Professional Documents
Culture Documents
E Cormmerce Note
E Cormmerce Note
E Cormmerce Note
Benefits of Intranets:
Communication
Intranets can serve as powerful tools for communication within an
organization, vertically and horizontally.
Cost-effective
Save money and time to post employees’ handbooks, and company
policies, requisition forms regarding the workplace on an intranet,
rather than maintaining physical documents.
Sharing of corporate knowledge
With intranet, the most recent version of business standards,
newsfeeds, and even training materials, can be shared among
employees.
Promote common corporate culture
Every user is viewing the same information within the Intranet.
Enhance Collaboration
With information easily accessible by all authorized users,
teamwork is enabled.
Extranet
(i)Public Network
A public network extranet exists when an organization allows the
public to access its intranet from any public network, such as
Internet, or when 2 or more companies agree to link their intranets
using public network
Public network does not provide 100% security protection
(firewall).
To secure transaction between corporate companies, each
company must provide protection for outgoing info before that
info passed from each intranet onto the public network
(ii)Private Network
It is a private, leased-line (always active) connection between two
companies that physically connects their intranets to one another
Advantage: (Provide security) No party other than those node
which are legitimately attached to the private network can have
access to the connection
Disadvantage: (Cost) Every pair of companies wanting a private
network requires a separate private (phone) line connecting them.
Increasing the number of private networks means the more costly
it is.
(iii) Virtual Private Network (VPN)
An VPN extranet is a network that uses public networks & their
protocol to send sensitive data to partners customers, suppliers,
and employees by using system called “tunneling” or
“encapsulation”
VPN provides security shells, with the most sensitive data under
the tightest control
Most extranets are implemented either as LAN-to-LAN extranets
(older systems) or client/server extranets (popular today)
VPN designed to save money, main purpose is to create a
competitive advantage with the alliance formed between
cooperating companies
Unlike private networks using leased line, VPN establish short-term
logical connections in real time that are broken once the
communication session ends
LECTURE 3 TYPES OF WEB SITES
1) INFORMATIONAL WEBSITE
An informational website provides information about the business
and its products and services. The major purpose is to have a
presence on the Web. Example: Wikipedia
2) INTERACTIVE WEBSITE
An interactive website provides opportunities for the customers
and the business to interact, converse and present information (as
in information website).
It may include an e-newsletter, search engine, video product demo,
wikis, blogs, feedback from customers, discussion forums and
value-added features.
3) ATTRACTORS
Attractors are websites with features that do more than the
previously described sites do.
Attractors include puzzles, competitions, and prize giveaways.
They are designed so that visitors will like them so that they will
visit again, and recommend the site to their friends.
For example, Ragú’s website does not sell Ragú products, but the
recipes and customer interaction provided attract visitors and
contributes to the brand recognition.
4) TRANSACTIONAL WEBSITE
A transactional website sells products and services.
These websites also include information and interactive features,
but they concentrate on selling mechanism features such as
shopping carts.
5) COLLABORATIVE WEBSITE
A collaborative website is a site that allows business partners to
interact and collaborate.
B2B exchanges may also provide collaboration capabilities.
E.g. mindjet.com, partnersonline.com
6) SOCIAL-ORIENTED WEBSITE
A social-oriented website is a site that provides users with online
tools for communication and sharing information on common
interests.
It empowers consumers to utilize their time around the converged
media experience for social participation.
Social-oriented websites like Facebook have emerged as one of the
most powerful marketing channels.
2. Client-side scripting:
Software operates on the web client (browser) to change what is
displayed on the web page in response to a user’s actions.
In client-side scripting, changes are generated within the browser
using software such as JavaScript or adobe flash.
Intelligent Agents
Software that can perform routine tasks that require intelligence.
They usually gather and/or filter information on certain topic and
subsequently provide a list of results.
Software (intelligent) agents can be used in EC to support tasks
such as comparing prices, interpreting information, monitoring
activities, and working as an assistant.
In the world of e-commerce, intelligent agents known as shopping
bots are used by consumers to search for product and pricing
information on the
Web. Each shopping bot operates differently, depending on the
business model used by its operator. In one scenario, shopping bots
direct users to retailers who, by subscribing for a fee, are part of a
closed system.
Shopping.Yahoo and Shop@AOL are examples of this model. Open
systems are a more common arrangement and involve agents that
include the entire Web in their searches.
Other software agents track ratings of buyer and seller reputations.
E.g. eBay makes reputation reports available to its bidders and
sellers about each other.
LiNa (personal career agent) at JobStreet.com who assists
jobseekers in finding jobs. LiNa actually does the searching for job
seeker - over 50,000 jobs monthly.
** ringgit plus
Other examples: News bot, and chatter bot/chatbot.
Lecture 4
Electronic catalogs
The presentation of product information in an electronic form; the
backbone of most e-selling sites.
Paper catalogs
Advantages:
Easy to create without high technology.
More portable than electronic.
Disadvantages
Difficult to update product information.
Only limited number of products can be displayed.
Limited information - through photographs & textual
description.
No possibility for advanced multimedia such as animation &
voice.
Online catalogs
Advantages
Easy to update product information.
Able to integrate with the purchasing process.
Search & comparison capabilities.
Able to provide timely, up-to-date product information.
Provision for globally broad range of product information.
Able to add-on multimedia.
Long term cost savings.
Easy to customize.
Disadvantages
Difficult to develop catalogs, large fixed cost.
There is a need for customer skill to deal with computers &
browsers.
CUSTOMIZED CATALOGS
It is a catalog assembled specifically for a company, usually a
customer of the catalog owner.
It also can be tailored to loyal individual shoppers or to a
segment of shoppers e.g. frequent buyers.
Two approaches to creating customized catalogs
Let the customers identify the parts of interest to them from the
total catalog
Let the system automatically identify customer characteristics
based on the customer’s transaction records
ELECTRONIC SHOPPING CART
An order-processing technology that allows customers to
accumulate items they wish to buy while they continue to shop.
It is similar to a shopping cart in the physical world.
The software program of an e-shopping cart allows customers to:
select items
review what has been selected
Make changes
Then, finalize the list.
Lecture 5
CIA security triad, is a point of reference used to evaluate the
information security of an organization.
Confidentiality: is the assurance of data secrecy and privacy.
Namely, the data is disclosed only to authorized people.
Integrity: is the assurance that data are accurate and that they
cannot be altered.
Availability: is the assurance that access to any relevant data, web
site, or other EC services and their use is available in real time,
whenever and wherever needed reliably.
Two types of threats:
Nontechnical attacks. Some nontechnical methods:
Social engineering
Phishing
Fraud / Scam
Spam
Technical attacks
The major technical security attack methods (in descending order of
importance):
Malware
Unauthorized access
Denial-of-service attacks
Spam and Spyware
Hijacking (Servers, Pages)
Botnets
NONTECHNICAL ATTACKS
The very major method of non-technical attack is Social
Engineering.
Social engineering refers to a collection of methods (including
technical methods) where criminals use human psychology to trick
people into revealing their confidential information for fraud and
other crimes.
Social engineering preys on an individual’s desire to help, an
individual’s fear of getting into trouble, or the general trust among
individuals.
The hacker may attempt to get access to the user’s computer in
order to install malicious software that will give them control over
the person’s computer.
3 Approaches should be used to combat social engineering in a
company:
Education and Training
All staff needs to be educated about the risks associated with social
engineering techniques used by hackers, and ways and means to
combat these attacks.
Policies and Procedures
Specific policies and procedures need to be developed for securing
confidential information, guiding employee behavior with respect
to confidential information, and taking the steps needed to
respond to and report any social engineering breaches.
Penetration Testing,
The policies, procedures, and responses of individual staff need to
be tested on a regular basis by outside experts playing the role of a
hacker
NONTECHNICAL ATTACKS (CONT.) PHISHING, FINANCIAL FRAUD, AND
SPAM
PHISHING
Phishing is fraudulent process of attempting to acquire confidential
information such as user names, passwords and credit card details
by masquerading as a trustworthy entity such as a bank, credit card
company using email.
Phishing typically direct users to enter details at a fake web site
that looks and feel almost identical to the legitimate one.
universal main-in-middle phishing kit - a tool used by phishers to
set up a URL that can interact in real time with the content of a
legitimate Web site, such as a bank or EC site, to intercept data
entered by customers at log-in or check out Web pages.
FRAUD ON THE INTERNET
Is problem for online retailers and customers.
click fraud
Type of fraud that occurs in pay-per-click advertising when a
person, automated system, or computer program simulates
individual clicks on banner or other online advertising methods
identity theft
Fraud that involves stealing an identity of a person and then the
use of that identity by someone pretending to be someone else in
order to steal money or get other benefits.
e-mail spam
also known as junk email or spam. It involves nearly identical
messages sent to numerous recipients by e-mail
search engine spam
Pages created deliberately to trick the search engine into offering
inappropriate, redundant / poor quality search results
TECHNICAL ATTACKS
An attack perpetrated (committed) using software and systems
knowledge or expertise.
Insufficient use of anti-virus, firewalls and unencrypted
communication are the major reasons for technical vulnerabilities.
Some of the common technical attacks:
Distributed Denial of Service Attacks (DDoS)
DOS - An attack on a Web site in which an attacker uses
specialized software to send a flood of data packets to the target
computer with the aim of overloading its resources
With DDoS attack, the attackers gains illegal administrative
access to as many computers on the Internet as possible.
Once an attacker has access to a large number of computers,
they load the specialized
DDos software onto these computers. The software lays in wait,
listening for a command to begin the attack.
When the command is given, the distributed network of
computers begins sending out requests to the target computer.
The requests can be legitimate queries for information or can be
very specialized computer commands designed to overwhelm
specific computer resources.
Malicious Code: Viruses, Worms, and Trojan Horses
Malicious code also referred to as malware
(a) Viruses
It is a piece of code that inserts itself into a host, including the
operating systems, to propagate.
It cannot run independently.
It requires that its host program be run to activate it.
(b) Worms
The major difference between a worm and a virus is that a worm
propagates between systems (usually through a network),
whereas a virus propagates locally.
(c) Trojan Horses
A program that appears to have a useful function but that
contains a hidden function that presents a security risk.
E.g. Girlfriend Trojan is a server program that arrives in the form
of a file that looks like an interesting game or program.
When the unsuspecting user runs the program, the Trojan
program is installed.
This Trojan horse enables the perpetrator to capture user IDs
and passwords, to display messages on the affected computer,
to delete and upload files, etc.
Trojans spread only by user interaction.
TECHNOLOGY SOLUTIONS
Protecting Internet communications (encryption)
Securing channels of communication (SSL, S-HTTP, VPNs)
Protecting networks (firewalls)
Protecting servers and clients
Encryption
It is the process of transforming or scrambling (encrypting) data in
such a way that it is difficult, expensive, or time-consuming for an
unauthorized person to unscramble (decrypt) it.
Purpose: Secure stored information and Secure information
transmission.
The process of transforming plain text or data into cipher text that
cannot be read by anyone other than the sender and receiver
All encryption has four basic parts: plaintext, ciphertext, an
encryption algorithm, and the key.
The two major classes of encryption systems are
Symmetric systems – with 1 secret key
The same key is used to encrypt and decrypt the plaintext.
The sender and receiver of the text must share the same key
without revealing it to anyone else – thus making it so called
private system.
Example:
A person wanted to send a confidential text file to a friend, he or
she would encrypt the message with the a private key. When the
receiver received the file, it would decrypt it with the same
private key.
Asymmetric systems – with 2 keys: public & private keys
PUBLIC (ASYMMETRIC) KEY ENCRYPTION
Uses a pair of matched key – a public key that is publicly
available to anyone and a private key that is known only to its
owner.
If a message is encrypted with a public key, then the associated
private key is required to decrypt the message.
Example:
A person wanted to send a purchase order to a company and have the
contents remain private, he or she would encrypt the message with
the company’s public key. When the company received the order, it
would decrypt it with the associated private key.
Lecture 6
E-payments: payments made online or electronically rather than
paper (cash, check/cheque, voucher, etc)
Electronic payment methods are used to expedite payments online
and reduce payment processing costs.
E-payments can be made direct using a credit or debit card or via a
secure global acquirer such as PayPal.
Crucial factors that influence the success of an e-payment
method/system:
Anonymity – some buyers want their identities & purchase
patterns to remain anonymous.
Ease of use – credit cards are used for B2C and b2B e-payment due
to ease of use.
Transaction fees – When a credit card is used for payment, the
merchant pays processing fees. These fees make the use of credit
cards for small payments cost prohibitive for the seller. Thus, a
solution for amount of money is necessary.
International support – EC is a worldwide phenomenon. An e-
payment method must be easily adapted to local legal
requirements and buying patterns before it can be widely adopted.
7 participants involved in processing card payment online:
Customer – the individual possessing the card. (E.g.: you – the
buyer)
Lecture 7
Define Business Model and Revenue Model
A business model is a method of doing business by which a
company can generate revenue to sustain itself. In many cases, one
company may have several
Business models.
A revenue model outlines how the organization, or the EC project,
will generate revenue.
A company uses its revenue model to describe how it will generate
revenue and its business model to describe the process it will use
to do so.
Lecture 8
E-grocer
A grocer that takes orders online and provides deliveries on a daily
or other regular schedule or within a very short period of time
Most e-grocers are click-and-mortar retailers operate in countries
where there have physical stores.
Some offer free regular “unattended” weekly delivery, based on
monthly subscription model.
The potential e-grocery shoppers may be:
Necessity users, new technologists, time-starved consumers or
busy consumers etc.
E-groceries shopping/purchase is more sophisticated than most EC
shopping transactions as an average order may involve many items
from different food/product categories