Professional Documents
Culture Documents
Dilip Kumar Sen1, *Saurav Datta2, Saroj Kumar Patel3, Siba Sankar Mahapatra4
1-4
Department of Mechanical Engineering
National Institute of Technology Rourkela-769008, Odisha, INDIA
*Communicating author email: sdattaju@gmail.com/ ph no. +916612462524
ABSTRACT
Recently e-commerce (EC) has become an effective platform to interact with the society
(customer/consumer, buyer, supplier etc.) using internet resources to fulfill a variety of business
needs with a potential deduction in the cost; that too without compromising product quality. Since,
e-commerce purely depends upon the internet based transaction, the probability of online fraud,
data hijacking, information disclosure, etc. have also been increased drastically. Hence,
understanding of e-commerce risks and associated control measures have become an important
research agenda, today. In this paper, forty-eight risk sources associated with e-commerce
practices for an Indian case IT company located in South have been studied. A unified risk
assessment approach in light of decision making viewpoint has been conceptualized herein. Risk
extent corresponding to a particular risk source has been evaluated in terms of two parameters:
Likelihood of occurrence and Impact. Owing to the unavailability of quantitative historical data,
aforesaid two parameters have been assessed by human knowledge representation (linguistic
preferences) of the Decision-Makers (DMs). Later, such subjective human judgment has been
analyzed through fuzzy set theory to extract and thereby to utilize the benefit of fuzzy set theory in
tackling ambiguity, imprecision, incompleteness associated with human thought against vague (ill-
defined) measures on risk quantification formulation. Degree of Similarity (DOS) concept adapted
from Interval-Valued Fuzzy Numbers (IVFNs) set theory has been applied to categorize different
risk sources into five distinct levels: Negligible, Minor, Marginal, Critical and Catastrophic.
Amongst forty-eight risk sources, top five risk sources (under catastrophic level) have been
identified in relation to e-commerce development and subsequent execution of the case company.
Further, a relationship diagram amongst the risk sources falling under catastrophic level has been
established by using Interpretive Structural Modeling (ISM) along with MICMAC (Matriced
Impacts Croises Multiplication Appliquee a UN Classement) analysis. Appropriate action
requirement plans have also been suggested to control or minimize those risks seem to be
responsible for the downfall of e-commerce success.
can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset).
So risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets
[Source: http://www.threatanalysis.com]. Zhi (1995) and Samantra et al (2014) described risk (risk
extent R E ) as a function of two parameters (i) the likelihood (L) , which is the possibility of an
undesirable occurrence, and (ii) the impact (I ) , which is the degree of seriousness incurs when
such desirable events take place. As risk is inherently present in every step of life; e-commerce is
also affected by some sorts of risk. The foremost concern of e-commerce is to ensure full privacy
as well as data safety with peril free operation; the same can be achieved through proper
understanding of e-commerce risks and adaptation to appropriate control measures for risk
mitigation. The task of risk assessment are of three types: semi-quantitative, quantitative or
qualitative methods (Radu 2009). In this reporting, risk has been assessed in terms of qualitative
representation; an integrated decision support framework has been proposed towards effective risk
assessment associated with e-commerce. Decision making is a cognitive process that can carefully
demarcate the scope of problem environment with the help of Decision-Makers (DMs). In this
study, the role of decision makers is to provide individuals judgment in regards of likelihood of
occurrence as well as impact against e-commerce risk sources. Qualitative information as acquired
from the decision-making group being in the form of natural language representation; application
of fuzzy set theory has been found suitable to deal with the inherent ambiguity and vagueness of
decision-making data.
2. LITERATURE REVIEW
Raptis et al (2002) developed a framework based on the CORAS method for risk analysis in e-
commerce transactions. Khokhar et al (2006) developed a decision making system to evaluate
risks in e-commerce projects. Bo and Congwei, (2009) analyzed the e-commerce security risks of
commercial banks; the authors introduced a Controlled Interval and Memory (CIM) based model
to quantify the risk. Lihua et al (2011) identified various risk factors influencing the operation of e-
commerce. An e-commerce risk early-warning system was conceptualized to determine the rating
of the risk results using the unascertained c-means clustering. Agarwal and Wu (2015) examined
the factors influencing the growth potential of e-commerce and proposed an Institution-Based N-
OLI Framework for e-commerce development. Wruck et al (2016) developed a decision support
tool to assist managers in selecting appropriate risk policies and making staff planning decisions in
uncertain conditions by using multistage stochastic modeling to analyze risk optimization
approaches and expected value-based optimization.
The aim of present reporting is to develop an integrated decision support framework that can
effectively handle the qualitative risk assessment associated with the e-commerce by employing
Interval-Valued Fuzzy Numbers (IVFNs) set theory. As compared to normal fuzzy numbers,
IVFNs set theory has been found more fruitful to analyze subjective human thought. As in fuzzy
sets theory, it is often difficult for an expert to exactly quantify his/her opinion as a number in
interval [0, 1]. Therefore, it is more suitable to represent such kind of uncertainty by an interval
(Chen and Tsao, 2008; Ashtiani et al 2009; Herrera 2011). By exploring the concept of Degree of
Similarity (DOS) delineated in the IVFNs set theory, difference risk sources have been ranked and
categorized into various risk levels. The risk sources (or risk factors) belong to catastrophic
category have been analyzed further through Interpretive Structural Modeling (ISM) in order to
form an interrelationship amongst them. Motivation of this study is to the introduce an efficient
risk assessment module in fuzzy environment that may help company managers towards effective
assessment of e-commerce risks and thereby offering a framework to quantify overall risk extent
for undertaking e-commerce.
DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016
3. RESEARCH METHODOLOGY
The procedural steps to carry out this research by employing Interval-Valued Fuzzy Numbers
(IVFNs) Set Theory and Interpretive Structural Modelling (ISM) have been pointed out below.
The preliminaries of IVFNs set theory could be found in (Chen and Chen, 2007; Kaufmann and
Gupta, 1991).
Table 1. 7-members linguistic scales and corresponding fuzzy representation for risk quantification
Likelihood of Occurrence (L) Impact of risk (I) Fuzzy representation (IV fuzzy number)
Absolutely Rare (AR) Absolutely Low (AL) [(0,0,0,0,) (0, 0.1,0.1,0.15)]
Very Rare (VR) Very Low (VL) [(0,0.05,0.5,0.1) (0.1,0.25,0.25,0.35)]
Rare (R) Low (L) [(0,0.15,0.15,0.3) (0.3,0.45,0.45,0.55)]
Often (O) Moderate (M) [(0.25,0.35,0.35,0.5) (0.5,0.65,0.65,0.75)]
Frequent (F) Serious (S) [(0.45,0.55,0.55,0.7) (0.7,0.8,0.8,0.95)]
Very Frequent (VF) Critical (C) [(0.55,0.75,0.75,0.9) (0.9,0.95,0.95,1)]
Highly Frequent (HF) Highly Critical (HC) [(0.85,0.95,0.95,1) (1,1,1,1)]
In the very next step, the multiplication of likelihood of occurrence (L) and impact of risk (I )
have been carried out to compute the degree of risk (i.e. R L I ) by using the basic arithmetic
operation of two IVFNs (Step 4). Now a similarity measure (i.e. DOS) has been calculated
~ ~ ~~
between ( A) (i.e. risk extent of a particular risk source) and an ideal IVFN (B ) , where A L I
~ ~
~
i.e. degree of risk corresponding to a particular risk source and, B 1,1,1,1,1,1,1,1 and ideal IVFN.
~
Numerous methods are available in existing literature to find out the similarity measure between
two IVFNs; but in this reporting, the formula of DOS has been used as it combines the concepts of
the geometric distance, the perimeter, the height and the center-of-gravity points of interval-valued
fuzzy numbers (Wei and Chen, 2009). DOS values of all forty-eight risk sources have been
calculated as shown in Table 3 (Step 5). The DOS values falls in the range of [0, 1] and infers a
measure of how much alike two IVFNs are. If DOS value appears equal to 0, it represents that two
fuzzy numbers are completely dissimilar; on the contrary, if DOS value approaches towards 1, it
can be inferred that two fuzzy numbers (that are under comparison) are almost similar (identical).
~
Since B 1,1,1,1,1,1,1,1 has been selected as the basis for comparison; the highest DOS value
~
~
~ ~
~ ~
~ ~
~ ~
~
between ( A) and (B ) indicates that ( A) bears highest extent of similarity with (B ); (B ) being considered
~
~
as the highest possible value of risk extent representation, the particular risk source corresponding to ( A) is
to be raked fast to impose the highest degree of adverse consequence in the context of e-commerce practice.
DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016
Following this philosophy, the ranking order of different risk sources have been determined
according to their DOS values arranged in descending order (Step 6); that means a particular risk
source, for example, having degree of similarity close to 1, would likely to incur the most
severe/adverse impact on the e-commerce functioning. The identified e-commerce risk influencing
factors have been categorized next into five different levels (shown in Table 4) viz. negligible
(0.100), minor (0.100-0.120), marginal (0.120-0.150), critical(0.150-0.170) and catastrophic
(0.170) based on the crisp ranges set earlier by the decision-making team (Step 7). In this
reporting, catastrophic level corresponds to the risk sources that need to be monitored and properly
controlled thereby minimizing the change of disruption/interruption in e-commerce performance.
Top five risk sources under catastrophic level (R19, R18, R9, R47, R13) have been
selected for next phase of analysis (Step 8). Structural Self-Interaction Matrix (SSIM) has been
developed as shown in Table 5 (Step 9 and Step 10). Final reachability matrix along with
transitivity analysis from SSIM has been carried out next and results have been shown in Table 6
(Step 11). Driver power and dependence power have also been calculated and presented in Table 6
(Step 11). Level partitioning of aforementioned five risk sources has now been executed (Step 12);
and, the summary of level partitioning shown in Table 7. MICMAC analysis has been performed
(Step 13); all five risk sources have been placed into their appropriate quadrant (Figure 1) viz.
autonomous, dependent, linkage and driver. Autonomous is the risk factor which have weak
driving power and weak dependence power. It has been found that three risk sources coming under
autonomous as R9, R18, R47. Dependent is the risk factor which have weak driving power and
strong dependence power. Only R13 has appeared to be present in this quadrant. Linkage risk
factors have both strong driving and dependence power; only R19 has placed in this quadrant.
Driver risk factors have strong driving power but weak dependence power, none of the risk
sources has appeared in this quadrant. Further, the ISM has been used to establish the relationship
amongst various risk sources under catastrophic level; a relationship diagram (ISM model) has
been developed (in hierarchical form) and shown herein in Figure 2 (Step 14). Developed ISM
(Figure 2) has segregated e-commerce risk sources into a hierarchy of two different levels. Level-I
includes R13 (Site or network overload and disruption), R19 (Continuous change of system
requirements) and R18 (Technological newness). Level-II encounters R9 (Human factor-caused
equipment failure) and R47 (Different users with difference in culture customers, and business
style).
Table 3. DOS corresponding to individual risk sources and corresponding ranking order
~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~
S A L , B L S AU , BU S A, B S A L , B L S AU , BU S
A, B
Potential ~ ~ ~ Ranking Potential ~ ~ ~ Ranking
risk sources order risk sources order
Figure 2. Interpretive Structural Model (ISM) for e-commerce risk sources under catastrophic level
5. CONCLUSION
The present work aims to develop a decision support framework in order to identify and evaluate
e-commerce risks associated with an Indian case IT company by the application of IVFNs set
theory and DOS approach obtained therein. In this research, an ISM approach has also been
applied to recognize significant interrelationships and interdependencies amongst identified risk
sources (under catastrophic level). Further, a MICMAC analysis has been performed that provides
a guideline for identification followed by classification of perceived e-commerce risks in four
different quadrant/cluster based on their driving and dependence power. The above research
outcome may provide important insights to the companys risk management team leads to adopt a
proactive risk management strategy for smooth functioning of e-commerce. The risk sources that
are likely to incur catastrophic level of adverse consequence (due to occurrence of thereof) on the
e-commerce performance should be the prime concern of the case company and systematic action
requirement planning is indeed required to avoid/reduce probability of such undesirable
happenings.
The organizations undertaking e-commerce are hereby suggested to form a dedicated team for
effective management of risks to secure e-commerce transactions from possible risk attack by
identifying potential risk sources. The severity of potential risk sources can be classified into
appropriate levels by the Decision Support System (DSS) developed herein. Such categorization
may help the risk management team leads to suggest proactive risk mitigation plans. The risk
analysis team must transfer the information on risk escalating issues to relevant stakeholders for
re-scheduling of certain tasks; if possible, to manage the extent of risk immediately once it is
identified. Apart from this, an internal risk control policy must be framed in order to ensure
integrity, authenticity and confidentiality of the data and the operation involved in undertaking e-
DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016
commerce. The e-commerce activities should be protected from being affected by severe risks by
adapting proper risk control measures until the risk is dropped to an acceptable limit. This in turn
may limit overall risk with a potential growth in the performance of e-commerce in future.
REFERENCES
Agarwal J, Wu T (2015) Factors influencing growth potential of ecommerce in emerging
economies: an institutionbased N-OLI framework and research propositions Thunderbird
International Business Review, 57(3), 197-215.
Ashtiani B, Haghighirad F, Makui A, Montazer G (2009) Extension of fuzzy TOPSIS method
based on interval-valued fuzzy sets Applied Soft Computing, 9(2), 457-461.
Azevedo S, Carvalho H, Cruz-Machado V (2013) Using interpretive structural modelling to
identify and rank performance measures: an application in the automotive supply chain
Baltic Journal of Management, 8(2), 208-230.
Bo L, Congwei X (2009) E-commerce security risk analysis and management strategies of
commercial banks Information Technology and Applications, 1, 423-425, IEEE.
Chen S J, Chen S M (2007) Fuzzy risk analysis based on the ranking of generalized trapezoidal
fuzzy numbers Applied Intelligence, 26(1), 111.
Chen SM (1995) Arithmetic operations between vague sets In Proceedings of the International
Joint Conference of CFSA/IFIS/SOFT'95 on Fuzzy Theory and Applications, Taipei, Taiwan,
Republic of China, 206-211.
Chen T Y, Tsao C Y (2008) The interval-valued fuzzy TOPSIS method and experimental
analysis Fuzzy Sets and Systems, 159(11), 1410-1428.
Guijun W, Xiaoping L (1998) The applications of interval-valued fuzzy numbers and interval-
distribution numbers Fuzzy Sets and Systems, 98(3), 331-335.
Herrera F (2011) On the Usefulness of Interval Valued Fuzzy Sets for Learning Fuzzy Rule
Based Classification Systems Eurofuse, 3-4, Springer Berlin Heidelberg.
Kaufmann A, M M Gupta (1991) Introduction to fuzzy arithmetic: theory and applications Van
Nostrand Reinhold, New York.
Khokhar R H, Bell D A, Guan J, Wu Q (2006) Risk assessment of e-commerce projects using
evidential reasoning International Conference on Fuzzy Systems and Knowledge Discovery,
621-630. Springer Berlin Heidelberg.
Lihua M, Fengyun M, Haiyan G (2011) The e-commerce risk early-warning model based on the
unascertained C-means clustering Procedia Engineering, 15, 4740-4744.
Pfohl H C, Gallus P, Thomas D (2011) Interpretive structural modeling of supply chain
risks International Journal of physical distribution and logistics management, 41(9), 839-
859.
Radu L D (2009) Qualitative, semi-quantitative and, quantitative methods for risk assessment:
case of the financial audit Analele Stiintifice ale Universitatii Alexandru Ioan Cuza din Iasi-
Stiinte Economice, 56, 643-657.
Raptis D, Dimitrakos T, Gran B A, Stlen K (2002) The CORAS approach for model-based risk
management applied to e-commerce domain Advanced Communications and Multimedia
Security, 169-181, Springer US.
Ravi V, Shankar, R (2005) Analysis of interactions among the barriers of reverse
logistics Technological Forecasting and Social Change, 72(8), 1011-1029.
Samantra C, Datta S, Mahapatra S S (2014) Risk assessment in IT outsourcing using fuzzy
decision-making approach: An Indian perspective Expert Systems with Applications, 41(8),
4010-4022.
Warfield J N (1974) Developing subsystem matrices in structural modeling IEEE Transactions
on Systems, Man, and Cybernetics, 1, 74-80.
DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016
Wei S H, Chen S M (2009) Fuzzy risk analysis based on interval-valued fuzzy numbers Expert
Systems with Applications, 36(2), 22852299.
Wruck S, Vis I F, Boter J (2016) Risk control for staff planning in e-commerce
warehouses International Journal of Production Research, 1-17.
Zhi H (1995) Risk management for overseas construction projects International journal of
project management, 13(4), 231-237.
Zimmermann H J (1991) Fuzzy set theory and its applications Kluwer Academic Publishers,
Boston.