SICS 3653: E-COMMERCE EAND E-BUSINESS EEbenezer Nortey Yebuah (ETONY)

outline


Introduction to E-Commerce E Definition of E-Commerce and E-business EEMajor types of E-Commerce (briefly) EHistory of E-Commerce EBenefits of E-Commerce to E  

Organizations Consumers society

Limitations of E-Commerce EThe new Business environment Business pressures Organizational responses E-marketing issues Economics of E-marketing EEffects of marketing on organizations

The digital economy

E-Marketing

  

E-Commerce technology/infrastructure Communications network Security and legal issues

Need for E-Commerce security EBasic security issues Types and treats and attacks Security risk management Securing E-Commerce communication E-

 

Business models for E-Commerce EImplementation of E-business systems E-

Definition of E-Commerce and Ebusiness



E-Commerce: the process of buying, selling, or exchanging products, Commerce: services, and information through computer networks.
Communication: Communication: the delivery of goods, services, information, or payment electronically Commercial: Commercial: the ability to buy and sell products, services, and information electronically Business process: completing business process electronically i.e. replacing process: physical process with information Services: Services: tool for improving the quality of customer services, and increasing the speed of service delivery whiles cutting cost learning: learning: enables online training and educations Collaborative: Collaborative: supports inter and intraorganizational collaboration Community: Community: provides a meeting place for members to learn and collaborate.

Definition of E-Commerce and Ebusiness



Commerce: Commerce: transactions between business partners. (electronically=e(electronically=ecommerce) E-business: the buying and selling business: of goods and services and also serving customers, collaboration with business partners, and conducting electronic transactions with an organization.

Definition of E-Commerce and Ebusiness



Various forms of E-Commerce based on the level Eof digitalization,

  

Of the products/services The process The delivery agent

zero digitalization i.e.

pure physical organization. Conduct all their business activities on physically



Brick and mortar organization: organization:

Virtual organizations : Click and mortar: mortar:

digitalization of 1 i.e. (pure play) Does all business tractions inline.

partial digitalization i.e. click and mortar Has an online presence, but does basic business processes physically

Types of E-Commerce E

The nature or transaction or interaction is mostly used to class the E-Commerce

Business-to-business B2B: transactions between business partners Business-toB2B: Business-to-consumer C2C: transactions between business Business-toC2C: organizations and individual shoppers Consumer-to-business C2B: transaction in which individuals sell Consumer-toC2B: products and services to business Consumer-to-consumer C2C: transactions between individual Consumer-toC2C: consumers

Interdisciplinary nature of E-Commerce: computer science, Emarketing, consumer behavior, finance, economics, management information systems, accounting, management, business, law, robotics, public administration and engineering.

History


Electronic funds transfer (early 1970s)

It use was mostly limited to large organizations, financial institutions, and a few hardcore business

Electronic Data Interchange, Interchange,

use to transfer routine documents, which expanded electronic transfers from financial institutions to manufacturers, retailers, services industries etc

Internet and the world wide web: the web: commercialization of the internet, saw the coining of the term E-COMMERCE. EE-Commerce applications quickly multiplied due to the rapid development of new networks, protocols, and EC software, due to increase in competition and other business pressures

There has been many innovative applications, ranging from online direct sales to E-learning. E-

Benefits of E-Commerce E

The E-Commerce revolution is as profound as the Echange that accompanied the industrial revolution (Clinton and Gore 1997) E-Commerce enormous potential benefits to organizations, individuals and society, considering
The global nature of the technology The opportunity to reach millions of people Its interactive nature The variety of possibilities for its use The resourcefulness and rapid growth of its supporting infrastructure (especially the web)

Benefits of E-Commerce E

Organizational benefits
Global reach: can easily and quickly locate the best suppliers, more customers reach: and more suitable business partners. i.e. buy cheaper and sell more. Cost reduction: EC decreases the cost of creating, processing, distribution, reduction: storing and retrieving paper-based information. paperSupply chain improvement: supply chain inefficiencies can be minimized e.g.. improvement: Inventory and deliver delays Extended hours:24/7/365 Customization: pullCustomization: pull-type production (build-to-order) (build-toNew business models: tendering (reverse auction), name-your-own-price model, models: name-your-ownaffiliate marketing, viral marketing etc. Vendors specialization: EC enables high degree of specialization specialization: Lower communication cost: EC lowers telecommunications cost. Efficient procurement: EC can reduce administrative cost, purchasing prices, and procurement: reducing cycle time. Improved customer relations: EC enable close customer relations relations: Up-toUp-to-date company material: EC enables company information to be updated material: by the minute No city business permits and fees etc

Benefits of E-Commerce E

Consumer benefits
ubiquity: EC allows shopping 24/7/365 from almost any ubiquity: location. More products and services: EC gives more choices. services: services: Cheaper products and services: EC providers price variety for goods and services Instant delivery: e.g. digitized product delivery: Information availability: relevant and detailed information in seconds Participate in auctions: virtual auctions Electronic communities: consumers can interact with other communities: consumers Get it you way: customization and personalization of way: products and services No sales tax: most online sales are tax free tax:

Benefits of E-Commerce E

Societal benefits
Telecommuting: more people work and shop at home living: Higher standard of living: competitive prices allow lower income earners to shop more Hope for the poor: great opportunity for the poor: poor to sell, buy and learn new skills services: Availability of public services: health care, education, and distribution of government social services can be done at a reduce cost to a large number of people.

Limitations


Technological
Lack of universally accepted standards for quality, security, and reliability Telecommunication bandwidth is insufficient (mostly for m-commerce) Software development tools are still evolving. Difficulties in integrating the internet and EC software applications and databases. Special web servers are needed in addition to the network servers (added cost) Internet accessibility is still expensive and/ or inconvenient Order of fulfillment of large-scale B2C requires special largeautomated warehouses

Limitations


NonNon-technological
Security and privacy concerns deter some customer from buying Lack of trust in EC and in unknown sellers hinder buying Many legal and public policy issues, including taxations, remain unresolved National and international government regulations sometimes get in the way Difficulty in measuring some benefits in EC. (e.g. advertising,) lack of matured measurement methodology Some customers like to touch and feel the product Adamant to change from physical to virtual store Lack of trust in paperless, faceless transactions Insufficient number (critical mass) of sellers and buyers (some cases) needed to make profit Increasing number of fraud on the net Difficulty to obtain venture capital due to the dot-com disaster dot-

Digital Economy


The Digital revolution

Digital Economy: an economy that is based on digital technologies, including digital communications networks, computers, software, and other related information technologies.

Digital networking and communications infrastructures provides the global platform over which people and other organizations interact, communicate,, collaborate and search for information. Choi and whinston says this platform is characterized by
A vast array of digital products: databases, news & information, books, software ETC, that delivered over a digital infrastructure any time, anywhere in the world Consumers and firms conducting financial transaction digitally through digital currencies or financial tokens that are carried via network computers and mobile devices Microprocessors and networking capabilities embedded in physical goods such as home appliances and automobiles

Digital Economy


Digital economy: the convergence of computing and communications technology on the internet and other networks and the resulting flow of information and technology that is stimulating e-commerce and vast organizational changes. eThis convergence is enabling all types of information (data, audio, video, etc) to be stored, processed, and transmitted over networks to many destinations worldwide The digital economy is creating a digital revolution, evidence by unprecedented economy performance and the longest period of uninterrupted economic expansion in certain parts of the world. WebWeb-based E-Commerce systems are accelerating the digital Erevolution by providing competitive advantage to organizations

The new business environment



Highly competitive (due to economic, societal, legal and technological factors) Quick and sometimes unpredictable change The need for more production, faster and with fewer resources

The new business environment



Huber (2003) new business environment created due to accelerated advances in science This advances creates scientific knowledge This scientific knowledge feeds on itself resulting in more and more technology Rapid growth in technology results in a large variety of more complex systems.

The new business environment



As a result the business environment is characterized by

A more turbulent environment ( more business problems and opportunity) Stronger competition Frequent decision making by organizations Large scope for decisions considerations (market, competition, political and global) More information/knowledge needed for decisions

Pressure on businesses


Market and economic

Strong competition Global economy Regional trade agreement Extremely low labour cost in some regions Frequent and significant changes in markets Increase power of consumers

Pressure on businesses


Societal
Changing nature of workforce Government deregulation- more deregulationcompetition Shrinking government subsidies Increased importance of ethical and legal issues Increased social responsibility of organizations Rapid political changes

Pressure on businesses


Technological
Increasing innovations and new technologies Rapid technological obsolescence Rapid decline in technology cost versus performance ratio

Pressure on businesses


Business as usual no more enough (price reduction & closure of unprofitable facilities) Need for new innovations (critical response (critical activities) activities)
Customization Creating new products Providing superb costumers services

E-commerce facilitate most of these responses

Organizational responses


Strategic systems: provides org. with strategic adv.

Increase their market share Better negotiation with their suppliers Prevent competitors from entering their territory e.g. FedEx tracking system

Continuous improvement efforts & BPR: continuous efforts to improve productivity, quality and customer services
E.g. Dell ERP and Intels customer tracking

Organizational responses


Customer relationship management: e.g. personalization, salessalesforce automation Business alliances: org. enter collaborate for mutual benefit aided mostly by e-commerce. eElectronic markets Reduction in cycle time & time to market: e.g. use of extranet Empowerment of employees: the ability to take decision on costumers (decentralization) Supply chain improvement:
Reduce supply chain delays Reduce inventories Eliminate inefficiencies

Organizational responses


Mass customization: production of large customized items ( in an efficient way) IntraIntra-business: from sales force to inventory control Knowledge management: the process creating or capturing knowledge, storing and protecting it, updating, maintaining and using it.

Combining it


How can org. turn digital to gain competitive adv by using EC?
Right connective networks

Brick & mortar against digital



Brick & mortar

Selling in physical stores Selling tangible goods Internal inventory/production planning Paper catalogs Physical marketplace Physical & limited auctions Broker-based service transactions BrokerPaper-based billing PaperPaper-based tendering PaperPush production Mass production (standard) Physical based commission marketing Word-of-mouth slow Word-ofadvertisement Linear supply chain Large amount of capital needed Cost>value

Digital
Selling online Selling digital goods Online collaborative inventory forecasting Smart e-catalogs eElectronic market-space marketOnline auctions everywhere, anytime Electronic Info-mediaries, value Infoadded services Electronic billings Pull production Mass customization Affiliate, viral marketing Explosive viral marketing Hub-based supply chain HubLess capital needed Small fixed cost Cost=value

Electronic marketplaces


Electronic marketplace: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically. Functions of markets:
matching buyers and sellers Facilitating exchanges of goods/services and payments associated with market transactions Provide institutional infrastructure

Electronic marketplaces


Together with IT, EC has greatly increased market efficiencies

by expediting or improving the functions of market And lowering transaction and distribution cost Leading to a well-organized frictionwellfrictionfree markets

MarketMarket-space components


Customers: Customers: the hundreds of millions of people surfing the web are potential buyers of goods/services offered on the net. They looking for
good deals Customized items Collectors items Entertainment etc


Organizations are the major consumers of EC activities. (85%)

Sellers: Sellers: millions of storefronts on the Web offering a huge variety of products. ( sells can be done directly from sellers site or from EEmarketplaces Products: Products: both physical and digital products (what are the advantages of a digital product?) Infrastructure: Infrastructure: hardware, software, networks etc.

MarketMarket-space components


Front end: the portion of an e-sellers business processes through ewhich customers interact, e.g. sellers portal, e-catalogs, shopping ecart, search engine and payment gateway Back end: activities that support online order-taking. E.g. order orderaggregation and fulfillment, inventory management, purchasing from suppliers, payment processing, packaging and delivery Intermediaries: create and manage online markets. Match buyers and sellers, provide some infrastructure services to and help buyers/sellers to institute and complete transaction. (mostly operate as computerized systems) Other business partners: includes business collaboration mostly along supply chain. Support services: ranging from certification to trust services

Types of electronic markets



There are various types of marketplaces

B2C
 

Electronic storefronts Electronic malls Private e-marketplace e Sell-side Sell Buy-side Buy-

B2B


 

Public e-marketplaces econsortia

Types of electronic markets



B2C
Electronic storefronts: single companys Web site where product/services are sold (electronic store)


A storefront has various mechanism for conducting sale

Electronic catalogs (presentation of product information in an electronic form) A search engine ( a program that can access a database of Internet resources, search for specific information/keywords, and report the result) An electronic shopping cart: order processing technology that allow shoppers to accumulate items they wish to buy while they continue to shop) E-auction facilities A payment gateway etc.

Electronic malls: an online shopping center where many stores are located

Types of electronic markets



B2B
Private E-Marketplace: owned by a single company E

SellSell-side E-Marketplace: a private e-market in which a Eecompany sells either standard or customized to qualified companies BuyBuy-side: a private e-market in which a company buys efrom invited suppliers

Public E-Marketplace: e-market usually owned by am Eeindependent 3rd party with many buyers and many sellers (exchanges) Consortia: usually owned by a small group of major sellers or buyers usually in the same industry What is a vertical and horizontal e-market place? e-

Auctions


Auctions: a market mechanism by which a seller places an offer to sell a product and buyers make bids sequentially and competitively until a final price is reached. Limitations to offline auctions:
Short time for each item (little time to make decision to bid or not) Sellers dont get the right price (or buyers pay more) Little time to examine product Physical presences limits the potential bidders Difficulty in moving goods to auction sites Pay of rents or auction sites, advertisement and payment of auctioneers and employees add to cost

E-Auctions


Electronic auctions (e-auctions): auctions (econducted online.

Dynamic pricing: change in price due to demand and supply relationships at any given time.


Dynamic pricing has several forms (bargaining and negotiations) There are 4 major forms of dynamic pricing depending on how many buyers or sellers there are,
One buyer, one seller One seller, many potential buyers One buyer, many potential sellers Many buyers, many sellers

E-Auctions


One seller, one buyer: negotiations, bargaining and bartering usually used. (Prices buyer: mostly determined by each partys bargaining power as well as demand and supply in the market and possibly the business environment) One seller, many buyers: (forward auction) a seller entertains bids from buyers. buyers:
English and Yankee auctions: prices increase as auctions progress Dutch and free fall: prices go down as auctions progress


Assignment (what is English, Yankee, Dutch and free fall auctions) to be submitted before mid-day 29th midFeb.. 2008

One buyer, many sellers: sellers:

Reverse auctions: a buyer places an item for bidding (tendering) on a request for quote (RFQ) system, potential sellers bid for the item with price reducing sequentially until no more reductions and the lowest bidder wins (mostly B2B G2B mechanism) Name-your-own-price model: a buyer specifies the price ( and other terms) they willing to Name-your-ownbuy to able suppliers. (mostly C2B model started by priceline.com)

Many sellers, many buyers: (double auction) multiple buyers and their bids are buyers: much with their multiple sellers and their asking prices, considering the quantities.

E-Auctions
Benefit to sellers


Benefits to buyers


Benefits to e-auctioneers e

Increase revenues from broadening customer base and shortening cycle time. Chance to bargain instead of a buying at a fixed price. Optimal price setting determined by the market Can liquidate large quantities quickly

Opportunity to find unique items and collectible. Entertainment.

Higher repeat purchase

  

High stickiness to the web site Expansion of the auction business.

Anonymity, with help of a 3rd party, buyers can be anonymous Convenience, can bid from anywhere with any connected gadget. No need to travel to the auction site

 

Improved customer relationship and loyalty

E-Auctions


Limitations: major limitations are,

Lack of security Possibility of fraud Limited participation

Types of E-Auction Fraud E

  

Bid shielding: having fake (phantom/ghost) bidders bid at very high prices and then later pull out at the last minute Shilling: placing fake bids on auction items to artificially jack up the bidding price Fake photos and misleading descriptions Improper grading techniques Selling reproductions

Types of E-Auction Fraud E      

Failure to pay Failure to pay the auction house Inflated shipping and handling cost Failure to ship merchandise Loss and damage claims Switch and return Other frauds, e.g. sale of stolen goods, the use of fake ids, selling to multiple buyers

Protecting against E-Auction Fraud E         

User id verification Authentication service Grading services Feedback Insurance policy Escrow service Nonpayment punishment Appraisal Physical verification

Communications and networks



The extranet is the major network structure used in e-market eplace and exchanges.
Extranets connects both the internet and the companies individual intranets.

Internet: a public, global communications network that provides direct connectivity to anyone over a LAN through an ISP or directly though ISP Intranet: a corporate LAN or WAN that uses internet technology and is secured behind a companys firewall.
It operates as a private network with limited access (only employees with authorization can use it) It usually contains sensitive information It can be used to enhance communication and collaboration among authorized employees, customers, suppliers, and other business partners Because access is though the net, it doesnt require any additional implementation of leased network

Communications and networks



Extranets: a network that uses a virtual private network (VPN) to link intranets in different locations over the internet (extended internet)
VPN: a network that creates tunnels of secured data flows, using cryptography and authorization algorithms, to provide communications over the public internet.

Provides secured connectivity between a corporations intranet and the intranets of its business partners, material suppliers, financial services, government, and customer. Access is mostly limited and highly controlled

Benefits of Extranets


Szuprowicss five benefits categories of extranets

Enhanced communication: enables improve internal communications, improved business partnership channels, effective marketing, sales, and customer support, facilitated collaborative activities support Productivity enhancements: enables just-in-time information delivery, just-inreduction of information overload, productive collaboration between work groups, and training on demand. Business enhancements: enables faster time to market, potential for simultaneous engineering and collaboration, lower design and production cost, improved client relationships and creation of new business opportunities Cost reduction: results in fewer errors, improved comparison shopping, reduced travel and meeting time and cost, reduced administrative and operational cost, and elimination of paperpaperpublishing cost Information delivery: enables low-cost publishing, leveraging of legacy lowsystems, standard delivery systems, ease of maintenance and implementation, and elimination of paper-based publishing and papermailing costs.

Benefits of Extranets


RihaoRihao-Ling and Yen, added other benefits such as,

Ready access to information, ease of use, freedom of choice, moderate setup cost, simplified workflow, lower training cost, and better group dynamics. They also listed disadvantages such as, difficult to justified the investment (measuring cost and benefits), high user expectations, and drain on resouces.

E-Marketing


Marketing is an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders. E-Marketing is essentially a part of marketing E-marketing=one aspect of an organizational function and a set of processes for creating, communicating and delivering value to customers and for managing customer relationships in ways that benefit the organization and its stakeholders

E-Marketing


CustomerCustomer-centric e-marketing= e Applying, digital technologies which from online channels ( web, e-mail, database, plus mobile/wireless eand digital tv) To, contribute to marketing activities aimed at achieving profitable acquisition and retention of customers Through, improving our customers knowledge ( of their profiles, behavior, value and loyalty drivers), then delivering integrated targeted communications and online services that match their individual needs.

Hence e-marketing=achieving marketing eobjectives through the use of electronic communications technology

E-Marketing


E-marketing simply put is the application of marketing principles and techniques through electronic media and more specifically the internet. Can also be looked at as, a way of marketing a brand using the internet. Basically it is all the activities a business undertakes using the worldwide web, with the sole aim of attracting new businesses, retaining current business and developing its brand identity.

Internet tools for marketers



 

Distribution: a company can distribute through the internet A company can use the internet to build and maintain a customer relationship Money collection part of a transaction can be done online Leads can be generated by through short trial periods, before long-term signing longAdvertising Avenue for collecting direct response.

Benefits of e-marketing e 

If and when properly and effectively implemented, the ROI from eemarketing will far exceed that of traditional marketing. It is at the forefront of reengineering or redefining the way businesses interact with their customers. Most of the benefit can be derived from the
REACH: truly global reach and cost reduction Scope: wide range of products and services Interactivity: two way communication path Immediacy: provide an opportunity for immediate impact targeting: savvy marketers can easily have access to the niche markets they need for targeted marketing Adaptivity: real time analysis of customer responses leading to minimal advertising spend wastage. Access to unlimited information to customers without human intervention personalization Enables transaction between firms and customers that will typically require human intervention

Other benefits include,

Limitations of e-marketing e

Some of the limitations of e-marketing eincludes

Lack of personal approach Dependability on technology Security, privacy issues Maintenance costs due to a constantly evolving environment Higher transparency of pricing and increased price competition Worldwide competition through globalization

E-Commerce framework
E-Commerce applications Direct marketing, online Banking, E-government, E-purchasing, job search, M-commerce, auctions, consumer services, etc PILLARS
People Buyers, sellers, Intermediaries, IS people, and management Public policy Support services Marketing & Adv. Partnerships Taxes, legal, Logistics, payt, Marketg research, Joint ventures, privacy issues, Content, & promotions, Exchanges, Regulations and security & web content E-marketplace Tech. standards systems dev. & consortia

Business

INFRASTRUCTURAL SUPPORT
Common business Serv. Infrastture (security, smart cards/ Authentication Electronic payment etc

Massaging & info dist. Infrastture (EDI, e-mail, Hypertext, Chat rooms)

Multimedia contt & network Publishing Infrastructure (html, java, xml, Vrml etc.)

Network infrastructure (telecom, cable tv Wireless, Internet) cell phones

Interfacing Infrastructure (with database, Business partners Applications)

The need for E-Commerce security E

There is need for E-Commerce security due to the Eincreasing cyber attacks and cyber crimes. A recent survey of security practitioners yielded the following results,
Organizations continue to have cyber attacks from both in and outside of the organization The cyber attacks varied, e.g. computer virus, Net abuse ( unauthorized users of the internet) by employees, denial of services The financial losses from cyber attacks can be substantial Takes more then one type of technology to defend against cyber attacks.

Basic security issues



EC security involves more than just preventing and responding to cyber attacks and intrusion. e.g. a user connects to a Web server at a market site to obtain some product literature (Loshin 1998).
To get the literature, he is asked to fill out a Web form providing some demographic and other personal information.

What are the security concerns that can/will arise in a situation like that?

Basic security issues



From the users perspective,

How can he know, that, the Web server is own and operated by legitimate company? How does he know that the Web page and form do not contain some malicious or dangerous codes or content? How does he know that the Web server will not distribute the information to some third party?

Basic security issues



From the companys perspective,

How does the company know that the user will not attempt to break into the Web server or alter the pages and content at the site? How does the company know that the user will not try to disrupt the server so that it isnt available to others?

Basic security issues



from both parties perspective,

How does the parties know that the network connection is free from eavesdropping by a third party listening on the line? How do they both know that the information sent back and forth between the server has not been altered

Basic security issues



With transactions that involves E-payments, additional types of security must be Econfronted. Authentication: Authentication: the process by which one entity verifies that another entity is who they claim to be. Authorization: the process that ensures that a person has the right to access certain information Auditing: the process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions Confidentiality (privacy): keeping a private or sensitive information from (privacy): being disclosed to unauthorized individual, entities, or processes. Integrity: Integrity: the ability to protect data from being altered or destroyed in an unauthorized or accidental manner. Availability: Availability: the ability of a person or a program to gain access to the pages, data, or services provided by the site when they need it. Nonrepudiation: Nonrepudiation: the ability to limit parties from refuting that a legitimate transaction took place usually by the means of a signature

Types of threats and attacks



There are two types of attacks:

Technical and non-technical. non

Technical attacks: an attack perpetrated using software and systems knowledge or expertise NonNon-technical attacks: an attack that uses deceit to trick people into revealing sensitive information or performing actions that compromise the security of a network.
(social engineering): an attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access. There are two types:  Human based: based on traditional mode of communication. ( in person or over the phone)  Computer based: technical ploys used to get individuals to provide sensitive information

Types of threats and attacks



social engineering cont. The key to successful social engineering rest with the victims. combating it also rest with the victims.  Certain positions are more vulnerable than others, ( employees who deals with both confidential information and the public. E.g. secretaries, and executive assistants, database and network administrators, computer operators and call-center operators. callHow to deal with it: multi-prong approach should be used to combat it. ( multiDamle 2002) Education and training: all staff ( mostly those in vulnerable positions) must be educated about the risk, techniques used by hackers and how to combat it. Policies and procedures: for securing confidential information and measures needed to respond to and report any social engineering breaches. Penetration and testing: on regularly bases by outside expect playing the role of hackers. Staff must be debriefed after penetration test and any weaknesses corrected.

Types of threats and attacks



Technical attacks: experts usually use methodical approach. Many software tools are easily and readily available over the internet that enables a hacker to expose a systems vulnerabilities.
In 1999, Mitre corporation (cve.mitre.org) and 15 other security-related organizations started securityto count all publicly known CVEs ( common (security) vulnerabilities and exposures. CVEs: publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations. security-

Types of threats and attacks



The two very well known technical attacks that have affected the lives of millions are:
1. DDoS ( Distributed Denial of Service) attack: an attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the users computer.

DoS (Denial-of-Services) attack: an attack on the web site in (Denial-ofwhich an attacker uses specialized software to send a flood of data packets to the targeted computer with the aim of overloading its resources. DDoS software are loaded on machines known as Zombies

2.

Malware (malicious codes): they are mostly classified by the way they are propagated. They all have the potential to damage.
Malware takes a variety of forms and their names are mostly from the realworld pathogens they look-like, real look-

Types of threats and attacks



Viruses: a piece of software code that inserts itself into a host, including the operation system, to propagate. It requires the running of the host program to activate it. Cant run independently
Viruses have two components:  Propagation mechanism by which it spreads  A payload refers to the what it does once it is executed Some viruses simply spread and infect, others do substantial damage ( e.g. deleting files or corrupting the hard ware)

Worms: a program that can run independently, will consume the resources of its host from within in order to maintain itself, and can propagate a complete working version of itself onto another machine.
Major difference between a worm and a viruses: a worm can propagate between systems (mostly through a network) whiles viruses propagate locally.

Macro viruses or macro worms: executes when the application object that contains the macro is open or a particular procedure is executed. Trojan horse: a program that appears to have a useful function but that contains a hidden function that presents a security risk.
There are various forms of Trojan horse, but the one of interest is the one that makes it possible for someone else to gain access and control a persons computer other the net. This types of Trojans have two parts: server and clients. The serve is the program that runs on the computer under attack, and the client is used by the person perpetrating the attack.

Managing Security


Some basic mistakes in managing security risk, includes

Undervalued information. Few organizations have a clear understanding of the value of specific information asset Reactive security management. Most companies focus on security after an incident Narrowly defined security boundaries. Most organization are just interested in securing their internal network and dont try to understand the security issues of their supply chain partners Dated security management processes. Some organizations hardly update or change their security practices or update the security knowledge and skill of their employees Lack of communication about security responsibility. Security is often view as an IT problem and not a company problem.

Security risk management



Security risk management: is a systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks. It has four stages:
Assessment: organization evaluate their security risks Assessment: by determining their assets, the vulnerability of their system and the potential treats to these vulnerabilities. This can be done,
  

By relying the knowledge and skill of the IT personnel By using outside IT consultant or By using a honeynet to study the types of attack to which a site is being actively subjected to.

Security risk management



Honeynet: is a way to evaluate vulnerability of an organization by studying the types of attack to which a site is subjected, using a network of systems called honeypots. Honeypots: production systems ( e.g. firewalls, routers, web servers, database servers) designed to do real work but to be watched and studied as network intrusions occur.

Planning: the aim here is to arrive at a set policies defining which Planning: threats are tolerable and which arent and what is to be done in both cases.


a tolerable threat is one with a very high cost of safeguarding or the risk too low.

Implementation: involves the choose and use of particular technologies to counter the high-priority threats. high Monitoring: ongoing process to determine successful or unsuccessful measures, need for modification, find new threats, find advances in technology and locate which new business assets needs securing.

Securing EC communications


there are two types of technology to secure communication on a network.

Technologies for securing communications across the network and for securing communication on the network.

EC of all sorts rests on the concept of trust, and PAIN is used to represent the key issues of trust that arises.

Securing EC communications


Information security requires

the identification of legitimate parties to a transaction, the actions they are allowed to perform determined and limited to only those necessary to initiate and complete the transaction.


This can be achieved through an authentication system

Authentication system: is a system that identifies the legitimate parties to a transaction, determines the actions they are allowed to perform, and limits their actions to only those that are necessary to initiate and complete the transaction

Securing EC communications


Authentication system have five key elements, namely,

A person or group to be authenticated A distinguishing characteristic that asides the person or the group apart A proprietor responsible for the system being used An authentication mechanism for verifying the presence of the differentiating characteristic An access control mechanism ( a mechanism that limits the actions that can be perform by an authenticated person or group) for limiting the actions performed by the authenticated person or group

Securing EC communications


Distinguishing characteristic in an authentication system can be something

One knows (e.g. password, pass phrase, PIN ) One has (e.g. ID card, a security token, software, cell phone ) One is (e.g. fingerprint, DNA, signature, voice recognition)

Traditionally authentication systems has mostly been passwords (which are very insecure) Stronger security can be achieved by combining what someone knows with something one has ( technique know as two factor authentication T-FA) T-FA)

Securing EC communications


Tokens: there are two types of

Passive tokens: storage devices used in a two-factor authentication system that twocontain a secret code Active tokens: small stand-alone standelectronic devices in a two-way twoauthentication system that generate oneone-time passwords.

Securing EC communications


Biometric Systems: authentication systems that identifies a person by measuring biological characteristic such as fingerprints, iris (eye) pattern, facial features or voice There are two forms of biometrics
Physiological biometrics: measurements derived directly from different parts of the body (e.g. fingerprints, iris, hand, facial characteristics) Behavioral biometrics: measurement derived from various actions and indirectly from various body parts (e.g. voice scan or keystroke monitoring)

Securing EC communications


Fingerprinting scanning: measurement of the discontinuities of a person fingerprint, converted to a set of numbers that are stored as a template and use to authenticate identity Iris scanning: measurement of the unique spots in the iris (colored part of the eye) converted to a set of numbers that are stored as a template and used to authenticate identity Voice scanning: measurement of the acoustical patterns in speech production, converted to a set of numbers that be stored as a template and used to authenticate identity. Keystroke monitoring: measurement of the pressure, speed, and rhythm with which a word is typed, converted to a set of numbers and stored as a template and used to authenticate identity.

Securing EC communications


Public key infrastructure (PKI): a scheme for securing e-payments using public key eencryption and various technical components. Encryption: the process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time consuming for an authorized person to unscramble (decrypt) it.
All encryptions has four basic parts.

Securing EC communications


Plaintext: an unencrypted message in human-readable humanform. Encryption algorithm: mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa Key: secret code used to encrypt and decrypt a message Ciphertext: a plaintext message after it has been encrypted into a machine readable form
There are two form of encryption systems
 

Symmetric system and Asymmetric system

Securing EC communications


Symmetric (private) Key system: an encryption system that uses the same key to encrypt and to decrypt the message.
The key is only know to the sender and the receive (hence the name private key)

Asymmetric (public) key encryption: encryption that uses a pair of matched keys, a public key to encrypt and a private key to decrypt it or vise versa.
Public key: encryption code that is publicly available to anyone Private key: encryption code that is know only to the sender and the receiver (owners).

Securing EC Networks


Many technologies exist to ensure that an organizations networks is secured or detected when intruded.
Firewall: a network node consisting of both hardware and Firewall: software that isolates a private network from a public network. Personal firewall: a network node designed to protect an firewall: individual users desktop system from the public network by monitoring the traffic that passes through the computers network interface. Virtual private networks (VPN): a network that uses the (VPN): public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network Intrusion detection systems (IDS): a special category of (IDS): software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated actions based on what it sees.

Business models in E-Commerce E

Business model: a method of doing business by which a company can generate revenue to sustain itself. Structure of business models: structure of business models varies greatly based on the company, and the industry environment.
Weill and Vitale (2001) 8 atomic business model
       

Direct marketing, intermediary, content provider, full service provider, shared infrastructure, value net integrator, virtual community, and consolidator of services (for large organizations)

Business models in E-Commerce E Each of this models is characterized by

Strategic objectives  Source of revenue  Critical success factors  Core competencies required


These models must specified

Their revenue models  Value propositions


Revenue model


Revenue model: how an EC project or company will make or earn money. Major revenue models are,
Sales: revenue from selling on their web site or providing services Transaction fees: commissions based on the volume of transactions made. ( fixed or incremental) Subscription: payment of fees usually monthly or quarterly to get some type of service Advertising fees: companies charge others for placing ads on their sites Affiliate fee: companies get paid for referring customers to other sites Other revenue models: game sites, licensing fees etc.

Value proposition


Value proposition: the benefits a company can derive from using EC. (B2C EC e.g. defines how a companys product or service fulfills the needs of customers.
Specifically how does for example e-marketplaces create value? e-

Amit & Zott (2001) identified 4 sets of values  Search & transaction cost efficiency: Enables faster and more informed decision making, wider product and service selection etc  Complementarities: bundling some goods and services together to provide more value than when offered separately  Lock-in: high switching cost that ties customers to certain Locksuppliers  Novelty: developing innovative ways for structuring transactions, connecting partners, and fostering new markets

Value proposition
Bakos (1991) values,  Reduced search cost  Significant switching cost  Economics of scale and scope  Network externality Other value propositions,  Demand (and/ supply) aggregation: affords suppliers with wider market access and buyers with more choices and both with competitive prices and


Interfirm collaborations: enables business participants to deepen their business relationships leading to improvement in individual business processes and overall supply chain performance

Types of business models in EC



Online direct marketing: selling online from a manufacturer to a customer (e-tailing) (eElectronic tendering system: (tendering, reverse auction) buyers request would be sellers to submit bids for an item/service/project and the lowest bidder wins Name-yourName-your-own price: a buyer sets the price he wants to pay for a product/service Find the best price: a buyer submits its needs and an intermediate matches it against a database of sellers, locates the lowest price and submit it to the buyer to accept or reject. Affiliate marketing: marketing partner refers consumers to a selling companys web site for a commission (virtual commissioned sales force)

Types of business models in EC



Viral marketing: Web-based word-of-mouth marketing in which a Webword-ofcustomers promotes a product or service to friends or other people Group purchasing: quantity purchasing that enables groups of purchasers to obtain a discount price on the products purchased (demand aggregation) Online auctions: bidding for products and services with the highest bidder getting the item. Product and service customization: creation of a product or service to meet the buyers specifications. Electronic marketplaces and exchangers: a space in which sellers and buyers exchange goods and services for money (or for other goods and services) electronically.

Electronic payments (e-payment) (e

E-payments: payments made electronically rather than by paper (cash, checks, vouchers, etc) Electronic payments methods expedite payments online and reduces processing costs, but must it must be safe and trusted by users. The major methods of e-payments in use eincludes,

Electronic payments (e-payment) (e    

Electronic payment cards (credit, debit, charge) Virtual credit cards E-wallets (or e-purses) eSmart cards Electronic cash (several variations)
Wireless payments Stored-valued cards payment StoredLoyalty cards Person-to person payment cards PersonOther methods used mostly for B2B payments

Payments made electronically at kiosk

     

Electronic checks Purchasing cards Electronic letters of credit Electronic funds transfer (ETF) Electronic benefit transfer (EBT) Etc The underling similarity is the ability to transfer or make a payment from one person or party to another person or party over a network without face-to-face interaction. face-to-

Electronic payments (e-payment) (e

Whatever the payment method is, five parties may be involved,

Customer/payer/buyer: the party making the e-payment in exchange efor goods or services Merchant/payee/seller: the party receiving the e-payment in exchange efor goods or services Issuer: the banks or the non-banking institutions that issued the enonepayment instrument used to make the purchase Regulator: usually a government agency whose regulations control the e-payment process Automated Clearing House (ACH): an electronic network that transfers money between bank accounts. Issuers play a key role in online purchases for 2 reasons,
 

Customers must obtain their e-payment accounts from an issuer eIssuers are mostly involved in authenticating a transaction and approving the amount involved. Because buyers and seller are not at the same place to exchange their goods and services, issues of trust arise, and PAIN has been devised to address such issues.

Electronic payments (e-payment) (e

Characteristic of successful e-payment methods e How do u get buyers to adopt a method when there are few sellers using it? And how do you get sellers to adopt a method when very few buyers are using it? (chicken and egg problem)

Some factors or characteristics or successful e-payment are, e independence: e-payment that require the payer to install specialized ecomponents are less likely to succeed Interoperability and portability: an e-payment system must mesh with existing einterlinked systems and applications and must be supported by standard computing platforms Security: the risk for the payee must be higher the payer (must be very safe) Anonymity: e-payment systems must be anonymous to hide the identity of those ewho wants to remain so Divisibility: must be usable for both high and low purchases Ease of use: must be pretty easy to use Critical mass: a critical mass of vendors must be willing to accept the payment, conversely a critical mass of places to acquire the payment methods must exist

Electronic payments (e-payment) (e

 

Using e-payment reduces transaction cost by 30 eto 50 percent compared to off-line payments offIt is faster Makes it possible to conduct business across geographical and political boundaries (greatly enhancing the possibility of international deals and transactions E-payment is very important in EC because,
There is no trade without a payment system A good and secured payment system increases the trust and confidence of buyers

Electronic payments (e(epayment)

Electronic cards: are plastic cards that contain digitized information, that can be used for payment and for other purposes such as identification and access to secure locations.
Payment cards: electronic cards that contains information that can be used for payment purposes. there three types of payment cards


Credit cards: providers the holder with a credit to make purchases up to a limit fixed by the issuers. (users normally dont pay any fee for using it, just a high interest on their unpaid balance) Charge cards: are like monthly loans given to the user, that he/she is required to pay back in full at the end of the month or upon receipt of monthly statement. (usually no interest is paid on such cards, just an annual fee and or severe penalty for failure to pay balance in full) Debit cards: with a card the money for a transact comes directly from the users account

Electronic payments (e-payment) (e

Virtual credit cards: a payment system in which the issuer gives a special transaction number that can be used online in place of a regularly credit card number. E-wallets: is a software component in which a user stores credit card numbers and other information; when shopping online, the user simply clicks the e-wallet eto automatically fill in information needed to make a purchase.

Electronic payments (e-payment) (e

Smart Cards: an electronic card contains an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card.
Some applications of smart cards:


 

Loyalty cards; retailers are using loyalty cards to identify their loyal customers and reward them Financial application; financial institutions, payment associations, credit cards, debit cards, charge card issuers are all using smart cards to extend the traditional card payment services Transportation Identification; smart cards fits perfectly in the identification market

Electronic payments (e-payment) (e

Electronic cash: the digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items. low E-cash has various variations;
   

Wireless payments StoredStored-value cards E-loyalty P2P payment: e-payment schemes that allows the transfer eof funds between two individuals

Payment made electronically at kiosk; customers acting as cashiers and checking themselves out.

Electronic payments (e-payment) (e-