V Introduction to E-Commerce

ô efinition of E-Commerce and E-business

ô Major types of E-Commerce (briefly)
ô History of E-Commerce
ô Benefits of E-Commerce to
 6rganizations
 Consumers
 society
ô {imitations of E-Commerce
V ’ e digital economy
ô ’ e new Business environment
ô Business pressures
ô 6rganizational responses
V E-Marketing
ô E-marketing issues
ô Economics of E-marketing
ô Effects of marketing on organizations
V E-Commerce tec nology/infrastructure
V Communications network
V Security and legal issues
ô 3eed for E-Commerce security
ô Basic security issues
ô ’ypes and treats and attacks
ô Security risk management
ô Securing E-Commerce communication
V Business models for E-Commerce
V Implementation of E-business systems
V |
J t e process of buying, selling, or exc anging products,
services, and information t roug computer networks.

ô p

 J t e delivery of goods, services, information, or payment

electronically

ô p

 lJ t e ability to buy and sell products, services, and information
electronically

ô 


 

J completing business process electronically i.e. replacing p ysical

process wit information

ô  
J tool for improving t e quality of customer services, and increasing t e
speed of service delivery w iles cutting cost
ô Ã J enables online training and educations

ô p ÃÃ  J supports inter and intraorganizational collaboration

ô p

J provides a meeting place for members to learn and collaborate.

V p

 J transactions between
business partners. (electronically=e-
commerce)

V | 


J t e buying and selling of

goods and services and also serving
customers, collaboration wit business
partners, and conducting electronic
transactions wit an organization.
V Ýarious forms of E-Commerce based on t e level
of digitalization,
 6f t e products/services
 ’ e process
 ’ e delivery agent

V  
   J zero digitalization i.e. pure

p ysical organization.
ô Conduct all t eir business activities on p ysically

V Ý 

  J digitalization of 1 i.e. (pure play)
ô oes all business tractions inline.

V pÃ
 J partial digitalization i.e. click and mortar

ô Has an online presence, but does basic business processes p ysically
V ’ e nature or transaction or interaction is mostly used to class t e E-
Commerce
ô 


 



J transactions between business partners

ô 


  

 p
pJ transactions between business organizations
and individual s oppers

ô p 

  


p
J transaction in w ic individuals sell products

and services to business

ô p 

   

 p
pJ transactions between individual consumers

V Interdisciplinary nature of E-CommerceJ computer science,

marketing, consumer be avior, finance, economics, management
information systems, accounting, management, business, law,
robotics, public administration and engineering.
V |Ã 
 
 (early 1970s)
´It use was mostly limited to large organizations, financial institutions, and
a few ardcore businessµ

V |Ã  ,

´use to transfer routine documents, w ic expanded electronic transfers
from financial institutions to manufacturers, retailers, services industries
etcµ

V   ÃJ t e commercialization of

t e internet, saw t e coining of t e term E-C6MMERCE.
E-Commerce applications quickly multiplied due to t e rapid
development of new networks, protocols, and EC software, due to
increase in competition and ot er business pressures

V ’ ere as been many innovative applications, ranging from

online direct sales to E-learning.
V ’ e E-Commerce revolution is as profound as t e
c ange t at accompanied t e industrial revolution
(Clinton and Gore 1997)

V E-Commerce enormous potential benefits to

organizations, individuals and society, considering
ô ’ 

   

ô ’    

 

ô     
ô ’    
  
ô ’ 
      
 

 
V 6  Ã

ô ½
 J can easily and quickly locate t e best suppliers, more customers and
more suitable business partners. i.e. buy c eaper and sell more.
ô p



J EC decreases t e cost of creating, processing, distribution, storing
and retrieving paper-based information.
ô    

J supply c ain inefficiencies can be minimized e.g..
Inventory and deliver delays
ô Extended oursJ
/7/365
ô CustomizationJ pull-type production (build-to-order)
ô 3ew business modelsJ tendering (reverse auction), name-your-own-price model,
affiliate marketing, viral marketing etc.
ô Ýendors· specializationJ EC enables ig degree of specialization
ô {ower communication costJ EC lowers telecommunications cost.
ô Efficient procurementJ EC can reduce administrative cost, purc asing prices, and
reducing cycle time.
ô Improved customer relationsJ EC enable close customer relations
ô Up-to-date company materialJ EC enables company information to be updated by
t e minute
ô 3o city business permits and fees
ô etc
V p 

 

ô  
J EC allows s opping
/7/365 from almost any location.
ô P


   J EC gives more c oices.
ô p

   J EC providers price variety for
goods and services
ô 

 J e.g. digitized product
ô 


 
 relevant and detailed information in
seconds
ô r
 
 

  virtual auctions
ô | 

 

 J consumers can interact wit ot er
consumers
ô ½


J customization and personalization of products
and services
ô 3
   
J most online sales are tax free
V Societal benefits

ô ’ 

 more people work and s op at
ome
ô ñ 

  J competitive prices
allow lower income earners to s op more
ô ñ




J great opportunity for t e poor
to sell, buy and learn new skills
ô Ñ 

    J ealt care,
education, and distribution of government
social services can be done at a reduce cost to
a large number of people.
V ’ec nological
ô {ack of universally accepted standards for quality,
security, and reliability
ô ’elecommunication bandwidt is insufficient (mostly for m-
commerce)
ô Software development tools are still evolving.
ô ifficulties in integrating t e internet and EC software
applications and databases.
ô Special web servers are needed in addition to t e network
servers (added cost)
ô Internet accessibility is still expensive and/ or inconvenient
ô 6rder of fulfillment of large-scale B C requires special
automated ware ouses
V 3on-tec nological
ô Security and privacy concerns deter some customer from buying
ô {ack of trust in EC and in unknown sellers inder buying
ô Many legal and public policy issues, including taxations, remain
unresolved
ô 3ational and international government regulations sometimes
get in t e way
ô ifficulty in measuring some benefits in EC. (e.g. advertising,) lack
of matured measurement met odology
ô Some customers like to touc and feel t e product
ô Adamant to c ange from p ysical to virtual store
ô {ack of trust in paperless, faceless transactions
ô Insufficient number (critical mass) of sellers and buyers (some
cases) needed to make profit
ô Increasing number of fraud on t e net
ô ifficulty to obtain venture capital due to t e dot-com disaster
V ’ e igital revolution
ô igital EconomyJ an economy t at is based on digital tec nologies, including
digital communications networks, computers, software, and ot er related
information tec nologies.

V igital networking and communications infrastructures provides t e global

platform over w ic people and ot er organizations interact, communicate,,
collaborate and searc for information.

V C oi and w inston says t is platform is c aracterized by

ô A vast array of digital productsJ databases, news & information, books, software
E’C, t at delivered over a digital infrastructure any time, anyw ere in t e world

ô Consumers and firms conducting financial transaction digitally t roug digital

currencies or financial tokens t at are carried via network computers and mobile
devices

ô Microprocessors and networking capabilities embedded in p ysical goods suc as

ome appliances and automobiles
V igital economyJ t e convergence of computing and
communications tec nology on t e internet and ot er networks
and t e resulting flow of information and tec nology t at is
stimulating e-commerce and vast organizational c anges.

V ’ is convergence is enabling all types of information (data, audio,

video, etc) to be stored, processed, and transmitted over networks
to many destinations worldwide

V ’ e digital economy is creating a digital revolution, evidence by

unprecedented economy performance and t e longest period of
uninterrupted economic expansion in certain parts of t e world.

V Web-based E-Commerce systems are accelerating t e digital

revolution by providing competitive advantage to organizations
V Hig ly competitive (due to economic,
societal, legal and tec nological
factors)

V Quick and sometimes unpredictable

c ange

V ’ e need for more production, faster

and wit fewer resources
V Huber ( 003) ´new business environment
created due to accelerated advances in
scienceµ

V ’ is advances creates scientific knowledge

V ’ is scientific knowledge feeds on itself

resulting in more and more tec nology

V Rapid growt in tec nology results in a

large variety of more complex systems.
V As a result t e business environment is
c aracterized by
ô A more turbulent environment ( more business
problems and opportunity)
ô Stronger competition
ô Frequent decision making by organizations
ô {arge scope for decisions considerations
(market, competition, political and global)
ô More information/knowledge needed for
decisions
V Market and economic
ô Strong competition
ô Global economy
ô Regional trade agreement
ô Extremely low labour cost in some regions
ô Frequent and significant c anges in markets
ô Increase power of consumers
V Societal
ô C anging nature of workforce
ô Government deregulation- more
competition
ô S rinking government subsidies
ô Increased importance of et ical and legal
issues
ô Increased social responsibility of
organizations
ô Rapid political c anges
V ’ec nological
ô Increasing innovations and new
tec nologies
ô Rapid tec nological obsolescence
ô Rapid decline in tec nology cost versus
performance ratio
V Business as usual no more enoug (price reduction
& closure of unprofitable facilities)

V 3eed for new innovations ( Ã 

 

 
)
ô Customization
ô Creating new products
ô Providing superb costumers services

V E-commerce facilitate most of t ese responses

V Strategic systemsJ provides org. wit
strategic adv.
ô Increase t eir market s are
ô Better negotiation wit t eir suppliers
ô Prevent competitors from entering t eir territory
e.g. FedEx tracking system

V Continuous improvement efforts & BPRJ

continuous efforts to improve productivity,
quality and customer services
ô E.g. ell ERP and Intel·s customer tracking
V Customer relations ip managementJ e.g. personalization, sales-
force automation

V Business alliancesJ org. enter collaborate for mutual benefit aided

mostly by e-commerce.

V Electronic markets

V Reduction in cycle time & time to marketJ e.g. use of extranet

V Empowerment of employeesJ t e ability to take decision on

costumers (decentralization)

V Supply c ain improvementJ

ô Reduce supply c ain delays
ô Reduce inventories
ô Eliminate inefficiencies
V Mass customizationJ production of large
customized items ( in an efficient way)

V Intra-businessJ from sales force to inventory

control

V Knowledge managementJ t e process

creating or capturing knowledge, storing
and protecting it, updating, maintaining
and 
 it.
V How can org. turn digital to gain
competitive adv by using EC?
ô Œ   

V Brick & mortar
ô Selling in p ysical stores
ô Selling tangible goods
ô Internal inventory/production
planning
ô Paper catalogs
ô P ysical marketplace
ô P ysical & limited auctions
ô Broker-based service transactions
ô Paper-based billing
ô Paper-based tendering
ô Pus production
ô Mass production (standard)
ô P ysical based commission
marketing
ô Word-of-mout slow advertisement
ô {inear supply c ain
ô {arge amount of capital needed
ô Cost>value
V igital
ô Selling online
ô Selling digital goods
ô 6nline collaborative inventory
forecasting
ô Smart e-catalogs
ô Electronic market-space
ô 6nline auctions everyw ere,
anytime
ô Electronic Info-mediaries, value
added services
ô Electronic billings
ô Pull production
ô Mass customization
ô Affiliate, viral marketing
ô Explosive viral marketing
ô Hub-based supply c ain
ô {ess capital needed
ô Small fixed cost
ô Cost=value
V Electronic marketplaceJ a space in w ic
sellers and buyers exc ange goods and
services for money (or for ot er goods and
services) Ã ÃÃ

V  
 
 

ô matc ing buyers and sellers
ô Facilitating exc anges of goods/services and
payments associated wit market transactions
ô Provide institutional infrastructure
V ’oget er wit I’, EC as greatly
increased market efficiencies
ô by expediting or improving t e functions of
market
ô And lowering transaction and distribution
cost
ô {eading to a well-organized ´friction-freeµ
markets
V p

 J t e undreds of millions of people surfing t e web are potential
buyers of goods/services offered on t e net. ’ ey looking for
ô good deals
ô Customized items
ô Collectors items
ô Entertainment etc
 6rganizations are t e major consumers of EC activities. (85%)

V   J millions of
  
on t e Web offering a uge variety of products.
( sells can be done directly from sellers site or from E-marketplaces

V r

J bot p ysical and Ã 
(w at are t e advantages of a
digital product?)

V 

eJ ardware, software, networks etc.
V Front endJ t e portion of an e-seller·s business processes t roug
w ic customers interact, e.g. seller·s portal, e-catalogs, s opping
cart, searc engine and payment gateway

V Back endJ activities t at support online order-taking. E.g. order

aggregation and fulfillment, inventory management, purc asing
from suppliers, payment processing, packaging and delivery

V IntermediariesJ create and manage online markets. Matc buyers

and sellers, provide some infrastructure services to and elp
buyers/sellers to institute and complete transaction. (mostly operate
as computerized systems)

V 6t er business partnersJ includes business collaboration mostly along

supply c ain.

V Support servicesJ ranging from certification to trust services

V ’ ere are various types of marketplaces
ô B C
 Electronic storefronts
 Electronic malls
ô B B
 Private e-marketplace
 Sell-side
 Buy-side
 Public e-marketplaces
 consortia
V B C
ô Electronic storefrontsJ single company·s Web site w ere
product/services are sold (electronic store)
 A storefront as various mec anism for conducting sale
 Electronic catalogs (presentation of product information in an
electronic form)
 A searc engine ( a program t at can access a database of
Internet resources, searc for specific information/keywords, and
report t e result)
 An electronic s opping cartJ order processing tec nology t at
allow s oppers to accumulate items t ey wis to buy w ile t ey
continue to s op)
 E-auction facilities
 A payment gateway etc.

ô Electronic mallsJ an online s opping center w ere many

stores are located
V B B
ô Private E-MarketplaceJ owned by a single company
 Sell-side E-MarketplaceJ a private e-market in w ic a
company sells eit er standard or customized to qualified
companies
 Buy-sideJ a private e-market in w ic a company buys from
invited suppliers

ô Public E-MarketplaceJ e-market usually owned by am

independent 3rd party wit many buyers and many sellers
(exc anges)

ô ConsortiaJ usually owned by a small group of major sellers

or buyers usually in t e same industry

ô W at is a vertical and orizontal e-market place?

V AuctionsJ a market mec anism by w ic a seller
places an offer to sell a product and buyers make
bids sequentially and competitively until a final
price is reac ed.

V {imitations to offline auctionsJ

ô S ort time for eac item (little time to make decision to bid
or not)
ô Sellers don·t get t e rig t price (or buyers pay more)
ô {ittle time to examine product
ô P ysical presences limits t e potential bidders
ô ifficulty in moving goods to auction sites
ô Pay of rents or auction sites, advertisement and payment
of auctioneers and employees add to cost
V Electronic auctions (e-auctions)J auctions
conducted online.
ô ynamic pricingJ c ange in price due to
demand and supply relations ips at any given
time.
 ynamic pricing as several forms (bargaining and
negotiations)
 ’ ere are
major forms of dynamic pricing depending
on ow many buyers or sellers t ere are,
 6ne buyer, one seller
 6ne seller, many potential buyers
 6ne buyer, many potential sellers
 Many buyers, many sellers
V 6
ÃÃ   J negotiations, bargaining and bartering usually used. (Prices
mostly determined by eac party·s bargaining power as well as demand and supply in
t e market and possibly t e business environment)

V 6
ÃÃ 

J (forward auction) a seller entertains bids from buyers.
ô Englis and Yankee auctionsJ prices increase as auctions progress
ô utc and free fallJ prices go down as auctions progress
 Ñ     | 

 
  

        



V 6 


ÃÃ
J
ô Reverse auctionsJ a buyer places an item for bidding (tendering) on a request for quote (RFQ)
system, potential sellers bid for t e item wit price reducing sequentially until no more reductions
and t e lowest bidder wins (mostly B B G B mec anism)
ô 3ame-your-own-price modelJ a buyer specifies t e price ( and ot er terms) t ey willing to buy to
able suppliers. (mostly C B model started by priceline.com)

V P
ÃÃ


J (double auction) multiple buyers and t eir bids are muc
wit t eir multiple sellers and t eir asking prices, considering t e quantities.
Benefit to sellers Benefits to buyers Benefits to e-
e-auctioneers


  
  
 
    ñ


   

  



 
  

 ñ
 

    


   

   
 


  




 
   

  


  

 

   

     
 



  !
  






 



 

V {imitationsJ major limitations are,
ô {ack of security
ô Possibility of fraud
ô {imited participation
V Bid s ieldingJ aving fake (p antom/g ost)
bidders bid at very ig prices and t en
later pull out at t e last minute
V S illingJ placing fake bids on auction items
to artificially jack up t e bidding price
V Fake p otos and misleading descriptions
V Improper grading tec niques
V Selling reproductions
V Failure to pay
V Failure to pay t e auction ouse
V Inflated s ipping and andling cost
V Failure to s ip merc andise
V {oss and damage claims
V Switc and return
V 6t er frauds, e.g. sale of stolen goods, t e
use of fake ids, selling to multiple buyers
V User id verification
V Aut entication service
V Grading services
V Feedback
V Insurance policy
V Escrow service
V 3onpayment punis ment
V Appraisal
V P ysical
V verification
V ’ e extranet is t e major network structure used in e-market place
and exc anges.
ô Extranets connects bot t e internet and t e companies individual
intranets.
V InternetJ a public, global communications network t at provides
direct connectivity to anyone over a {A3 t roug an ISP or directly
t oug ISP

V IntranetJ a corporate {A3 or WA3 t at uses internet tec nology and

is secured be ind a company·s firewall.
ô It operates as a private network wit limited access (only employees wit
aut orization can use it)
ô It usually contains sensitive information
ô It can be used to en ance communication and collaboration among
aut orized employees, customers, suppliers, and ot er business partners
ô Because access is t oug t e net, it doesn·t require any additional
implementation of leased network
V ExtranetsJ a network t at uses a virtual
private network (ÝP3) to link intranets in
different locations over t e internet
(extended internet)
 ÝP3J a network t at creates tunnels of secured data flows,
using cryptograp y and aut orization algorit ms, to provide
communications over t e public internet.
ô Provides secured connectivity between a
corporation·s intranet and t e intranets of its
business partners, material suppliers, financial
services, government, and customer.
ô Access is mostly limited and ig ly controlled
V Szuprowics·s five benefits categories of extranets
ô En anced communicationJ enables improve internal communications,
improved business partners ip c annels, effective marketing, sales, and
customer support, facilitated collaborative activities support
ô Productivity en ancementsJ enables just-in-time information delivery,
reduction of information overload, productive collaboration between
work groups, and training on demand.
ô Business en ancementsJ enables faster time to market, potential for
simultaneous engineering and collaboration, lower design and
production cost, improved client relations ips and creation of new
business opportunities
ô Cost reductionJ results in fewer errors, improved comparison s opping,
reduced travel and meeting time and cost, reduced administrative and
operational cost, and elimination of paper-publis ing cost
ô Information deliveryJ enables low-cost publis ing, leveraging of legacy
systems, standard delivery systems, ease of maintenance and
implementation, and elimination of paper-based publis ing and mailing
costs.
V Ri ao-{ing and Yen, added ot er benefits
suc as,
ô Ready access to information, ease of use,
freedom of c oice, moderate setup cost,
simplified workflow, lower training cost, and
better group dynamics.
ô ’ ey also listed disadvantages suc as, difficult
to justified t e investment (measuring cost and
benefits), ig user expectations, and drain on
resouces.
V Marketing is an organizational function and a set of
processes for creating, communicating and
delivering value to customers and for managing
customer relations ips in ways t at benefit t e
organization and its stake olders.

V E-Marketing is 

ÃÃ a part of marketing

V E-marketing=one aspect of an organizational

function and a set of processes for creating,
communicating and delivering value to customers
and for managing customer relations ips in ways
t at benefit t e organization and its stake olders
V Customer-centric e-marketing=
ô Applying, digital tec nologies w ic from online c annels
( web, e-mail, database, plus mobile/wireless and digital
tv)
ô ’o, contribute to marketing activities aimed at ac ieving
profitable acquisition and retention of customers
ô ’ roug , improving our customers knowledge ( of t eir
profiles, be avior, value and loyalty drivers), t en
delivering integrated targeted communications and
online services t at matc t eir individual needs.

V Hence e-marketing=ac ieving marketing

objectives t roug t e use of electronic
communications tec nology
V E-marketing simply put is t e application of
marketing principles and tec niques t roug
electronic media and more specifically t e
internet.

V Can also be looked at as, a way of marketing a

brand using t e internet.

V Basically it is all t e activities a business undertakes

using t e worldwide web, wit t e sole aim of



 new businesses, 
   current
business and developing its  


V istributionJ a company can distribute
t roug t e internet
V A company can use t e internet to build
and maintain a customer relations ip
V Money collection part of a transaction can
be done online
V {eads can be generated by t roug s ort
trial periods, before long-term signing
V Advertising
V Avenue for collecting direct response.
V If and w en properly and effectively implemented, t e R6I from e-marketing
will far exceed t at of traditional marketing.
V It is at t e forefront of reengineering or redefining t e way businesses interact
wit t eir customers.
V Most of t e benefit can be derived from t e
ô REACHJ truly global reac and cost reduction
ô ScopeJ wide range of products and services
ô InteractivityJ two way communication pat
ô ImmediacyJ provide an opportunity for immediate impact
ô targetingJ savvy marketers can easily ave access to t e nic e markets t ey need
for targeted marketing
ô AdaptivityJ real time analysis of customer responses leading to minimal advertising
spend wastage.
V 6t er benefits include,
ô Access to unlimited information to customers wit out uman intervention
ô personalization
ô Enables transaction between firms and customers t at will typically require uman
intervention
V Some of t e limitations of e-marketing
includes
ô {ack of personal approac
ô ependability on tec nology
ô Security, privacy issues
ô Maintenance costs due to a constantly evolving
environment
ô Hig er transparency of pricing and increased
price competition
ô Worldwide competition t roug globalization
 |

 
Direct marketing, online Banking, E-government, E-purchasing,
job search, M-commerce, auctions, consumer services, etc

{{"
 

 
 

  !"
 s


 

 { #
  
 # %  
  
  !
  | 
 
  
   
!$   |  

     
! 
.0"1
1"{12

    ! 
 # .$ 
 & 
 &#  &  &
! $  &
' '

 &# 
  '$
( 

'|) 
  &    
"   /

*  '
,
 "
 +
|
      +

+ -
+
 

  
V ’ ere is need for E-Commerce security due to t e
increasing cyber attacks and cyber crimes.
V A recent survey of security practitioners yielded t e
following results,
ô 6rganizations continue to ave cyber attacks from bot in
and outside of t e organization
ô ’ e cyber attacks varied, e.g. computer virus, 3et abuse (
unaut orized users of t e internet) by employees, denial of
services
ô ’ e financial losses from cyber attacks can be substantial
ô ’akes more t en one type of tec nology to defend
against cyber attacks.
V EC security involves more t an just
preventing and responding to cyber
attacks and intrusion.
V e.g. a user connects to a Web server at a
market site to obtain some product
literature ({os in 1998).
ô ’o get t e literature, e is asked to fill out a Web
form providing some demograp ic and ot er
personal information.
V W at are t e security concerns t at
can/will arise in a situation like t at?
V From t e user·s perspective,
ô How can e know, t at, t e Web server is
own and operated by legitimate company?
ô How does e know t at t e Web page and
form do not contain some malicious or
dangerous codes or content?
ô How does e know t at t e Web server will
not distribute t e information to some t ird
party?
V From t e company·s perspective,
ô How does t e company know t at t e user
will not attempt to break into t e Web server
or alter t e pages and content at t e site?
ô How does t e company know t at t e user
will not try to disrupt t e server so t at it isn·t
available to ot ers?
V from bot parties perspective,
ô How does t e parties know t at t e network
connection is free from eavesdropping by a
t ird party ´listeningµ on t e line?
ô How do t ey bot know t at t e information
sent back and fort between t e server as
not been altered
V Wit transactions t at involves E-payments, additional types of security must be
confronted.

ô Ñ J t e process by w ic one entity verifies t at anot er entity is w o

t ey claim to be.

ô Ñ   t e process t at ensures t at a person as t e rig t to access certain

information

ô Ñ t e process of collecting information about attempts to access particular

resources, use particular privileges, or perform ot er security actions

ô p Ã  J keeping a private or sensitive information from being

disclosed to unaut orized individual, entities, or processes.

ô  J t e ability to protect data from being altered or destroyed in an

unaut orized or accidental manner.

ô Ñ ÃÃJ t e ability of a person or a program to gain access to t e pages, data,

or services provided by t e site w en t ey need it.

ô 3   J t e ability to limit parties from refuting t at a legitimate transaction

took place usually by t e means of a signature
V ’ ere are two types of attacksJ
ô ’ec nical and non-tec nical.
 ’ec nical attacksJ an attack perpetrated using software and
systems knowledge or expertise

 3on-tec nical attacksJ an attack t at uses deceit to trick

people into revealing sensitive information or performing
actions t at compromise t e security of a network.
 (social engineering)J an attack t at uses social pressures to trick
computer users into compromising computer networks to w ic
t ose individuals ave access. ’ ere are two typesJ
 Human basedJ based on traditional mode of communication. ( in
person or over t e p one)
 Computer basedJ tec nical ploys used to get individuals to
provide sensitive information
V social engineering cont.
ô ’ e key to successful social engineering rest wit t e victims. combating
it also rest wit t e victims.
 Certain positions are more vulnerable t an ot ers, ( employees w o
deals wit bot confidential information and t e public. E.g.
secretaries, and executive assistants, database and network
administrators, computer operators and call-center operators.

V How to deal wit itJ multi-prong approac s ould be used to combat it. (
amle 00 )

ô Education and trainingJ all staff ( mostly t ose in vulnerable positions)

must be educated about t e risk, tec niques used by ackers and ow
to combat it.

ô Policies and proceduresJ for securing confidential information and

measures needed to respond to and report any social engineering
breac es.

ô Penetration and testingJ on regularly bases by outside expect playing t e

role of ackers. Staff must be debriefed after penetration test and any
weaknesses corrected.
V ’ec nical attacksJ experts usually use
met odical approac . Many software tools
are easily and readily available over t e
internet t at enables a acker to expose a
systems vulnerabilities.

ô In 1999, Mitre corporation (cve.mitre.org) and 15

ot er security-related organizations started to
count all publicly known CÝEs ( common
(security) vulnerabilities and exposures.
ô CÝEsJ publicly known computer security risks,
w ic are collected, listed, and s ared by a
board of security-related organizations.
V ’ e two very well known tec nical attacks t at ave
affected t e lives of millions areJ

1. oS ( istributed enial of Service) attackJ an attack in w ic

t e attacker gains illegal administrative access to as many
computers on t e Internet as possible and uses t ese multiple
computers to send a flood of data packets to t e users
computer.
‡ oS (enial-of-Services) attackJ an attack on t e web site in w ic
an attacker uses specialized software to send a flood of data
packets to t e targeted computer wit t e aim of overloading its
resources.
‡ oS software are loaded on mac ines known as Zombies

. Malware (malicious codes)J t ey are mostly classified by t e

way t ey are propagated. ’ ey all ave t e potential to
damage.
‡ Malware takes a variety of forms and t eir names are mostly from
t e real²world pat ogens t ey look-like,
V ÝirusesJ a piece of software code t at inserts itself into a ost, including t e
operation system, to propagate. It requires t e running of t e ost program
to activate it. Can·t run independently
ô Ýiruses ave two componentsJ
 Propagation mec anism by w ic it spreads
 A payload refers to t e w at it does once it is executed
Some viruses simply spread and infect, ot ers do substantial damage ( e.g.
deleting files or corrupting t e ard ware)
V WormsJ a program t at can run independently, will consume t e resources of
its ost from wit in in order to maintain itself, and can propagate a complete
working version of itself onto anot er mac ine.
P        !     

    
   




V Macro viruses or macro wormsJ executes w en t e application object t at

contains t e macro is open or a particular procedure is executed.

V ’rojan orseJ a program t at appears to ave a useful function but t at

contains a idden function t at presents a security risk.
’ ere are various forms of ’rojan orse, but t e one of interest is t e one t at
makes it possible for someone else to gain access and control a persons
computer ot er t e net.
’ is types of ’rojans ave two partsJ server and clients. ’ e serve is t e program t at
runs on t e computer under attack, and t e client is used by t e person
perpetrating t e attack.
V Some basic mistakes in managing security risk, includes

ô Undervalued information. Few organizations ave a clear understanding

of t e value of specific information asset

ô Reactive security management. Most companies focus on security after

an incident

ô 3arrowly defined security boundaries. Most organization are just

interested in securing t eir internal network and don·t try to understand
t e security issues of t eir supply c ain partners

ô ated security management processes. Some organizations ardly

update or c ange t eir security practices or update t e security
knowledge and skill of t eir employees

ô {ack of communication about security responsibility. Security is often

view as an I’ problem and not a company problem.
V Security risk managementJ is a systematic process
for determining t e likeli ood of various security
attacks and for identifying t e actions needed to
prevent or mitigate t ose attacks. It as four
stagesJ

ô Ñ

J organization evaluate t eir security risks by

determining t eir assets, t e vulnerability of t eir system
and t e potential treats to t ese vulnerabilities. ’ is can be
done,

 By relying t e knowledge and skill of t e I’ personnel

 By using outside I’ consultant or
 By using a oneynet to study t e types of attack to w ic a
site is being actively subjected to.
  HoneynetJ is a way to evaluate vulnerability of an organization by studying t e
types of attack to w ic a site is subjected, using a network of systems called
oneypots.

 HoneypotsJ production systems ( e.g. firewalls, routers, web servers, database

servers) designed to do real work but to be watc ed and studied as network
intrusions occur.

ô rÃJ t e aim ere is to arrive at a set policies defining w ic t reats

are tolerable and w ic aren·t and w at is to be done in bot cases.
 a tolerable t reat is one wit a very ig cost of safeguarding or t e risk too low.

ô 
Ã
 involves t e c oose and use of particular tec nologies

to counter t e ig -priority t reats.

ô P   ongoing process to determine successful or unsuccessful

measures, need for modification, find new t reats, find advances in
tec nology and locate w ic new business assets needs securing.
V t ere are two types of tec nology to
secure communication on a network.
ô ’ec nologies for securing communications


t e network and for securing

communication  t e network.

V EC of all sorts rests on t e concept of

trust, and rÑ3 is used to represent t e
key issues of trust t at arises.
V Information security requires
ô t e identification of legitimate parties to a transaction,
ô t e actions t ey are allowed to perform determined and
ô limited to only t ose necessary to initiate and complete
t e transaction.
 ’ is can be ac ieved t roug an aut entication system

V Aut entication systemJ is a system t at identifies

t e legitimate parties to a transaction, determines
t e actions t ey are allowed to perform, and limits
t eir actions to only t ose t at are necessary to
initiate and complete t e transaction
V Aut entication system ave five key elements, namely,
ô A person or group to be aut enticated

ô A distinguis ing c aracteristic t at asides t e person or t e

group apart

ô A proprietor responsible for t e system being used

ô An aut entication mec anism for verifying t e presence of t e

differentiating c aracteristic

ô An  


 a mec anism t at limits t e
actions t at can be perform by an aut enticated person or
group) for limiting t e actions performed by t e aut enticated
person or group
V istinguis ing c aracteristic in an aut entication system can
be somet ing
ô 6ne knows (e.g. password, pass p rase, PI3 )
ô 6ne as (e.g. I card, a security token, software, cell p one )
ô 6ne is (e.g. fingerprint, 3A, signature, voice recognition)

V ’raditionally aut entication systems as mostly been

passwords (w ic are very insecure)

V Stronger security can be ac ieved by combining w at

someone knows wit somet ing one as ( tec nique know as
        ’ Ñ)
V ’okensJ t ere are two types of
ô Passive tokensJ storage devices used in a
two-factor aut entication system t at
contain a secret code

ô Active tokensJ small stand-alone electronic

devices in a two-way aut entication system
t at generate one-time passwords.
V Biometric SystemsJ aut entication systems t at
identifies a person by measuring biological
c aracteristic suc as fingerprints, iris (eye) pattern,
facial features or voice

V ’ ere are two forms of biometrics

ô P ysiological biometricsJ measurements derived directly
from different parts of t e body (e.g. fingerprints, iris, and,
facial c aracteristics)

ô Be avioral biometricsJ measurement derived from various

actions and indirectly from various body parts (e.g. voice
scan or keystroke monitoring)
V Fingerprinting scanningJ measurement of t e discontinuities of
a person fingerprint, converted to a set of numbers t at are
stored as a template and use to aut enticate identity

V Iris scanningJ measurement of t e unique spots in t e iris

(colored part of t e eye) converted to a set of numbers t at
are stored as a template and used to aut enticate identity

V Ýoice scanningJ measurement of t e acoustical patterns in

speec production, converted to a set of numbers t at be
stored as a template and used to aut enticate identity.

V Keystroke monitoringJ measurement of t e pressure, speed,

and r yt m wit w ic a word is typed, converted to a set of
numbers and stored as a template and used to aut enticate
identity.
V Public key infrastructure (PKI)J a sc eme for
securing e-payments using public key
encryption and various tec nical
components.
V EncryptionJ t e process of scrambling
(encrypting) a message in suc a way t at
it is difficult, expensive, or time consuming
for an aut orized person to unscramble
(decrypt) it.
All encryptions as four basic parts.
V PlaintextJ an unencrypted message in uman-readable form.

V Encryption algorit mJ mat ematical formula used to encrypt

t e plaintext into t e cip ertext, and vice versa

V KeyJ secret code used to encrypt and decrypt a message

V Cip ertextJ a plaintext message after it as been encrypted

into a mac ine readable form

ô ’ ere are two form of encryption systems

 Symmetric system and
 Asymmetric system
V Symmetric (private) Key systemJ an encryption
system t at uses t e same key to encrypt and to
decrypt t e message.
’ e key is only know to t e sender and t e receive ( ence
t e name private key)

V Asymmetric (public) key encryptionJ encryption

t at uses a pair of matc ed keys, a public key to
encrypt and a private key to decrypt it or vise
versa.

ô Public keyJ encryption code t at is publicly available to

anyone
ô Private keyJ encryption code t at is know only to t e
sender and t e receiver (owners).
V Many tec nologies exist to ensure t at an organization·s
networks is secured or detected w en intruded.
ô  ÃÃJ a network node consisting of bot ardware and
software t at isolates a private network from a public network.
ô r
à ÃÃJ a network node designed to protect an
individual user·s desktop system from t e public network by
monitoring t e traffic t at passes t roug t e computers network
interface.
ô Ý Ã   
Ýr3J a network t at uses t e public
Internet to carry information but remains private by using
encryption to scramble t e communications, aut entication to
ensure t at information as not been tampered wit , and
access control to verify t e identity of anyone using t e network
ô  
  



J a special category of software
t at can monitor activity across a network or on a ost
computer, watc for suspicious activity, and take automated
actions based on w at it sees.
V Business modelJ a met od of doing business by w ic a
company can generate revenue to sustain itself.

V Structure of business modelsJ structure of business models

varies greatly based on t e company, and t e industry
environment.
ô Weill and Ýitale ( 001) 8 atomic business model
 irect marketing,
 intermediary,
 content provider,
 full service provider,
 s ared infrastructure,
 value net integrator,
 virtual community, and
 consolidator of services (for large organizations)
ô Eac of t is models is c aracterized by
 Strategic objectives
 Source of revenue
 Critical success factors
 Core competencies required
ô ’ ese models must specified
 ’ eir revenue models
 Ýalue propositions
V Revenue modelJ ow an EC project or company will make or earn
money. Major revenue models are,
ô SalesJ revenue from selling on t eir web site or providing services

ô ’ransaction feesJ commissions based on t e volume of transactions

made. ( fixed or incremental)

ô SubscriptionJ payment of fees usually mont ly or quarterly to get some

type of service

ô Advertising feesJ companies c arge ot ers for placing ads on t eir sites

ô Affiliate feeJ companies get paid for referring customers to ot er sites

ô 6t er revenue modelsJ game sites, licensing fees etc.

V Ýalue propositionJ t e benefits a company can derive from using
EC. (B C EC e.g. defines ow a company·s product or service fulfills
t e needs of customers.
ô Specifically ow does for example e-marketplaces create value?
ô Amit & Zott ( 001) identified
sets of values
 Searc & transaction cost efficiencyJ
 Enables faster and more informed decision making, wider
product and service selection etc
 ComplementaritiesJ bundling some goods and services
toget er to provide more value t an w en offered separately
 {ock-inJ ig switc ing cost t at ties customers to certain
suppliers
 3oveltyJ developing innovative ways for structuring
transactions, connecting partners, and fostering new markets
ô Bakos (1991) values,
 Reduced searc cost
 Significant switc ing cost
 Economics of scale and scope
 3etwork externality

ô 6t er value propositions,
 emand (and/ supply) aggregationJ affords suppliers
wit wider market access and buyers wit more c oices
and bot wit competitive prices and

 Interfirm collaborationsJ enables business participants to

deepen t eir business relations ips leading to
improvement in individual business processes and
overall supply c ain performance
V 6nline direct marketingJ selling online from a manufacturer to a
customer (e-tailing)

V Electronic tendering systemJ (tendering, reverse auction) buyers

request would be sellers to submit bids for an item/service/project
and t e lowest bidder wins

V 3ame-your-own priceJ a buyer sets t e price e wants to pay for a

product/service

V Find t e best priceJ a buyer submits its needs and an intermediate

matc es it against a database of sellers, locates t e lowest price
and submit it to t e buyer to accept or reject.

V Affiliate marketingJ marketing partner refers consumers to a selling

company·s web site for a commission (virtual commissioned sales
force)
V Ýiral marketingJ Web-based word-of-mout marketing in w ic a
customers promotes a product or service to friends or ot er people

V Group purc asingJ quantity purc asing t at enables groups of

purc asers to obtain a discount price on t e products purc ased
(demand aggregation)

V 6nline auctionsJ bidding for products and services wit t e ig est

bidder getting t e item.

V Product and service customizationJ creation of a product or service

to meet t e buyers specifications.

V Electronic marketplaces and exc angersJ a space in w ic sellers

and buyers exc ange goods and services for money (or for ot er
goods and services) Ã ÃÃ
V E-paymentsJ payments made electronically
rat er t an by paper (cas , c ecks,
vouc ers, etc)

V Electronic payments met ods expedite

payments online and reduces processing
costs, but must it must be safe and trusted
by users.
V ’ e major met ods of e-payments in use
includes,
V Electronic payment cards (credit, debit, c arge)
V Ýirtual credit cards
V E-wallets (or e-purses)
V Smart cards
V Electronic cas (several variations)
ô Wireless payments
ô Stored-valued cards payment
ô {oyalty cards
ô Person-to person payment cards
V Payments made electronically at kiosk
ô 6t er met ods used mostly for B B payments
V Electronic c ecks
V Purc asing cards
V Electronic letters of credit
V Electronic funds transfer (E’F)
V Electronic benefit transfer (EB’)
V Etc

V ’ e underling similarity is t e ability to transfer or make a payment from one person or

party to anot er person or party over a network wit out face-to-face interaction.
V W atever t e payment met od is, five parties may be involved,
ô Customer/payer/buyerJ t e party making t e e-payment in exc ange for
goods or services
ô Merc ant/payee/sellerJ t e party receiving t e e-payment in exc ange
for goods or services
ô IssuerJ t e banks or t e non-banking institutions t at issued t e e-payment
instrument used to make t e purc ase
ô RegulatorJ usually a government agency w ose regulations control t e
e-payment process
ô Automated Clearing House (ACH)J an electronic network t at transfers
money between bank accounts.

ô Issuers play a key role in online purc ases for reasons,

 Customers must obtain t eir e-payment accounts from an issuer
 Issuers are mostly involved in aut enticating a transaction and approving t e
amount involved.

 Because buyers and seller are not at t e same place to exc ange t eir goods
and services, issues of trust arise, and PAI3 as been devised to address suc
issues.
V C aracteristic of successful e-payment met ods

ô How do u get buyers to adopt a met od w en t ere are few sellers using it?
ô And ow do you get sellers to adopt a met od w en very few buyers are using it?
(c icken and egg problem)

V Some factors or c aracteristics or successful e-payment are,

ô independenceJ e-payment t at require t e payer to install specialized

components are less likely to succeed
ô Interoperability and portabilityJ an e-payment system must mes wit existing
interlinked systems and applications and must be supported by standard
computing platforms
ô SecurityJ t e risk for t e payee must be ig er t e payer (must be very safe)
ô AnonymityJ e-payment systems must be anonymous to ide t e identity of t ose
w o wants to remain so
ô ivisibilityJ must be usable for bot ig and low purc ases
ô Ease of useJ must be pretty easy to use
ô Critical massJ a critical mass of vendors must be willing to accept t e payment,
conversely a critical mass of places to acquire t e payment met ods must exist
V Using e-payment reduces transaction cost by 30 to
50 percent compared to off-line payments
V It is faster
V Makes it possible to conduct business across
geograp ical and political boundaries (greatly
en ancing t e possibility of international deals and
transactions
V E-payment is very important in EC because,
ô ’ ere is no trade wit out a payment system
ô A good and secured payment system increases t e trust
and confidence of buyers
Electronic cardsJ are plastic cards t at contain digitized
information, t at can be used for payment and for ot er
purposes suc as identification and access to secure
locations.

ô Payment cardsJ electronic cards t at contains information t at

can be used for payment purposes.
t ere t ree types of payment cards

 Credit cardsJ providers t e older wit a credit to make purc ases up

to a limit fixed by t e issuers. (users normally don·t pay any fee for
using it, just a ig interest on t eir unpaid balance)
 C arge cardsJ are like mont ly loans given to t e user, t at e/s e is
required to pay back in full at t e end of t e mont or upon receipt of
mont ly statement. (usually no interest is paid on suc cards, just an
annual fee and or severe penalty for failure to pay balance in full)
 ebit cardsJ wit a card t e money for a transact comes directly from
t e users account
V Ýirtual credit cardsJ a payment system in
w ic t e issuer gives a special transaction
number t at can be used online in place of
a regularly credit card number.

V E-walletsJ is a software component in w ic

a user stores credit card numbers and ot er
information; w en s opping online, t e user
simply clicks t e e-wallet to automatically fill
in information needed to make a purc ase.
V Smart CardsJ an electronic card contains an
embedded microc ip t at enables predefined
operations or t e addition, deletion, or
manipulation of information on t e card.

ô Some applications of smart cardsJ

 {oyalty cards; retailers are using loyalty cards to identify t eir

loyal customers and reward t em
 Financial application; financial institutions, payment
associations, credit cards, debit cards, c arge card issuers are
all using smart cards to extend t e traditional card payment
services
 ’ransportation
 Identification; smart cards fits perfectly in t e identification
market
V Electronic cas J t e digital equivalent of paper
currency and coins, w ic enables secure and
anonymous purc ase of low-priced items.
ô E-cas as various variations;
 Wireless payments
 Stored-value cards
 E-loyalty
 P P paymentJ e-payment sc emes t at allows t e transfer of
funds between two individuals

V Payment made electronically at kiosk; customers

acting as cas iers and c ecking t emselves out.