Documente Academic
Documente Profesional
Documente Cultură
Introduction to E-Commerce
Definition of E-Commerce and E-business
Major types of E-Commerce (briefly)
History of E-Commerce
Benefits of E-Commerce to
Organizations
Consumers
society
Limitations of E-Commerce
The digital economy
The new Business environment
Business pressures
Organizational responses
E-Marketing
E-marketing issues
Economics of E-marketing
Effects of marketing on organizations
E-Commerce technology/infrastructure
Communications network
Security and legal issues
Need for E-Commerce security
Basic security issues
Types and treats and attacks
Security risk management
Securing E-Commerce communication
Business models for E-Commerce
Implementation of E-business systems
Definition of E-Commerce and business
E-Commerce: the process of buying, selling, or exchanging products, services, and
information through computer networks.
Commercial: the ability to buy and sell products, services, and information electronically
Business process: completing business process electronically i.e. replacing physical process
with information
Services: tool for improving the quality of customer services, and increasing the speed of service
delivery whiles cutting cost
learning: enables online training and educations
Global reach: can easily and quickly locate the best suppliers, more customers and more
suitable business partners. i.e. buy cheaper and sell more.
Cost reduction: EC decreases the cost of creating, processing, distribution, storing and
retrieving paper-based information.
Supply chain improvement: supply chain inefficiencies can be minimized e.g.. Inventory and
deliver delays
Extended hours:24/7/365
Customization: pull-type production (build-to-order)
New business models: tendering (reverse auction), name-your-own-price model, affiliate
marketing, viral marketing etc.
Vendors specialization: EC enables high degree of specialization
Lower communication cost: EC lowers telecommunications cost.
Efficient procurement: EC can reduce administrative cost, purchasing prices, and reducing cycle
time.
Improved customer relations: EC enable close customer relations
Up-to-date company material: EC enables company information to be updated by the minute
No city business permits and fees
etc
Benefits of E-Commerce
Consumer benefits
A vast array of digital products: databases, news & information, books, software ETC, that
delivered over a digital infrastructure any time, anywhere in the world
Consumers and firms conducting financial transaction digitally through digital currencies or
financial tokens that are carried via network computers and mobile devices
This convergence is enabling all types of information (data, audio, video, etc)
to be stored, processed, and transmitted over networks to many destinations
worldwide
Business alliances: org. enter collaborate for mutual benefit aided mostly by e-
commerce.
Electronic markets
Functions of markets:
matching buyers and sellers
Facilitating exchanges of goods/services and payments
associated with market transactions
Provide institutional infrastructure
Electronic marketplaces
Together with IT, EC has greatly increased market
efficiencies
by expediting or improving the functions of market
And lowering transaction and distribution cost
Leading to a well-organized friction-free markets
Market-space components
Customers: the hundreds of millions of people surfing the web are potential buyers of
goods/services offered on the net. They looking for
good deals
Customized items
Collectors items
Entertainment etc
Organizations are the major consumers of EC activities. (85%)
Sellers: millions of storefronts on the Web offering a huge variety of products. ( sells
can be done directly from sellers site or from E-marketplaces
Products: both physical and digital products (what are the advantages of a digital
product?)
Back end: activities that support online order-taking. E.g. order aggregation
and fulfillment, inventory management, purchasing from suppliers, payment
processing, packaging and delivery
Intermediaries: create and manage online markets. Match buyers and sellers,
provide some infrastructure services to and help buyers/sellers to institute and
complete transaction. (mostly operate as computerized systems)
Electronic malls
B2B
Private e-marketplace
Sell-side
Buy-side
Public e-marketplaces
consortia
Types of electronic markets
B2C
Electronic storefronts: single companys Web site where
product/services are sold (electronic store)
A storefront has various mechanism for conducting sale
Electronic catalogs (presentation of product information in an electronic
form)
A search engine ( a program that can access a database of Internet resources,
search for specific information/keywords, and report the result)
An electronic shopping cart: order processing technology that allow shoppers
to accumulate items they wish to buy while they continue to shop)
E-auction facilities
A payment gateway etc.
One seller, many buyers: (forward auction) a seller entertains bids from buyers.
English and Yankee auctions: prices increase as auctions progress
Dutch and free fall: prices go down as auctions progress
Assignment (what is English, Yankee, Dutch and free fall auctions) to be submitted before mid-day 29th Feb.. 2008
Many sellers, many buyers: (double auction) multiple buyers and their bids are much with their
multiple sellers and their asking prices, considering the quantities.
E-Auctions
Benefit to sellers Benefits to buyers Benefits to e-auctioneers
Intranet: a corporate LAN or WAN that uses internet technology and is secured
behind a companys firewall.
It operates as a private network with limited access (only employees with
authorization can use it)
It usually contains sensitive information
It can be used to enhance communication and collaboration among authorized
employees, customers, suppliers, and other business partners
Because access is though the net, it doesnt require any additional implementation of
leased network
Communications and networks
Extranets: a network that uses a virtual private
network (VPN) to link intranets in different
locations over the internet (extended internet)
VPN: a network that creates tunnels of secured data flows, using
cryptography and authorization algorithms, to provide
communications over the public internet.
Provides secured connectivity between a corporations
intranet and the intranets of its business partners,
material suppliers, financial services, government, and
customer.
Access is mostly limited and highly controlled
Benefits of Extranets
Szuprowicss five benefits categories of extranets
Enhanced communication: enables improve internal communications, improved
business partnership channels, effective marketing, sales, and customer support,
facilitated collaborative activities support
Productivity enhancements: enables just-in-time information delivery, reduction of
information overload, productive collaboration between work groups, and training
on demand.
Business enhancements: enables faster time to market, potential for simultaneous
engineering and collaboration, lower design and production cost, improved client
relationships and creation of new business opportunities
Cost reduction: results in fewer errors, improved comparison shopping, reduced
travel and meeting time and cost, reduced administrative and operational cost, and
elimination of paper-publishing cost
Information delivery: enables low-cost publishing, leveraging of legacy systems,
standard delivery systems, ease of maintenance and implementation, and
elimination of paper-based publishing and mailing costs.
Benefits of Extranets
Rihao-Ling and Yen, added other benefits such as,
Ready access to information, ease of use, freedom of
choice, moderate setup cost, simplified workflow, lower
training cost, and better group dynamics.
They also listed disadvantages such as, difficult to
justified the investment (measuring cost and benefits),
high user expectations, and drain on resouces.
E-Marketing
Marketing is an organizational function and a set of
processes for creating, communicating and delivering value
to customers and for managing customer relationships in
ways that benefit the organization and its stakeholders.
PILLARS
Business
People Public policy
Marketing & Adv.
Support services
Buyers, sellers, Taxes, legal, Logistics, payt,
Partnerships
Marketg research, Joint ventures,
Intermediaries, privacy issues, Content, &
promotions, Exchanges,
IS people, and Regulations and security
& web content E-marketplace
management Tech. standards systems dev.
& consortia
INFRASTRUCTURAL SUPPORT
Common business Massaging & Network
Multimedia contt Interfacing
Serv. Infrastture info dist. infrastructure
& network Infrastructure
(security, (telecom,
Infrastture Publishing
cable tv
(with database,
smart cards/ Business partners
Authentication (EDI, e-mail, Infrastructure
Wireless,
Hypertext, (html, java, xml, Applications)
Electronic payment Internet)
Vrml etc.)
The need for E-Commerce security
There is need for E-Commerce security due to the
increasing cyber attacks and cyber crimes.
A recent survey of security practitioners yielded the
following results,
Organizations continue to have cyber attacks from both in and
outside of the organization
The cyber attacks varied, e.g. computer virus, Net abuse (
unauthorized users of the internet) by employees, denial of services
The financial losses from cyber attacks can be substantial
Takes more then one type of technology to defend against cyber
attacks.
Basic security issues
EC security involves more than just preventing and
responding to cyber attacks and intrusion.
e.g. a user connects to a Web server at a market site
to obtain some product literature (Loshin 1998).
To get the literature, he is asked to fill out a Web form
providing some demographic and other personal
information.
What are the security concerns that can/will arise
in a situation like that?
Basic security issues
From the users perspective,
How can he know, that, the Web server is own and
operated by legitimate company?
How does he know that the Web page and form do not
contain some malicious or dangerous codes or content?
How does he know that the Web server will not
distribute the information to some third party?
Basic security issues
From the companys perspective,
How does the company know that the user will not
attempt to break into the Web server or alter the pages
and content at the site?
How does the company know that the user will not try to
disrupt the server so that it isnt available to others?
Basic security issues
from both parties perspective,
How does the parties know that the network connection
is free from eavesdropping by a third party listening on
the line?
How do they both know that the information sent back
and forth between the server has not been altered
Basic security issues
With transactions that involves E-payments, additional types of security must be confronted.
Authentication: the process by which one entity verifies that another entity is who they claim to
be.
Authorization: the process that ensures that a person has the right to access certain information
Auditing: the process of collecting information about attempts to access particular resources,
use particular privileges, or perform other security actions
Integrity: the ability to protect data from being altered or destroyed in an unauthorized or
accidental manner.
Availability: the ability of a person or a program to gain access to the pages, data, or services
provided by the site when they need it.
Nonrepudiation: the ability to limit parties from refuting that a legitimate transaction took
place usually by the means of a signature
Types of threats and attacks
There are two types of attacks:
Technical and non-technical.
Technical attacks: an attack perpetrated using software and systems
knowledge or expertise
How to deal with it: multi-prong approach should be used to combat it. ( Damle 2002)
Education and training: all staff ( mostly those in vulnerable positions) must be
educated about the risk, techniques used by hackers and how to combat it.
Policies and procedures: for securing confidential information and measures needed
to respond to and report any social engineering breaches.
Penetration and testing: on regularly bases by outside expect playing the role of
hackers. Staff must be debriefed after penetration test and any weaknesses corrected.
Types of threats and attacks
Technical attacks: experts usually use methodical
approach. Many software tools are easily and
readily available over the internet that enables a
hacker to expose a systems vulnerabilities.
2. Malware (malicious codes): they are mostly classified by the way they
are propagated. They all have the potential to damage.
Malware takes a variety of forms and their names are mostly from the real
world pathogens they look-like,
Types of threats and attacks
Viruses: a piece of software code that inserts itself into a host, including the operation
system, to propagate. It requires the running of the host program to activate it. Cant run
independently
Viruses have two components:
Propagation mechanism by which it spreads
A payload refers to the what it does once it is executed
Some viruses simply spread and infect, others do substantial damage ( e.g. deleting files or
corrupting the hard ware)
Worms: a program that can run independently, will consume the resources of its host
from within in order to maintain itself, and can propagate a complete working version of
itself onto another machine.
Major difference between a worm and a viruses: a worm can propagate between systems (mostly
through a network) whiles viruses propagate locally.
Macro viruses or macro worms: executes when the application object that contains the
macro is open or a particular procedure is executed.
Trojan horse: a program that appears to have a useful function but that contains a hidden
function that presents a security risk.
There are various forms of Trojan horse, but the one of interest is the one that makes it possible
for someone else to gain access and control a persons computer other the net.
This types of Trojans have two parts: server and clients. The serve is the program that runs on
the computer under attack, and the client is used by the person perpetrating the attack.
Managing Security
Some basic mistakes in managing security risk, includes
Honeypots: production systems ( e.g. firewalls, routers, web servers, database servers)
designed to do real work but to be watched and studied as network intrusions occur.
Planning: the aim here is to arrive at a set policies defining which threats are
tolerable and which arent and what is to be done in both cases.
a tolerable threat is one with a very high cost of safeguarding or the risk too low.
Iris scanning: measurement of the unique spots in the iris (colored part
of the eye) converted to a set of numbers that are stored as a template
and used to authenticate identity
Advertising fees: companies charge others for placing ads on their sites
Affiliate fee: companies get paid for referring customers to other sites
Find the best price: a buyer submits its needs and an intermediate matches it
against a database of sellers, locates the lowest price and submit it to the buyer
to accept or reject.
Online auctions: bidding for products and services with the highest bidder
getting the item.
The underling similarity is the ability to transfer or make a payment from one person or party to
another person or party over a network without face-to-face interaction.
Electronic payments (e-payment)
Whatever the payment method is, five parties may be involved,
Customer/payer/buyer: the party making the e-payment in exchange for goods or
services
Merchant/payee/seller: the party receiving the e-payment in exchange for goods or
services
Issuer: the banks or the non-banking institutions that issued the e-payment
instrument used to make the purchase
Regulator: usually a government agency whose regulations control the e-payment
process
Automated Clearing House (ACH): an electronic network that transfers money
between bank accounts.
Because buyers and seller are not at the same place to exchange their goods and services,
issues of trust arise, and PAIN has been devised to address such issues.
Electronic payments (e-payment)
Characteristic of successful e-payment methods
How do u get buyers to adopt a method when there are few sellers using it?
And how do you get sellers to adopt a method when very few buyers are using it? (chicken and
egg problem)
independence: e-payment that require the payer to install specialized components are less likely
to succeed
Interoperability and portability: an e-payment system must mesh with existing interlinked
systems and applications and must be supported by standard computing platforms
Security: the risk for the payee must be higher the payer (must be very safe)
Anonymity: e-payment systems must be anonymous to hide the identity of those who wants to
remain so
Divisibility: must be usable for both high and low purchases
Ease of use: must be pretty easy to use
Critical mass: a critical mass of vendors must be willing to accept the payment, conversely a
critical mass of places to acquire the payment methods must exist
Electronic payments (e-payment)
Using e-payment reduces transaction cost by 30 to 50
percent compared to off-line payments
It is faster
Makes it possible to conduct business across geographical
and political boundaries (greatly enhancing the possibility
of international deals and transactions
E-payment is very important in EC because,
There is no trade without a payment system
A good and secured payment system increases the trust and
confidence of buyers
Electronic payments (e-
payment)
Electronic cards: are plastic cards that contain digitized information, that
can be used for payment and for other purposes such as identification
and access to secure locations.
Payment cards: electronic cards that contains information that can be used
for payment purposes.
there three types of payment cards
Credit cards: providers the holder with a credit to make purchases up to a limit
fixed by the issuers. (users normally dont pay any fee for using it, just a high
interest on their unpaid balance)
Charge cards: are like monthly loans given to the user, that he/she is required to
pay back in full at the end of the month or upon receipt of monthly statement.
(usually no interest is paid on such cards, just an annual fee and or severe penalty
for failure to pay balance in full)
Debit cards: with a card the money for a transact comes directly from the users
account
Electronic payments (e-payment)
Virtual credit cards: a payment system in which
the issuer gives a special transaction number that
can be used online in place of a regularly credit
card number.
Loyalty cards; retailers are using loyalty cards to identify their loyal
customers and reward them
Financial application; financial institutions, payment associations,
credit cards, debit cards, charge card issuers are all using smart cards to
extend the traditional card payment services
Transportation
Identification; smart cards fits perfectly in the identification market
Electronic payments (e-payment)
Electronic cash: the digital equivalent of paper currency
and coins, which enables secure and anonymous purchase
of low-priced items.
E-cash has various variations;
Wireless payments
Stored-value cards
E-loyalty
P2P payment: e-payment schemes that allows the transfer of funds
between two individuals