ELC 200

About This Presentation

Title:

ELC 200

Description:

ELC 200 Day 22 Agenda Questions from last Class? Assignment 5 Due April 17 Assignment 6, 7 & 8 will be posted by Next Class 2 more assignments left Operations ... – PowerPoint PPT presentation

Number of Views:235

Avg rating:3.0/5.0

Slides: 124

Provided by: ISFL8

Category:

more less

Transcript and Presenter's Notes

Title: ELC 200

1
ELC 200

Day 22

2
Agenda

Questions from last Class?
Assignment 5
Due April 17
Assignment 6, 7 8 will be posted by Next Class
2 more assignments left
Operations Finance ???
EBiz plan and presentations
Due May 8 _at_ 8AM
More to come
Two more Quizzes
April 20 May 4
Today's discussion is on Law, Ethics, andCyber
Crime

3
Internet Security

Cyber attacks are on the rise
Internet connections are increasingly a point of
attack
The variety of attacks is on the rise
Why now?
Because thats where the money and information
is!

4
Internet Security (cont.)

Factors have contributed to the rise in cyber
attacks
Security and ease of use are antithetical to one
another
Security takes a back seat to market pressures
Security of an EC site depends on the security of
the Internet as a whole
Security vulnerabilities are mushrooming
Security is compromised by common applications
Especially Microsoft products
Buffer Overflows exploits

5
Basic Security Issues

From the user s perspective
How can the user be sure that the Web server is
owned and operated by a legitimate company?
How does the user know that the Web page and form
do not contain some malicious or dangerous code
or content?
How does the user know that the Web server will
not distribute the information the user provides
to some other party?

6
Basic Security Issues (cont.)

From the company s perspective
How does the company know the user will not
attempt to break into the Web server or alter the
pages and content at the site?
How does the company know that the user will not
try to disrupt the server so that it is not
available to others?

7
Basic Security Issues (cont.)

From both parties perspectives
How do they know that the network connection is
free from eavesdropping by a third party
listening in on the line?
How do they know that the information sent back
and forth between the server and the user s
browser has not been altered?

8
Basic Security Issues (cont.)

Authorization
The process that ensures that a person has the
right to access certain resources
If the door is unlocked, are you authorized to
enter?
Authentication
The process by which one entity verifies that
another entity is who they claim to be by
checking credentials of some sort

9
Basic Security Issues (cont.)

Auditing
The process of collecting information about
attempts to access particular resources, use
particular privileges, or perform other security
actions
Surveillance Cameras
Confidentiality (privacy)
Only authorized entities can view the
information

10
Basic Security Issues (cont.)

Integrity
As applied to data, the ability to protect data
from being altered or destroyed in an
unauthorized or accidental manner
Availability
Nonrepudiation
The ability to limit parties from refuting that
a legitimate transaction took place, usually by
means of a signature

11
Exhibit 9.2General Security Issues at E-Commerce
Sites
12
Types of Cyber Attacks

Technical attack
An attack perpetrated using software and systems
knowledge or expertise
Nontechnical attack
An attack in which a perpetrator uses chicanery
or other form of persuasion to trick people into
revealing sensitive information or performing
actions that compromise the security of a network
Social Engineering

13
Types of Cyber Attacks (cont.)

Common vulnerabilities and exposures (CVEs)
Publicly known computer security risks or
problems these are collected, enumerated, and
shared by a board of security-related
organizations (cve.mitre.org)
http//www.cert.org/
Denial-of-service (DoS) attack
An attack on a Web site in which an attacker
uses specialized software to send a flood of data
packets to the target computer with the aim of
overloading its resources

14
Types of Cyber Attacks (cont.)

Distributed denial of service (DDoS) attack
A denial-of-service attack in which the attacker
gains illegal administrative access to as many
computers on the Internet as possible and uses
these multiple computers to send a flood of data
packets to the target computer
Malware
A generic term for malicious software

15
How Hackers Hack

Many Techniques
Social Engineering
Get someone to give you their password
Cracking
Guessing passwords
A six letter password (no caps)
gt 300 million possibilities
Merriam-Webster's citation files, which were
begun in the 1880s, now contain 15.7 million
examples of words used in context and cover all
aspects of the English vocabulary.
http//www.m-w.com/help/faq/words_in.htm
Buffer Overflows
Getting code to run on other PCs
Load a Trojan or BackDoor
Snoop and Sniff
Steal data
Denial of Service (DOS)
Crash or cripple a Computer from another computer
Distributed Denial of Service (DDOS)
Crash or cripple a Computer from multiple
distributed computers

16
DOS attacks

Kill the PC with one packet
Exploits problem in O/S
Teardrop
WinNuke
Kill the PC with lots of packets
Smurf
Frag
Tribal Flood Network

17
SMURF Attack
Image from www.circlemudd.org
18
Attacks Requiring Protection

Denial-of-Service (DoS) Attacks
Make the system unavailable (crash it or make it
run very slowly) by sending one message or a
stream of messages. Loss of availability

Single Message DOS Attack (Crashes the Victim)
Server
Attacker
19
Attacks Requiring Protection

Denial-of-Service (DoS) Attacks
Make the system unusable (crash it or make it run
very slowly) by sending one message or a stream
of messages. Loss of availability.

Message Stream DOS Attack (Overloads the Victim)
Server
Attacker
20
Distributed Denial-of-Service Attacks
Distributed DOS (DDoS) Attack Messages Come from
Many Sources
Attack Command
DoS Attack Packets
Computer with Zombie
Attacker
Attack Command
Server
DoS Attack Packets
Computer with Zombie
21
Types of Cyber Attacks (cont.)

Virus
A piece of software code that inserts itself
into a host, including the operating systems, to
propagate it cannot run independently but
requires that its host program be run to activate
it
Worm
A software program that runs independently,
consuming the resources of its host from within
in order to maintain itself and propagating a
complete working version of itself onto another
machine

22
Types of Cyber Attacks (cont.)

Trojan horse
A program that appears to have a useful function
but that contains a hidden function that presents
a security risk
Two of the better-known Trojan horses Back
Orifice and NetBus
Self-contained and self-installing utilities
that can be used to remotely control and monitor
the victim s computer over a network (execute
commands, list files, upload and download files
on the victims computer)

23
Trojan Horse Attack on Bugtraq List

BugTraqa full disclosure moderated mailing list
for the detailed discussion and announcement of
computer security vulnerabilities
What they are
How to exploit them
How to fix them

24
Trojan Horse Attack on Bugtraq List (cont.)

SecurityFocus.com experts have been fooled
Sent the code containing a Trojan horse
to its 37,000 BugTrac subscribers
Network Associates server found itself under
attack
The way the list is moderated did not change

25
Attacks Requiring Protection

Malicious Content
Viruses
Infect files
propagate by executing infected program
Payloads may be destructive
Worms
propagate by themselves
Trojan horses
appear to be one thing, such as a game, but
actually are malicious
Snakes
combine worm with virus, Trojan horses, and other
attacks

26
Trojans and BackDoors

The trick is get the a backdoor (unauthorized
entry) on a machine
Easy way
Get the user to load it himself
Cracked Software (WAREZ)
Free Software (KAZAA)
Hard Way
Get a password
Create a buffer overflow
Microsoft can teach you how
Most Common Trojans and backdoors
SubSeven
ServU
Netbus
Back Orifice
If have download cracked software (illegal) or
have loaded KAZAA chances are that you have been
hacked!

27
I get at least one of these a day.
28
Snoop and Sniff
29
How Viruses Work
30
Getting Rid of Viruses

Get a good Virus Projection Software
Free (not Recommended)
Anti-Vir
Avast
AVG
Not Free
Norton AntiVirus
MacAfee
Free for UMFK students and staff
http//www.umfk.maine.edu/it/antivirus/
Update definition files often

31
How Worms work

Worms are pieces of software that self replicate
over networks
Choke networks
Famous Worms
Morris worm the first worm
Code Red went after IIS servers
Melissa e-mail worm
Slammer - SQL worm
Blaster Windows RPC worm
MyDoom another e-mail worm that creates a
BackDoor on your computer

32
Security Technologies

Internet and EC security is a thriving business
Firewalls and Access Control
One major impediments to EC is the concern about
the security of internal networks
Sidestep the issue by letting third parties host
their Web sites
Primary means of access control is password

33
Security Technologies (cont.)

Firewall
A network node consisting of both hardware and
software that isolates a private network from a
public network
Intrusion detection system (IDS)
A special category of software that can monitor
activity across a network or on a host computer,
watch for suspicious activity, and take automated
action based on what it sees

34
Security Technologies (cont.)

Security risk management
A systematic process for determining the
likelihood of various security attacks and for
identifying the actions needed to prevent or
mitigate those attacks
Assessment
Planning
Implementation
Monitoring

35
Managerial Issues

How can the global nature of EC impact business
operations?
What sorts of legal and ethical issues should be
of major concern to an EC enterprise?
What are the business consequences of poor
security?

36
Managerial Issues (cont.)

Are we safe if there are few visitors to our EC
site?
Is technology the key to EC security?
Where are the security threats likely to come
from?

37
Chapter 10Payments and Order Fulfillment
1
38
Learning Objectives

Understand the crucial factors determining the
success of e-payment methods
Describe the key elements in securing an
e-payment
Discuss the players and processes involved in
using credit cards online
Describe the uses and benefits of purchase cards

39
Learning Objectives (cont.)

Describe different categories and potential uses
of smart cards
Discuss various online alternatives to credit
card payments and identify under what
circumstances they are best used
Describe the processes and parties involved in
e-checking

40
Learning Objectives (cont.)

Describe the role of order fulfillment and
back-office operations in EC
Describe the EC order fulfillment process.
Describe the major problems of EC order
fulfillment
Describe various solutions to EC order
fulfillment problems

41
LensDoc Organizes Payment Online

The Problem
LensDoconline retailer of contact lenses, sun
and magnifying glasses
Dental care and personal care products
Customers pay by credit card (90 of all online
purchases in the U.S.)
Easy to purchase
Easy to purchase fraudulently
Contact lenses cannot be returned once used, but
unsatisfied customers want their money back

42
LensDoc (cont.)

Solutions
Process credit card purchases by hand
Require
Home address
Shipping address
Assumption is that if the card being used is a
fraudulent one, the perpetrator is unlikely to
know the cardholders address

43
LensDoc (cont.)

The Results
Investigating alternative methods of payment
Cash cards
Special card-swiping peripherals
Credit card processing services
Currently disadvantages outweigh advantages of
any of these alternatives

44
Electronic Payments

Paying with credit cards online
Until recently consumers were extremely reluctant
to use their credit card numbers on the Web
This is changing because
Many of people who will be on the Internet in
2004 have not even had their first Web experience
today
85 of the transactions that occur on the Web are
B2B rather than B2C (credit cards are rarely used
in B2B transactions)

45
Electronic Payments (cont.)

Four parties involved in e-payments
Issuer
Customers must obtain e-payment accounts from an
issuer
Issuers are usually involved in authenticating a
transaction and approving the amount involved
Customer/payer/buyer
Merchant/payee/seller
Regulator

46
Electronic Payments (cont.)

Key issue of trust must be addressed
PAIN
Privacy
Authentication and authorization
Integrity
Nonrepudiation

Characteristics of successful e-payment methods
Independence
Interoperability and portability
Security
Anonymity
Divisibility
Ease of use
Transaction fees

47
Security for E-Payments

Public key infrastructure (PKI)a scheme for
securing e-payments using public key encryption
and various technical components
Foundation of a number of network applications
Supply chain management
Virtual private networks
Secure e-mail
Intranet applications

48
Security for E-Payments

Public key encryption
Encryption (cryptography)the process of
scrambling (encrypting) a message in such a way
that it is difficult, expensive, or time
consuming for an unauthorized person to
unscramble (decrypt) it

49
Security for E-Payments (cont.)

All encryption has four basic parts
Plaintextan unencrypted message in
human-readable form
Ciphertexta plaintext message after it has been
encrypted into unreadable form
Encryption algorithmthe mathematical formula
used to encrypt the plaintext into ciphertext and
vice versa
Keythe secret code used to encrypt and decrypt a
message

50
Security for E-Payments (cont.)

Two major classes of encryption systems
Symmetric (private key)
Used to encrypt and decrypt plain text
Shared by sender and receiver of text
Asymmetric (public key)
Uses a pair of keys
Public key to encrypt the message
Private key to decrypt the message

51
Security for E-Payments (cont.)

Public key encryptionmethod of encryption that
uses a pair of keysa public key to encrypt a
message and a private key (kept only by its
owner) to decrypt it, or vice versa
Private keysecret encryption code held only by
its owner
Public keysecret encryption code that is
publicly available to anyone

52
Exhibit 10.1Private Key Encryption
53
Exhibit 10.2Key Sizes Time to Try All Possible
Keys
54
Security for E-Payments (cont.)

Digital signaturesan identifying code that can
be used to authenticate the identity of the
sender of a message or document
Used to
Authenticate the identity of the sender of a
message or document
Ensure the original content of the electronic
message or document is unchanged

55
Security for E-Payments (cont.)

Digital Signatureshow they work
Create an e-mail message with the contract in it
Using special software, you hash the message,
converting it into a string of digits (message
digest)
You use your private key to encrypt the hash
(your digital signature

56
Security for E-Payments (cont.)

E-mail the original message along with the
encrypted hash to the receiver
Receiver uses the same special software to hash
the message they received
Company uses your public key to decrypt the
message hash that you sent. If their hash matches
the decrypted hash, then the message is valid

57
Exhibit 10.3Digital Signatures
58
Security for E-Payments (cont.)

Digital certificatesverification that the holder
of a public or private key is who he or she
claims to be
Certificate authorities (CAs)third parties that
issue digital certificates

59
Crypto, Digital Signature and Digital Certificates

Cryptography provides security by using
encryption
Ensures privacy
Digital Signatures are just like a real signature
DCMA makes them just as legally binding as a
signed paper document
Digital Certificates uses Cryptographic
techniques to prove Identity

60
Digital Signature
Encrypted for Confidentiality
DS
Plaintext
Sender
Receiver
Add Digital Signature to Each Message Provides
Message-by-Message Authentication
61
Digital Signature Sender

To Create the Digital Signature
Hash the plaintext to create
a brief message digest This is
NOT the digital signature
2. Sign (encrypt) the message
digest with the senders private
key to create the digital
Signature

Plaintext
Hash
MD
Sign (Encrypt) MD with Senders Private Key
DS
62
Digital Signature
Send Plaintext plus Digital Signature Encrypted
with Symmetric Session Key
DS
Plaintext
Sender Encrypts
Receiver Decrypts
Transmission
63
Digital Signature Receiver
1. Hash the received plaintext with the
same hashing algorithm the sender used. This
gives the message digest 2. Decrypt the
digital signature with the senders public key.
This also should give the message digest. 3. If
the two match, the message is authenticated The
sender has the true Partys private key
DS
Received Plaintext
2. Decrypt with True Partys Public Key
1. Hash
MD
MD
3. Are they Equal?
64
Public Key Deception
Verifier Must authenticate True Person.
Believes now has TPs public key Believes True
Person is authenticated based on Impostors
public key True Person, here is a message
encrypted with your public key.
Impostor I am the True Person. Here is
TPs public key. (Sends Impostors public key)
Here is authentication based on TPs private
key. (Really Impostors private key) Decryption
of message from Verifier encrypted with
Impostors public key, so Impostor can decrypt it
Critical Deception
65
Digital Certificates

Digital certificates are electronic documents
that give the true partys name and public key
Applicants claiming to be the true party have
their authentication methods tested by this
public key
If they are not the true party, they cannot use
the true partys private key and so will not be
authenticated
Digital certificates follow the X.509 Standard

66
Digital Signatures and Digital Certificates

Public key authentication requires both a digital
signature and a digital certificate to give the
public key needed to test the digital signature

Digital Certificate True Partys Public Key
Certificate Authority
Applicant
DS
Plaintext
Verifier
67
Standards for E-Payments

Secure socket layer (SSL)protocol that utilizes
standard certificates for authentication and data
encryption to ensure privacy or confidentiality
Transport Layer Security (TLS)as of 1996,
another name for the Secure Socket Layer protocol

68
Standards for E-Payments (cont.)

Secure Electronic Transaction (SET)a protocol
designed to provide secure online credit card
transactions for both consumers and merchants
developed jointly by Netscape, Visa, MasterCard,
and others

69
Electronic Cards and Smart Cards

Payment cardselectronic cards that contain
information that can be used for payment purposes
Credit cardsprovides holder with credit to make
purchases up to a limit fixed by the card issuer
Charge cardsbalance on a charge card is supposed
to be paid in full upon receipt of monthly
statement
Debit cardcost of a purchase drawn directly from
holders checking account (demand-deposit account)

70
Electronic Cards and Smart Cards (cont.)

The Players
Cardholder
Merchant (seller)
Issuer (your bank)
Acquirer (merchants financial institution,
acquires the sales slips)
Card association (VISA, MasterCard)
Third-party processors (outsourcers performing
same duties formerly provided by issuers, etc.)

71
Exhibit 10.4Online Credit Card Processing
72
Electronic Cards and Smart Cards (cont.)

Credit card gatewayan online connection that
ties a merchants systems to the back-end
processing systems of the credit card issuer

Virtual credit cardan e-payment system in which
a credit card issuer gives a special transaction
number that can be used online in place of
regular credit card numbers

73
Electronic Cards and Smart Cards (cont.)

Electronic wallets (e-wallets)a software
component in which a user stores credit card
numbers and other personal information when
shopping online the user simply clicks the
e-wallet to automatically fill in information
needed to make a purchase
One-click shoppingsaving your order information
on retailers Web server
E-walletsoftware downloaded to cardholders
desktop that stores same information and allows
one-click-like shopping

74
Electronic Cards and Smart Cards (cont.)

Security risks with credit cards
Stolen cards
Reneging by the customerauthorizes a payment and
later denies it
Theft of card details stored on merchants
computerisolate computer storing information so
it cannot be accessed directly from the Web

75
Electronic Cards and Smart Cards (cont.)

Purchasing cardsspecial-purpose payment cards
issued to a companys employees to be used solely
for purchasing nonstrategic materials and
services up to a preset dollar limit
Instrument of choice for B2B purchasing

76
E-Cards (cont.)

Benefits of using purchasing cards
Productivity gains
Bill consolidation
Payment reconciliation
Preferred pricing
Management reports
Control

77
Exhibit 10.5Participants Process of Using a
Purchasing Card
78
Smart Cards

Smart cardan electronic card containing an
embedded microchip that enables predefined
operations or the addition, deletion, or
manipulation of information on the card

79
Smart Cards (cont.)

Categories of smart cards
Contact carda smart card containing a small gold
plate on the face that when inserted in a
smart-card reader makes contact and so passes
data to and from the embedded microchip
Contactless (proximity) carda smart card with an
embedded antenna, by means of which data and
applications are passed to and from a card reader
unit or other device

80
Smart Cards (cont.)

Securing smart cards
Theoretically, it is possible to hack into a
smart card
Most cards can now store the information in
encrypted form
Same cards can also encrypt and decrypt data that
is downloaded or read from the card
Cost to the attacker of doing so far exceeds the
benefits

81
Smart Cards (cont.)

Important applications of smart card use
Loyalty
Financial
Information technology
Health and social welfare
Transportation
Identification

82
E-Cash and Innovative Payment Methods

E-cashthe digital equivalent of paper currency
and coins, which enables secure and anonymous
purchase of low-priced items
Micropaymentssmall payments, usually under 10

83
E-Coin.net

System consists of three participants
User
Opens an account with eCoin.com
Downloads a special e-wallet to their desktop PC
Purchases some eCoins with a credit card
Merchantembeds a special eCoin icon in its
payment page
eCoin serveroperates as a broker
Keeps customer and merchant accounts
Accepts payment requests from the customers
e-wallet
Computes embedded invoices for the merchant

84
E-Cash and Payment Card Alternatives (cont.)

Wireless payments
Vodafone m-pay bill system that enables
wireless subscribers to use their mobile phones
to make micropayments
Qpass (qpass.com)
Charges to qpass account, are charged to a
specified credit card on a monthly basis

85
Stored-Value Cards

Stores cash downloaded from bank or credit card
account
Visa casha stored-value card designed to handle
small purchases or micropayments sponsored by
Visa
Mondexa stored-value card designed to handle
small purchases or micropayments sponsored by
Mondex, a subsidiary of MasterCard

86
E-Loyalty and Reward Programs

Loyalty programs online
B2C sites spend hundreds of dollars acquiring new
customers
Payback only comes from repeat customers who are
likely to refer other customers to a site
Electronic scripta form of electronic money (or
points), issued by a third party as part of a
loyalty program can be used by consumers to make
purchases at participating stores

87
E-Loyalty and Reward Programs (cont.)

Beenza form of electronic script offered by
beenz.com that consumers earn at participating
sites and redeem for products or services
Consumer earns beenz by visiting, registering, or
purchasing at 300 participating sites
Beenz are stored and used for later purchases
Partnered with MasterCard to offer
rewardzcardstored-value card used in U.S. and
Canada for purchases where MasterCard is accepted
Transfer beenz into money to spend on Web, by
phone, mail order, physical stores

88
E-Loyalty and Reward Programs (cont.)

MyPoints-CyberGold
Customers earn cash for viewing ads
Cash used for later purchases or applied to
credit card account
Prepaid stored value cardsused online and
off-line
RocketCash
Combines online cash account with rewards program
User opens account and adds funds
Used to make purchases at participating merchants

89
Internetcash

Teenage marketprimary reason for going online
Communicating with friends via email and chat
rooms
homework
Researching information
Playing games
Downloading music or videos

90
Internetcash (cont.)

Why they do not shop online
Parents will not let them children their (the
parents) credit cards online
They cannot touch the products
It is difficult to return items purchased on the
Web
They do not have the money
Transaction may be insecure

91
Internetcash (cont.)

InternetCash offers prepaid stored-value cards
sold in amounts of 10, 20, 50, and 100
Must be activated to work
Gives the user shopping privileges at online
stores that carry an InternetCash icon
Purchases are automatically deducted from the
value of the card
InternetCashs transactions are anonymous

92
Internetcash (cont.)

InternetCash is facing obstacles
First, they have to find retailers willing to
sell the cards
Must persuade merchants to accept the card for
online purchases
Legal issues

93
Person-to-Person Payments

Person-to-person (P2P) paymentse-payment schemes
(such as paypal.com) that enable the transfer of
funds between two individuals
Repaying money borrowed
Paying for an item purchased at online auction
Sending money to students at college
Sending a gift to a family member

94
Global B2B Payments

Letters of credit (LC)a written agreement by a
bank to pay the seller, on account of the buyer,
a sum of money upon presentation of certain
documents
TradeCard (tradecard.com)innovative e-payment
method that uses a payment card

95
Electronic Letters of Credit (LC)

Benefits to sellers
Credit risk is reduced
Payment is highly assured
Political/country risk is reduced

Benefits to the buyer
Allows buyer to negotiate for a lower purchase
price
Buyer can expand its source of supply
Funds withdrawn from buyers account only after
the documents have been inspected by the issuing
bank

96
TradeCard Payments

TradeCard allows businesses to effectively and
efficiently complete B2B transactions whether
large or small, domestic or cross-border, or in
multiple currencies
Buyers and sellers interact with each other via
the TradeCard system
System
Checks purchase orders for both parties
Awaits confirmation from a logistics company that
deliveries have been made and received
Authorizes payment completing financial
transaction between the buyer and seller

97
E-Checking

E-checkthe electronic version or representation
of a paper check
Eliminate need for expensive process
reengineering and takes advantage of the
competency of the banking industry
eCheck Secure (from vantaguard.com) and
checkfree.com provide software that enables the
purchase of goods and services with e-checks
Used mainly in B2B

98
Order Fulfillment Overview

Order fulfillmentall the activities needed to
provide customers with ordered goods and
services, including related customer services
Back-office operationsthe activities that
support fulfillment of sales, such as accounting
and logistics
Front-office operationsthe business processes,
such as sales and advertising, that are visible
to customers

99
Overview of Logistics

Logisticsthe operations involved in the
efficient and effective flow and storage of
goods, services, and related information from
point of origin to point of consumption
Delivery of materials or services
Right time
Right place
Right cost

100
Exhibit 10.9Order Fulfillment and Logistics
Systems
101
EC Order Fulfillment Process

Steps in the process of order fulfillment

1. Payment clearance
2. In-stock availability
3. Arranging shipments
4. Insurance
5. Production (planning, execution)
6. Plant services
7. Purchasing and warehousing

8. Customer contacts
9. Returns (Reverse logisticsmovement of returns
from customers to vendors)
10. Demand forecast
11. Accounting, billing

102
Order Fulfillment and the Supply Chain

Order fulfillment and order taking are integral
parts of the supply chain.
Flows of orders, payments, and materials and
parts need to be coordinated among
Companys internal participants
External partners
The principles of supply chain management must be
considered in planning and managing the order
fulfillment process

103
Problems in Order Fulfillment

Manufacturers, warehouses, and distribution
channels were not in sync with the e-tailers
High inventory costs
Quality problems exist due to misunderstandings
Shipments of wrong products, materials, and parts
High cost to expedite operations or shipments

104
Problems in Order Fulfillment (cont.)

Uncertainties
Major source of uncertainty is demand forecast
Demand is influenced by
Consumer behavior
Economic conditions
Competition
Prices
Weather conditions
Technological developments
Customers confidence

105
Problems in Order Fulfillment (cont.)

Demand forecast should be conducted frequently
with collaborating business partners along the
supply chain in order to correctly gauge demand
and make plans to meet it
Delivery times depend on factors ranging from
machine failures to road conditions
Quality problems of materials and parts (may
create production time delays)
Labor troubles (such as strikes) can interfere
with shipments

106
Problems in Order Fulfillment (cont.)

Order fulfillment problems are created due by
lack of coordination and inability or refusal to
share information
Bullwhip effectlarge fluctuations in inventories
along the supply chain, resulting from small
fluctuations in demand for finished products

107
Solutions to Order Fulfillment Problems

Improvements to order taking process
Order taking can be done on EDI, EDI/Internet, or
an extranet, and it may be fully automated.
In B2B, orders are generated and transmitted
automatically to suppliers when inventory levels
fall below certain levels.
Result is a fast, inexpensive, and a more
accurate process
Web-based ordering using electronic forms
expedites the process
Makes it more accurate
Reduces the processing cost for sellers

108
Solutions to Order Fulfillment Problems (cont.)

Implementing linkages between order-taking and
payment systems can also be helpful in improving
order fulfillment
Electronic payments can expedite order
fulfillment cycle and payment delivery period
Payment processing significantly less expensive
Fraud can be controlled better

109
Inventory Management Improvements

Inventories can be minimized by
Introducing a make-to-order (pull) production
process
Providing fast and accurate demand information to
suppliers
Inventory management can be improved (inventory
levels and administrative expenses) can be
minimized by
Allowing business partners to electronically
track and monitor orders and production
activities
Having no inventory at by digitizing products

110
Automated Warehouses

B2C order fulfillmentsend small quantities to a
large number of individuals
Step 1 retailers contract Fingerhut to stock
products and deliver Web orders
Step 2 merchandise stored SKU warehouse
Step 3 orders arrive
Step 4 computer program consolidates orders from
all vendors into pick waves

111
Automated Warehouses (cont.)

Step 5 picked items moved by conveyors to
packing area computer configures size and type
of packing types special packing instructions
Step 6 conveyer takes packages to scanning
station (weighed)
Step 7 scan destination moved by conveyer to
waiting trucks
Step 8 full trucks depart for Post Offices

112
Same Day, Even Same Hour Delivery

Role of FedEx and similar shippers
From a delivery to all-logistics
Many services
Complete inventory control
Packaging, warehousing, reordering, etc.
Tracking services to customers

113
Same Day, Even Same Hour Delivery (cont.)

Supermarket deliveries
Transport of fresh food to people who are in
homes only at specific hours
Distribution systems are critical
Fresh food may be spoiled

114
Partnering Efforts

Collaborative commerce among members of the
supply chain results in
Shorter cycle times
Minimal delays and work interruptions
Lower inventories
Less administrative cost
Minimize bullwhip effect problem

115
Order Fulfillment in B2B

Using e-marketplaces and exchanges to ease order
fulfillment problems
Both public and private marketplaces
E-procurement system controlled by one large
buyer, suppliers adjust their activities and IS
to fit the IS of the buyer
Company-centric marketplace can solve several
supply chain problems
Use an extranet
Use a vertical exchange

116
Order Fulfillment in B2B (cont.)