outline

Introduction to E-Commerce
Definition of E-Commerce and E-business
Major types of E-Commerce (briefly)
History of E-Commerce
Benefits of E-Commerce to
Organizations
Consumers
society
Limitations of E-Commerce
The digital economy
The new Business environment
Business pressures
Organizational responses
E-Marketing
E-marketing issues
Economics of E-marketing
Effects of marketing on organizations
E-Commerce technology/infrastructure
Communications network
Security and legal issues
Need for E-Commerce security
Basic security issues
Types and treats and attacks
Security risk management
Securing E-Commerce communication
Business models for E-Commerce
Implementation of E-business systems
Definition of E-Commerce and business
E-Commerce: the process of buying, selling, or exchanging products, services, and
information through computer networks.

Communication: the delivery of goods, services, information, or payment electronically

Commercial: the ability to buy and sell products, services, and information electronically

Business process: completing business process electronically i.e. replacing physical process
with information

Services: tool for improving the quality of customer services, and increasing the speed of service
delivery whiles cutting cost
learning: enables online training and educations

Collaborative: supports inter and intraorganizational collaboration

Community: provides a meeting place for members to learn and collaborate.

Definition of E-Commerce and business
Commerce: transactions between business partners.
(electronically=e-commerce)

E-business: the buying and selling of goods and

services and also serving customers, collaboration with
business partners, and conducting electronic
transactions with an organization.
Definition of E-Commerce and business
Various forms of E-Commerce based on the level of
digitalization,
Of the products/services
The process
The delivery agent

Brick and mortar organization: zero digitalization i.e. pure physical

organization.
Conduct all their business activities on physically

Virtual organizations : digitalization of 1 i.e. (pure play)

Does all business tractions inline.

Click and mortar: partial digitalization i.e. click and mortar

Has an online presence, but does basic business processes physically
Types of E-Commerce
The nature or transaction or interaction is mostly used to class the E-
Commerce
Business-to-business B2B: transactions between business partners

Business-to-consumer C2C: transactions between business organizations and

individual shoppers

Consumer-to-business C2B: transaction in which individuals sell products and

services to business

Consumer-to-consumer C2C: transactions between individual consumers

Interdisciplinary nature of E-Commerce: computer science, marketing,

consumer behavior, finance, economics, management information systems,
accounting, management, business, law, robotics, public administration and
engineering.
History
Electronic funds transfer (early 1970s)
It use was mostly limited to large organizations, financial institutions, and a few
hardcore business

Electronic Data Interchange,

use to transfer routine documents, which expanded electronic transfers from
financial institutions to manufacturers, retailers, services industries etc

Internet and the world wide web: the commercialization of the

internet, saw the coining of the term E-COMMERCE.
E-Commerce applications quickly multiplied due to the rapid development of new
networks, protocols, and EC software, due to increase in competition and other
business pressures

There has been many innovative applications, ranging from online

direct sales to E-learning.
Benefits of E-Commerce
The E-Commerce revolution is as profound as the change
that accompanied the industrial revolution (Clinton and
Gore 1997)

E-Commerce enormous potential benefits to organizations,

individuals and society, considering
The global nature of the technology
The opportunity to reach millions of people
Its interactive nature
The variety of possibilities for its use
The resourcefulness and rapid growth of its supporting
infrastructure (especially the web)
Benefits of E-Commerce
Organizational benefits

Global reach: can easily and quickly locate the best suppliers, more customers and more
suitable business partners. i.e. buy cheaper and sell more.
Cost reduction: EC decreases the cost of creating, processing, distribution, storing and
retrieving paper-based information.
Supply chain improvement: supply chain inefficiencies can be minimized e.g.. Inventory and
deliver delays
Extended hours:24/7/365
Customization: pull-type production (build-to-order)
New business models: tendering (reverse auction), name-your-own-price model, affiliate
marketing, viral marketing etc.
Vendors specialization: EC enables high degree of specialization
Lower communication cost: EC lowers telecommunications cost.
Efficient procurement: EC can reduce administrative cost, purchasing prices, and reducing cycle
time.
Improved customer relations: EC enable close customer relations
Up-to-date company material: EC enables company information to be updated by the minute
No city business permits and fees
etc
Benefits of E-Commerce
Consumer benefits

ubiquity: EC allows shopping 24/7/365 from almost any location.

More products and services: EC gives more choices.
Cheaper products and services: EC providers price variety for goods and
services
Instant delivery: e.g. digitized product
Information availability: relevant and detailed information in seconds
Participate in auctions: virtual auctions
Electronic communities: consumers can interact with other consumers
Get it you way: customization and personalization of products and
services
No sales tax: most online sales are tax free
Benefits of E-Commerce
Societal benefits

Telecommuting: more people work and shop at home

Higher standard of living: competitive prices allow
lower income earners to shop more
Hope for the poor: great opportunity for the poor to
sell, buy and learn new skills
Availability of public services: health care, education,
and distribution of government social services can be
done at a reduce cost to a large number of people.
Limitations
Technological
Lack of universally accepted standards for quality, security, and
reliability
Telecommunication bandwidth is insufficient (mostly for m-
commerce)
Software development tools are still evolving.
Difficulties in integrating the internet and EC software applications
and databases.
Special web servers are needed in addition to the network servers
(added cost)
Internet accessibility is still expensive and/ or inconvenient
Order of fulfillment of large-scale B2C requires special automated
warehouses
Limitations
Non-technological
Security and privacy concerns deter some customer from buying
Lack of trust in EC and in unknown sellers hinder buying
Many legal and public policy issues, including taxations, remain unresolved
National and international government regulations sometimes get in the
way
Difficulty in measuring some benefits in EC. (e.g. advertising,) lack of
matured measurement methodology
Some customers like to touch and feel the product
Adamant to change from physical to virtual store
Lack of trust in paperless, faceless transactions
Insufficient number (critical mass) of sellers and buyers (some cases)
needed to make profit
Increasing number of fraud on the net
Difficulty to obtain venture capital due to the dot-com disaster
Digital Economy
The Digital revolution
Digital Economy: an economy that is based on digital technologies, including digital
communications networks, computers, software, and other related information technologies.

Digital networking and communications infrastructures provides the global platform

over which people and other organizations interact, communicate,, collaborate and
search for information.

Choi and whinston says this platform is characterized by

A vast array of digital products: databases, news & information, books, software ETC, that
delivered over a digital infrastructure any time, anywhere in the world

Consumers and firms conducting financial transaction digitally through digital currencies or
financial tokens that are carried via network computers and mobile devices

Microprocessors and networking capabilities embedded in physical goods such as home

appliances and automobiles
Digital Economy
Digital economy: the convergence of computing and communications
technology on the internet and other networks and the resulting flow of
information and technology that is stimulating e-commerce and vast
organizational changes.

This convergence is enabling all types of information (data, audio, video, etc)
to be stored, processed, and transmitted over networks to many destinations
worldwide

The digital economy is creating a digital revolution, evidence by

unprecedented economy performance and the longest period of uninterrupted
economic expansion in certain parts of the world.

Web-based E-Commerce systems are accelerating the digital revolution by

providing competitive advantage to organizations
The new business environment
Highly competitive (due to economic, societal, legal
and technological factors)

Quick and sometimes unpredictable change

The need for more production, faster and with fewer

resources
The new business environment
Huber (2003) new business environment created
due to accelerated advances in science

This advances creates scientific knowledge

This scientific knowledge feeds on itself resulting

in more and more technology

Rapid growth in technology results in a large

variety of more complex systems.
The new business environment
As a result the business environment is
characterized by
A more turbulent environment ( more business
problems and opportunity)
Stronger competition
Frequent decision making by organizations
Large scope for decisions considerations (market,
competition, political and global)
More information/knowledge needed for decisions
Pressure on businesses
Market and economic
Strong competition
Global economy
Regional trade agreement
Extremely low labour cost in some regions
Frequent and significant changes in markets
Increase power of consumers
Pressure on businesses
Societal
Changing nature of workforce
Government deregulation- more competition
Shrinking government subsidies
Increased importance of ethical and legal issues
Increased social responsibility of organizations
Rapid political changes
Pressure on businesses
Technological
Increasing innovations and new technologies
Rapid technological obsolescence
Rapid decline in technology cost versus performance
ratio
Pressure on businesses
Business as usual no more enough (price reduction &
closure of unprofitable facilities)

Need for new innovations (critical response activities)

Customization
Creating new products
Providing superb costumers services

E-commerce facilitate most of these responses

Organizational responses
Strategic systems: provides org. with strategic adv.
Increase their market share
Better negotiation with their suppliers
Prevent competitors from entering their territory
e.g. FedEx tracking system

Continuous improvement efforts & BPR:

continuous efforts to improve productivity, quality
and customer services
E.g. Dell ERP and Intels customer tracking
Organizational responses
Customer relationship management: e.g. personalization, sales-force
automation

Business alliances: org. enter collaborate for mutual benefit aided mostly by e-
commerce.

Electronic markets

Reduction in cycle time & time to market: e.g. use of extranet

Empowerment of employees: the ability to take decision on costumers

(decentralization)

Supply chain improvement:

Reduce supply chain delays
Reduce inventories
Eliminate inefficiencies
Organizational responses
Mass customization: production of large
customized items ( in an efficient way)

Intra-business: from sales force to inventory

control

Knowledge management: the process creating or

capturing knowledge, storing and protecting it,
updating, maintaining and using it.
Combining it
How can org. turn digital to gain competitive adv by
using EC?
Right connective networks
Brick & mortar against digital
Brick & mortar Digital
Selling in physical stores Selling online
Selling tangible goods Selling digital goods
Internal inventory/production planning Online collaborative inventory
Paper catalogs forecasting
Physical marketplace Smart e-catalogs
Physical & limited auctions Electronic market-space
Broker-based service transactions Online auctions everywhere, anytime
Paper-based billing Electronic Info-mediaries, value added
Paper-based tendering services
Push production Electronic billings
Mass production (standard) Pull production
Physical based commission marketing Mass customization
Word-of-mouth slow advertisement Affiliate, viral marketing
Linear supply chain Explosive viral marketing
Large amount of capital needed Hub-based supply chain
Cost>value Less capital needed
Small fixed cost
Cost=value
Electronic marketplaces
Electronic marketplace: a space in which sellers
and buyers exchange goods and services for money
(or for other goods and services) electronically.

Functions of markets:
matching buyers and sellers
Facilitating exchanges of goods/services and payments
associated with market transactions
Provide institutional infrastructure
Electronic marketplaces
Together with IT, EC has greatly increased market
efficiencies
by expediting or improving the functions of market
And lowering transaction and distribution cost
Leading to a well-organized friction-free markets
Market-space components
Customers: the hundreds of millions of people surfing the web are potential buyers of
goods/services offered on the net. They looking for
good deals
Customized items
Collectors items
Entertainment etc
Organizations are the major consumers of EC activities. (85%)

Sellers: millions of storefronts on the Web offering a huge variety of products. ( sells
can be done directly from sellers site or from E-marketplaces

Products: both physical and digital products (what are the advantages of a digital
product?)

Infrastructure: hardware, software, networks etc.

Market-space components
Front end: the portion of an e-sellers business processes through which
customers interact, e.g. sellers portal, e-catalogs, shopping cart, search engine
and payment gateway

Back end: activities that support online order-taking. E.g. order aggregation
and fulfillment, inventory management, purchasing from suppliers, payment
processing, packaging and delivery

Intermediaries: create and manage online markets. Match buyers and sellers,
provide some infrastructure services to and help buyers/sellers to institute and
complete transaction. (mostly operate as computerized systems)

Other business partners: includes business collaboration mostly along supply

chain.

Support services: ranging from certification to trust services

Types of electronic markets
There are various types of marketplaces
B2C
Electronic storefronts

Electronic malls

B2B
Private e-marketplace
Sell-side
Buy-side
Public e-marketplaces
consortia
Types of electronic markets
B2C
Electronic storefronts: single companys Web site where
product/services are sold (electronic store)
A storefront has various mechanism for conducting sale
Electronic catalogs (presentation of product information in an electronic
form)
A search engine ( a program that can access a database of Internet resources,
search for specific information/keywords, and report the result)
An electronic shopping cart: order processing technology that allow shoppers
to accumulate items they wish to buy while they continue to shop)
E-auction facilities
A payment gateway etc.

Electronic malls: an online shopping center where many stores are

located
Types of electronic markets
B2B
Private E-Marketplace: owned by a single company
Sell-side E-Marketplace: a private e-market in which a company sells
either standard or customized to qualified companies
Buy-side: a private e-market in which a company buys from invited
suppliers

Public E-Marketplace: e-market usually owned by am independent

3rd party with many buyers and many sellers (exchanges)

Consortia: usually owned by a small group of major sellers or buyers

usually in the same industry

What is a vertical and horizontal e-market place?

Auctions
Auctions: a market mechanism by which a seller places an
offer to sell a product and buyers make bids sequentially
and competitively until a final price is reached.

Limitations to offline auctions:

Short time for each item (little time to make decision to bid or not)
Sellers dont get the right price (or buyers pay more)
Little time to examine product
Physical presences limits the potential bidders
Difficulty in moving goods to auction sites
Pay of rents or auction sites, advertisement and payment of
auctioneers and employees add to cost
E-Auctions
Electronic auctions (e-auctions): auctions
conducted online.
Dynamic pricing: change in price due to demand and
supply relationships at any given time.
Dynamic pricing has several forms (bargaining and negotiations)
There are 4 major forms of dynamic pricing depending on how
many buyers or sellers there are,
One buyer, one seller
One seller, many potential buyers
One buyer, many potential sellers
Many buyers, many sellers
E-Auctions
One seller, one buyer: negotiations, bargaining and bartering usually used. (Prices mostly
determined by each partys bargaining power as well as demand and supply in the market and
possibly the business environment)

One seller, many buyers: (forward auction) a seller entertains bids from buyers.
English and Yankee auctions: prices increase as auctions progress
Dutch and free fall: prices go down as auctions progress
Assignment (what is English, Yankee, Dutch and free fall auctions) to be submitted before mid-day 29th Feb.. 2008

One buyer, many sellers:

Reverse auctions: a buyer places an item for bidding (tendering) on a request for quote (RFQ) system, potential
sellers bid for the item with price reducing sequentially until no more reductions and the lowest bidder wins
(mostly B2B G2B mechanism)
Name-your-own-price model: a buyer specifies the price ( and other terms) they willing to buy to able suppliers.
(mostly C2B model started by priceline.com)

Many sellers, many buyers: (double auction) multiple buyers and their bids are much with their
multiple sellers and their asking prices, considering the quantities.
E-Auctions
Benefit to sellers
Increase revenues from
broadening customer base
and shortening cycle time.
Chance to bargain instead
of a buying at a fixed price.
Optimal price setting
determined by the market
Can liquidate large
quantities quickly
Improved customer
relationship and loyalty
Benefits to buyers Benefits to e-auctioneers
Opportunity to find unique Higher repeat purchase
items and collectible.
High stickiness to the web
Entertainment. site
Anonymity, with help of a Expansion of the auction
3rd party, buyers can be business.
anonymous
Convenience, can bid from
anywhere with any
connected gadget. No need
to travel to the auction site
E-Auctions
Limitations: major limitations are,
Lack of security
Possibility of fraud
Limited participation
Types of E-Auction Fraud
Bid shielding: having fake (phantom/ghost)
bidders bid at very high prices and then later pull
out at the last minute
Shilling: placing fake bids on auction items to
artificially jack up the bidding price
Fake photos and misleading descriptions
Improper grading techniques
Selling reproductions
Types of E-Auction Fraud
Failure to pay
Failure to pay the auction house
Inflated shipping and handling cost
Failure to ship merchandise
Loss and damage claims
Switch and return
Other frauds, e.g. sale of stolen goods, the use of
fake ids, selling to multiple buyers
Protecting against E-Auction Fraud
User id verification
Authentication service
Grading services
Feedback
Insurance policy
Escrow service
Nonpayment punishment
Appraisal
Physical
verification
Communications and networks
The extranet is the major network structure used in e-market place and
exchanges.
Extranets connects both the internet and the companies individual intranets.
Internet: a public, global communications network that provides direct
connectivity to anyone over a LAN through an ISP or directly though ISP

Intranet: a corporate LAN or WAN that uses internet technology and is secured
behind a companys firewall.
It operates as a private network with limited access (only employees with
authorization can use it)
It usually contains sensitive information
It can be used to enhance communication and collaboration among authorized
employees, customers, suppliers, and other business partners
Because access is though the net, it doesnt require any additional implementation of
leased network
Communications and networks
Extranets: a network that uses a virtual private
network (VPN) to link intranets in different
locations over the internet (extended internet)
VPN: a network that creates tunnels of secured data flows, using
cryptography and authorization algorithms, to provide
communications over the public internet.
Provides secured connectivity between a corporations
intranet and the intranets of its business partners,
material suppliers, financial services, government, and
customer.
Access is mostly limited and highly controlled
Benefits of Extranets
Szuprowicss five benefits categories of extranets
Enhanced communication: enables improve internal communications, improved
business partnership channels, effective marketing, sales, and customer support,
facilitated collaborative activities support
Productivity enhancements: enables just-in-time information delivery, reduction of
information overload, productive collaboration between work groups, and training
on demand.
Business enhancements: enables faster time to market, potential for simultaneous
engineering and collaboration, lower design and production cost, improved client
relationships and creation of new business opportunities
Cost reduction: results in fewer errors, improved comparison shopping, reduced
travel and meeting time and cost, reduced administrative and operational cost, and
elimination of paper-publishing cost
Information delivery: enables low-cost publishing, leveraging of legacy systems,
standard delivery systems, ease of maintenance and implementation, and
elimination of paper-based publishing and mailing costs.
Benefits of Extranets
Rihao-Ling and Yen, added other benefits such as,
Ready access to information, ease of use, freedom of
choice, moderate setup cost, simplified workflow, lower
training cost, and better group dynamics.
They also listed disadvantages such as, difficult to
justified the investment (measuring cost and benefits),
high user expectations, and drain on resouces.
 E-Marketing
Marketing is an organizational function and a set of
processes for creating, communicating and delivering value
to customers and for managing customer relationships in
ways that benefit the organization and its stakeholders.

E-Marketing is essentially a part of marketing

E-marketing=one aspect of an organizational function and

a set of processes for creating, communicating and
delivering value to customers and for managing customer
relationships in ways that benefit the organization and its
stakeholders
E-Marketing
Customer-centric e-marketing=
Applying, digital technologies which from online channels ( web, e-
mail, database, plus mobile/wireless and digital tv)
To, contribute to marketing activities aimed at achieving profitable
acquisition and retention of customers
Through, improving our customers knowledge ( of their profiles,
behavior, value and loyalty drivers), then delivering integrated
targeted communications and online services that match their
individual needs.

Hence e-marketing=achieving marketing objectives

through the use of electronic communications technology
E-Marketing
E-marketing simply put is the application of marketing
principles and techniques through electronic media and
more specifically the internet.

Can also be looked at as, a way of marketing a brand using

the internet.

Basically it is all the activities a business undertakes using

the worldwide web, with the sole aim of attracting new
businesses, retaining current business and developing its
brand identity.
Internet tools for marketers
Distribution: a company can distribute through
the internet
A company can use the internet to build and
maintain a customer relationship
Money collection part of a transaction can be done
online
Leads can be generated by through short trial
periods, before long-term signing
Advertising
Avenue for collecting direct response.
Benefits of e-marketing
If and when properly and effectively implemented, the ROI from e-marketing will far
exceed that of traditional marketing.
It is at the forefront of reengineering or redefining the way businesses interact with their
customers.
Most of the benefit can be derived from the
REACH: truly global reach and cost reduction
Scope: wide range of products and services
Interactivity: two way communication path
Immediacy: provide an opportunity for immediate impact
targeting: savvy marketers can easily have access to the niche markets they need for targeted
marketing
Adaptivity: real time analysis of customer responses leading to minimal advertising spend
wastage.
Other benefits include,
Access to unlimited information to customers without human intervention
personalization
Enables transaction between firms and customers that will typically require human intervention
Limitations of e-marketing
Some of the limitations of e-marketing includes
Lack of personal approach
Dependability on technology
Security, privacy issues
Maintenance costs due to a constantly evolving
environment
Higher transparency of pricing and increased price
competition
Worldwide competition through globalization
 E-Commerce framework
E-Commerce applications
Direct marketing, online Banking, E-government, E-purchasing,
job search, M-commerce, auctions, consumer services, etc

PILLARS
Business
People Public policy
Marketing & Adv.
Support services
Buyers, sellers, Taxes, legal, Logistics, payt,
Partnerships
Marketg research, Joint ventures,
Intermediaries, privacy issues, Content, &
promotions, Exchanges,
IS people, and Regulations and security
& web content E-marketplace
management Tech. standards systems dev.
& consortia
INFRASTRUCTURAL SUPPORT
Common business Massaging & Network
Multimedia contt Interfacing
Serv. Infrastture info dist. infrastructure
& network Infrastructure
(security, (telecom,
Infrastture Publishing
cable tv
(with database,
smart cards/ Business partners
Authentication (EDI, e-mail, Infrastructure
Wireless,
Hypertext, (html, java, xml, Applications)
Electronic payment Internet)
Vrml etc.)
The need for E-Commerce security
There is need for E-Commerce security due to the
increasing cyber attacks and cyber crimes.
A recent survey of security practitioners yielded the
following results,
Organizations continue to have cyber attacks from both in and
outside of the organization
The cyber attacks varied, e.g. computer virus, Net abuse (
unauthorized users of the internet) by employees, denial of services
The financial losses from cyber attacks can be substantial
Takes more then one type of technology to defend against cyber
attacks.
Basic security issues
EC security involves more than just preventing and
responding to cyber attacks and intrusion.
e.g. a user connects to a Web server at a market site
to obtain some product literature (Loshin 1998).
To get the literature, he is asked to fill out a Web form
providing some demographic and other personal
information.
What are the security concerns that can/will arise
in a situation like that?
Basic security issues
From the users perspective,
How can he know, that, the Web server is own and
operated by legitimate company?
How does he know that the Web page and form do not
contain some malicious or dangerous codes or content?
How does he know that the Web server will not
distribute the information to some third party?
Basic security issues
From the companys perspective,
How does the company know that the user will not
attempt to break into the Web server or alter the pages
and content at the site?
How does the company know that the user will not try to
disrupt the server so that it isnt available to others?
Basic security issues
from both parties perspective,
How does the parties know that the network connection
is free from eavesdropping by a third party listening on
the line?
How do they both know that the information sent back
and forth between the server has not been altered
Basic security issues
With transactions that involves E-payments, additional types of security must be confronted.

Authentication: the process by which one entity verifies that another entity is who they claim to
be.

Authorization: the process that ensures that a person has the right to access certain information

Auditing: the process of collecting information about attempts to access particular resources,
use particular privileges, or perform other security actions

Confidentiality (privacy): keeping a private or sensitive information from being disclosed to

unauthorized individual, entities, or processes.

Integrity: the ability to protect data from being altered or destroyed in an unauthorized or
accidental manner.

Availability: the ability of a person or a program to gain access to the pages, data, or services
provided by the site when they need it.

Nonrepudiation: the ability to limit parties from refuting that a legitimate transaction took
place usually by the means of a signature
Types of threats and attacks
There are two types of attacks:
Technical and non-technical.
Technical attacks: an attack perpetrated using software and systems
knowledge or expertise

Non-technical attacks: an attack that uses deceit to trick people into

revealing sensitive information or performing actions that compromise
the security of a network.
(social engineering): an attack that uses social pressures to trick computer
users into compromising computer networks to which those individuals have
access. There are two types:
Human based: based on traditional mode of communication. ( in person or
over the phone)
Computer based: technical ploys used to get individuals to provide sensitive
information
Types of threats and attacks
social engineering cont.
The key to successful social engineering rest with the victims. combating it also rest
with the victims.
Certain positions are more vulnerable than others, ( employees who deals with
both confidential information and the public. E.g. secretaries, and executive
assistants, database and network administrators, computer operators and call-
center operators.

How to deal with it: multi-prong approach should be used to combat it. ( Damle 2002)

Education and training: all staff ( mostly those in vulnerable positions) must be
educated about the risk, techniques used by hackers and how to combat it.

Policies and procedures: for securing confidential information and measures needed
to respond to and report any social engineering breaches.

Penetration and testing: on regularly bases by outside expect playing the role of
hackers. Staff must be debriefed after penetration test and any weaknesses corrected.
Types of threats and attacks
Technical attacks: experts usually use methodical
approach. Many software tools are easily and
readily available over the internet that enables a
hacker to expose a systems vulnerabilities.

In 1999, Mitre corporation (cve.mitre.org) and 15 other

security-related organizations started to count all
publicly known CVEs ( common (security)
vulnerabilities and exposures.
CVEs: publicly known computer security risks, which are
collected, listed, and shared by a board of security-
related organizations.
Types of threats and attacks
The two very well known technical attacks that have affected the
lives of millions are:

1. DDoS ( Distributed Denial of Service) attack: an attack in which the

attacker gains illegal administrative access to as many computers on the
Internet as possible and uses these multiple computers to send a flood
of data packets to the users computer.
DoS (Denial-of-Services) attack: an attack on the web site in which an
attacker uses specialized software to send a flood of data packets to the
targeted computer with the aim of overloading its resources.
DDoS software are loaded on machines known as Zombies

2. Malware (malicious codes): they are mostly classified by the way they
are propagated. They all have the potential to damage.
Malware takes a variety of forms and their names are mostly from the real
world pathogens they look-like,
Types of threats and attacks
Viruses: a piece of software code that inserts itself into a host, including the operation
system, to propagate. It requires the running of the host program to activate it. Cant run
independently
Viruses have two components:
Propagation mechanism by which it spreads
A payload refers to the what it does once it is executed
Some viruses simply spread and infect, others do substantial damage ( e.g. deleting files or
corrupting the hard ware)
Worms: a program that can run independently, will consume the resources of its host
from within in order to maintain itself, and can propagate a complete working version of
itself onto another machine.
Major difference between a worm and a viruses: a worm can propagate between systems (mostly
through a network) whiles viruses propagate locally.

Macro viruses or macro worms: executes when the application object that contains the
macro is open or a particular procedure is executed.

Trojan horse: a program that appears to have a useful function but that contains a hidden
function that presents a security risk.
There are various forms of Trojan horse, but the one of interest is the one that makes it possible
for someone else to gain access and control a persons computer other the net.
This types of Trojans have two parts: server and clients. The serve is the program that runs on
the computer under attack, and the client is used by the person perpetrating the attack.
Managing Security
Some basic mistakes in managing security risk, includes

Undervalued information. Few organizations have a clear understanding of the value

of specific information asset

Reactive security management. Most companies focus on security after an incident

Narrowly defined security boundaries. Most organization are just interested in

securing their internal network and dont try to understand the security issues of
their supply chain partners

Dated security management processes. Some organizations hardly update or change

their security practices or update the security knowledge and skill of their employees

Lack of communication about security responsibility. Security is often view as an IT

problem and not a company problem.
Security risk management
Security risk management: is a systematic process for
determining the likelihood of various security attacks and
for identifying the actions needed to prevent or mitigate
those attacks. It has four stages:

Assessment: organization evaluate their security risks by

determining their assets, the vulnerability of their system and the
potential treats to these vulnerabilities. This can be done,

By relying the knowledge and skill of the IT personnel

By using outside IT consultant or
By using a honeynet to study the types of attack to which a site is being
actively subjected to.
Security risk management
Honeynet: is a way to evaluate vulnerability of an organization by studying the types of attack
to which a site is subjected, using a network of systems called honeypots.

Honeypots: production systems ( e.g. firewalls, routers, web servers, database servers)
designed to do real work but to be watched and studied as network intrusions occur.

Planning: the aim here is to arrive at a set policies defining which threats are
tolerable and which arent and what is to be done in both cases.
a tolerable threat is one with a very high cost of safeguarding or the risk too low.

Implementation: involves the choose and use of particular technologies to counter

the high-priority threats.

Monitoring: ongoing process to determine successful or unsuccessful measures,

need for modification, find new threats, find advances in technology and locate
which new business assets needs securing.
Securing EC communications
there are two types of technology to secure
communication on a network.
Technologies for securing communications across the
network and for securing communication on the
network.

EC of all sorts rests on the concept of trust, and PAIN

is used to represent the key issues of trust that arises.
Securing EC communications
Information security requires
the identification of legitimate parties to a transaction,
the actions they are allowed to perform determined and
limited to only those necessary to initiate and complete the
transaction.
This can be achieved through an authentication system

Authentication system: is a system that identifies the

legitimate parties to a transaction, determines the actions
they are allowed to perform, and limits their actions to only
those that are necessary to initiate and complete the
transaction
Securing EC communications
Authentication system have five key elements, namely,
A person or group to be authenticated

A distinguishing characteristic that asides the person or the group apart

A proprietor responsible for the system being used

An authentication mechanism for verifying the presence of the

differentiating characteristic

An access control mechanism ( a mechanism that limits the actions that

can be perform by an authenticated person or group) for limiting the
actions performed by the authenticated person or group
Securing EC communications
Distinguishing characteristic in an authentication system can be
something
One knows (e.g. password, pass phrase, PIN )
One has (e.g. ID card, a security token, software, cell phone )
One is (e.g. fingerprint, DNA, signature, voice recognition)

Traditionally authentication systems has mostly been passwords

(which are very insecure)

Stronger security can be achieved by combining what someone knows

with something one has ( technique know as two factor authentication
T-FA)
Securing EC communications
Tokens: there are two types of
Passive tokens: storage devices used in a two-factor
authentication system that contain a secret code

Active tokens: small stand-alone electronic devices in a

two-way authentication system that generate one-time
passwords.
Securing EC communications
Biometric Systems: authentication systems that identifies a
person by measuring biological characteristic such as
fingerprints, iris (eye) pattern, facial features or voice

There are two forms of biometrics

Physiological biometrics: measurements derived directly from
different parts of the body (e.g. fingerprints, iris, hand, facial
characteristics)

Behavioral biometrics: measurement derived from various actions

and indirectly from various body parts (e.g. voice scan or keystroke
monitoring)
Securing EC communications
Fingerprinting scanning: measurement of the discontinuities of a
person fingerprint, converted to a set of numbers that are stored as a
template and use to authenticate identity

Iris scanning: measurement of the unique spots in the iris (colored part
of the eye) converted to a set of numbers that are stored as a template
and used to authenticate identity

Voice scanning: measurement of the acoustical patterns in speech

production, converted to a set of numbers that be stored as a template
and used to authenticate identity.

Keystroke monitoring: measurement of the pressure, speed, and

rhythm with which a word is typed, converted to a set of numbers and
stored as a template and used to authenticate identity.
Securing EC communications
Public key infrastructure (PKI): a scheme for
securing e-payments using public key encryption
and various technical components.
Encryption: the process of scrambling
(encrypting) a message in such a way that it is
difficult, expensive, or time consuming for an
authorized person to unscramble (decrypt) it.
All encryptions has four basic parts.
Securing EC communications
Plaintext: an unencrypted message in human-readable form.

Encryption algorithm: mathematical formula used to encrypt the

plaintext into the ciphertext, and vice versa

Key: secret code used to encrypt and decrypt a message

Ciphertext: a plaintext message after it has been encrypted into a

machine readable form

There are two form of encryption systems

Symmetric system and
Asymmetric system
Securing EC communications
Symmetric (private) Key system: an encryption system that
uses the same key to encrypt and to decrypt the message.
The key is only know to the sender and the receive (hence the name
private key)

Asymmetric (public) key encryption: encryption that uses a

pair of matched keys, a public key to encrypt and a private
key to decrypt it or vise versa.

Public key: encryption code that is publicly available to anyone

Private key: encryption code that is know only to the sender and the
receiver (owners).
Securing EC Networks
Many technologies exist to ensure that an organizations networks is
secured or detected when intruded.
Firewall: a network node consisting of both hardware and software that
isolates a private network from a public network.
Personal firewall: a network node designed to protect an individual users
desktop system from the public network by monitoring the traffic that
passes through the computers network interface.
Virtual private networks (VPN): a network that uses the public Internet
to carry information but remains private by using encryption to scramble
the communications, authentication to ensure that information has not
been tampered with, and access control to verify the identity of anyone
using the network
Intrusion detection systems (IDS): a special category of software that
can monitor activity across a network or on a host computer, watch for
suspicious activity, and take automated actions based on what it sees.
Business models in E-Commerce
Business model: a method of doing business by which a company can
generate revenue to sustain itself.

Structure of business models: structure of business models varies

greatly based on the company, and the industry environment.
Weill and Vitale (2001) 8 atomic business model
Direct marketing,
intermediary,
content provider,
full service provider,
shared infrastructure,
value net integrator,
virtual community, and
consolidator of services (for large organizations)
Business models in E-Commerce
Each of this models is characterized by
Strategic objectives
Source of revenue
Critical success factors
Core competencies required
These models must specified
Their revenue models
Value propositions
Revenue model
Revenue model: how an EC project or company will make or earn money. Major
revenue models are,
Sales: revenue from selling on their web site or providing services

Transaction fees: commissions based on the volume of transactions made. ( fixed or

incremental)

Subscription: payment of fees usually monthly or quarterly to get some type of

service

Advertising fees: companies charge others for placing ads on their sites

Affiliate fee: companies get paid for referring customers to other sites

Other revenue models: game sites, licensing fees etc.

Value proposition
Value proposition: the benefits a company can derive from using EC. (B2C EC
e.g. defines how a companys product or service fulfills the needs of customers.
Specifically how does for example e-marketplaces create value?
Amit & Zott (2001) identified 4 sets of values
Search & transaction cost efficiency:
Enables faster and more informed decision making, wider product
and service selection etc
Complementarities: bundling some goods and services together to
provide more value than when offered separately
Lock-in: high switching cost that ties customers to certain suppliers
Novelty: developing innovative ways for structuring transactions,
connecting partners, and fostering new markets
Value proposition
Bakos (1991) values,
Reduced search cost
Significant switching cost
Economics of scale and scope
Network externality

Other value propositions,

Demand (and/ supply) aggregation: affords suppliers with wider
market access and buyers with more choices and both with
competitive prices and

Interfirm collaborations: enables business participants to deepen

their business relationships leading to improvement in individual
business processes and overall supply chain performance
Types of business models in EC
Online direct marketing: selling online from a manufacturer to a customer (e-
tailing)

Electronic tendering system: (tendering, reverse auction) buyers request would

be sellers to submit bids for an item/service/project and the lowest bidder wins

Name-your-own price: a buyer sets the price he wants to pay for a

product/service

Find the best price: a buyer submits its needs and an intermediate matches it
against a database of sellers, locates the lowest price and submit it to the buyer
to accept or reject.

Affiliate marketing: marketing partner refers consumers to a selling companys

web site for a commission (virtual commissioned sales force)
Types of business models in EC
Viral marketing: Web-based word-of-mouth marketing in which a customers
promotes a product or service to friends or other people

Group purchasing: quantity purchasing that enables groups of purchasers to

obtain a discount price on the products purchased (demand aggregation)

Online auctions: bidding for products and services with the highest bidder
getting the item.

Product and service customization: creation of a product or service to meet the

buyers specifications.

Electronic marketplaces and exchangers: a space in which sellers and buyers

exchange goods and services for money (or for other goods and services)
electronically.
Electronic payments (e-payment)
E-payments: payments made electronically rather
than by paper (cash, checks, vouchers, etc)

Electronic payments methods expedite payments

online and reduces processing costs, but must it
must be safe and trusted by users.
The major methods of e-payments in use includes,
Electronic payments (e-payment)
Electronic payment cards (credit, debit, charge)
Virtual credit cards
E-wallets (or e-purses)
Smart cards
Electronic cash (several variations)
Wireless payments
Stored-valued cards payment
Loyalty cards
Person-to person payment cards
Payments made electronically at kiosk
Other methods used mostly for B2B payments
Electronic checks
Purchasing cards
Electronic letters of credit
Electronic funds transfer (ETF)
Electronic benefit transfer (EBT)
Etc

The underling similarity is the ability to transfer or make a payment from one person or party to
another person or party over a network without face-to-face interaction.
Electronic payments (e-payment)
Whatever the payment method is, five parties may be involved,
Customer/payer/buyer: the party making the e-payment in exchange for goods or
services
Merchant/payee/seller: the party receiving the e-payment in exchange for goods or
services
Issuer: the banks or the non-banking institutions that issued the e-payment
instrument used to make the purchase
Regulator: usually a government agency whose regulations control the e-payment
process
Automated Clearing House (ACH): an electronic network that transfers money
between bank accounts.

Issuers play a key role in online purchases for 2 reasons,

Customers must obtain their e-payment accounts from an issuer
Issuers are mostly involved in authenticating a transaction and approving the amount
involved.

Because buyers and seller are not at the same place to exchange their goods and services,
issues of trust arise, and PAIN has been devised to address such issues.
Electronic payments (e-payment)
Characteristic of successful e-payment methods

How do u get buyers to adopt a method when there are few sellers using it?
And how do you get sellers to adopt a method when very few buyers are using it? (chicken and
egg problem)

Some factors or characteristics or successful e-payment are,

independence: e-payment that require the payer to install specialized components are less likely
to succeed
Interoperability and portability: an e-payment system must mesh with existing interlinked
systems and applications and must be supported by standard computing platforms
Security: the risk for the payee must be higher the payer (must be very safe)
Anonymity: e-payment systems must be anonymous to hide the identity of those who wants to
remain so
Divisibility: must be usable for both high and low purchases
Ease of use: must be pretty easy to use
Critical mass: a critical mass of vendors must be willing to accept the payment, conversely a
critical mass of places to acquire the payment methods must exist
Electronic payments (e-payment)
Using e-payment reduces transaction cost by 30 to 50
percent compared to off-line payments
It is faster
Makes it possible to conduct business across geographical
and political boundaries (greatly enhancing the possibility
of international deals and transactions
E-payment is very important in EC because,
There is no trade without a payment system
A good and secured payment system increases the trust and
confidence of buyers
Electronic payments (e-
payment)
Electronic cards: are plastic cards that contain digitized information, that
can be used for payment and for other purposes such as identification
and access to secure locations.

Payment cards: electronic cards that contains information that can be used
for payment purposes.
there three types of payment cards

Credit cards: providers the holder with a credit to make purchases up to a limit
fixed by the issuers. (users normally dont pay any fee for using it, just a high
interest on their unpaid balance)
Charge cards: are like monthly loans given to the user, that he/she is required to
pay back in full at the end of the month or upon receipt of monthly statement.
(usually no interest is paid on such cards, just an annual fee and or severe penalty
for failure to pay balance in full)
Debit cards: with a card the money for a transact comes directly from the users
account
Electronic payments (e-payment)
Virtual credit cards: a payment system in which
the issuer gives a special transaction number that
can be used online in place of a regularly credit
card number.

E-wallets: is a software component in which a user

stores credit card numbers and other information;
when shopping online, the user simply clicks the
e-wallet to automatically fill in information
needed to make a purchase.
Electronic payments (e-payment)
Smart Cards: an electronic card contains an embedded
microchip that enables predefined operations or the
addition, deletion, or manipulation of information on the
card.

Some applications of smart cards:

Loyalty cards; retailers are using loyalty cards to identify their loyal
customers and reward them
Financial application; financial institutions, payment associations,
credit cards, debit cards, charge card issuers are all using smart cards to
extend the traditional card payment services
Transportation
Identification; smart cards fits perfectly in the identification market
Electronic payments (e-payment)
Electronic cash: the digital equivalent of paper currency
and coins, which enables secure and anonymous purchase
of low-priced items.
E-cash has various variations;
Wireless payments
Stored-value cards
E-loyalty
P2P payment: e-payment schemes that allows the transfer of funds
between two individuals

Payment made electronically at kiosk; customers acting as

cashiers and checking themselves out.
Electronic payments (e-payment)