Course B: Advanced e-Business

Module 4. e-Commerce

byVatcharaporn Esichaikul, AIT

Outline

B2C/B2B e-commerce Business models of e-commerce Internet shopping Selling on the web Online customer service E-payment systems and security for e-

com E-auction

B2C/B2B e-commerce

Categories of eCom/eBiz

Business-to-customer (B2C)Business-to-customer (B2C) Retailing of products and services directly to Retailing of products and services directly to

individual customersindividual customers

Business-to-business (B2B)Business-to-business (B2B) Sales of goods and services among businessesSales of goods and services among businesses

Consumer-to-consumer (C2C)Consumer-to-consumer (C2C) Individuals use Web for private sales or exchangeIndividuals use Web for private sales or exchange

Business-to-employee (B2E)Business-to-employee (B2E) Information and services made available to Information and services made available to

employees onlineemployees online

Pure vs. Partial EC

Pure vs. Partial EC: based on the degree of digitization of Product [physical/digital] Process [physical/digital] Delivery agent [physical/digital]

Traditional commerce: all dimensions are physical

Pure EC: all dimensions are digital Partial EC: all other possibilities include

a mix of digital and physical dimensions

Business Models of e-Commerce

Real-world Cases

Amazon.com

New Business Model: Amazon.com

Online retailer of books, CDs, Online retailer of books, CDs, electronics, and other productselectronics, and other products

Uses software to create detailed Uses software to create detailed customer profiles and make customer-customer profiles and make customer-specific offersspecific offers

What led to Amazon’s fantastic What led to Amazon’s fantastic growth? growth?

                                 

What led to Amazon’s fantastic growth?

First mover – embraced a revolutionary First mover – embraced a revolutionary way to reach end consumersway to reach end consumers

They made their brand more important They made their brand more important than profitthan profit

Customer service focusCustomer service focus

Dimensions of Competition:

Price/Cost Example Amazon cuts costs of retail outlets and Amazon cuts costs of retail outlets and

intermediaries.intermediaries. Amazon’s distribution system is less Amazon’s distribution system is less

expensive than its competitors.expensive than its competitors. Shipment from an Amazon warehouse is Shipment from an Amazon warehouse is

more costly than visiting a retail outlet.more costly than visiting a retail outlet. Amazon gets paid before paying the Amazon gets paid before paying the

distributor, whereas in the traditional distributor, whereas in the traditional distribution system it is the other way distribution system it is the other way around.around.

Dimensions of Competition:

Custom Features Example Amazon uses the data obtained from Amazon uses the data obtained from

customers to offer personal buying customers to offer personal buying recommendations.recommendations.

Amazon’s innovations have included Amazon’s innovations have included one-click shopping, its popular one-click shopping, its popular bestseller list ranking sales on the site, bestseller list ranking sales on the site, and the associates program.and the associates program.

Dimensions of Competition:

Brand Example

More personalized products and Web More personalized products and Web site experiences.site experiences.

Broader offering of products are built Broader offering of products are built into brand experience, allowing more into brand experience, allowing more revenue and profit per customer.revenue and profit per customer.

Dimensions of Competition:

Speed of Delivery Example For in-stock items, there is no For in-stock items, there is no

technology advantage for Amazon.technology advantage for Amazon. For out-of-stock items, technology For out-of-stock items, technology

allows greater order tracking and allows greater order tracking and notification features.notification features.

Dimensions of Competition:

Selection Example Amazon.com offers 3 million titles

compared with 175,000 for a Barnes & Noble retail superstore.

Both Amazon.com and BarnesAndNoble.com offer a similar selection of book titles.

Dimensions of Competition:

Convenience Example Available 7/24/365. Easy-to-navigate site. Excellent use of e-mail for marketing

and customer service. Skilled at tailoring product

recommendations to individuals. One-click ordering.

Amazon Implications

B2C example Technology can be used to compete in

many dimensions Technology provides more than just

new business models Will Amazon survive?

What are the Consequences of the Amazon Business Model?

ImmediateImmediate Dominant Internet Dominant Internet

shopping brand.shopping brand. A lot of valuable A lot of valuable

information about information about customer buying.customer buying.

FutureFuture Wal-Mart of the Wal-Mart of the

Internet?Internet? Sub-contract to Sub-contract to

other dot com’sother dot com’s

Impact of Technology on Dimensions of Competition

DimensionDimension Price/cost Price/cost

Custom features Custom features

Distribution Distribution

Brand, promotionsBrand, promotions

Technology’s ImpactTechnology’s Impact Allows personalized pricing, eliminates Allows personalized pricing, eliminates

middlemen, and shrinks value chain middlemen, and shrinks value chain (removing non-value-added (removing non-value-added interactions).interactions).

Reduced Transaction costsReduced Transaction costs Allows faster product lifecycle, more Allows faster product lifecycle, more

customer-specific products, and customer-specific products, and changeable and upgradeable products.changeable and upgradeable products.

Causes disintermediation, re-Causes disintermediation, re-intermediation, and globalization.intermediation, and globalization.

Allows 1-to-1 (personalized)Allows 1-to-1 (personalized) marketing.marketing.

Impact of Technology on Dimensions of Competition

DimensionDimension Speed of deliverySpeed of delivery

SelectionSelection

ConvenienceConvenience

ServiceService

Technology’s ImpactTechnology’s Impact Reduces delivery time and Reduces delivery time and

inventory, and causes inventory, and causes disintermediation.disintermediation.

Improved InformationImproved Information Allows greater sales, lower Allows greater sales, lower

inventory, and customer-driven inventory, and customer-driven business systems.business systems.

Allows 24/7 shopping, order Allows 24/7 shopping, order tracking, broader selection, and tracking, broader selection, and comparative pricing.comparative pricing.

Personalizes service using historic Personalizes service using historic and/or predictive information.and/or predictive information.

eBay

New Business Model: eBay

Online auction system for Online auction system for individuals.individuals.

People can post items for sale or People can post items for sale or search for items being auctioned search for items being auctioned and make bids.and make bids.

Why did eBay’s business model Why did eBay’s business model & strategy work?& strategy work?

What made eBay Work?

Connected people who previously Connected people who previously couldn’t be connected economically couldn’t be connected economically (new possibility)(new possibility)

Users motivation to participate was Users motivation to participate was strongstrong

Rapid successRapid success Technology was kept simple instead Technology was kept simple instead

focusing on core objectives focusing on core objectives

What are the Consequences of the eBay

Business Model?ImmediateImmediate Rapid growth of Rapid growth of

person-to-person person-to-person auctions.auctions.

Rise of Rise of “questionable” “questionable” auction items.auction items.

FutureFuture End of flea End of flea

markets and markets and garage sales?garage sales?

Creates new Creates new marketsmarkets

Specialized Specialized trading?trading?

Facilitate others?Facilitate others?

eTrade

New Business Model: E*TRADE

Top online brokerage company.Top online brokerage company.

Why is stock-trading ideally Why is stock-trading ideally

suited to online business?suited to online business?

Why E*TRADE?

No physical delivery of goods makes No physical delivery of goods makes this an ideal online businessthis an ideal online business

Implication: All information-based Implication: All information-based services can benefit from being onlineservices can benefit from being online

Reduced transaction costsReduced transaction costs Effective delivery of servicesEffective delivery of services Customer segmentationCustomer segmentation Built a new brand in an industry which Built a new brand in an industry which

competes on brand.. competes on brand..

What are the Consequences of the E*TRADE Business Model?

ImmediateImmediate More online More online

customers.customers. More day-traders.More day-traders. Greater trading Greater trading

volume.volume. More stock More stock

market volatility.market volatility.

FutureFuture Disintermediate Disintermediate

the NYSE?the NYSE? Create an ECN Create an ECN

(Electronic (Electronic Communications Communications Network) like Network) like Instinet?Instinet?

Dell

New Business Model: Dell

Largest direct PC manufacturer and one Largest direct PC manufacturer and one of the largest PC manufacturers.of the largest PC manufacturers.

Sells directly to customers, bypassing Sells directly to customers, bypassing retailers and passes on the savings.retailers and passes on the savings.

Has much less inventory than its Has much less inventory than its competitors and much faster deliveries.competitors and much faster deliveries.

What Rules Did Dell Break?

You can’t customize every order for You can’t customize every order for every customer, so offer pre-configured every customer, so offer pre-configured models that can’t be changed.models that can’t be changed.

Retailers recommend specific models to Retailers recommend specific models to customers, so the channel cannot be customers, so the channel cannot be bypassed.bypassed.

What are the Consequences of the Dell Business Model?

ImmediateImmediate Decline of Decline of

computer retailer.computer retailer. PC industry PC industry

margin squeeze – margin squeeze – consolidation and consolidation and bankruptcy.bankruptcy.

FutureFuture Offer non-PC Offer non-PC

products in an products in an electronics electronics marketplace.marketplace.

Sabre

New Business Model: Sabre

Electronic reservation system for Electronic reservation system for airlines, hotels, car rental companies.airlines, hotels, car rental companies.

Sets prices for individual airline tickets Sets prices for individual airline tickets to maximize total company revenue or to maximize total company revenue or profit.profit.

What is Optimal Dynamic Pricing?What is Optimal Dynamic Pricing?

What Rules Did Sabre Break?

You can’t charge customers different You can’t charge customers different prices for the same product.prices for the same product.

Companies cannot share their complete Companies cannot share their complete pricing strategies with all competitors.pricing strategies with all competitors.

What are the Consequences of the Sabre Business Model

ImmediateImmediate Travel agent Travel agent

disintermediation.disintermediation. Higher revenue Higher revenue

and profits for and profits for airlines, hotels, airlines, hotels, and other travel and other travel companies.companies.

FutureFuture Airline alliances.Airline alliances. Airline Airline

management by management by Sabre.Sabre.

Single travel Single travel marketplace for marketplace for all players.all players.

Hotmail

New Business Model: Hotmail

Free Web-based e-mail.Free Web-based e-mail.

Spent only $500,000 on initial Spent only $500,000 on initial marketing, much less than the $20 marketing, much less than the $20 million spent by its nearest competitor million spent by its nearest competitor Juno.Juno.

How did they do this?How did they do this?

New Business Model: Hotmail

Used viral marketing (every message Used viral marketing (every message ends with a message stating “ends with a message stating “Get Your Get Your Private, Free Email at Private, Free Email at http://www.hotmail.comhttp://www.hotmail.com”).”).

How did this business make money How did this business make money as an independent entity?as an independent entity?

What Rules Did Hotmail Break?

You can’t grow a business or brand You can’t grow a business or brand without spending a lot on marketing.without spending a lot on marketing.

Customers won’t like being used as part Customers won’t like being used as part of a marketing campaign.of a marketing campaign.

Customers won’t give out personal Customers won’t give out personal information to get a “free” service.information to get a “free” service.

What are the Consequences of the Hotmail Business

Model?

ImmediateImmediate Single standard and Single standard and

source for e-mail.source for e-mail. Consumers expect Consumers expect

other free services.other free services. Traffic for MSN sites.Traffic for MSN sites.

FutureFuture Single standard and Single standard and

source for all source for all communications?communications?

Does the online Does the online advertising business advertising business model work?model work?

Priceline.com

New Business Model: Priceline.com

Online shopping service that allows Online shopping service that allows customers to “Name Your Own Price” customers to “Name Your Own Price” for a variety of products, like vacations for a variety of products, like vacations and electronics.and electronics.

What Rules Did Priceline.com Break?

Suppliers determine the price of Suppliers determine the price of products and publish them to products and publish them to customers.customers.

What are the Consequences of the Priceline.com Business

Model?ImmediateImmediate All prices are All prices are

negotiable online.negotiable online.

FutureFuture End of price End of price

setting by sellers?setting by sellers?

Conclusions

Technology allows new ways of doing new Technology allows new ways of doing new things and new ways of doing old things.things and new ways of doing old things.

Different businesses – different models & Different businesses – different models & strategiesstrategies

““If you’re not changing faster than your If you’re not changing faster than your environment, you are falling behind” – environment, you are falling behind” – Jack Welsh, CEO of General Electric.Jack Welsh, CEO of General Electric.

Internet Shopping

Why do people shop online? Why don’t people shop online?

Why Internet Shopping?

Enables consumers to shop or do other transactions 24 hours a day, all year round from almost any location

Provides consumers with more choices

Provides consumers with less expensive products and services by allowing them to shop in many places and conduct quick comparisons

Why Internet Shopping?

Allows quick delivery of products and services, especially with digitized products

Consumers can receive relevant and detailed information in seconds, rather than in days or weeks

Allows consumers to interact with other consumers n electronic communities and exchange ideas as well as compare experiences

Facilitates competition, which results in substantial discounts

Why not Internet Shopping?

Security and Privacy Difficult to convince customers that online

transactions and privacy very secure Customers do not trust:

Unknown faceless sellers Paperless transactions Electronic money

Switching from a physical to a virtual store may be difficult

Lack of touch and feel online Many unresolved legal issues Expensive and/or inconvenient accessibility to

the Internet ePayment is not in place

Online Consumer Behavior Model

Consumer Behavior Online (cont.)

Consumer types Individual consumer Organizational buyers

Governments and public organizations Private corporations Resellers Consumer behavior viewed in terms of

Why is the consumer shopping? How does the consumer benefit from shopping

online?

Consumer Behavior Online (cont.)

3 categories of consumers Impulsive buyers—purchase quickly Patient buyers—make some

comparisons first Analytical buyers—do substantial

research before buying

Online Customer Service and CRM

Online Customer Service

Customer service Traditional: do the work for the customer EC delivered: gives tools to the customer

to do the work for him/herself (log: tracking, troubleshooting, FAQ) with

Improved communication Automated process Speedier resolution of problems

Online Customer Service (cont.)

E-service—online help for online transactions Foundation of service—responsible and

effective order fulfillment Customer-centered services—order tracing,

configuration, customization, security/trust Value-added services--dynamic brokering,

online auctions, online training and education

Online Customer Service (cont.)

Product life cycle and customer service Phases of product life cycle

Requirements: assisting the customer to determine needs

Acquisition: helping the customer to acquire a product or service

Ownership: supporting the customer on an ongoing basis

Retirement: helping the client to dispose of a service or product

Service must be provided in all of them

Online Customer Service (cont.)

Customer relationship management (CRM) Customer-focused EC

Make it easy for customers to do business online Business processes redesigned from customer’s

point of view Design a comprehensive, evolving EC architecture Foster customer loyalty by:

Personalized service Streamline business processes Own customer’s total experience

Customer Relationship Management (CRM)

Customer service functions Provide search and comparison capabilities Provide free products and services Provide specialized information and services Allow customers to order customized

products and services Enable customers to track accounts or order

status

Customer Relationship Management (cont.)

Customer service tools Personalized Web pages

Used to record purchases and preference Direct customized information to customers

efficiently FAQs

Customers find answers quickly Not customized, no personalized feeling and no

contribution to relationship marketing

Customer Relationship Management (cont.)

Tracking tools Customers track their orders saving time and

money for all Example: FedEx’s package tracking

Chat rooms discuss issues with company experts and with

other customers

E-mail and automated response Disseminate general information Send specific product information Conduct correspondence regarding any topic

(mostly inquiries from customers)

Customer Relationship Management (cont.)

Help desks and call centers A comprehensive customer service entity EC vendors take care of customer service

issues communicated through various contact channels

Telewebs combine Web channels (automated e-mail reply) Web knowledge bases (portal-like self service) Call center agents or field service personnel

Troubleshooting tools —assist customers in solving their own problems

Customer Relationship Management (cont.)

Justifying customer service and CRM programs—2 problems Most of the benefits are intangible Substantial benefits reaped only from

loyal customers, after several years Metrics—standards to determine

appropriate level of customer support Response and download times Up-to-date site and availability of relevant content Others

Customer Relationship Management (cont.)

Amazon.com Convenience, selection, value, special services E-mail order confirmation Personalized services

Federal Express (FedEx) Package tracking service Ability to calculate delivery costs, online

shipping forms, arrange pickup, find local drop bo

Examples of customer service

Electronic Payment Systems

E-payment

Players and processes involved in using credit cards online

Online alternatives to credit card payments

Key elements in securing an e-payment

Overview of Electronic Payments

E-payment methods Electronic funds transfer (EFT) Credit cards E-payments

Smart cards Digital cash Digital checks E-billing

All have the ability to transfer payment from one person or party to another

Electronic Payments (cont.)

Five parties involved in e-payments Issuer Customer/payer/buyer Merchant/payee/seller Regulator Automated Clearing House (ACH)

Key issue of trust must be addressed Privacy Authentication and authorization Integrity Nonrepudiation

Electronic Payments (cont.)

Independence Interoperability and portability Security Anonymity Ease of use Transaction fees

Crucial factors in determining which method of e-payment achieves widespread acceptance

E-Cards

Three common types of payment cards Credit cards —provides holder with

credit to make purchases up to a limit fixed by the card issuer

Charge cards —balance on a charge card is supposed to be paid in full upon receipt of monthly statement

Debit card —cost of a purchase drawn directly from holder’s checking account (demand-deposit account)

E-Cards (cont.)

The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant’s financial institution,

acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers

performing same duties formerly provided by issuers, etc.)

Online Credit Card Processing

.

E-Cards (cont.)

E-wallets A software component in which a user

stores credit card numbers and other personal information

when shopping online, the user simply clicks the e-wallet to automatically fill in information needed to make a purchase

E-Cards (cont.)

Security risks with credit cards Stolen cards Reneging by the customer—

authorizes a payment and later denies it

Theft of card details stored on merchant’s computer

E-Cards (cont.)

Purchase cards Instrument of choice for B2B purchasing Special-purpose, non-revolving payment cards

issued to employees solely for purchasing and paying for nonstrategic materials and services

Purchase cards—operate like other credit cards

Cardholder of corporation places an order for goods or services

Supplier processes transaction with authorization of card issuer

Issuer verifies purchase authorization

E-Cards (cont.)

Purchase cards All cardholders’ transactions processed

centrally—one payment for all purchases Each cardholder reviews monthly statement Card issuer analyzes transactions—standard

and ad hoc reports are made Card issuer creates electronic file to upload

to corporation’s ledger system

E-Cards (cont.)

Benefits of purchasing cards Cost savings Productivity gains Bill consolidation Payment reconciliation Preferred pricing Management reports

E-Cards (cont.)

Smart CardsAn electronic card containing an

embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card

E-Cards (cont.)

Categorize smart cards by how they store data

Contact card —insert in smart card reader Contactless(proximity) card —embedded

antenna read by another antenna (mass-transit applications)

E-Cash and Payment Alternatives

The digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items

E-cash alternatives for credit cards (micropayments—under $10) E-cash (eCoin.net)

Identity of user hidden from merchant Easier to use than earlier e-cash systems Requires specialized software

Qpass (Qpass.com) Set up Qpass account User name and password What credit card to charge

E-Cash & Payment Alternatives (cont.)

Stored-value cards and other innovations Visa Cash: A stored-value card designed to

handle small purchases or micropayments; sponsored by Visa

Visa Bucks: prepaid card designed for teens Mondex: A stored-value card designed to

handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard

E-Cash & Payment Alternatives (cont.)

E-loyalty and rewards programs Electronic script

A form of electronic money (or points), issued by a third party as part of a loyalty program

can be used by consumers to make purchases at participating stores

MyPoints-CyberGold (mypoints.com) Customers earn cash Cash used for later purchases

E-Cash & Payment Alternatives (cont.)

Person-to-person (P2P) payments and gifts Enable transfer of funds between two

individuals Repaying money borrowed Paying for an item purchased at online

auction Sending money to students at college Sending a gift to a family member

Sending money with PayPal

Source: paypal.com.

E-Checking

The electronic version or representation of a paper check

Eliminate the need for expensive process reengineering

Can be used by all bank customers who have checking accounts

To be integrated with the accounting information system of business buyers and with the payment server of sellers

Used mainly in B2B

E-Checking (cont.)

Benefits of e-checking Online check collection process Online notices of check returns Truncating paper checks at bank of first

deposit

B2B Electronic Payments

Financial supply chains (FSC) Follows a buyer’s transaction

activities related to cash flow, which start with a purchase order and end in settlement with the seller

E-Billing

Customers are either individuals or companies

Two common models of e-billing Biller direct—customer receives bill

from a single merchant Third-party consolidators—presents

bills from multiple merchants

E-Bill Presentment

Payment Gateway

server-based transaction processing system which enables businesses to authorize, process, and manage credit card transactions securely in a real-time, online environment from any computer with an Internet connection and a Web browser.

specifically designed to accommodate the increasing demand by e-commerce companies

offered by banks and companies who are authorized to accept credit card online payment

Ex: Citibank payment gateway

E-Commerce Security

Need forE-Commerce Security

Annual survey conducted by the Computer Security Institute

Organizations continue to experience cyber attacks from inside and outside of the organization

The types of cyber attacks that organizations experience were varied

The financial losses from a cyber attack can be substantial

It takes more than one type of technology to defend against cyber attacks

Security Is Everyone’s Business

Security practices of organizations of various sizes Small organizations (10 to 100 computers)

The “haves” are centrally organized, devote a sizeable percentage of their IT budgets to security

Medium organizations (100 to 1,000 computers)

Rarely rely on managerial policies in making security decisions, and they have little managerial support for their IT policies

Overall exposure to cyber attacks and intrusion is substantially greater than in smaller organizations

Security Is Everyone’s Business (cont.)

Large organizations (1,000 to 10,000 computers) Complex infrastructures and substantial exposure on

Internet While aggregate IT security expenditures are fairly large,

their security expenditures per employee are low Large/Very Large organizations

IT security is part-time and undertrained—sizeable percentage of the large organizations suffer loss or damage due to incidents

Base their security decisions on organizational policies extremely complex environments that are difficult to

manage even with a larger staff

Security Issues

From the user’s perspective Is the Web server owned and

operated by a legitimate company? Does the Web page and form

contain some malicious or dangerous code or content?

Will the Web server distribute unauthorized information the user provides to some other party?

Security Issues (cont.)

From the company’s perspective Will the user not attempt to

break into the Web server or alter the pages and content at the site?

Will the user will try to disrupt the server so that it isn’t available to others?

Security Issues (cont.)

From both parties’ perspectives Is the network connection free

from eavesdropping by a third party “listening” on the line?

Has the information sent back and forth between the server and the user’s browser been altered?

Security Requirements

Authentication: The process by which one entity verifies that another entity is who they claim to be

Authorization: The process that ensures that a person has the right to access certain resources

Confidentiality: Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes

Security Requirements (cont.)

Integrity: As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner

Auditing: The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions

Nonrepudiation: The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature

Types of Threats and Attacks

Nontechnical attack An attack that uses chicanery to trick

people into revealing sensitive information or performing actions that compromise the security of a network

Technical attack An attack perpetrated using software

and systems knowledge or expertise

Types of Threats and Attacks (cont.)

Denial-of-service (DoS) attack An attack on a Web site in which an attacker

uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources

Distributed denial-of-service (DDoS) attack Attacker gains illegal administrative access

to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer

Types of Threats and Attacks (cont.)

Malware: A generic term for malicious software The severity of the viruses

increased substantially, requiring much more time and money to recover

85% of survey respondents said that their organizations had been the victims of e-mail viruses in 2002

Types of Threats and Attacks (cont.)

Malicious code takes a variety of forms—both pure and hybrid

Virus: A piece of software code that inserts itself into a host, including the operating systems, to propagate; it requires that its host program be run to activate it

Worm: A software program that runs independently, consuming the resources of its host in order to maintain itself and is capable of propagating a complete working version of itself onto another machine

Macro virus or macro worm: A virus or worm that is executed when the application object that contains the macro is opened or a particular procedure is executed

Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk

Security Risk Management

Definitions involved in risk management Assets—anything of value worth securing Threat—eventuality representing danger

to an asset Vulnerability—weakness in a safeguard

Required to determine security needs 4 phases of risk management

Assessment Planning Implementation Monitoring

Security Risk Management (cont.)

Assessment phase—evaluation of assets, threats, vulnerabilities Determine organizational objectives Inventory assets Delineate threats Identify vulnerabilities Quantify the value of each risk

Security Risks for EC & Other Internet Sites

Security Risk Management (cont.)

Planning phase of risk management—arrive at a set of security policies Define specific policies Establish processes for audit and

review Establish an incident response team

and contingency plan

Security Risk Management (cont.)

Implementation phase of risk management choose particular technologies to deal

with high priority threats Monitoring phase of risk

management ongoing processes used to determine

which measures are successful, unsuccessful and need modification

Methods of securing EC

Authentication system System that identifies the legitimate parties

to a transaction, determines the actions they are allowed to perform

Access control mechanism Mechanism that limits the actions that can

be performed by an authenticated person or group

Biometric Controls

Biometric systems Authentication systems that identify a

person by measurement of a biological characteristic

fingerprint, iris (eye) pattern, facial features, or voice

Encryption

Encryption The process of scrambling

(encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it

Private and public key encryption

Encryption

Plaintext An unencrypted message in human-

readable form Ciphertext

A plaintext message after it has been encrypted into a machine-readable form

Encryption algorithm The mathematical formula used to

encrypt the plaintext into the ciphertext, and vice versa

Encryption Methods (cont.)

Key - The secret code used to encrypt and decrypt a message

Types of encryption systems Symmetric (private key)

Use the same lkey to encrypt and decrypt message

Shared by sender and receiver of message Asymmetric (public key)

Use a pair of keys Public key to encrypt the message Private key to decrypt the message

Encryption Methods

Public key infrastructure (PKI): A scheme for securing e-payments using public key encryption and various technical components

Elements of PKI

Digital signature: An identifying code that can be used to authenticate the identity of the

sender of a document or a message ensure the original content of the

electronic message or document is unchanged

Cannot be easily repudiated or imitated

Can be time-stamped

Digital Signatures

Elements of PKI (cont.)

Digital certificate: Verification that the holder of a public or private key is who they claim to be

Certificate authorities (CAs): Third parties that issue digital certificates

Security Protocols

Secure Socket Layer (SSL) Protocol that utilizes standard certificates for

authentication and data encryption to ensure privacy or confidentiality

Transport Layer Security (TLS): As of 1996, another name for the SSL protocol

Secure Electronic Transaction (SET) A protocol designed to provide secure online

credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others

Securing EC Networks

Technologies for organizational networks Firewall: A network node consisting of

both hardware and software that isolates a private network from a public network

Packet-filtering routers: Firewalls that filter data and requests moving from the public Internet to a private network based on the network addresses of the computer sending or receiving the request

Application-level proxy: A firewall that permits requests for Web pages to move from the public Internet to the private network

Securing EC Networks (cont.)

Securing EC Networks (cont.)

Personal firewalls:Personal firewall: A network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface card

Securing EC Networks (cont.)

Virtual private network (VPNs) A network that uses the public Internet

to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network

Securing EC Networks (cont.)

Intrusion detection systems (IDSs): A special category of software that can

monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees

Network-based IDS uses rules to analyze suspicious activity at the perimeter of a network or at key locations in the network

What are the consequences of poor security?

Dynamic Pricingand E-auctions

Dynamic Pricing

4 categories one buyer, one seller -- negotiation,

bargaining many buyers, many sellers -- dynamic

exchanges one seller, many potential buyers --

forward(regular) auctions one buyer, many potential sellers --

reverse auction, tendering

Online Auction(e-Auction)

..... any system that uses algorithms to competitively bid price to consummate a transaction between a seller & a purchaser, including Internet exchanges which are online markets where auctions take place

Similar to real-life auctions BUT sellers and bidders don’t go to a physical auction

house --- they go to a web site where bidding takes place

Real-life vs. Online Auctions

Who do buy from? most online auctions -- buy directly from the seller traditional, real-life auctions -- buy from an

auctioneer period of auctions

most online auctions -- last for days, except flash auction

examine the goods -- can’t for online auctions buyers & sellers have to arrange for the

goods to be shipped privately

Process of Online Auctions

Activities Initial buyer/seller registration Setting up a particular auction event Scheduling and advertising Bidding Evaluation of bids and closing the

auction Trade settlement

Benefits of e-Auction

Create more efficient markets Relax geographic constraints Consumers getting a ‘good deal’ /

save money Make extra money -- one man’ s trash

is another man’ s treasure Contribute to buyers and sellers sense

of online community

Disadvantages of e-Auction

Blind shopping Less competitive Vulnerability to bidder collusion Vulnerability to a lying auctioneer Security Untrustworthy

Framework of e-Auction

6 components auctioneer supplier/seller customer/buyer trade objects transaction phase rule base+ the network/Internet covers the entire auction

framework for communication

Forward Auction Formats

English Auction seller lists an item and an opening bid, also

specifies a bid increment buyers start bidding the highest bid wins at their bid price

Yankee Auction commonly used when a seller places one or more

identical items on sale all winning bidders pay the identical price -- the

lowest successful bid = bottom of the winning bid range

Auction Formats con’t

Reserve Auction a reserve price -- the lowest price a seller is willing

to sell an item, not disclosed to bidders reserve the right to refuse the item beneath

Proxy Format a buyer sets the maximum price they’ re willing to

pay the site will do your bidding for you if somebody outbids you, your bid will automatically

be increased by the increment set continue until someone bids above your max bid or

until the auction is over and you win

Auction Formats con’t

Dutch Auction prices start at a high level, slowly declined bidders specify quantity to buy at declining

price Express or Flash Auction

very much like real-life auction, bid against others live online

held for short amount of time, often last an hour or less

Reverse Auction

Potential sellers bid, reducing the price sequentially

until bidders do not reduce the price

sealed-bid -- bid only once, silent auction

Some Issues

Auction or not Your own auction site or 3rd Party

site Auction strategy Support services Payment What is auctioned

e-Bay

www.ebay.com the world’s largest online auction Main Page of the site

many services auction listings

e-Bay con’t

Find what you want to buy Featured items Browsing by category Doing a search

You want to buy the first stamp in the world

How to Place Your Bids

Steps Check out the item details page Place your bid Follow up on your bidding Close the deal