Course B: Advanced e-Business Module 4. e-Commerce by Vatcharaporn Esichaikul, AIT.
-
Upload
dina-hancock -
Category
Documents
-
view
213 -
download
0
Transcript of Course B: Advanced e-Business Module 4. e-Commerce by Vatcharaporn Esichaikul, AIT.
Outline
B2C/B2B e-commerce Business models of e-commerce Internet shopping Selling on the web Online customer service E-payment systems and security for e-
com E-auction
Categories of eCom/eBiz
Business-to-customer (B2C)Business-to-customer (B2C) Retailing of products and services directly to Retailing of products and services directly to
individual customersindividual customers
Business-to-business (B2B)Business-to-business (B2B) Sales of goods and services among businessesSales of goods and services among businesses
Consumer-to-consumer (C2C)Consumer-to-consumer (C2C) Individuals use Web for private sales or exchangeIndividuals use Web for private sales or exchange
Business-to-employee (B2E)Business-to-employee (B2E) Information and services made available to Information and services made available to
employees onlineemployees online
Pure vs. Partial EC
Pure vs. Partial EC: based on the degree of digitization of Product [physical/digital] Process [physical/digital] Delivery agent [physical/digital]
Traditional commerce: all dimensions are physical
Pure EC: all dimensions are digital Partial EC: all other possibilities include
a mix of digital and physical dimensions
New Business Model: Amazon.com
Online retailer of books, CDs, Online retailer of books, CDs, electronics, and other productselectronics, and other products
Uses software to create detailed Uses software to create detailed customer profiles and make customer-customer profiles and make customer-specific offersspecific offers
What led to Amazon’s fantastic What led to Amazon’s fantastic growth? growth?
What led to Amazon’s fantastic growth?
First mover – embraced a revolutionary First mover – embraced a revolutionary way to reach end consumersway to reach end consumers
They made their brand more important They made their brand more important than profitthan profit
Customer service focusCustomer service focus
Dimensions of Competition:
Price/Cost Example Amazon cuts costs of retail outlets and Amazon cuts costs of retail outlets and
intermediaries.intermediaries. Amazon’s distribution system is less Amazon’s distribution system is less
expensive than its competitors.expensive than its competitors. Shipment from an Amazon warehouse is Shipment from an Amazon warehouse is
more costly than visiting a retail outlet.more costly than visiting a retail outlet. Amazon gets paid before paying the Amazon gets paid before paying the
distributor, whereas in the traditional distributor, whereas in the traditional distribution system it is the other way distribution system it is the other way around.around.
Dimensions of Competition:
Custom Features Example Amazon uses the data obtained from Amazon uses the data obtained from
customers to offer personal buying customers to offer personal buying recommendations.recommendations.
Amazon’s innovations have included Amazon’s innovations have included one-click shopping, its popular one-click shopping, its popular bestseller list ranking sales on the site, bestseller list ranking sales on the site, and the associates program.and the associates program.
Dimensions of Competition:
Brand Example
More personalized products and Web More personalized products and Web site experiences.site experiences.
Broader offering of products are built Broader offering of products are built into brand experience, allowing more into brand experience, allowing more revenue and profit per customer.revenue and profit per customer.
Dimensions of Competition:
Speed of Delivery Example For in-stock items, there is no For in-stock items, there is no
technology advantage for Amazon.technology advantage for Amazon. For out-of-stock items, technology For out-of-stock items, technology
allows greater order tracking and allows greater order tracking and notification features.notification features.
Dimensions of Competition:
Selection Example Amazon.com offers 3 million titles
compared with 175,000 for a Barnes & Noble retail superstore.
Both Amazon.com and BarnesAndNoble.com offer a similar selection of book titles.
Dimensions of Competition:
Convenience Example Available 7/24/365. Easy-to-navigate site. Excellent use of e-mail for marketing
and customer service. Skilled at tailoring product
recommendations to individuals. One-click ordering.
Amazon Implications
B2C example Technology can be used to compete in
many dimensions Technology provides more than just
new business models Will Amazon survive?
What are the Consequences of the Amazon Business Model?
ImmediateImmediate Dominant Internet Dominant Internet
shopping brand.shopping brand. A lot of valuable A lot of valuable
information about information about customer buying.customer buying.
FutureFuture Wal-Mart of the Wal-Mart of the
Internet?Internet? Sub-contract to Sub-contract to
other dot com’sother dot com’s
Impact of Technology on Dimensions of Competition
DimensionDimension Price/cost Price/cost
Custom features Custom features
Distribution Distribution
Brand, promotionsBrand, promotions
Technology’s ImpactTechnology’s Impact Allows personalized pricing, eliminates Allows personalized pricing, eliminates
middlemen, and shrinks value chain middlemen, and shrinks value chain (removing non-value-added (removing non-value-added interactions).interactions).
Reduced Transaction costsReduced Transaction costs Allows faster product lifecycle, more Allows faster product lifecycle, more
customer-specific products, and customer-specific products, and changeable and upgradeable products.changeable and upgradeable products.
Causes disintermediation, re-Causes disintermediation, re-intermediation, and globalization.intermediation, and globalization.
Allows 1-to-1 (personalized)Allows 1-to-1 (personalized) marketing.marketing.
Impact of Technology on Dimensions of Competition
DimensionDimension Speed of deliverySpeed of delivery
SelectionSelection
ConvenienceConvenience
ServiceService
Technology’s ImpactTechnology’s Impact Reduces delivery time and Reduces delivery time and
inventory, and causes inventory, and causes disintermediation.disintermediation.
Improved InformationImproved Information Allows greater sales, lower Allows greater sales, lower
inventory, and customer-driven inventory, and customer-driven business systems.business systems.
Allows 24/7 shopping, order Allows 24/7 shopping, order tracking, broader selection, and tracking, broader selection, and comparative pricing.comparative pricing.
Personalizes service using historic Personalizes service using historic and/or predictive information.and/or predictive information.
New Business Model: eBay
Online auction system for Online auction system for individuals.individuals.
People can post items for sale or People can post items for sale or search for items being auctioned search for items being auctioned and make bids.and make bids.
Why did eBay’s business model Why did eBay’s business model & strategy work?& strategy work?
What made eBay Work?
Connected people who previously Connected people who previously couldn’t be connected economically couldn’t be connected economically (new possibility)(new possibility)
Users motivation to participate was Users motivation to participate was strongstrong
Rapid successRapid success Technology was kept simple instead Technology was kept simple instead
focusing on core objectives focusing on core objectives
What are the Consequences of the eBay
Business Model?ImmediateImmediate Rapid growth of Rapid growth of
person-to-person person-to-person auctions.auctions.
Rise of Rise of “questionable” “questionable” auction items.auction items.
FutureFuture End of flea End of flea
markets and markets and garage sales?garage sales?
Creates new Creates new marketsmarkets
Specialized Specialized trading?trading?
Facilitate others?Facilitate others?
New Business Model: E*TRADE
Top online brokerage company.Top online brokerage company.
Why is stock-trading ideally Why is stock-trading ideally
suited to online business?suited to online business?
Why E*TRADE?
No physical delivery of goods makes No physical delivery of goods makes this an ideal online businessthis an ideal online business
Implication: All information-based Implication: All information-based services can benefit from being onlineservices can benefit from being online
Reduced transaction costsReduced transaction costs Effective delivery of servicesEffective delivery of services Customer segmentationCustomer segmentation Built a new brand in an industry which Built a new brand in an industry which
competes on brand.. competes on brand..
What are the Consequences of the E*TRADE Business Model?
ImmediateImmediate More online More online
customers.customers. More day-traders.More day-traders. Greater trading Greater trading
volume.volume. More stock More stock
market volatility.market volatility.
FutureFuture Disintermediate Disintermediate
the NYSE?the NYSE? Create an ECN Create an ECN
(Electronic (Electronic Communications Communications Network) like Network) like Instinet?Instinet?
New Business Model: Dell
Largest direct PC manufacturer and one Largest direct PC manufacturer and one of the largest PC manufacturers.of the largest PC manufacturers.
Sells directly to customers, bypassing Sells directly to customers, bypassing retailers and passes on the savings.retailers and passes on the savings.
Has much less inventory than its Has much less inventory than its competitors and much faster deliveries.competitors and much faster deliveries.
What Rules Did Dell Break?
You can’t customize every order for You can’t customize every order for every customer, so offer pre-configured every customer, so offer pre-configured models that can’t be changed.models that can’t be changed.
Retailers recommend specific models to Retailers recommend specific models to customers, so the channel cannot be customers, so the channel cannot be bypassed.bypassed.
What are the Consequences of the Dell Business Model?
ImmediateImmediate Decline of Decline of
computer retailer.computer retailer. PC industry PC industry
margin squeeze – margin squeeze – consolidation and consolidation and bankruptcy.bankruptcy.
FutureFuture Offer non-PC Offer non-PC
products in an products in an electronics electronics marketplace.marketplace.
New Business Model: Sabre
Electronic reservation system for Electronic reservation system for airlines, hotels, car rental companies.airlines, hotels, car rental companies.
Sets prices for individual airline tickets Sets prices for individual airline tickets to maximize total company revenue or to maximize total company revenue or profit.profit.
What is Optimal Dynamic Pricing?What is Optimal Dynamic Pricing?
What Rules Did Sabre Break?
You can’t charge customers different You can’t charge customers different prices for the same product.prices for the same product.
Companies cannot share their complete Companies cannot share their complete pricing strategies with all competitors.pricing strategies with all competitors.
What are the Consequences of the Sabre Business Model
ImmediateImmediate Travel agent Travel agent
disintermediation.disintermediation. Higher revenue Higher revenue
and profits for and profits for airlines, hotels, airlines, hotels, and other travel and other travel companies.companies.
FutureFuture Airline alliances.Airline alliances. Airline Airline
management by management by Sabre.Sabre.
Single travel Single travel marketplace for marketplace for all players.all players.
New Business Model: Hotmail
Free Web-based e-mail.Free Web-based e-mail.
Spent only $500,000 on initial Spent only $500,000 on initial marketing, much less than the $20 marketing, much less than the $20 million spent by its nearest competitor million spent by its nearest competitor Juno.Juno.
How did they do this?How did they do this?
New Business Model: Hotmail
Used viral marketing (every message Used viral marketing (every message ends with a message stating “ends with a message stating “Get Your Get Your Private, Free Email at Private, Free Email at http://www.hotmail.comhttp://www.hotmail.com”).”).
How did this business make money How did this business make money as an independent entity?as an independent entity?
What Rules Did Hotmail Break?
You can’t grow a business or brand You can’t grow a business or brand without spending a lot on marketing.without spending a lot on marketing.
Customers won’t like being used as part Customers won’t like being used as part of a marketing campaign.of a marketing campaign.
Customers won’t give out personal Customers won’t give out personal information to get a “free” service.information to get a “free” service.
What are the Consequences of the Hotmail Business
Model?
ImmediateImmediate Single standard and Single standard and
source for e-mail.source for e-mail. Consumers expect Consumers expect
other free services.other free services. Traffic for MSN sites.Traffic for MSN sites.
FutureFuture Single standard and Single standard and
source for all source for all communications?communications?
Does the online Does the online advertising business advertising business model work?model work?
New Business Model: Priceline.com
Online shopping service that allows Online shopping service that allows customers to “Name Your Own Price” customers to “Name Your Own Price” for a variety of products, like vacations for a variety of products, like vacations and electronics.and electronics.
What Rules Did Priceline.com Break?
Suppliers determine the price of Suppliers determine the price of products and publish them to products and publish them to customers.customers.
What are the Consequences of the Priceline.com Business
Model?ImmediateImmediate All prices are All prices are
negotiable online.negotiable online.
FutureFuture End of price End of price
setting by sellers?setting by sellers?
Conclusions
Technology allows new ways of doing new Technology allows new ways of doing new things and new ways of doing old things.things and new ways of doing old things.
Different businesses – different models & Different businesses – different models & strategiesstrategies
““If you’re not changing faster than your If you’re not changing faster than your environment, you are falling behind” – environment, you are falling behind” – Jack Welsh, CEO of General Electric.Jack Welsh, CEO of General Electric.
Why Internet Shopping?
Enables consumers to shop or do other transactions 24 hours a day, all year round from almost any location
Provides consumers with more choices
Provides consumers with less expensive products and services by allowing them to shop in many places and conduct quick comparisons
Why Internet Shopping?
Allows quick delivery of products and services, especially with digitized products
Consumers can receive relevant and detailed information in seconds, rather than in days or weeks
Allows consumers to interact with other consumers n electronic communities and exchange ideas as well as compare experiences
Facilitates competition, which results in substantial discounts
Why not Internet Shopping?
Security and Privacy Difficult to convince customers that online
transactions and privacy very secure Customers do not trust:
Unknown faceless sellers Paperless transactions Electronic money
Switching from a physical to a virtual store may be difficult
Lack of touch and feel online Many unresolved legal issues Expensive and/or inconvenient accessibility to
the Internet ePayment is not in place
Consumer Behavior Online (cont.)
Consumer types Individual consumer Organizational buyers
Governments and public organizations Private corporations Resellers Consumer behavior viewed in terms of
Why is the consumer shopping? How does the consumer benefit from shopping
online?
Consumer Behavior Online (cont.)
3 categories of consumers Impulsive buyers—purchase quickly Patient buyers—make some
comparisons first Analytical buyers—do substantial
research before buying
Online Customer Service
Customer service Traditional: do the work for the customer EC delivered: gives tools to the customer
to do the work for him/herself (log: tracking, troubleshooting, FAQ) with
Improved communication Automated process Speedier resolution of problems
Online Customer Service (cont.)
E-service—online help for online transactions Foundation of service—responsible and
effective order fulfillment Customer-centered services—order tracing,
configuration, customization, security/trust Value-added services--dynamic brokering,
online auctions, online training and education
Online Customer Service (cont.)
Product life cycle and customer service Phases of product life cycle
Requirements: assisting the customer to determine needs
Acquisition: helping the customer to acquire a product or service
Ownership: supporting the customer on an ongoing basis
Retirement: helping the client to dispose of a service or product
Service must be provided in all of them
Online Customer Service (cont.)
Customer relationship management (CRM) Customer-focused EC
Make it easy for customers to do business online Business processes redesigned from customer’s
point of view Design a comprehensive, evolving EC architecture Foster customer loyalty by:
Personalized service Streamline business processes Own customer’s total experience
Customer Relationship Management (CRM)
Customer service functions Provide search and comparison capabilities Provide free products and services Provide specialized information and services Allow customers to order customized
products and services Enable customers to track accounts or order
status
Customer Relationship Management (cont.)
Customer service tools Personalized Web pages
Used to record purchases and preference Direct customized information to customers
efficiently FAQs
Customers find answers quickly Not customized, no personalized feeling and no
contribution to relationship marketing
Customer Relationship Management (cont.)
Tracking tools Customers track their orders saving time and
money for all Example: FedEx’s package tracking
Chat rooms discuss issues with company experts and with
other customers
E-mail and automated response Disseminate general information Send specific product information Conduct correspondence regarding any topic
(mostly inquiries from customers)
Customer Relationship Management (cont.)
Help desks and call centers A comprehensive customer service entity EC vendors take care of customer service
issues communicated through various contact channels
Telewebs combine Web channels (automated e-mail reply) Web knowledge bases (portal-like self service) Call center agents or field service personnel
Troubleshooting tools —assist customers in solving their own problems
Customer Relationship Management (cont.)
Justifying customer service and CRM programs—2 problems Most of the benefits are intangible Substantial benefits reaped only from
loyal customers, after several years Metrics—standards to determine
appropriate level of customer support Response and download times Up-to-date site and availability of relevant content Others
Customer Relationship Management (cont.)
Amazon.com Convenience, selection, value, special services E-mail order confirmation Personalized services
Federal Express (FedEx) Package tracking service Ability to calculate delivery costs, online
shipping forms, arrange pickup, find local drop bo
Examples of customer service
E-payment
Players and processes involved in using credit cards online
Online alternatives to credit card payments
Key elements in securing an e-payment
Overview of Electronic Payments
E-payment methods Electronic funds transfer (EFT) Credit cards E-payments
Smart cards Digital cash Digital checks E-billing
All have the ability to transfer payment from one person or party to another
Electronic Payments (cont.)
Five parties involved in e-payments Issuer Customer/payer/buyer Merchant/payee/seller Regulator Automated Clearing House (ACH)
Key issue of trust must be addressed Privacy Authentication and authorization Integrity Nonrepudiation
Electronic Payments (cont.)
Independence Interoperability and portability Security Anonymity Ease of use Transaction fees
Crucial factors in determining which method of e-payment achieves widespread acceptance
E-Cards
Three common types of payment cards Credit cards —provides holder with
credit to make purchases up to a limit fixed by the card issuer
Charge cards —balance on a charge card is supposed to be paid in full upon receipt of monthly statement
Debit card —cost of a purchase drawn directly from holder’s checking account (demand-deposit account)
E-Cards (cont.)
The Players Cardholder Merchant (seller) Issuer (your bank) Acquirer (merchant’s financial institution,
acquires the sales slips) Card association (VISA, MasterCard) Third-party processors (outsourcers
performing same duties formerly provided by issuers, etc.)
E-Cards (cont.)
E-wallets A software component in which a user
stores credit card numbers and other personal information
when shopping online, the user simply clicks the e-wallet to automatically fill in information needed to make a purchase
E-Cards (cont.)
Security risks with credit cards Stolen cards Reneging by the customer—
authorizes a payment and later denies it
Theft of card details stored on merchant’s computer
E-Cards (cont.)
Purchase cards Instrument of choice for B2B purchasing Special-purpose, non-revolving payment cards
issued to employees solely for purchasing and paying for nonstrategic materials and services
Purchase cards—operate like other credit cards
Cardholder of corporation places an order for goods or services
Supplier processes transaction with authorization of card issuer
Issuer verifies purchase authorization
E-Cards (cont.)
Purchase cards All cardholders’ transactions processed
centrally—one payment for all purchases Each cardholder reviews monthly statement Card issuer analyzes transactions—standard
and ad hoc reports are made Card issuer creates electronic file to upload
to corporation’s ledger system
E-Cards (cont.)
Benefits of purchasing cards Cost savings Productivity gains Bill consolidation Payment reconciliation Preferred pricing Management reports
E-Cards (cont.)
Smart CardsAn electronic card containing an
embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card
E-Cards (cont.)
Categorize smart cards by how they store data
Contact card —insert in smart card reader Contactless(proximity) card —embedded
antenna read by another antenna (mass-transit applications)
E-Cash and Payment Alternatives
The digital equivalent of paper currency and coins, which enables secure and anonymous purchase of low-priced items
E-cash alternatives for credit cards (micropayments—under $10) E-cash (eCoin.net)
Identity of user hidden from merchant Easier to use than earlier e-cash systems Requires specialized software
Qpass (Qpass.com) Set up Qpass account User name and password What credit card to charge
E-Cash & Payment Alternatives (cont.)
Stored-value cards and other innovations Visa Cash: A stored-value card designed to
handle small purchases or micropayments; sponsored by Visa
Visa Bucks: prepaid card designed for teens Mondex: A stored-value card designed to
handle small purchases or micropayments; sponsored by Mondex, a subsidiary of MasterCard
E-Cash & Payment Alternatives (cont.)
E-loyalty and rewards programs Electronic script
A form of electronic money (or points), issued by a third party as part of a loyalty program
can be used by consumers to make purchases at participating stores
MyPoints-CyberGold (mypoints.com) Customers earn cash Cash used for later purchases
E-Cash & Payment Alternatives (cont.)
Person-to-person (P2P) payments and gifts Enable transfer of funds between two
individuals Repaying money borrowed Paying for an item purchased at online
auction Sending money to students at college Sending a gift to a family member
E-Checking
The electronic version or representation of a paper check
Eliminate the need for expensive process reengineering
Can be used by all bank customers who have checking accounts
To be integrated with the accounting information system of business buyers and with the payment server of sellers
Used mainly in B2B
E-Checking (cont.)
Benefits of e-checking Online check collection process Online notices of check returns Truncating paper checks at bank of first
deposit
B2B Electronic Payments
Financial supply chains (FSC) Follows a buyer’s transaction
activities related to cash flow, which start with a purchase order and end in settlement with the seller
E-Billing
Customers are either individuals or companies
Two common models of e-billing Biller direct—customer receives bill
from a single merchant Third-party consolidators—presents
bills from multiple merchants
Payment Gateway
server-based transaction processing system which enables businesses to authorize, process, and manage credit card transactions securely in a real-time, online environment from any computer with an Internet connection and a Web browser.
specifically designed to accommodate the increasing demand by e-commerce companies
offered by banks and companies who are authorized to accept credit card online payment
Ex: Citibank payment gateway
Need forE-Commerce Security
Annual survey conducted by the Computer Security Institute
Organizations continue to experience cyber attacks from inside and outside of the organization
The types of cyber attacks that organizations experience were varied
The financial losses from a cyber attack can be substantial
It takes more than one type of technology to defend against cyber attacks
Security Is Everyone’s Business
Security practices of organizations of various sizes Small organizations (10 to 100 computers)
The “haves” are centrally organized, devote a sizeable percentage of their IT budgets to security
Medium organizations (100 to 1,000 computers)
Rarely rely on managerial policies in making security decisions, and they have little managerial support for their IT policies
Overall exposure to cyber attacks and intrusion is substantially greater than in smaller organizations
Security Is Everyone’s Business (cont.)
Large organizations (1,000 to 10,000 computers) Complex infrastructures and substantial exposure on
Internet While aggregate IT security expenditures are fairly large,
their security expenditures per employee are low Large/Very Large organizations
IT security is part-time and undertrained—sizeable percentage of the large organizations suffer loss or damage due to incidents
Base their security decisions on organizational policies extremely complex environments that are difficult to
manage even with a larger staff
Security Issues
From the user’s perspective Is the Web server owned and
operated by a legitimate company? Does the Web page and form
contain some malicious or dangerous code or content?
Will the Web server distribute unauthorized information the user provides to some other party?
Security Issues (cont.)
From the company’s perspective Will the user not attempt to
break into the Web server or alter the pages and content at the site?
Will the user will try to disrupt the server so that it isn’t available to others?
Security Issues (cont.)
From both parties’ perspectives Is the network connection free
from eavesdropping by a third party “listening” on the line?
Has the information sent back and forth between the server and the user’s browser been altered?
Security Requirements
Authentication: The process by which one entity verifies that another entity is who they claim to be
Authorization: The process that ensures that a person has the right to access certain resources
Confidentiality: Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes
Security Requirements (cont.)
Integrity: As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner
Auditing: The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions
Nonrepudiation: The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature
Types of Threats and Attacks
Nontechnical attack An attack that uses chicanery to trick
people into revealing sensitive information or performing actions that compromise the security of a network
Technical attack An attack perpetrated using software
and systems knowledge or expertise
Types of Threats and Attacks (cont.)
Denial-of-service (DoS) attack An attack on a Web site in which an attacker
uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
Distributed denial-of-service (DDoS) attack Attacker gains illegal administrative access
to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer
Types of Threats and Attacks (cont.)
Malware: A generic term for malicious software The severity of the viruses
increased substantially, requiring much more time and money to recover
85% of survey respondents said that their organizations had been the victims of e-mail viruses in 2002
Types of Threats and Attacks (cont.)
Malicious code takes a variety of forms—both pure and hybrid
Virus: A piece of software code that inserts itself into a host, including the operating systems, to propagate; it requires that its host program be run to activate it
Worm: A software program that runs independently, consuming the resources of its host in order to maintain itself and is capable of propagating a complete working version of itself onto another machine
Macro virus or macro worm: A virus or worm that is executed when the application object that contains the macro is opened or a particular procedure is executed
Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk
Security Risk Management
Definitions involved in risk management Assets—anything of value worth securing Threat—eventuality representing danger
to an asset Vulnerability—weakness in a safeguard
Required to determine security needs 4 phases of risk management
Assessment Planning Implementation Monitoring
Security Risk Management (cont.)
Assessment phase—evaluation of assets, threats, vulnerabilities Determine organizational objectives Inventory assets Delineate threats Identify vulnerabilities Quantify the value of each risk
Security Risk Management (cont.)
Planning phase of risk management—arrive at a set of security policies Define specific policies Establish processes for audit and
review Establish an incident response team
and contingency plan
Security Risk Management (cont.)
Implementation phase of risk management choose particular technologies to deal
with high priority threats Monitoring phase of risk
management ongoing processes used to determine
which measures are successful, unsuccessful and need modification
Methods of securing EC
Authentication system System that identifies the legitimate parties
to a transaction, determines the actions they are allowed to perform
Access control mechanism Mechanism that limits the actions that can
be performed by an authenticated person or group
Biometric Controls
Biometric systems Authentication systems that identify a
person by measurement of a biological characteristic
fingerprint, iris (eye) pattern, facial features, or voice
Encryption
Encryption The process of scrambling
(encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it
Private and public key encryption
Encryption
Plaintext An unencrypted message in human-
readable form Ciphertext
A plaintext message after it has been encrypted into a machine-readable form
Encryption algorithm The mathematical formula used to
encrypt the plaintext into the ciphertext, and vice versa
Encryption Methods (cont.)
Key - The secret code used to encrypt and decrypt a message
Types of encryption systems Symmetric (private key)
Use the same lkey to encrypt and decrypt message
Shared by sender and receiver of message Asymmetric (public key)
Use a pair of keys Public key to encrypt the message Private key to decrypt the message
Encryption Methods
Public key infrastructure (PKI): A scheme for securing e-payments using public key encryption and various technical components
Elements of PKI
Digital signature: An identifying code that can be used to authenticate the identity of the
sender of a document or a message ensure the original content of the
electronic message or document is unchanged
Cannot be easily repudiated or imitated
Can be time-stamped
Elements of PKI (cont.)
Digital certificate: Verification that the holder of a public or private key is who they claim to be
Certificate authorities (CAs): Third parties that issue digital certificates
Security Protocols
Secure Socket Layer (SSL) Protocol that utilizes standard certificates for
authentication and data encryption to ensure privacy or confidentiality
Transport Layer Security (TLS): As of 1996, another name for the SSL protocol
Secure Electronic Transaction (SET) A protocol designed to provide secure online
credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others
Securing EC Networks
Technologies for organizational networks Firewall: A network node consisting of
both hardware and software that isolates a private network from a public network
Packet-filtering routers: Firewalls that filter data and requests moving from the public Internet to a private network based on the network addresses of the computer sending or receiving the request
Application-level proxy: A firewall that permits requests for Web pages to move from the public Internet to the private network
Securing EC Networks (cont.)
Personal firewalls:Personal firewall: A network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface card
Securing EC Networks (cont.)
Virtual private network (VPNs) A network that uses the public Internet
to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network
Securing EC Networks (cont.)
Intrusion detection systems (IDSs): A special category of software that can
monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees
Network-based IDS uses rules to analyze suspicious activity at the perimeter of a network or at key locations in the network
Dynamic Pricing
4 categories one buyer, one seller -- negotiation,
bargaining many buyers, many sellers -- dynamic
exchanges one seller, many potential buyers --
forward(regular) auctions one buyer, many potential sellers --
reverse auction, tendering
Online Auction(e-Auction)
..... any system that uses algorithms to competitively bid price to consummate a transaction between a seller & a purchaser, including Internet exchanges which are online markets where auctions take place
Similar to real-life auctions BUT sellers and bidders don’t go to a physical auction
house --- they go to a web site where bidding takes place
Real-life vs. Online Auctions
Who do buy from? most online auctions -- buy directly from the seller traditional, real-life auctions -- buy from an
auctioneer period of auctions
most online auctions -- last for days, except flash auction
examine the goods -- can’t for online auctions buyers & sellers have to arrange for the
goods to be shipped privately
Process of Online Auctions
Activities Initial buyer/seller registration Setting up a particular auction event Scheduling and advertising Bidding Evaluation of bids and closing the
auction Trade settlement
Benefits of e-Auction
Create more efficient markets Relax geographic constraints Consumers getting a ‘good deal’ /
save money Make extra money -- one man’ s trash
is another man’ s treasure Contribute to buyers and sellers sense
of online community
Disadvantages of e-Auction
Blind shopping Less competitive Vulnerability to bidder collusion Vulnerability to a lying auctioneer Security Untrustworthy
Framework of e-Auction
6 components auctioneer supplier/seller customer/buyer trade objects transaction phase rule base+ the network/Internet covers the entire auction
framework for communication
Forward Auction Formats
English Auction seller lists an item and an opening bid, also
specifies a bid increment buyers start bidding the highest bid wins at their bid price
Yankee Auction commonly used when a seller places one or more
identical items on sale all winning bidders pay the identical price -- the
lowest successful bid = bottom of the winning bid range
Auction Formats con’t
Reserve Auction a reserve price -- the lowest price a seller is willing
to sell an item, not disclosed to bidders reserve the right to refuse the item beneath
Proxy Format a buyer sets the maximum price they’ re willing to
pay the site will do your bidding for you if somebody outbids you, your bid will automatically
be increased by the increment set continue until someone bids above your max bid or
until the auction is over and you win
Auction Formats con’t
Dutch Auction prices start at a high level, slowly declined bidders specify quantity to buy at declining
price Express or Flash Auction
very much like real-life auction, bid against others live online
held for short amount of time, often last an hour or less
Reverse Auction
Potential sellers bid, reducing the price sequentially
until bidders do not reduce the price
sealed-bid -- bid only once, silent auction
Some Issues
Auction or not Your own auction site or 3rd Party
site Auction strategy Support services Payment What is auctioned
e-Bay
www.ebay.com the world’s largest online auction Main Page of the site
many services auction listings
How to Place Your Bids
Steps Check out the item details page Place your bid Follow up on your bidding Close the deal