procurement: EC can reduce administrative cost. and procurement: reducing cycle time. Improved customer relations: EC enable close customer relations relations: Up-toUp-to-date company material: EC enables company information to be updated material: by the minute No city business permits and fees etc . viral marketing etc.g. i. purchasing prices. reduction: storing and retrieving paper-based information. processing. models: name-your-ownaffiliate marketing.e. name-your-own-price model. Vendors¶ specialization: EC enables high degree of specialization specialization: Lower communication cost: EC lowers telecommunications cost. more customers reach: and more suitable business partners. paperSupply chain improvement: supply chain inefficiencies can be minimized e. distribution.Benefits of E-Commerce E Organizational benefits ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Global reach: can easily and quickly locate the best suppliers.

g. ‡ More products and services: EC gives more choices. services: services: ‡ Cheaper products and services: EC providers price variety for goods and services ‡ Instant delivery: e. digitized product delivery: ‡ Information availability: relevant and detailed information in seconds ‡ Participate in auctions: virtual auctions ‡ Electronic communities: consumers can interact with other communities: consumers ‡ Get it you way: customization and personalization of way: products and services ‡ No sales tax: most online sales are tax free tax: .Benefits of E-Commerce E Consumer benefits ‡ ubiquity: EC allows shopping 24/7/365 from almost any ubiquity: location.

buy and learn new skills services: ‡ Availability of public services: health care.Benefits of E-Commerce E Societal benefits ‡ Telecommuting: more people work and shop at home living: ‡ Higher standard of living: competitive prices allow lower income earners to shop more ‡ Hope for the poor: great opportunity for the poor: poor to sell. education. . and distribution of government social services can be done at a reduce cost to a large number of people.

‡ Difficulties in integrating the internet and EC software applications and databases. ‡ Special web servers are needed in addition to the network servers (added cost) ‡ Internet accessibility is still expensive and/ or inconvenient ‡ Order of fulfillment of large-scale B2C requires special largeautomated warehouses . security.Limitations  Technological ‡ Lack of universally accepted standards for quality. and reliability ‡ Telecommunication bandwidth is insufficient (mostly for m-commerce) ‡ Software development tools are still evolving.

(e.) lack of matured measurement methodology ‡ Some customers like to touch and feel the product ‡ Adamant to change from physical to virtual store ‡ Lack of trust in paperless. including taxations. remain unresolved ‡ National and international government regulations sometimes get in the way ‡ Difficulty in measuring some benefits in EC.g. advertising.Limitations  NonNon-technological ‡ Security and privacy concerns deter some customer from buying ‡ Lack of trust in EC and in unknown sellers hinder buying ‡ Many legal and public policy issues. faceless transactions ‡ Insufficient number (critical mass) of sellers and buyers (some cases) needed to make profit ‡ Increasing number of fraud on the net ‡ Difficulty to obtain venture capital due to the dot-com disaster dot- .

collaborate and search for information. software ETC.  Digital networking and communications infrastructures provides the global platform over which people and other organizations interact. software. including digital communications networks. and other related information technologies.Digital Economy  The Digital revolution ‡ Digital Economy: an economy that is based on digital technologies.. anywhere in the world Consumers and firms conducting financial transaction digitally through digital currencies or financial tokens that are carried via network computers and mobile devices Microprocessors and networking capabilities embedded in physical goods such as home appliances and automobiles  ‡ . computers. news & information. books. Choi and whinston says this platform is characterized by ‡ ‡ A vast array of digital products: databases. communicate. that delivered over a digital infrastructure any time.

video. eThis convergence is enabling all types of information (data. etc) to be stored. evidence by unprecedented economy performance and the longest period of uninterrupted economic expansion in certain parts of the world. processed. WebWeb-based E-Commerce systems are accelerating the digital Erevolution by providing competitive advantage to organizations    . audio. and transmitted over networks to many destinations worldwide The digital economy is creating a digital revolution.Digital Economy  Digital economy: the convergence of computing and communications technology on the internet and other networks and the resulting flow of information and technology that is stimulating e-commerce and vast organizational changes.

societal. faster and with fewer resources   .The new business environment  Highly competitive (due to economic. legal and technological factors) Quick and sometimes unpredictable change The need for more production.

The new business environment  Huber (2003) ³new business environment created due to accelerated advances in science´ This advances creates scientific knowledge This scientific knowledge feeds on itself resulting in more and more technology Rapid growth in technology results in a large variety of more complex systems.    .

The new business environment  As a result the business environment is characterized by ‡ A more turbulent environment ( more business problems and opportunity) ‡ Stronger competition ‡ Frequent decision making by organizations ‡ Large scope for decisions considerations (market. political and global) ‡ More information/knowledge needed for decisions . competition.

Pressure on businesses  Market and economic ‡ Strong competition ‡ Global economy ‡ Regional trade agreement ‡ Extremely low labour cost in some regions ‡ Frequent and significant changes in markets ‡ Increase power of consumers .

Pressure on businesses  Societal ‡ Changing nature of workforce ‡ Government deregulation.more deregulationcompetition ‡ Shrinking government subsidies ‡ Increased importance of ethical and legal issues ‡ Increased social responsibility of organizations ‡ Rapid political changes .

Pressure on businesses  Technological ‡ Increasing innovations and new technologies ‡ Rapid technological obsolescence ‡ Rapid decline in technology cost versus performance ratio .

Pressure on businesses  Business as usual no more enough (price reduction & closure of unprofitable facilities) Need for new innovations (critical response (critical activities) activities) ‡ Customization ‡ Creating new products ‡ Providing superb costumers services   E-commerce facilitate most of these responses .

‡ Increase their market share ‡ Better negotiation with their suppliers ‡ Prevent competitors from entering their territory e. Dell ERP and Intel¶s customer tracking . FedEx tracking system  Continuous improvement efforts & BPR: continuous efforts to improve productivity.g.g.Organizational responses  Strategic systems: provides org. with strategic adv. quality and customer services ‡ E.

personalization.Organizational responses  Customer relationship management: e. use of extranet Empowerment of employees: the ability to take decision on costumers (decentralization) Supply chain improvement: ‡ Reduce supply chain delays ‡ Reduce inventories ‡ Eliminate inefficiencies      . enter collaborate for mutual benefit aided mostly by e-commerce. salessalesforce automation Business alliances: org.g.g. eElectronic markets Reduction in cycle time & time to market: e.

  . updating.Organizational responses  Mass customization: production of large customized items ( in an efficient way) IntraIntra-business: from sales force to inventory control Knowledge management: the process creating or capturing knowledge. maintaining and using it. storing and protecting it.

Combining it 

How can org. turn digital to gain competitive adv by using EC?
‡ Right connective networks

Brick & mortar against digital 

Brick & mortar
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Selling in physical stores Selling tangible goods Internal inventory/production planning Paper catalogs Physical marketplace Physical & limited auctions Broker-based service transactions BrokerPaper-based billing PaperPaper-based tendering PaperPush production Mass production (standard) Physical based commission marketing Word-of-mouth slow Word-ofadvertisement Linear supply chain Large amount of capital needed Cost>value 

‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Selling online Selling digital goods Online collaborative inventory forecasting Smart e-catalogs eElectronic market-space marketOnline auctions everywhere, anytime Electronic Info-mediaries, value Infoadded services Electronic billings Pull production Mass customization Affiliate, viral marketing Explosive viral marketing Hub-based supply chain HubLess capital needed Small fixed cost Cost=value

Electronic marketplaces 

Electronic marketplace: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically. Functions of markets:
‡ matching buyers and sellers ‡ Facilitating exchanges of goods/services and payments associated with market transactions ‡ Provide institutional infrastructure 

Electronic marketplaces  Together with IT. EC has greatly increased market efficiencies ‡ by expediting or improving the functions of market ‡ And lowering transaction and distribution cost ‡ Leading to a well-organized ³frictionwell³frictionfree´ markets .

networks etc. (85%)  Sellers: Sellers: millions of storefronts on the Web offering a huge variety of products.MarketMarket-space components  Customers: Customers: the hundreds of millions of people surfing the web are potential buyers of goods/services offered on the net.   . They looking for ‡ ‡ ‡ ‡ good deals Customized items Collectors items Entertainment etc  Organizations are the major consumers of EC activities. ( sells can be done directly from sellers site or from EEmarketplaces Products: Products: both physical and digital products (what are the advantages of a digital product?) Infrastructure: Infrastructure: hardware. software.

seller¶s portal. e. (mostly operate as computerized systems) Other business partners: includes business collaboration mostly along supply chain. e-catalogs. purchasing from suppliers.MarketMarket-space components  Front end: the portion of an e-seller¶s business processes through ewhich customers interact. payment processing. Match buyers and sellers. order orderaggregation and fulfillment. provide some infrastructure services to and help buyers/sellers to institute and complete transaction. shopping ecart. Support services: ranging from certification to trust services     . E. inventory management. search engine and payment gateway Back end: activities that support online order-taking.g. packaging and delivery Intermediaries: create and manage online markets.g.

Types of electronic markets  There are various types of marketplaces ‡ B2C   Electronic storefronts Electronic malls Private e-marketplace e‡ Sell-side Sell‡ Buy-side Buy- ‡ B2B    Public e-marketplaces econsortia .

and report the result) ‡ An electronic shopping cart: order processing technology that allow shoppers to accumulate items they wish to buy while they continue to shop) ‡ E-auction facilities ‡ A payment gateway etc.Types of electronic markets  B2C ‡ Electronic storefronts: single company¶s Web site where product/services are sold (electronic store)  A storefront has various mechanism for conducting sale ‡ Electronic catalogs (presentation of product information in an electronic form) ‡ A search engine ( a program that can access a database of Internet resources. ‡ Electronic malls: an online shopping center where many stores are located . search for specific information/keywords.

Types of electronic markets  B2B ‡ Private E-Marketplace: owned by a single company E  SellSell-side E-Marketplace: a private e-market in which a Eecompany sells either standard or customized to qualified companies BuyBuy-side: a private e-market in which a company buys efrom invited suppliers ‡ Public E-Marketplace: e-market usually owned by am Eeindependent 3rd party with many buyers and many sellers (exchanges) ‡ Consortia: usually owned by a small group of major sellers or buyers usually in the same industry ‡ What is a vertical and horizontal e-market place? e- .

advertisement and payment of auctioneers and employees add to cost  .Auctions  Auctions: a market mechanism by which a seller places an offer to sell a product and buyers make bids sequentially and competitively until a final price is reached. Limitations to offline auctions: ‡ Short time for each item (little time to make decision to bid or not) ‡ Sellers don¶t get the right price (or buyers pay more) ‡ Little time to examine product ‡ Physical presences limits the potential bidders ‡ Difficulty in moving goods to auction sites ‡ Pay of rents or auction sites.

‡ ‡ ‡ ‡ One buyer. many potential buyers One buyer.   Dynamic pricing has several forms (bargaining and negotiations) There are 4 major forms of dynamic pricing depending on how many buyers or sellers there are. ‡ Dynamic pricing: change in price due to demand and supply relationships at any given time.E-Auctions  Electronic auctions (e-auctions): auctions (econducted online. one seller One seller. many sellers . many potential sellers Many buyers.

many buyers: (double auction) multiple buyers and their bids are buyers: much with their multiple sellers and their asking prices. considering the quantities. (mostly C2B model started by priceline. many sellers: sellers: ‡ ‡ Reverse auctions: a buyer places an item for bidding (tendering) on a request for quote (RFQ)  Many sellers. many buyers: (forward auction) a seller entertains bids from buyers. one buyer: negotiations. (Prices buyer: mostly determined by each party¶s bargaining power as well as demand and supply in the market and possibly the business environment) One seller. buyers: ‡ ‡ English and Yankee auctions: prices increase as auctions progress Dutch and free fall: prices go down as auctions progress   Assignment (what is English. bargaining and bartering usually used. Yankee. .. 2008  One buyer. potential sellers bid for the item with price reducing sequentially until no more reductions and the lowest bidder wins (mostly B2B G2B mechanism) Name-your-own-price model: a buyer specifies the price ( and other terms) they willing to Name-your-ownbuy to able suppliers.E-Auctions  One seller. Dutch and free fall auctions) to be submitted before mid-day 29th midFeb.

  Anonymity. with help of a 3rd party. Higher repeat purchase    High stickiness to the web site Expansion of the auction business. buyers can be anonymous Convenience. No need to travel to the auction site     Improved customer relationship and loyalty .E-Auctions Benefit to sellers  Benefits to buyers  Benefits to e-auctioneers e Increase revenues from broadening customer base and shortening cycle time. Entertainment. Chance to bargain instead of a buying at a fixed price. Optimal price setting determined by the market Can liquidate large quantities quickly Opportunity to find unique items and collectible. can bid from anywhere with any connected gadget.

‡ Lack of security ‡ Possibility of fraud ‡ Limited participation .E-Auctions  Limitations: major limitations are.

Types of E-Auction Fraud E     Bid shielding: having fake (phantom/ghost) bidders bid at very high prices and then later pull out at the last minute Shilling: placing fake bids on auction items to artificially jack up the bidding price Fake photos and misleading descriptions Improper grading techniques Selling reproductions .

e. sale of stolen goods. selling to multiple buyers . the use of fake ids.g.Types of E-Auction Fraud E       Failure to pay Failure to pay the auction house Inflated shipping and handling cost Failure to ship merchandise Loss and damage claims Switch and return Other frauds.

Protecting against E-Auction Fraud E          User id verification Authentication service Grading services Feedback Insurance policy Escrow service Nonpayment punishment Appraisal Physical verification .

it doesn¶t require any additional implementation of leased network  .  Internet: a public. ‡ Extranets connects both the internet and the companies individual intranets. global communications network that provides direct connectivity to anyone over a LAN through an ISP or directly though ISP Intranet: a corporate LAN or WAN that uses internet technology and is secured behind a company¶s firewall. ‡ It operates as a private network with limited access (only employees with authorization can use it) ‡ It usually contains sensitive information ‡ It can be used to enhance communication and collaboration among authorized employees. and other business partners ‡ Because access is though the net. suppliers. customers.Communications and networks  The extranet is the major network structure used in e-market eplace and exchanges.

financial services.Communications and networks  Extranets: a network that uses a virtual private network (VPN) to link intranets in different locations over the internet (extended internet) ‡ VPN: a network that creates tunnels of secured data flows. and customer. government. to provide communications over the public internet. material suppliers. using cryptography and authorization algorithms. ‡ Provides secured connectivity between a corporation¶s intranet and the intranets of its business partners. ‡ Access is mostly limited and highly controlled .

Benefits of Extranets 

Szuprowics¶s five benefits categories of extranets
‡ Enhanced communication: enables improve internal communications, improved business partnership channels, effective marketing, sales, and customer support, facilitated collaborative activities support ‡ Productivity enhancements: enables just-in-time information delivery, just-inreduction of information overload, productive collaboration between work groups, and training on demand. ‡ Business enhancements: enables faster time to market, potential for simultaneous engineering and collaboration, lower design and production cost, improved client relationships and creation of new business opportunities ‡ Cost reduction: results in fewer errors, improved comparison shopping, reduced travel and meeting time and cost, reduced administrative and operational cost, and elimination of paperpaperpublishing cost ‡ Information delivery: enables low-cost publishing, leveraging of legacy lowsystems, standard delivery systems, ease of maintenance and implementation, and elimination of paper-based publishing and papermailing costs.

Benefits of Extranets 

RihaoRihao-Ling and Yen, added other benefits such as,
‡ Ready access to information, ease of use, freedom of choice, moderate setup cost, simplified workflow, lower training cost, and better group dynamics. ‡ They also listed disadvantages such as, difficult to justified the investment (measuring cost and benefits), high user expectations, and drain on resouces.


Marketing is an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders. E-Marketing is essentially a part of marketing E-marketing=one aspect of an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders  

database. contribute to marketing activities aimed at achieving profitable acquisition and retention of customers ‡ Through. value and loyalty drivers). behavior.E-Marketing  CustomerCustomer-centric e-marketing= e‡ Applying. e-mail. then delivering integrated targeted communications and online services that match their individual needs. improving our customers knowledge ( of their profiles. plus mobile/wireless eand digital tv) ‡ To.  Hence e-marketing=achieving marketing eobjectives through the use of electronic communications technology . digital technologies which from online channels ( web.

Can also be looked at as.E-Marketing  E-marketing simply put is the application of marketing principles and techniques through electronic media and more specifically the internet. a way of marketing a brand using the internet.   . Basically it is all the activities a business undertakes using the worldwide web. retaining current business and developing its brand identity. with the sole aim of attracting new businesses.

Internet tools for marketers       Distribution: a company can distribute through the internet A company can use the internet to build and maintain a customer relationship Money collection part of a transaction can be done online Leads can be generated by through short trial periods. before long-term signing longAdvertising Avenue for collecting direct response. .

Benefits of e-marketing e   If and when properly and effectively implemented. Access to unlimited information to customers without human intervention personalization Enables transaction between firms and customers that will typically require human intervention  Other benefits include. Most of the benefit can be derived from the ‡ ‡ ‡ ‡ ‡ ‡ REACH: truly global reach and cost reduction Scope: wide range of products and services Interactivity: two way communication path Immediacy: provide an opportunity for immediate impact targeting: savvy marketers can easily have access to the niche markets they need for targeted marketing Adaptivity: real time analysis of customer responses leading to minimal advertising spend wastage. ‡ ‡ ‡ . It is at the forefront of reengineering or redefining the way businesses interact with their customers. the ROI from eemarketing will far exceed that of traditional marketing.

privacy issues Maintenance costs due to a constantly evolving environment ‡ Higher transparency of pricing and increased price competition ‡ Worldwide competition through globalization .Limitations of e-marketing e Some of the limitations of e-marketing eincludes ‡ ‡ ‡ ‡ Lack of personal approach Dependability on technology Security.

Market¶g research. Vrml etc. E-government. Intermediaries. Regulations and security & web content E-marketplace Tech. smart cards/ Authentication Electronic payment etc Massaging & info dist. consumer services. Infrast¶ture (security. privacy issues. and management Public policy Support services Marketing & Adv. Internet) cell phones Interfacing Infrastructure (with database. auctions. standards systems dev. M-commerce. online Banking. etc PILLARS People Buyers. e-mail.E-Commerce framework E-Commerce applications Direct marketing.) Network infrastructure (telecom. & promotions. xml. & consortia Business INFRASTRUCTURAL SUPPORT Common business Serv. Exchanges. Content. pay¶t. job search. E-purchasing. Logistics. Hypertext. java. Infrast¶ture (EDI. cable tv Wireless. Joint ventures. IS people. Partnerships Taxes. Chat rooms) Multimedia cont¶t & network Publishing Infrastructure (html. sellers. legal. Business partners Applications) .

e. Net abuse ( unauthorized users of the internet) by employees. A recent survey of security practitioners yielded the following results. computer virus. denial of services ‡ The financial losses from cyber attacks can be substantial ‡ Takes more then one type of technology to defend against cyber attacks.g. ‡ Organizations continue to have cyber attacks from both in and outside of the organization ‡ The cyber attacks varied.The need for E-Commerce security E  There is need for E-Commerce security due to the Eincreasing cyber attacks and cyber crimes. .

g. e. ‡ To get the literature.Basic security issues   EC security involves more than just preventing and responding to cyber attacks and intrusion. a user connects to a Web server at a market site to obtain some product literature (Loshin 1998).  What are the security concerns that can/will arise in a situation like that? . he is asked to fill out a Web form providing some demographic and other personal information.

that. ‡ How can he know.Basic security issues  From the user¶s perspective. the Web server is own and operated by legitimate company? ‡ How does he know that the Web page and form do not contain some malicious or dangerous codes or content? ‡ How does he know that the Web server will not distribute the information to some third party? .

Basic security issues  From the company¶s perspective. ‡ How does the company know that the user will not attempt to break into the Web server or alter the pages and content at the site? ‡ How does the company know that the user will not try to disrupt the server so that it isn¶t available to others? .

Basic security issues  from both parties perspective. ‡ How does the parties know that the network connection is free from eavesdropping by a third party ³listening´ on the line? ‡ How do they both know that the information sent back and forth between the server has not been altered .

additional types of security must be Econfronted. or services provided by the site when they need it. Authorization: the process that ensures that a person has the right to access certain information Auditing: the process of collecting information about attempts to access particular resources. Availability: Availability: the ability of a person or a program to gain access to the pages. use particular privileges. ‡ ‡ ‡ ‡ ‡ ‡ ‡ Authentication: Authentication: the process by which one entity verifies that another entity is who they claim to be.Basic security issues  With transactions that involves E-payments. or processes. Integrity: Integrity: the ability to protect data from being altered or destroyed in an unauthorized or accidental manner. or perform other security actions Confidentiality (privacy): keeping a private or sensitive information from (privacy): being disclosed to unauthorized individual. Nonrepudiation: Nonrepudiation: the ability to limit parties from refuting that a legitimate transaction took place usually by the means of a signature . entities. data.

non Technical attacks: an attack perpetrated using software and systems knowledge or expertise NonNon-technical attacks: an attack that uses deceit to trick people into revealing sensitive information or performing actions that compromise the security of a network. ( in person or over the phone)  Computer based: technical ploys used to get individuals to provide sensitive information  . ‡ (social engineering): an attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access. There are two types:  Human based: based on traditional mode of communication.Types of threats and attacks  There are two types of attacks: ‡ Technical and non-technical.

database and network administrators.g. ‡ Policies and procedures: for securing confidential information and measures needed to respond to and report any social engineering breaches. combating it also rest with the victims. Staff must be debriefed after penetration test and any weaknesses corrected. ‡ Penetration and testing: on regularly bases by outside expect playing the role of hackers. callHow to deal with it: multi-prong approach should be used to combat it. techniques used by hackers and how to combat it. computer operators and call-center operators. ( employees who deals with both confidential information and the public. ‡ The key to successful social engineering rest with the victims.  . E.  Certain positions are more vulnerable than others. ( multiDamle 2002) ‡ Education and training: all staff ( mostly those in vulnerable positions) must be educated about the risk. secretaries.Types of threats and attacks  social engineering cont. and executive assistants.

mitre. ‡ In and 15 other security-related organizations started securityto count all publicly known CVEs ( common (security) vulnerabilities and exposures. listed. ‡ CVEs: publicly known computer security risks. Mitre corporation (cve.Types of threats and attacks  Technical attacks: experts usually use methodical approach. which are collected. Many software tools are easily and readily available over the internet that enables a hacker to expose a systems vulnerabilities. and shared by a board of security-related organizations. security- .

DDoS software are loaded on machines known as Zombies 2.Types of threats and attacks  The two very well known technical attacks that have affected the lives of millions are: 1. Malware takes a variety of forms and their names are mostly from the real±world pathogens they look-like. They all have the potential to damage. real± look- . ‡ ‡ DoS (Denial-of-Services) attack: an attack on the web site in (Denial-ofwhich an attacker uses specialized software to send a flood of data packets to the targeted computer with the aim of overloading its resources. ‡ Malware (malicious codes): they are mostly classified by the way they are propagated. DDoS ( Distributed Denial of Service) attack: an attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the users computer.

Types of threats and attacks  Viruses: a piece of software code that inserts itself into a host. deleting files or corrupting the hard ware)  Worms: a program that can run independently.g. including the operation system. Major difference between a worm and a viruses: a worm can propagate between systems (mostly through a network) whiles viruses propagate locally. others do substantial damage ( e. and can propagate a complete working version of itself onto another machine. and the client is used by the person perpetrating the attack. There are various forms of Trojan horse.  . Trojan horse: a program that appears to have a useful function but that contains a hidden function that presents a security risk.  Macro viruses or macro worms: executes when the application object that contains the macro is open or a particular procedure is executed. will consume the resources of its host from within in order to maintain itself. but the one of interest is the one that makes it possible for someone else to gain access and control a persons computer other the net. This types of Trojans have two parts: server and clients. It requires the running of the host program to activate it. Can¶t run independently ‡ Viruses have two components:  Propagation mechanism by which it spreads  A payload refers to the what it does once it is executed Some viruses simply spread and infect. to propagate. The serve is the program that runs on the computer under attack.

Some organizations hardly update or change their security practices or update the security knowledge and skill of their employees ‡ Lack of communication about security responsibility.Managing Security  Some basic mistakes in managing security risk. Most companies focus on security after an incident ‡ Narrowly defined security boundaries. Security is often view as an IT problem and not a company problem. Most organization are just interested in securing their internal network and don¶t try to understand the security issues of their supply chain partners ‡ Dated security management processes. Few organizations have a clear understanding of the value of specific information asset ‡ Reactive security management. . includes ‡ Undervalued information.

It has four stages: ‡ Assessment: organization evaluate their security risks Assessment: by determining their assets.    By relying the knowledge and skill of the IT personnel By using outside IT consultant or By using a honeynet to study the types of attack to which a site is being actively subjected to. . This can be done. the vulnerability of their system and the potential treats to these vulnerabilities.Security risk management  Security risk management: is a systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks.

routers. need for modification. Honeypots: production systems ( e. find new threats. using a network of systems called honeypots. . database servers) designed to do real work but to be watched and studied as network intrusions occur. find advances in technology and locate which new business assets needs securing.Security risk management  Honeynet: is a way to evaluate vulnerability of an organization by studying the types of attack to which a site is subjected.g. ‡ Implementation: involves the choose and use of particular technologies to counter the high-priority threats.  ‡ Planning: the aim here is to arrive at a set policies defining which Planning: threats are tolerable and which aren¶t and what is to be done in both cases.  a tolerable threat is one with a very high cost of safeguarding or the risk too low. high‡ Monitoring: ongoing process to determine successful or unsuccessful measures. firewalls. web servers.

and PAIN is used to represent the key issues of trust that arises.Securing EC communications  there are two types of technology to secure communication on a network. .  EC of all sorts rests on the concept of trust. ‡ Technologies for securing communications across the network and for securing communication on the network.

determines the actions they are allowed to perform.Securing EC communications  Information security requires ‡ the identification of legitimate parties to a transaction.  This can be achieved through an authentication system  Authentication system: is a system that identifies the legitimate parties to a transaction. ‡ the actions they are allowed to perform determined and ‡ limited to only those necessary to initiate and complete the transaction. and limits their actions to only those that are necessary to initiate and complete the transaction .

Securing EC communications  Authentication system have five key elements. namely. ‡ A person or group to be authenticated ‡ A distinguishing characteristic that asides the person or the group apart ‡ A proprietor responsible for the system being used ‡ An authentication mechanism for verifying the presence of the differentiating characteristic ‡ An access control mechanism ( a mechanism that limits the actions that can be perform by an authenticated person or group) for limiting the actions performed by the authenticated person or group .

PIN ) ‡ One has (e.Securing EC communications  Distinguishing characteristic in an authentication system can be something ‡ One knows (e. DNA. voice recognition)  Traditionally authentication systems has mostly been passwords (which are very insecure) Stronger security can be achieved by combining what someone knows with something one has ( technique know as two factor authentication T-FA) T-FA)  . cell phone ) ‡ One is (e.g. fingerprint.g. ID card. software. pass phrase. password. signature. a security token.g.

Securing EC communications  Tokens: there are two types of ‡ Passive tokens: storage devices used in a two-factor authentication system that twocontain a secret code ‡ Active tokens: small stand-alone standelectronic devices in a two-way twoauthentication system that generate oneone-time passwords. .

iris (eye) pattern. facial characteristics) ‡ Behavioral biometrics: measurement derived from various actions and indirectly from various body parts (e. fingerprints. iris.Securing EC communications  Biometric Systems: authentication systems that identifies a person by measuring biological characteristic such as fingerprints. hand. voice scan or keystroke monitoring)  . facial features or voice There are two forms of biometrics ‡ Physiological biometrics: measurements derived directly from different parts of the body (e.g.g.

Keystroke monitoring: measurement of the pressure. converted to a set of numbers that are stored as a template and use to authenticate identity Iris scanning: measurement of the unique spots in the iris (colored part of the eye) converted to a set of numbers that are stored as a template and used to authenticate identity Voice scanning: measurement of the acoustical patterns in speech production.Securing EC communications  Fingerprinting scanning: measurement of the discontinuities of a person fingerprint. converted to a set of numbers and stored as a template and used to authenticate identity. and rhythm with which a word is typed. converted to a set of numbers that be stored as a template and used to authenticate identity.    . speed.

All encryptions has four basic parts. . expensive.Securing EC communications   Public key infrastructure (PKI): a scheme for securing e-payments using public key eencryption and various technical components. or time consuming for an authorized person to unscramble (decrypt) it. Encryption: the process of scrambling (encrypting) a message in such a way that it is difficult.

and vice versa Key: secret code used to encrypt and decrypt a message Ciphertext: a plaintext message after it has been encrypted into a machine readable form ‡ There are two form of encryption systems      Symmetric system and Asymmetric system . Encryption algorithm: mathematical formula used to encrypt the plaintext into the ciphertext.Securing EC communications  Plaintext: an unencrypted message in human-readable humanform.

Securing EC communications  Symmetric (private) Key system: an encryption system that uses the same key to encrypt and to decrypt the message. The key is only know to the sender and the receive (hence the name private key)  Asymmetric (public) key encryption: encryption that uses a pair of matched keys. a public key to encrypt and a private key to decrypt it or vise versa. . ‡ Public key: encryption code that is publicly available to anyone ‡ Private key: encryption code that is know only to the sender and the receiver (owners).

Securing EC Networks  Many technologies exist to ensure that an organization¶s networks is secured or detected when intruded. authentication to ensure that information has not been tampered with. . ‡ Personal firewall: a network node designed to protect an firewall: individual user¶s desktop system from the public network by monitoring the traffic that passes through the computers network interface. ‡ Virtual private networks (VPN): a network that uses the (VPN): public Internet to carry information but remains private by using encryption to scramble the communications. ‡ Firewall: a network node consisting of both hardware and Firewall: software that isolates a private network from a public network. and access control to verify the identity of anyone using the network ‡ Intrusion detection systems (IDS): a special category of (IDS): software that can monitor activity across a network or on a host computer. watch for suspicious activity. and take automated actions based on what it sees.

Business models in E-Commerce E Business model: a method of doing business by which a company can generate revenue to sustain itself. content provider. ‡ Weill and Vitale (2001) 8 atomic business model          Direct marketing. full service provider. and the industry environment. value net integrator. intermediary. virtual community. Structure of business models: structure of business models varies greatly based on the company. shared infrastructure. and consolidator of services (for large organizations) .

Business models in E-Commerce E‡ Each of this models is characterized by Strategic objectives  Source of revenue  Critical success factors  Core competencies required  ‡ These models must specified Their revenue models  Value propositions  .

. ( fixed or incremental) ‡ Subscription: payment of fees usually monthly or quarterly to get some type of service ‡ Advertising fees: companies charge others for placing ads on their sites ‡ Affiliate fee: companies get paid for referring customers to other sites ‡ Other revenue models: game sites. Major revenue models are.Revenue model  Revenue model: how an EC project or company will make or earn money. licensing fees etc. ‡ Sales: revenue from selling on their web site or providing services ‡ Transaction fees: commissions based on the volume of transactions made.

(B2C EC e.Value proposition  Value proposition: the benefits a company can derive from using EC. defines how a company¶s product or service fulfills the needs of customers.g. wider product and service selection etc  Complementarities: bundling some goods and services together to provide more value than when offered separately  Lock-in: high switching cost that ties customers to certain Locksuppliers  Novelty: developing innovative ways for structuring transactions. ‡ Specifically how does for example e-marketplaces create value? e- ‡ Amit & Zott (2001) identified 4 sets of values  Search & transaction cost efficiency: ‡ Enables faster and more informed decision making. connecting partners. and fostering new markets .

Value proposition ‡ Bakos (1991) values.  Demand (and/ supply) aggregation: affords suppliers with wider market access and buyers with more choices and both with competitive prices and  Interfirm collaborations: enables business participants to deepen their business relationships leading to improvement in individual business processes and overall supply chain performance .  Reduced search cost  Significant switching cost  Economics of scale and scope  Network externality ‡ Other value propositions.

locates the lowest price and submit it to the buyer to accept or reject. Affiliate marketing: marketing partner refers consumers to a selling company¶s web site for a commission (virtual commissioned sales force)     .Types of business models in EC  Online direct marketing: selling online from a manufacturer to a customer (e-tailing) (eElectronic tendering system: (tendering. reverse auction) buyers request would be sellers to submit bids for an item/service/project and the lowest bidder wins Name-yourName-your-own price: a buyer sets the price he wants to pay for a product/service Find the best price: a buyer submits its needs and an intermediate matches it against a database of sellers.

Electronic marketplaces and exchangers: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically.     . Product and service customization: creation of a product or service to meet the buyers specifications.Types of business models in EC  Viral marketing: Web-based word-of-mouth marketing in which a Webword-ofcustomers promotes a product or service to friends or other people Group purchasing: quantity purchasing that enables groups of purchasers to obtain a discount price on the products purchased (demand aggregation) Online auctions: bidding for products and services with the highest bidder getting the item.

  . The major methods of e-payments in use eincludes.Electronic payments (e-payment) (e E-payments: payments made electronically rather than by paper (cash. but must it must be safe and trusted by users. checks. etc) Electronic payments methods expedite payments online and reduces processing costs. vouchers.

face-to-  . debit.Electronic payments (e-payment) (e     Electronic payment cards (credit. charge) Virtual credit cards E-wallets (or e-purses) eSmart cards Electronic cash (several variations) ‡ ‡ ‡ ‡ Wireless payments Stored-valued cards payment StoredLoyalty cards Person-to person payment cards PersonOther methods used mostly for B2B payments  Payments made electronically at kiosk ‡       Electronic checks Purchasing cards Electronic letters of credit Electronic funds transfer (ETF) Electronic benefit transfer (EBT) Etc The underling similarity is the ability to transfer or make a payment from one person or party to another person or party over a network without face-to-face interaction.

 .   Customers must obtain their e-payment accounts from an issuer eIssuers are mostly involved in authenticating a transaction and approving the amount involved. Because buyers and seller are not at the same place to exchange their goods and services.Electronic payments (e-payment) (e Whatever the payment method is. ‡ Customer/payer/buyer: the party making the e-payment in exchange efor goods or services ‡ Merchant/payee/seller: the party receiving the e-payment in exchange efor goods or services ‡ Issuer: the banks or the non-banking institutions that issued the enonepayment instrument used to make the purchase ‡ Regulator: usually a government agency whose regulations control the e-payment process ‡ Automated Clearing House (ACH): an electronic network that transfers money between bank accounts. ‡ Issuers play a key role in online purchases for 2 reasons. issues of trust arise. and PAIN has been devised to address such issues. five parties may be involved.

Electronic payments (e-payment) (e Characteristic of successful e-payment methods e‡ ‡ How do u get buyers to adopt a method when there are few sellers using it? And how do you get sellers to adopt a method when very few buyers are using it? (chicken and egg problem)  Some factors or characteristics or successful e-payment are. conversely a critical mass of places to acquire the payment methods must exist . e‡ ‡ ‡ ‡ ‡ ‡ ‡ independence: e-payment that require the payer to install specialized ecomponents are less likely to succeed Interoperability and portability: an e-payment system must mesh with existing einterlinked systems and applications and must be supported by standard computing platforms Security: the risk for the payee must be higher the payer (must be very safe) Anonymity: e-payment systems must be anonymous to hide the identity of those ewho wants to remain so Divisibility: must be usable for both high and low purchases Ease of use: must be pretty easy to use Critical mass: a critical mass of vendors must be willing to accept the payment.

Electronic payments (e-payment) (e    Using e-payment reduces transaction cost by 30 eto 50 percent compared to off-line payments offIt is faster Makes it possible to conduct business across geographical and political boundaries (greatly enhancing the possibility of international deals and transactions E-payment is very important in EC because. ‡ There is no trade without a payment system ‡ A good and secured payment system increases the trust and confidence of buyers .

just an annual fee and or severe penalty for failure to pay balance in full) Debit cards: with a card the money for a transact comes directly from the users account . there three types of payment cards    Credit cards: providers the holder with a credit to make purchases up to a limit fixed by the issuers. that he/she is required to pay back in full at the end of the month or upon receipt of monthly statement.Electronic payments (e(epayment) Electronic cards: are plastic cards that contain digitized information. ‡ Payment cards: electronic cards that contains information that can be used for payment purposes. (usually no interest is paid on such cards. just a high interest on their unpaid balance) Charge cards: are like monthly loans given to the user. (users normally don¶t pay any fee for using it. that can be used for payment and for other purposes such as identification and access to secure locations.

E-wallets: is a software component in which a user stores credit card numbers and other information.Electronic payments (e-payment) (e Virtual credit cards: a payment system in which the issuer gives a special transaction number that can be used online in place of a regularly credit card number.  . when shopping online. the user simply clicks the e-wallet eto automatically fill in information needed to make a purchase.

charge card issuers are all using smart cards to extend the traditional card payment services Transportation Identification. credit cards.Electronic payments (e-payment) (e Smart Cards: an electronic card contains an embedded microchip that enables predefined operations or the addition. debit cards. retailers are using loyalty cards to identify their loyal customers and reward them Financial application. financial institutions. payment associations. or manipulation of information on the card. deletion. ‡ Some applications of smart cards:     Loyalty cards. smart cards fits perfectly in the identification market .

Electronic payments (e-payment) (e Electronic cash: the digital equivalent of paper currency and coins. . which enables secure and anonymous purchase of low-priced items. low‡ E-cash has various variations.     Wireless payments StoredStored-value cards E-loyalty P2P payment: e-payment schemes that allows the transfer eof funds between two individuals  Payment made electronically at kiosk. customers acting as cashiers and checking themselves out.

Electronic payments (e-payment) (e- .

Sign up to vote on this title
UsefulNot useful