E-Commerce%20Systems

About This Presentation

Title:

E-Commerce%20Systems

Description:

'We live in an era of e-everything' David Chaffey ... Using your mobile to get online news or even topping up your prepaid balance? ... – PowerPoint PPT presentation

Number of Views:136

Avg rating:3.0/5.0

Slides: 112

Provided by: markmi1

Category:

more less

Transcript and Presenter's Notes

Title: E-Commerce%20Systems

1
E-Commerce Systems

Mark Micallef
mmica01_at_um.edu.mt

2
Objectives of Module
3
Introduction to E-Commerce Systems
4
Introduction

We live in an era of e-everything David
Chaffey
Everywhere we look, we are likely to see an
e-something
E-Commerce
E-Banking
E-Dating
E-Government
E-Learning
E-Logistics

5
What are E-Commerce Systems?

Viewing a product list online?
Ordering products online and paying by cheque or
in person?
Ordering and paying online plus having the
product delivered?
Getting information (e.g. share prices) from a
website for free?
Using your mobile to get online news or even
topping up your prepaid balance?
!!All of the above are examples of e-commerce
systems!!

6
Definition of E-Commerce Systems

the exchange of information across electronic
networks, at any stage in the supply chain,
whether within an organisation, between
businesses, between businesses and consumers, or
between the public and private sectors, whether
paid or unpaid
-The Prime Ministers Strategy Office
www.number-10.gov.uk/su/ecomm/ec_body.pdf

7
Benefits of E-Commerce

Businesses
24-hour operation
High cost-savings
No geographical boundaries
Potential access to millions of customers
Consumers
Conveniance
Easy to compare products and prices
Easy to find reviews
Much more choice

8
What is being bought online?
9
Players in E-Commerce

Business
Typically provide products and/or services online
Products available to consumers or even other
businesses
Consumers
Interested in information/products/services and
are willing to obtain them online
Government
E-Government Services
Facilitates access to government services for
both consumers and businesses

10
Main Types of E-Commerce Systems
11
Business to Business (B2B)

Interdependent Businesses conduct business
amongst themselves online
Usually does not take the form of the traditional
website e-Commerce system
Usually fully (or almost fully) automated (e.g.
automatic online ordering when stock levels are
low)

12
Types of B2B Systems

There are 4 main types of B2B Systems
Sell-Side
Buy-Side
Electronic Marketplace (or Exchange)
Collaborative

13
Sell-Side B2B Systems
Buyers
Company A
Seller
Company B
Company C

One-to-Many Relationship

14
Buy-Side B2B Systems
Sellers
Company A
Buyer
Company B
Company C

One-to-Many Relationship

15
Electronic Marketplace (or Exchange)
Sellers
Buyers
Services
Company A
Company X
An Exchange
Company B
Company Y
Company C
Company Z

Many-to-Many Relationship
Exchange is usually owned and operated by a 3rd
party
Businesses meet to exchange goods/services

16
Collaborative B2B Systems
Others
Government
Buyers
Hub Manager
Industrial Associations
Sellers
Universities
Community

Many-to-Many Relationship
Only business partners participate
Facilitates communication, sharing of designs,
planning information, etc

17
Business to Consumer (B2C)

Businesses sell products/services to consumers
Usually take on the form a website through which
consumers can browse through products/services,
order and pay online
Typical Examples
Amazon.com
Extending your internet subscription online

18
Consumer to Consumer (C2C)

Consumers buying/selling products and services
amongst themselves
Typical Examples
E-Bay
di-ve.com Classifieds

19
Differences between E-Commerce Systems and Other
Systems
20
Introduction

A number of differences exist between e-commerce
systems and other types of systems
The most important ones are
They are content-driven
They are exposed to the world
They are Browser Based
Enormous User Base
They are likely to change quite often

21
Content Driven (1/2)

Most e-commerce sites are connected to a database
View product lists
Compare prices
View orders
What information should my site display?
Is it organised in the best possible way?
Is it easy for a use to find what she wants

22
Content Driven (2/2)

72 of users know beforehand what they are
looking for
This indicates we should provide an easy means by
which users can search for the product they need
Usability and Navigability of websites are very
important issues.
A customer who has a bad first impression of a
site is not likely to return

23
Importance of Navigability
Why people abandon transactions online.
Also more likely to simply find another site
24
Exposed to the world

The internet is an open network of networks
E-Commerce sites require the transfer of private
information
Customer details
Credit card numbers
E-Commerce systems need to be secure
In security circles, it is always assumed that
whatever you send online can be seen by everyone
else on the internet

25
Enormous Userbase (1/3)

Ideally, an e-commerce website will attract vasts
amounts of visitors
This is a mixed blessing
Ideal scenario
Thousands of people visit my e-commerce site
daily
They all see products they like and buy them
I become very very rich

26
Enormous Userbase (2/3)

Some bad scenarios
Thousands of people visit my website
The website cannot cope with the load and starts
crashing every few minutes
I get it fixed
People come back
They order items but my business models have not
been adapted to e-commerce
How do I deliver products?
How do I deal with potentially many customer
problems and enquiries?

27
Enormous Userbase (3/3)

37 of users first judge a site by its reputation
Only 18 of customers will remain loyal to a site
if if becomes unstable or slow due to popularity

28
Browser-Based (1/2)

Most e-commerce systems are accessed through
browsers
This is good because
They are accessible from everywhere
Browsers are widely available for free
Browser-based applications do present some
disadvantages
A web application does not have access to
event-driven programming like applications
writing in C or Java for example

29
Browser-Based (2/2)

Scripting and Enhancing Technologies
Javascript
CSS
DHTML
No standards
Browsers interpret these technologies differently
Websites may work fine on one browser but not on
another
Also the problem of different devices and OSs
Windows/LINUX
Desktop PC, Laptop, PDA, Mobile phone

30
Likely to Change Quite Often

E-Businesses are dynamic by nature
They need to keep one step ahead of the
competition
Constant change to e-commerce sites is inevitable
Changing of prices (simple change)
Introducing new offers/schemes (not so simple)
Introducing new features to the site (complex)
Is my site built well enough to absorb these
changes?
Systems should mature rather than grow old and
frail

31
Important E-Commerce Quality Attributes

Based on studies and the unique characteristics
of e-commerce, one can say that the following
quality attributes are important
Security
Usability and Navigability
Performance and Scalability
Reliability
Portability

32
Security in E-Commerce
33
The Importance of Security

Security is a very important consideration in
e-commerce
A major security incident would scare away many
existing and potential customers
Analogy Imagine setting up a shop in a
high-street and going home at night leaving it
open with a sign saying Owner not in

34
Common Reasons for not using e-commerce
35
How secure do online stores need to be before
people use them?
36
Possible security breaches (1/2)

Fraud resuting in direct financial loss
Transfer of funds
Destruction of financial records
Theft of information
Confidential
Proprietry
Technological
Risk of intruder passing this information on to a
competing company or people with malicious intend

37
Possible security breaches (2/2)

Disruption of service
E.g. Denial of Service Attacks
Inconveniences to customers
Loss of business
Loss of customer confidence
Intrusions into customer files
Dishonesty
Human Mistakes
Network Failures

38
Security in brick-and-mortar stores

In tradional businesses
Merchants expect to be paid with real money
When they accept credit, they require signatures
At the end of the day
Alarm is set
Security Guards employed
Police available in case of a break in
Can we replicate this online?

39
Paper-based Commerce vs E-Commerce
Paper-Based Commerce
Electronic Commerce
Signed paper documents
Digital signatures
Person to person
Electronic via website
Physical payment system
Electronic payment system
Merchant Customer face-to-face
No face-to-face contact
Detectability is difficulty
Easy detectability of modifications
Easy negotiability of documents
Negotiablity via special protocols
Clear legal rules and protection
Confusing legal issues
40
Experiment

Ask yourself
Would I attempt to steal something from a shop in
Valletta?
Then ask yourself
Would I try to hack into a website or online
store to gain access to unauthorised information?
Most people say no to the first question but yes
to the second.
Why?

41
Identifying Security Principals

Principals in online security are
People
Processes
Machines
Keys, passwords, etc
Principals participate in transactions
Send, receive, access, update, delete, etc

42
Security Concerns

Confidentiality / Secrecy
Ensuring that data remains private
Authentication
Making sure that message senders are who they say
they are
Integrity
Make sure the messages are not modified during
transmission
Nonrepudiation
Ensuring that principals cannot deny that they
sent a message
Access Control
Restricting the use of a resource to authorised
principals only

43
Confidentiality / Secrecy (1/3)
sa_at__at_!ddsFFDE33_at_PIHJGFs
aaTTyUIjhgbvvvDDDgcsdad
Intercepts But cannot Understand messages
James
Peter
????
Always assume that anyone can view your
electronic communications at will.
Evil Hacker
44
Confidentiality / Secrecy (2/3)

Data needs to be encrypted in order for secrecy
to prevail
There are various encryption techniques and
algorithms
Security algorithms should be updated over time.
One early popular algorithm was DES.
It is now crackable in 3 hours.
Latest popular encryption algorithm is AES

45
Confidentiality / Secrecy (3/3)

SSL (Secure Sockets Layer) is the prevailing
encryption mechanism for e-commerce today.
Uses Public/Private Key Encryption Methods
All major browsers support SSL
SSL supports certificates and thus handles other
aspects of security besides encryption
It is beyond the scope of this course to enter
into exactly how SSL works as this would require
a whole course to trash out

46
Authentication (1/2)
Hello James, this is Peter I have information 4u
Intercepts
James
Peter
Hello Peter, I am James. Give me the information.
Evil Hacker
47
Authentication (2/2)

Passwords are a weak form of authentication
Current mainstream technique for ensuring
authentication is the use of certificates
Individuals (and organisations) can obtain
certificates from a certificate authority and use
the certificate to encrypt their messages
Recipients can verify the senders certificate
with a certification authority so as to ascertain
the identity of the person

48
Integrity (1/2)
Hello James. Please give me your account num
Ok. My account number is 332121221
Intercepts and Modifies Message
James
Peter
Ok. My account number is 55421221
Evil Hacker
49
Integrity (2/2)

Certificates and Public Key Infrastructure also
cater for integrity
Recipients can detect if the original message has
been changed and request the sender to resend the
message

50
What needs to be secured? (1/2)

Clients They are vulnerable to
Viruses
Hackers
Servers
Exposed to anothorised access
Intrusions could lead to a reducion in speed or
worse
Server resourses may be used for purposes other
than those originally intended

51
What needs to be secured? (2/2)

Networks
The entry point to computer systems
Can become the root cause for infringment if not
secured
A weak network can allow data to be easily
tampered with
Common cases occuring due to a loophole in
network security
Fradulent Identities
Eavesdropping

52
Common Threats on the Web (1/6)

Accidental Threats
Arise from human error
Generally due to lack of awareness and training
Poor password choices
Accidental business transactions
Accidental disclosure of information
Use of incorrect software
Physical accidents
E.g. spilling of coffee, unplugging servers, etc

53
Common Threats on the Web (2/6)

Malicious Threats
Specially intended to cause harm to people,
systems and networks
Malicious Software
Viruses
Trojans
Worms
Social Engineering Threats
E.g. pretending to be an employee of a company
and asking for private information

54
Common Threats on the Web (3/6)

Authorisation Threats
Hacker attempts to bypass security by posing as
an authorised user
Needs to gain knowledge about a valid username
and password combination
Various techniques exist
Dictionary Attacks
Brute-Force Attacks
Short Attacks

55
Common Threats on the Web (4/6)

Application Threats
Exploit vulnerabilities in applications deployed
as part of a web system
Applications can include
Web Servers
FTP Servers
DNS Servers
The operating system
Always keep software updated with the latest
version and fixes

56
Common Threats on the Web (5/6)

Privacy Threats
Two forms
Network Eavesdropping
Monitor data being transmitted over networks
Extract Information
Radio Signal Evesdropping
Listen to radio signals from computer hardware
(e.g. computer monitors) and try to extract
useful information from it
Rarely used Requires expensive equipment

57
Common Threats on the Web (6/6)

Access Control Threats
Intruder gains access to a system for which (s)he
is not authorised to use
However, (s)he does not do it by posing as an
authorised user
E.g. Gain access to an unsecured modem
E.g. Exploit some sort of network flaw

58
Network Attacks (1/3)

Denial of Service (DoS) Attacks
Attempt to make a website or service unusable
E.g. Uploading vast amounts of data to an FTP
server so as to take bandwidth away from other
users
SYN Flood Attacks
Exploits the TCP 3-way handshake
Attacker sends many SYN packets but never
completes the handshake
Victim uses up a lot of resources and potentially
crashes

59
Network Attacks (2/3)

SMURF Attacks
Many ICMP ping requests sent to different with a
spoofed source address of the victim
Victim receives a large number of ICMP replies
which it did not send
A similar attackcalled Fraggle works in the same
way but uses the UDP protocol

Victim
Spoofed Ping Requests
Hackers PC
Replies to Victim
60
Network Attacks (3/3)

Ping of Death
Hackers send thousands of ping requests per
second to a victim
They send data which is beyond the 64k ICMP limit
Can cause a total system crash
Other Attacks
DNS Attacks
Spoofing
Host Overflow
Length Overflow
Zone Transfer
Distributed Denial-of-Service (DDoS)
Same as DoS but involves hundreds (or thousands)
of simultaneous attacks

61
Security Counter-measures (1/5)

Physical Security
Make sure hardware is physcialy secure
Security Guards
Alarms
Security Procedures
Safety Procedures

62
Security Counter-measures (2/5)

Secure Authentication and Messaging
Use of public key cryptography
Ensure that
Messages received from a user are actually from
that user
Messages received from a user have not been
tampered with

63
Security Counter-measures (3/5)

Firewall Solutions
A firewall sits on the perimiter of your network
Control network traffic flow
System Administrator may close
Ports / protocols
Traffic from/to certain systems
Useful against
Various network attacks
Spyware
Unauthorised usage
Not the silver bullet of security

64
Security Counter-measures (4/5)

Bandwidth Managers
Limit the use of bandwidth by different
Protocols
Applications
Particular Sources and Destinations
Useful against DoS attacks
Example
Give high bandwidth to secure ports
Give low bandwidth to unsecured ports (prevents
DoS attacks)

65
Security Counter-measures (5/5)

Disaster Recovery and Backup
Disaster recovery plan
Everyone should know what to do if the worst-case
scenario were to happen
Regular backups are useful and essential

66
E-Payments

How payments are made online

67
Origins of Money and Payments

Money began with the concept of bartering
Economic System got more complicated and tokens
started being used.
Items carried an intrinsic value
E.g. Precious stones, shells, etc
E.g. Silver dollar was made of 1 worth of silver
After tokens, were detached from inherent value,
notational money was adopted
Credit system developed
People pay without actually having the money
Credit cards

68
Real-world Cash

Medium of exchange to simplify transactions
Has a standard value and helps decide worth of
goods
Electronic money must fulfill this criteria as
well
Benefits of cash
Convenience
Wide acceptance
Anonymity
No hidden or other cost of use
No audit trail
Disadvantage of cash is in the cost of holding it
Loss of potential interest in bank
Cost of security
Cost of transport

69
Electronic Money (E-Money)

E-Money is an electronic medium for making
payments
Includes
Credit cards
Smart cards
Debit cards
Electronic funds transfer
Automated Clearinghouse (ACH) systems
It is notational and can be
Online or Off-line
Identified of Anonymous

70
Types of E-Money (1/2)

Identified and Online (IL)
Unique to credit card and debit cards
transactions
Customer is easily identifiable
Card is validated against a banks computer
before payment is made
Identified and Offline (I-L)
Purchasing by cheque, travelers cheques, money
orders, etc
Merchant asks for ID to make sure the identity of
the purchaser is known
No verification is made

71
Types of E-Money (2/2)

Anonymous and Online (-IL)
Cash transactions where the purchaser is
anonymous
Depositing money in an online account
Purchase made on the spot for cash
Anonymous and Offline (-I-L)
Unique to electronic cash
E.g. Transfering funds from a credit card to
another account using an ATM which does not have
a direct connection to the VISA/MasterCard
network

72
Analysing Cash, Cheques and Credit Cards

Regardless of the form of money, two distinct
sets of properties should be considered in a
money transfer
These are
The ACID Test
Atomicity
Consistency
Isolation
Durability
The ICES Test
Interoperability
Conservation
Economy
Scalability

73
The ACID Test (1/2)

Atomicity
Transaction must occur completely or not at all
E.g. A transfer 100 must result in the amount
being credited from one account and debited to
another. If one action fails, the whole
transaction should be aborted.
Consistency
All parties involved must agree to the exchange
E.g. Before a Joe buys a product from Mel, Joe
must agree to buy it for x and Mel must agree to
sell it for x

74
The ACID Test (2/2)

Isolation
Each transaction is independent of any other
transaction
Treated as a stand-alone episode
Durability
Always possible to recover to a consistent state
or reverse the state of an exchange
E.g. Customer is not happy with the product so
you refund him

75
The ICES Test (1/2)

Addresses four important properties of Money
Transfer
Interoperability
Ability to move back and forth between different
systems
Conservation
How well money holds its value over time
(temporal consistency)
How easy it is to store and access (temporal
durability)

76
The ICES Test (2/2)

Economy
Processing a transaction should be inexpensive
and affordable
Relative to size of transaction
E.g. Paying a 1 charge to process a 10,000
transaction is acceptable. However, it is not
acceptable if you are processing a 5 transaction
Scalability
Ability of the system to handle multiple users at
the same time

77
Comparing different systems
Atomicity Consistency Isolation Durability Interoperability Conservation Economy Scalability
Cash Y Y Y Y Y N Y Y
Cheque Y Y N Y N Y N Y
Credit Card Y Y N Y N - N Y
78
Internet-Based Payments

Electronic payments are financial transactions
made without the use of paper documents such as
cheques.
E.g. Having your stipends credited to your
account, paying for a product with your smartcard
Internet-based payment systems are a form of
electronic payment

79
Important Properties for E-Payments

Besides, the ACID and ICES tests, other
properties are important for e-payment systems
Acceptability
Ease of Integration
Customer base
Ease of use and ease of access

80
Internet-Based Payment Systems Models

There are four main models for processing
payments on the internet
Electronic Currency
Credit Cards
Debit Cards
Smart Cards

81
Electronic Currency

The network equivalent of cash
E.g. Electronic funds transfer (EFT) moves cash
from one account (e.g. employers account) to
another (e.g. employees bank account). This
happens regardless of the bank type, location,
etc.

82
Credit Cards (1/2)

Credit cards are the most popular form of payment
online
Bank issues credit card to people
Can be topped up
Has an associated credit limit
To sell things on the web, merchants must accept
credit cards
Merchants need to open a merchant account
Allows them to process credit card transactions
Merchant pays charges depending on the amount of
money processed in a time period.
If users are unhappy with product/service
received, they can generate a charge-back

83
Credit Cards (2/2)

Credit cards leave a complete audit trail
Can be a very insecure way of payment if the
right security precautions are not taken
No signatures required
No face-to-face clues to interpret
Third-party credit card processing services are
available
Very useful when merchants fail to obtain a
merchant account

84
Credit Cart Laundering

Merchants sometimes let other merchants use their
merchant account
They do this for a commission
This is a violation of the merchant agreement
with banks
The risk is enormous, even if your commission
rates are very good
Why couldnt your client merchant get his own
merchant account?
Bad credit history
Bad management practices
Typical scenario Merchant processes payments,
closes down account and does not sent his clients
any products. All clients generate charge-backs
to YOUR merchant account.

85
Debit Cards

Similar to credit cards but the card holder is
not borrowing money to purchase a product
Processed through the issuing banks card network
(as opposed to the global VISA or Mastercard
Network)
Safer for client if (s)he controls the amount of
money in the account linked to the debit card.
In case of theft, a thief cannot run up debts for
the card owner.

86
Smart Card (1/2)

Card with a built-in chip capable of storing
information in its memory
Contains programmable chip, RAM and ROM storage
Handles a variety of applications
Encrypts digital cash on chip
Can be refilled by connecting to a bank
Digital Key to an office
Prescription authorisation
Voting purposes

87
Smart Card (2/2)

In e-commerce can be used for
Digital Cash
Authenticating access to secured encrypted
transactions
Digital signatures
Key storage
Authenticating user by use of special devices
Safer when compared to the credit-card number
system
Devices not yet popular so smart cards cannot
really be as successful as credit cards for the
time being

88
Electronic Funds Transfer (EFT)

Computer-based system that
facilitates the transfer of money or the
processing of financial transactions
between two financial institutions
same day or overnight
one of the earliest forms of electronic payment
systems on private networks

89
Automated Clearinghouse (ACH)

Routes bank transactions involving more than one
financial institution
Ensures the correct accounts held by the correct
institutions can be debited and credited
Consider an example where you go to your bank
(e.g. BOV) and deposit a cheque of 300 which
originated from another bank (e.g. HSBC) to your
bank account which previously had a 100 balance
Bank teller will give you a receipt saying your
new balance is 400
However, the new balance will not be available
until that cheque clears through an ACH system

90
ACH Example
3. Cheque goes to ACH for processing
ACH
Bank A
6. ACH Credits Bank A with 300
5. Bank B Approves
4. ACH Queries Bank B
Bank B
2 Not on Us Deposit
8. Bank A releases Hold
7. Bank B Debits Account with 300
1
300
300
Cheque deposited
On hold until cleared via ACH
91
Secure Electronic Transactions (SET)Protocol
(1/2)

An emerging standard protocol for handling
transactions on the Internet
Administered jointly by VISA and MasterCard
Covers all aspects of online commerce
Various services
Cardholder and merchant registration
Purchase request
Payment authorisation
Payment Capture
Autorisation Reversal
Credit Reversal

92
Secure Electronic Transactions (SET)Protocol
(2/2)

Authenticates parties involved using cryptography
systems and trust hierarchies of digital
certificates
Based on 4 important goals
Confidentiality
Integrity of transmitted data
Authentication of the card holder and merchant
Interoperability across network providers
Very complex and detailed protocol
Not economical for small payments (micro
payments)

93
SET Example
3. Authorisation
SET Payment Gateway
5. Payment
1. Order Details
2. Request for Payment
4. Electronic Receipt
94
Examples of payment systems

BankNet (http//mkn.co.uk/bank)
CheckFree (www.checkfree.com)
Credit Card Network (http//creditnet.com)
CyberCents (www.cybercents.com)
Ecash (www.ecashtechnologies.com)

PayPal (www.paypal.com)
QuickCommerce (www.qc123.com)
WebMoney (www.webmoney.ru)
Millicent (http//research.compaq.com/SRC/articles
/199705/Millicent.html)
Ziplock (www.portsoft.com.au)

95
Conclusions

E-Payments are an essential component of
e-commerce systems
By now, you should
understand the origins of money and how payment
systems evolved
appreciate different types of e-payment systems
know how to analyse payment systems using tests
such as ACID and ICES
be familiar with different types of internet
payment systems
be familiar with various e-payment terms,
concepts and protocols such as SET and ACH

96
Launching an Online Business
97
Question

If you were to set up an online business
How would you do it?

98
A typical E-Business Lifecycle
Business Planning 1
Feedback
Technology Infrastructure 2
Maintenance Enhancement 6
Design 3
Fulfillment 5
Marketing 4
99
Business Planning and Strategising
Factor Traditional Business E-Business
Barriers to Entry Building, licenses, staff Unique products,, special skills, technical expertise
Basis of Competition Improved products, lover prices Smarter products Innovation
Basis of Control Manufacturer Customer
Organisation Hierarchical Depts Web-based Teams
Marketing Mass advertising Mass personalisation
Sales Pricing Based on cost of raw materials Transaction costs, technical setup costs
100
Technology Infrastructure