SICS 3653: E-COMMERCE

AND E-BUSINESS
Ebenezer Nortey Yebuah
(ETONY)
 outline
 Introduction to E-Commerce
• Definition of E-Commerce and E-business
• Major types of E-Commerce (briefly)
• History of E-Commerce
• Benefits of E-Commerce to
 Organizations
 Consumers
 society
• Limitations of E-Commerce
 The digital economy
• The new Business environment
• Business pressures
• Organizational responses
 E-Marketing
• E-marketing issues
• Economics of E-marketing
• Effects of marketing on organizations
 E-Commerce technology/infrastructure
 Communications network
 Security and legal issues
• Need for E-Commerce security
• Basic security issues
• Types and treats and attacks
• Security risk management
• Securing E-Commerce communication
 Business models for E-Commerce
 Implementation of E-business systems
 Definition of E-Commerce and
business
 E-Commerce: the process of buying, selling, or exchanging products,
services, and information through computer networks.

• Communication: the delivery of goods, services, information, or payment

electronically

• Commercial: the ability to buy and sell products, services, and information
electronically

• Business process: completing business process electronically i.e. replacing

physical process with information

• Services: tool for improving the quality of customer services, and increasing
the speed of service delivery whiles cutting cost
• learning: enables online training and educations

• Collaborative: supports inter and intraorganizational collaboration

• Community: provides a meeting place for members to learn and collaborate.

 Definition of E-Commerce and
business
 Commerce: transactions between
business partners. (electronically=e-
commerce)

 E-business: the buying and selling

of goods and services and also
serving customers, collaboration with
business partners, and conducting
electronic transactions with an
organization.
 Definition of E-Commerce and
business
 Various forms of E-Commerce based on the level
of digitalization,
 Of the products/services
 The process
 The delivery agent

 Brick and mortar organization: zero digitalization i.e.

pure physical organization.
• Conduct all their business activities on physically

 Virtual organizations : digitalization of 1 i.e. (pure play)

• Does all business tractions inline.

 Click and mortar: partial digitalization i.e. click and mortar

• Has an online presence, but does basic business processes physically
 Types of E-Commerce
 The nature or transaction or interaction is mostly used to class the
E-Commerce
• Business-to-business B2B: transactions between business partners

• Business-to-consumer C2C: transactions between business

organizations and individual shoppers

• Consumer-to-business C2B: transaction in which individuals sell

products and services to business

• Consumer-to-consumer C2C: transactions between individual

consumers

 Interdisciplinary nature of E-Commerce: computer science,

marketing, consumer behavior, finance, economics, management
information systems, accounting, management, business, law,
robotics, public administration and engineering.
 History
 Electronic funds transfer (early 1970s)
“It use was mostly limited to large organizations, financial
institutions, and a few hardcore business”

 Electronic Data Interchange,

“use to transfer routine documents, which expanded electronic
transfers from financial institutions to manufacturers, retailers,
services industries etc”

 Internet and the world wide web: the

commercialization of the internet, saw the coining of the
term E-COMMERCE.
E-Commerce applications quickly multiplied due to the rapid
development of new networks, protocols, and EC software, due to
increase in competition and other business pressures

 There has been many innovative applications, ranging from

online direct sales to E-learning.
 Benefits of E-Commerce
 The E-Commerce revolution is as profound as the
change that accompanied the industrial revolution
(Clinton and Gore 1997)

 E-Commerce enormous potential benefits to

organizations, individuals and society, considering

• The global nature of the technology

• The opportunity to reach millions of people
• Its interactive nature
• The variety of possibilities for its use
• The resourcefulness and rapid growth of its supporting
infrastructure (especially the web)
 Benefits of E-Commerce
 Organizational benefits

• Global reach: can easily and quickly locate the best suppliers, more customers
and more suitable business partners. i.e. buy cheaper and sell more.
• Cost reduction: EC decreases the cost of creating, processing, distribution,
storing and retrieving paper-based information.
• Supply chain improvement: supply chain inefficiencies can be minimized e.g..
Inventory and deliver delays
• Extended hours:24/7/365
• Customization: pull-type production (build-to-order)
• New business models: tendering (reverse auction), name-your-own-price model,
affiliate marketing, viral marketing etc.
• Vendors’ specialization: EC enables high degree of specialization
• Lower communication cost: EC lowers telecommunications cost.
• Efficient procurement: EC can reduce administrative cost, purchasing prices, and
reducing cycle time.
• Improved customer relations: EC enable close customer relations
• Up-to-date company material: EC enables company information to be updated
by the minute
• No city business permits and fees
• etc
 Benefits of E-Commerce
 Consumer benefits

• ubiquity: EC allows shopping 24/7/365 from almost any

location.
• More products and services: EC gives more choices.
• Cheaper products and services: EC providers price variety
for goods and services
• Instant delivery: e.g. digitized product
• Information availability: relevant and detailed information
in seconds
• Participate in auctions: virtual auctions
• Electronic communities: consumers can interact with other
consumers
• Get it you way: customization and personalization of
products and services
• No sales tax: most online sales are tax free
 Benefits of E-Commerce
 Societal benefits

• Telecommuting: more people work and shop

at home
• Higher standard of living: competitive prices
allow lower income earners to shop more
• Hope for the poor: great opportunity for the
poor to sell, buy and learn new skills
• Availability of public services: health care,
education, and distribution of government
social services can be done at a reduce cost to
a large number of people.
 Limitations
 Technological
• Lack of universally accepted standards for quality,
security, and reliability
• Telecommunication bandwidth is insufficient (mostly for
m-commerce)
• Software development tools are still evolving.
• Difficulties in integrating the internet and EC software
applications and databases.
• Special web servers are needed in addition to the
network servers (added cost)
• Internet accessibility is still expensive and/ or
inconvenient
• Order of fulfillment of large-scale B2C requires special
automated warehouses
 Limitations
 Non-technological
• Security and privacy concerns deter some customer from
buying
• Lack of trust in EC and in unknown sellers hinder buying
• Many legal and public policy issues, including taxations,
remain unresolved
• National and international government regulations sometimes
get in the way
• Difficulty in measuring some benefits in EC. (e.g. advertising,)
lack of matured measurement methodology
• Some customers like to touch and feel the product
• Adamant to change from physical to virtual store
• Lack of trust in paperless, faceless transactions
• Insufficient number (critical mass) of sellers and buyers (some
cases) needed to make profit
• Increasing number of fraud on the net
• Difficulty to obtain venture capital due to the dot-com disaster
 Digital Economy
 The Digital revolution
• Digital Economy: an economy that is based on digital technologies, including
digital communications networks, computers, software, and other related
information technologies.

 Digital networking and communications infrastructures provides the global

platform over which people and other organizations interact,
communicate,, collaborate and search for information.

 Choi and whinston says this platform is characterized by

• A vast array of digital products: databases, news & information, books, software
ETC, that delivered over a digital infrastructure any time, anywhere in the world

• Consumers and firms conducting financial transaction digitally through digital

currencies or financial tokens that are carried via network computers and mobile
devices

• Microprocessors and networking capabilities embedded in physical goods such as

home appliances and automobiles
 Digital Economy
 Digital economy: the convergence of computing and
communications technology on the internet and other networks
and the resulting flow of information and technology that is
stimulating e-commerce and vast organizational changes.

 This convergence is enabling all types of information (data, audio,

video, etc) to be stored, processed, and transmitted over
networks to many destinations worldwide

 The digital economy is creating a digital revolution, evidence by

unprecedented economy performance and the longest period of
uninterrupted economic expansion in certain parts of the world.

 Web-based E-Commerce systems are accelerating the digital

revolution by providing competitive advantage to organizations
The new business environment
 Highly competitive (due to economic,
societal, legal and technological
factors)

 Quick and sometimes unpredictable

change

 The need for more production, faster

and with fewer resources
The new business environment
 Huber (2003) “new business environment
created due to accelerated advances in
science”

 This advances creates scientific knowledge

 This scientific knowledge feeds on itself

resulting in more and more technology

 Rapid growth in technology results in a

large variety of more complex systems.
The new business environment
 As a result the business environment is
characterized by
• A more turbulent environment ( more business
problems and opportunity)
• Stronger competition
• Frequent decision making by organizations
• Large scope for decisions considerations
(market, competition, political and global)
• More information/knowledge needed for
decisions
 Pressure on businesses
 Market and economic
• Strong competition
• Global economy
• Regional trade agreement
• Extremely low labour cost in some
regions
• Frequent and significant changes in
markets
• Increase power of consumers
 Pressure on businesses
 Societal
• Changing nature of workforce
• Government deregulation- more
competition
• Shrinking government subsidies
• Increased importance of ethical and
legal issues
• Increased social responsibility of
organizations
• Rapid political changes
 Pressure on businesses
 Technological
• Increasing innovations and new
technologies
• Rapid technological obsolescence
• Rapid decline in technology cost versus
performance ratio
 Pressure on businesses
 Business as usual no more enough (price
reduction & closure of unprofitable facilities)

 Need for new innovations (critical response

activities)
• Customization
• Creating new products
• Providing superb costumers services

 E-commerce facilitate most of these responses

 Organizational responses
 Strategic systems: provides org. with
strategic adv.
• Increase their market share
• Better negotiation with their suppliers
• Prevent competitors from entering their
territory
e.g. FedEx tracking system

 Continuous improvement efforts & BPR:

continuous efforts to improve productivity,
quality and customer services
• E.g. Dell ERP and Intel’s customer tracking
 Organizational responses
 Customer relationship management: e.g. personalization, sales-
force automation

 Business alliances: org. enter collaborate for mutual benefit aided

mostly by e-commerce.

 Electronic markets

 Reduction in cycle time & time to market: e.g. use of extranet

 Empowerment of employees: the ability to take decision on

costumers (decentralization)

 Supply chain improvement:

• Reduce supply chain delays
• Reduce inventories
• Eliminate inefficiencies
 Organizational responses
 Mass customization: production of large
customized items ( in an efficient way)

 Intra-business: from sales force to

inventory control

 Knowledge management: the process

creating or capturing knowledge, storing
and protecting it, updating, maintaining
and using it.
 Combining it
 How can org. turn digital to gain
competitive adv by using EC?
• Right connective networks
 Brick & mortar against digital
 Brick & mortar
• Selling in physical stores
• Selling tangible goods
• Internal inventory/production
planning
• Paper catalogs
• Physical marketplace
• Physical & limited auctions
• Broker-based service transactions
• Paper-based billing
• Paper-based tendering
• Push production
• Mass production (standard)
• Physical based commission
marketing
• Word-of-mouth slow
advertisement
• Linear supply chain
• Large amount of capital needed
• Cost>value
 Digital
• Selling online
• Selling digital goods
• Online collaborative inventory
forecasting
• Smart e-catalogs
• Electronic market-space
• Online auctions everywhere,
anytime
• Electronic Info-mediaries, value
added services
• Electronic billings
• Pull production
• Mass customization
• Affiliate, viral marketing
• Explosive viral marketing
• Hub-based supply chain
• Less capital needed
• Small fixed cost
• Cost=value
 Electronic marketplaces
 Electronic marketplace: a space in which
sellers and buyers exchange goods and
services for money (or for other goods and
services) electronically.

 Functions of markets:
• matching buyers and sellers
• Facilitating exchanges of goods/services and
payments associated with market transactions
• Provide institutional infrastructure
 Electronic marketplaces
 Together with IT, EC has greatly
increased market efficiencies
• by expediting or improving the
functions of market
• And lowering transaction and
distribution cost
• Leading to a well-organized “friction-
free” markets
 Market-space components
 Customers: the hundreds of millions of people surfing the web are
potential buyers of goods/services offered on the net. They looking for
• good deals
• Customized items
• Collectors items
• Entertainment etc
 Organizations are the major consumers of EC activities. (85%)

 Sellers: millions of storefronts on the Web offering a huge variety of

products. ( sells can be done directly from sellers site or from E-
marketplaces

 Products: both physical and digital products (what are the advantages
of a digital product?)

 Infrastructure: hardware, software, networks etc.

 Market-space components
 Front end: the portion of an e-seller’s business processes through
which customers interact, e.g. seller’s portal, e-catalogs, shopping
cart, search engine and payment gateway

 Back end: activities that support online order-taking. E.g. order

aggregation and fulfillment, inventory management, purchasing
from suppliers, payment processing, packaging and delivery

 Intermediaries: create and manage online markets. Match buyers

and sellers, provide some infrastructure services to and help
buyers/sellers to institute and complete transaction. (mostly
operate as computerized systems)

 Other business partners: includes business collaboration mostly

along supply chain.

 Support services: ranging from certification to trust services

 Types of electronic markets
 There are various types of marketplaces
• B2C
 Electronic storefronts
 Electronic malls
• B2B
 Private e-marketplace
• Sell-side
• Buy-side
 Public e-marketplaces
 consortia
 Types of electronic markets
 B2C
• Electronic storefronts: single company’s Web site where
product/services are sold (electronic store)
 A storefront has various mechanism for conducting sale
• Electronic catalogs (presentation of product information in an
electronic form)
• A search engine ( a program that can access a database of
Internet resources, search for specific information/keywords,
and report the result)
• An electronic shopping cart: order processing technology that
allow shoppers to accumulate items they wish to buy while
they continue to shop)
• E-auction facilities
• A payment gateway etc.

• Electronic malls: an online shopping center where many

stores are located
 Types of electronic markets
 B2B
• Private E-Marketplace: owned by a single company
 Sell-side E-Marketplace: a private e-market in which a
company sells either standard or customized to qualified
companies
 Buy-side: a private e-market in which a company buys
from invited suppliers

• Public E-Marketplace: e-market usually owned by am

independent 3rd party with many buyers and many
sellers (exchanges)

• Consortia: usually owned by a small group of major

sellers or buyers usually in the same industry

• What is a vertical and horizontal e-market place?

 Auctions
 Auctions: a market mechanism by which a seller
places an offer to sell a product and buyers make
bids sequentially and competitively until a final
price is reached.

 Limitations to offline auctions:

• Short time for each item (little time to make decision to
bid or not)
• Sellers don’t get the right price (or buyers pay more)
• Little time to examine product
• Physical presences limits the potential bidders
• Difficulty in moving goods to auction sites
• Pay of rents or auction sites, advertisement and
payment of auctioneers and employees add to cost
 E-Auctions
 Electronic auctions (e-auctions): auctions
conducted online.
• Dynamic pricing: change in price due to
demand and supply relationships at any given
time.
 Dynamic pricing has several forms (bargaining and
negotiations)
 There are 4 major forms of dynamic pricing
depending on how many buyers or sellers there are,
• One buyer, one seller
• One seller, many potential buyers
• One buyer, many potential sellers
• Many buyers, many sellers
 E-Auctions
 One seller, one buyer: negotiations, bargaining and bartering usually used. (Prices
mostly determined by each party’s bargaining power as well as demand and supply
in the market and possibly the business environment)

 One seller, many buyers: (forward auction) a seller entertains bids from buyers.
• English and Yankee auctions: prices increase as auctions progress
• Dutch and free fall: prices go down as auctions progress
 Assignment (what is English, Yankee, Dutch and free fall auctions) to be submitted before mid-day 29th
Feb.. 2008

 One buyer, many sellers:

• Reverse auctions: a buyer places an item for bidding (tendering) on a request for quote (RFQ)
system, potential sellers bid for the item with price reducing sequentially until no more
reductions and the lowest bidder wins (mostly B2B G2B mechanism)
• Name-your-own-price model: a buyer specifies the price ( and other terms) they willing to buy
to able suppliers. (mostly C2B model started by priceline.com)

 Many sellers, many buyers: (double auction) multiple buyers and their bids are
much with their multiple sellers and their asking prices, considering the quantities.

Benefit to sellers
Increase revenues from
broadening customer base
and shortening cycle time.
Chance to bargain instead
of a buying at a fixed price.
Optimal price setting
determined by the market
Can liquidate large
quantities quickly
Improved customer
relationship and loyalty
E-Auctions
Benefits to buyers Benefits to e-auctioneers
 Opportunity to find unique Higher repeat purchase
items and collectible.
High stickiness to the web
Entertainment. site
Anonymity, with help of a Expansion of the auction
3rd party, buyers can be business.
anonymous
Convenience, can bid from
anywhere with any
connected gadget. No need
to travel to the auction site
 E-Auctions
 Limitations: major limitations are,
• Lack of security
• Possibility of fraud
• Limited participation
 Types of E-Auction Fraud
 Bid shielding: having fake
(phantom/ghost) bidders bid at very high
prices and then later pull out at the last
minute
 Shilling: placing fake bids on auction items
to artificially jack up the bidding price
 Fake photos and misleading descriptions
 Improper grading techniques
 Selling reproductions
 Types of E-Auction Fraud
 Failure to pay
 Failure to pay the auction house
 Inflated shipping and handling cost
 Failure to ship merchandise
 Loss and damage claims
 Switch and return
 Other frauds, e.g. sale of stolen goods, the
use of fake ids, selling to multiple buyers
Protecting against E-Auction Fraud
 User id verification
 Authentication service
 Grading services
 Feedback
 Insurance policy
 Escrow service
 Nonpayment punishment
 Appraisal
 Physical
 verification
 Communications and networks
 The extranet is the major network structure used in e-market
place and exchanges.
• Extranets connects both the internet and the companies individual
intranets.
 Internet: a public, global communications network that provides
direct connectivity to anyone over a LAN through an ISP or
directly though ISP

 Intranet: a corporate LAN or WAN that uses internet technology

and is secured behind a company’s firewall.
• It operates as a private network with limited access (only employees
with authorization can use it)
• It usually contains sensitive information
• It can be used to enhance communication and collaboration among
authorized employees, customers, suppliers, and other business
partners
• Because access is though the net, it doesn’t require any additional
implementation of leased network
Communications and networks
 Extranets: a network that uses a virtual
private network (VPN) to link intranets in
different locations over the internet
(extended internet)
• VPN: a network that creates tunnels of secured data
flows, using cryptography and authorization
algorithms, to provide communications over the public
internet.
• Provides secured connectivity between a
corporation’s intranet and the intranets of its
business partners, material suppliers, financial
services, government, and customer.
• Access is mostly limited and highly controlled
 Benefits of Extranets
 Szuprowics’s five benefits categories of extranets
• Enhanced communication: enables improve internal communications,
improved business partnership channels, effective marketing, sales,
and customer support, facilitated collaborative activities support
• Productivity enhancements: enables just-in-time information delivery,
reduction of information overload, productive collaboration between
work groups, and training on demand.
• Business enhancements: enables faster time to market, potential for
simultaneous engineering and collaboration, lower design and
production cost, improved client relationships and creation of new
business opportunities
• Cost reduction: results in fewer errors, improved comparison shopping,
reduced travel and meeting time and cost, reduced administrative and
operational cost, and elimination of paper-publishing cost
• Information delivery: enables low-cost publishing, leveraging of legacy
systems, standard delivery systems, ease of maintenance and
implementation, and elimination of paper-based publishing and mailing
costs.
 Benefits of Extranets
 Rihao-Ling and Yen, added other benefits
such as,
• Ready access to information, ease of use,
freedom of choice, moderate setup cost,
simplified workflow, lower training cost, and
better group dynamics.
• They also listed disadvantages such as, difficult
to justified the investment (measuring cost and
benefits), high user expectations, and drain on
resouces.
 E-Marketing
 Marketing is an organizational function and a set
of processes for creating, communicating and
delivering value to customers and for managing
customer relationships in ways that benefit the
organization and its stakeholders.

 E-Marketing is essentially a part of marketing

 E-marketing=one aspect of an organizational

function and a set of processes for creating,
communicating and delivering value to customers
and for managing customer relationships in ways
that benefit the organization and its stakeholders
 E-Marketing
 Customer-centric e-marketing=
• Applying, digital technologies which from online
channels ( web, e-mail, database, plus mobile/wireless
and digital tv)
• To, contribute to marketing activities aimed at achieving
profitable acquisition and retention of customers
• Through, improving our customers knowledge ( of their
profiles, behavior, value and loyalty drivers), then
delivering integrated targeted communications and
online services that match their individual needs.

 Hence e-marketing=achieving marketing

objectives through the use of electronic
communications technology
 E-Marketing
 E-marketing simply put is the application of
marketing principles and techniques through
electronic media and more specifically the
internet.

 Can also be looked at as, a way of marketing a

brand using the internet.

 Basically it is all the activities a business

undertakes using the worldwide web, with the
sole aim of attracting new businesses,
retaining current business and developing its
brand identity.
 Internet tools for marketers
 Distribution: a company can distribute
through the internet
 A company can use the internet to build
and maintain a customer relationship
 Money collection part of a transaction can
be done online
 Leads can be generated by through short
trial periods, before long-term signing
 Advertising
 Avenue for collecting direct response.
 Benefits of e-marketing
 If and when properly and effectively implemented, the ROI from e-
marketing will far exceed that of traditional marketing.
 It is at the forefront of reengineering or redefining the way businesses
interact with their customers.
 Most of the benefit can be derived from the
• REACH: truly global reach and cost reduction
• Scope: wide range of products and services
• Interactivity: two way communication path
• Immediacy: provide an opportunity for immediate impact
• targeting: savvy marketers can easily have access to the niche markets they
need for targeted marketing
• Adaptivity: real time analysis of customer responses leading to minimal
advertising spend wastage.
 Other benefits include,
• Access to unlimited information to customers without human intervention
• personalization
• Enables transaction between firms and customers that will typically require
human intervention
 Limitations of e-marketing
 Some of the limitations of e-marketing
includes
• Lack of personal approach
• Dependability on technology
• Security, privacy issues
• Maintenance costs due to a constantly evolving
environment
• Higher transparency of pricing and increased
price competition
• Worldwide competition through globalization
 E-Commerce framework

E-Commerce applications
Direct marketing, online Banking, E-government, E-purchasing,
job search, M-commerce, auctions, consumer services, etc

PILLARS
Business
People Public policy
Marketing & Adv.
Support services
Buyers, sellers, Taxes, legal, Logistics, pay’t,
Partnerships
Market’g research, Joint ventures,
Intermediaries, privacy issues, Content, &
promotions, Exchanges,
IS people, and Regulations and security
& web content E-marketplace
management Tech. standards systems dev.
& consortia
INFRASTRUCTURAL SUPPORT
Common business Massaging & Network
Multimedia cont’t Interfacing
Serv. Infrast’ture info dist. infrastructure
& network Infrastructure
(security, (telecom,
Infrast’ture Publishing (with database,
smart cards/ cable tv
Authentication (EDI, e-mail, Infrastructure
Wireless,
Business partners
Hypertext, (html, java, xml, Applications)
Electronic payment Internet)
Vrml etc.)
The need for E-Commerce security
 There is need for E-Commerce security due to the
increasing cyber attacks and cyber crimes.
 A recent survey of security practitioners yielded
the following results,
• Organizations continue to have cyber attacks from both
in and outside of the organization
• The cyber attacks varied, e.g. computer virus, Net
abuse ( unauthorized users of the internet) by
employees, denial of services
• The financial losses from cyber attacks can be
substantial
• Takes more then one type of technology to defend
against cyber attacks.
 Basic security issues
 EC security involves more than just
preventing and responding to cyber
attacks and intrusion.
 e.g. a user connects to a Web server at a
market site to obtain some product
literature (Loshin 1998).
• To get the literature, he is asked to fill out a
Web form providing some demographic and
other personal information.
 What are the security concerns that
can/will arise in a situation like that?
 Basic security issues
 From the user’s perspective,
• How can he know, that, the Web server
is own and operated by legitimate
company?
• How does he know that the Web page
and form do not contain some malicious
or dangerous codes or content?
• How does he know that the Web server
will not distribute the information to
some third party?
 Basic security issues
 From the company’s perspective,
• How does the company know that the
user will not attempt to break into the
Web server or alter the pages and
content at the site?
• How does the company know that the
user will not try to disrupt the server so
that it isn’t available to others?
 Basic security issues
 from both parties perspective,
• How does the parties know that the
network connection is free from
eavesdropping by a third party
“listening” on the line?
• How do they both know that the
information sent back and forth between
the server has not been altered
 Basic security issues
 With transactions that involves E-payments, additional types of security must be
confronted.

• Authentication: the process by which one entity verifies that another entity is
who they claim to be.

• Authorization: the process that ensures that a person has the right to access
certain information

• Auditing: the process of collecting information about attempts to access

particular resources, use particular privileges, or perform other security actions

• Confidentiality (privacy): keeping a private or sensitive information from

being disclosed to unauthorized individual, entities, or processes.

• Integrity: the ability to protect data from being altered or destroyed in an

unauthorized or accidental manner.

• Availability: the ability of a person or a program to gain access to the pages,

data, or services provided by the site when they need it.

• Nonrepudiation: the ability to limit parties from refuting that a legitimate

transaction took place usually by the means of a signature
 Types of threats and attacks
 There are two types of attacks:
• Technical and non-technical.
 Technical attacks: an attack perpetrated using software
and systems knowledge or expertise

 Non-technical attacks: an attack that uses deceit to trick

people into revealing sensitive information or performing
actions that compromise the security of a network.
• (social engineering): an attack that uses social pressures to
trick computer users into compromising computer networks to
which those individuals have access. There are two types:
 Human based: based on traditional mode of

communication. ( in person or over the phone)

 Computer based: technical ploys used to get individuals to

provide sensitive information

 Types of threats and attacks
 social engineering cont.
• The key to successful social engineering rest with the victims.
combating it also rest with the victims.
 Certain positions are more vulnerable than others, ( employees
who deals with both confidential information and the public. E.g.
secretaries, and executive assistants, database and network
administrators, computer operators and call-center operators.

 How to deal with it: multi-prong approach should be used to combat it.
( Damle 2002)

• Education and training: all staff ( mostly those in vulnerable positions)

must be educated about the risk, techniques used by hackers and how
to combat it.

• Policies and procedures: for securing confidential information and

measures needed to respond to and report any social engineering
breaches.

• Penetration and testing: on regularly bases by outside expect playing

the role of hackers. Staff must be debriefed after penetration test and
any weaknesses corrected.
 Types of threats and attacks
 Technical attacks: experts usually use
methodical approach. Many software tools
are easily and readily available over the
internet that enables a hacker to expose a
systems vulnerabilities.

• In 1999, Mitre corporation (cve.mitre.org) and

15 other security-related organizations started
to count all publicly known CVEs ( common
(security) vulnerabilities and exposures.
• CVEs: publicly known computer security risks,
which are collected, listed, and shared by a
board of security-related organizations.
 Types of threats and attacks
 The two very well known technical attacks that have
affected the lives of millions are:

1. DDoS ( Distributed Denial of Service) attack: an attack in

which the attacker gains illegal administrative access to as
many computers on the Internet as possible and uses these
multiple computers to send a flood of data packets to the
users computer.
• DoS (Denial-of-Services) attack: an attack on the web site in
which an attacker uses specialized software to send a flood of
data packets to the targeted computer with the aim of
overloading its resources.
• DDoS software are loaded on machines known as Zombies

2. Malware (malicious codes): they are mostly classified by the

way they are propagated. They all have the potential to
damage.
• Malware takes a variety of forms and their names are mostly
from the real–world pathogens they look-like,
 Types of threats and attacks
 Viruses: a piece of software code that inserts itself into a host, including
the operation system, to propagate. It requires the running of the host
program to activate it. Can’t run independently
• Viruses have two components:
 Propagation mechanism by which it spreads

 A payload refers to the what it does once it is executed

Some viruses simply spread and infect, others do substantial damage ( e.g.
deleting files or corrupting the hard ware)
 Worms: a program that can run independently, will consume the resources
of its host from within in order to maintain itself, and can propagate a
complete working version of itself onto another machine.
Major difference between a worm and a viruses: a worm can propagate between
systems (mostly through a network) whiles viruses propagate locally.

 Macro viruses or macro worms: executes when the application object that
contains the macro is open or a particular procedure is executed.

 Trojan horse: a program that appears to have a useful function but that
contains a hidden function that presents a security risk.
There are various forms of Trojan horse, but the one of interest is the one
that makes it possible for someone else to gain access and control a
persons computer other the net.
This types of Trojans have two parts: server and clients. The serve is the
program that runs on the computer under attack, and the client is used by
the person perpetrating the attack.
 Managing Security
 Some basic mistakes in managing security risk, includes

• Undervalued information. Few organizations have a clear

understanding of the value of specific information asset

• Reactive security management. Most companies focus on security after

an incident

• Narrowly defined security boundaries. Most organization are just

interested in securing their internal network and don’t try to
understand the security issues of their supply chain partners

• Dated security management processes. Some organizations hardly

update or change their security practices or update the security
knowledge and skill of their employees

• Lack of communication about security responsibility. Security is often

view as an IT problem and not a company problem.
 Security risk management
 Security risk management: is a systematic
process for determining the likelihood of various
security attacks and for identifying the actions
needed to prevent or mitigate those attacks. It
has four stages:

• Assessment: organization evaluate their security risks

by determining their assets, the vulnerability of their
system and the potential treats to these vulnerabilities.
This can be done,

 By relying the knowledge and skill of the IT personnel

 By using outside IT consultant or
 By using a honeynet to study the types of attack to which
a site is being actively subjected to.
 Security risk management
 Honeynet: is a way to evaluate vulnerability of an organization by studying
the types of attack to which a site is subjected, using a network of systems
called honeypots.

 Honeypots: production systems ( e.g. firewalls, routers, web servers,

database servers) designed to do real work but to be watched and studied
as network intrusions occur.

• Planning: the aim here is to arrive at a set policies defining which

threats are tolerable and which aren’t and what is to be done in both
cases.
 a tolerable threat is one with a very high cost of safeguarding or the risk
too low.

• Implementation: involves the choose and use of particular

technologies to counter the high-priority threats.

• Monitoring: ongoing process to determine successful or unsuccessful

measures, need for modification, find new threats, find advances in
technology and locate which new business assets needs securing.
 Securing EC communications
 there are two types of technology to
secure communication on a network.
• Technologies for securing
communications across the network
and for securing communication on the
network.

 EC of all sorts rests on the concept of

trust, and PAIN is used to represent
the key issues of trust that arises.
 Securing EC communications
 Information security requires
• the identification of legitimate parties to a transaction,
• the actions they are allowed to perform determined and
• limited to only those necessary to initiate and complete
the transaction.
 This can be achieved through an authentication system

 Authentication system: is a system that identifies

the legitimate parties to a transaction,
determines the actions they are allowed to
perform, and limits their actions to only those
that are necessary to initiate and complete the
transaction
 Securing EC communications
 Authentication system have five key elements, namely,
• A person or group to be authenticated

• A distinguishing characteristic that asides the person or the

group apart

• A proprietor responsible for the system being used

• An authentication mechanism for verifying the presence of the

differentiating characteristic

• An access control mechanism ( a mechanism that limits the

actions that can be perform by an authenticated person or
group) for limiting the actions performed by the authenticated
person or group
 Securing EC communications
 Distinguishing characteristic in an authentication system
can be something
• One knows (e.g. password, pass phrase, PIN )
• One has (e.g. ID card, a security token, software, cell phone )
• One is (e.g. fingerprint, DNA, signature, voice recognition)

 Traditionally authentication systems has mostly been

passwords (which are very insecure)

 Stronger security can be achieved by combining what

someone knows with something one has ( technique know
as two factor authentication T-FA)
 Securing EC communications
 Tokens: there are two types of
• Passive tokens: storage devices used in
a two-factor authentication system that
contain a secret code

• Active tokens: small stand-alone

electronic devices in a two-way
authentication system that generate
one-time passwords.
 Securing EC communications
 Biometric Systems: authentication systems that
identifies a person by measuring biological
characteristic such as fingerprints, iris (eye)
pattern, facial features or voice

 There are two forms of biometrics

• Physiological biometrics: measurements derived directly
from different parts of the body (e.g. fingerprints, iris,
hand, facial characteristics)

• Behavioral biometrics: measurement derived from

various actions and indirectly from various body parts
(e.g. voice scan or keystroke monitoring)
 Securing EC communications
 Fingerprinting scanning: measurement of the
discontinuities of a person fingerprint, converted to a set of
numbers that are stored as a template and use to
authenticate identity

 Iris scanning: measurement of the unique spots in the iris

(colored part of the eye) converted to a set of numbers
that are stored as a template and used to authenticate
identity

 Voice scanning: measurement of the acoustical patterns in

speech production, converted to a set of numbers that be
stored as a template and used to authenticate identity.

 Keystroke monitoring: measurement of the pressure,

speed, and rhythm with which a word is typed, converted
to a set of numbers and stored as a template and used to
authenticate identity.
 Securing EC communications
 Public key infrastructure (PKI): a scheme
for securing e-payments using public key
encryption and various technical
components.
 Encryption: the process of scrambling
(encrypting) a message in such a way that
it is difficult, expensive, or time consuming
for an authorized person to unscramble
(decrypt) it.
All encryptions has four basic parts.
 Securing EC communications
 Plaintext: an unencrypted message in human-readable
form.

 Encryption algorithm: mathematical formula used to

encrypt the plaintext into the ciphertext, and vice versa

 Key: secret code used to encrypt and decrypt a message

 Ciphertext: a plaintext message after it has been encrypted

into a machine readable form

• There are two form of encryption systems

 Symmetric system and
 Asymmetric system
 Securing EC communications
 Symmetric (private) Key system: an encryption
system that uses the same key to encrypt and to
decrypt the message.
The key is only know to the sender and the receive (hence
the name private key)

 Asymmetric (public) key encryption: encryption

that uses a pair of matched keys, a public key to
encrypt and a private key to decrypt it or vise
versa.

• Public key: encryption code that is publicly available to

anyone
• Private key: encryption code that is know only to the
sender and the receiver (owners).
 Securing EC Networks
 Many technologies exist to ensure that an organization’s
networks is secured or detected when intruded.
• Firewall: a network node consisting of both hardware and
software that isolates a private network from a public network.
• Personal firewall: a network node designed to protect an
individual user’s desktop system from the public network by
monitoring the traffic that passes through the computers
network interface.
• Virtual private networks (VPN): a network that uses the
public Internet to carry information but remains private by
using encryption to scramble the communications,
authentication to ensure that information has not been
tampered with, and access control to verify the identity of
anyone using the network
• Intrusion detection systems (IDS): a special category of
software that can monitor activity across a network or on a
host computer, watch for suspicious activity, and take
automated actions based on what it sees.
 Business models in E-Commerce
 Business model: a method of doing business by which a
company can generate revenue to sustain itself.

 Structure of business models: structure of business models

varies greatly based on the company, and the industry
environment.
• Weill and Vitale (2001) 8 atomic business model
 Direct marketing,
 intermediary,
 content provider,
 full service provider,
 shared infrastructure,
 value net integrator,
 virtual community, and
 consolidator of services (for large organizations)
Business models in E-Commerce
• Each of this models is characterized by
 Strategic objectives
 Source of revenue

 Critical success factors

 Core competencies required

• These models must specified

 Their revenue models
 Value propositions
 Revenue model
 Revenue model: how an EC project or company will make or earn
money. Major revenue models are,
• Sales: revenue from selling on their web site or providing services

• Transaction fees: commissions based on the volume of transactions

made. ( fixed or incremental)

• Subscription: payment of fees usually monthly or quarterly to get

some type of service

• Advertising fees: companies charge others for placing ads on their

sites

• Affiliate fee: companies get paid for referring customers to other sites

• Other revenue models: game sites, licensing fees etc.

 Value proposition
 Value proposition: the benefits a company can derive from using
EC. (B2C EC e.g. defines how a company’s product or service
fulfills the needs of customers.
• Specifically how does for example e-marketplaces create value?
• Amit & Zott (2001) identified 4 sets of values
 Search & transaction cost efficiency:

• Enables faster and more informed decision making,

wider product and service selection etc
 Complementarities: bundling some goods and services

together to provide more value than when offered

separately
 Lock-in: high switching cost that ties customers to certain

suppliers
 Novelty: developing innovative ways for structuring

transactions, connecting partners, and fostering new

markets
 Value proposition
• Bakos (1991) values,
 Reduced search cost

 Significant switching cost

 Economics of scale and scope

 Network externality

• Other value propositions,

 Demand (and/ supply) aggregation: affords suppliers
with wider market access and buyers with more
choices and both with competitive prices and

 Interfirm collaborations: enables business

participants to deepen their business relationships
leading to improvement in individual business
processes and overall supply chain performance
Types of business models in EC
 Online direct marketing: selling online from a manufacturer to a
customer (e-tailing)

 Electronic tendering system: (tendering, reverse auction) buyers

request would be sellers to submit bids for an item/service/project
and the lowest bidder wins

 Name-your-own price: a buyer sets the price he wants to pay for

a product/service

 Find the best price: a buyer submits its needs and an intermediate
matches it against a database of sellers, locates the lowest price
and submit it to the buyer to accept or reject.

 Affiliate marketing: marketing partner refers consumers to a

selling company’s web site for a commission (virtual
commissioned sales force)
Types of business models in EC
 Viral marketing: Web-based word-of-mouth marketing in which a
customers promotes a product or service to friends or other
people

 Group purchasing: quantity purchasing that enables groups of

purchasers to obtain a discount price on the products purchased
(demand aggregation)

 Online auctions: bidding for products and services with the

highest bidder getting the item.

 Product and service customization: creation of a product or

service to meet the buyers specifications.

 Electronic marketplaces and exchangers: a space in which sellers

and buyers exchange goods and services for money (or for other
goods and services) electronically.
 Electronic payments (e-payment)
 E-payments: payments made
electronically rather than by paper (cash,
checks, vouchers, etc)

 Electronic payments methods expedite

payments online and reduces processing
costs, but must it must be safe and
trusted by users.
 The major methods of e-payments in use
includes,
 Electronic payments (e-payment)
 Electronic payment cards (credit, debit, charge)
 Virtual credit cards
 E-wallets (or e-purses)
 Smart cards
 Electronic cash (several variations)
• Wireless payments
• Stored-valued cards payment
• Loyalty cards
• Person-to person payment cards
 Payments made electronically at kiosk
• Other methods used mostly for B2B payments
 Electronic checks
 Purchasing cards
 Electronic letters of credit
 Electronic funds transfer (ETF)
 Electronic benefit transfer (EBT)
 Etc

 The underling similarity is the ability to transfer or make a payment from one person
or party to another person or party over a network without face-to-face interaction.
 Electronic payments (e-payment)
 Whatever the payment method is, five parties may be involved,
• Customer/payer/buyer: the party making the e-payment in exchange
for goods or services
• Merchant/payee/seller: the party receiving the e-payment in exchange
for goods or services
• Issuer: the banks or the non-banking institutions that issued the e-
payment instrument used to make the purchase
• Regulator: usually a government agency whose regulations control the
e-payment process
• Automated Clearing House (ACH): an electronic network that transfers
money between bank accounts.

• Issuers play a key role in online purchases for 2 reasons,

 Customers must obtain their e-payment accounts from an issuer
 Issuers are mostly involved in authenticating a transaction and approving
the amount involved.

 Because buyers and seller are not at the same place to exchange their
goods and services, issues of trust arise, and PAIN has been devised to
address such issues.
 Electronic payments (e-payment)
 Characteristic of successful e-payment methods

• How do u get buyers to adopt a method when there are few sellers using it?
• And how do you get sellers to adopt a method when very few buyers are using
it? (chicken and egg problem)

 Some factors or characteristics or successful e-payment are,

• independence: e-payment that require the payer to install specialized

components are less likely to succeed
• Interoperability and portability: an e-payment system must mesh with existing
interlinked systems and applications and must be supported by standard
computing platforms
• Security: the risk for the payee must be higher the payer (must be very safe)
• Anonymity: e-payment systems must be anonymous to hide the identity of
those who wants to remain so
• Divisibility: must be usable for both high and low purchases
• Ease of use: must be pretty easy to use
• Critical mass: a critical mass of vendors must be willing to accept the payment,
conversely a critical mass of places to acquire the payment methods must exist
 Electronic payments (e-payment)
 Using e-payment reduces transaction cost by 30
to 50 percent compared to off-line payments
 It is faster
 Makes it possible to conduct business across
geographical and political boundaries (greatly
enhancing the possibility of international deals
and transactions
 E-payment is very important in EC because,
• There is no trade without a payment system
• A good and secured payment system increases the trust
and confidence of buyers
 Electronic payments (e-
payment)
Electronic cards: are plastic cards that contain digitized
information, that can be used for payment and for other
purposes such as identification and access to secure
locations.

• Payment cards: electronic cards that contains information that

can be used for payment purposes.
there three types of payment cards

 Credit cards: providers the holder with a credit to make purchases

up to a limit fixed by the issuers. (users normally don’t pay any fee
for using it, just a high interest on their unpaid balance)
 Charge cards: are like monthly loans given to the user, that he/she
is required to pay back in full at the end of the month or upon
receipt of monthly statement. (usually no interest is paid on such
cards, just an annual fee and or severe penalty for failure to pay
balance in full)
 Debit cards: with a card the money for a transact comes directly
from the users account
 Electronic payments (e-payment)
 Virtual credit cards: a payment system in
which the issuer gives a special
transaction number that can be used
online in place of a regularly credit card
number.

 E-wallets: is a software component in

which a user stores credit card numbers
and other information; when shopping
online, the user simply clicks the e-wallet
to automatically fill in information needed
to make a purchase.
 Electronic payments (e-payment)
 Smart Cards: an electronic card contains an
embedded microchip that enables predefined
operations or the addition, deletion, or
manipulation of information on the card.

• Some applications of smart cards:

 Loyalty cards; retailers are using loyalty cards to identify

their loyal customers and reward them
 Financial application; financial institutions, payment
associations, credit cards, debit cards, charge card issuers
are all using smart cards to extend the traditional card
payment services
 Transportation
 Identification; smart cards fits perfectly in the identification
market
 Electronic payments (e-payment)
 Electronic cash: the digital equivalent of paper
currency and coins, which enables secure and
anonymous purchase of low-priced items.
• E-cash has various variations;
 Wireless payments
 Stored-value cards
 E-loyalty
 P2P payment: e-payment schemes that allows the transfer
of funds between two individuals

 Payment made electronically at kiosk; customers

acting as cashiers and checking themselves out.
Electronic payments (e-payment)