DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA

DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING

IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

UNDERSTANDING OF E-COMMERCE RISKS IN FUZZY

ENVIRONMENT: A DECISION SUPPORT FRAMEWORK

Dilip Kumar Sen1, *Saurav Datta2, Saroj Kumar Patel3, Siba Sankar Mahapatra4
1-4
Department of Mechanical Engineering
National Institute of Technology Rourkela-769008, Odisha, INDIA
*Communicating author email: sdattaju@gmail.com/ ph no. +916612462524

ABSTRACT
Recently e-commerce (EC) has become an effective platform to interact with the society
(customer/consumer, buyer, supplier etc.) using internet resources to fulfill a variety of business
needs with a potential deduction in the cost; that too without compromising product quality. Since,
e-commerce purely depends upon the internet based transaction, the probability of online fraud,
data hijacking, information disclosure, etc. have also been increased drastically. Hence,
understanding of e-commerce risks and associated control measures have become an important
research agenda, today. In this paper, forty-eight risk sources associated with e-commerce
practices for an Indian case IT company located in South have been studied. A unified risk
assessment approach in light of decision making viewpoint has been conceptualized herein. Risk
extent corresponding to a particular risk source has been evaluated in terms of two parameters:
Likelihood of occurrence and Impact. Owing to the unavailability of quantitative historical data,
aforesaid two parameters have been assessed by human knowledge representation (linguistic
preferences) of the Decision-Makers (DMs). Later, such subjective human judgment has been
analyzed through fuzzy set theory to extract and thereby to utilize the benefit of fuzzy set theory in
tackling ambiguity, imprecision, incompleteness associated with human thought against vague (ill-
defined) measures on risk quantification formulation. Degree of Similarity (DOS) concept adapted
from Interval-Valued Fuzzy Numbers (IVFNs) set theory has been applied to categorize different
risk sources into five distinct levels: Negligible, Minor, Marginal, Critical and Catastrophic.
Amongst forty-eight risk sources, top five risk sources (under catastrophic level) have been
identified in relation to e-commerce development and subsequent execution of the case company.
Further, a relationship diagram amongst the risk sources falling under catastrophic level has been
established by using Interpretive Structural Modeling (ISM) along with MICMAC (Matriced
Impacts Croises Multiplication Appliquee a UN Classement) analysis. Appropriate action
requirement plans have also been suggested to control or minimize those risks seem to be
responsible for the downfall of e-commerce success.

Keywords: E-commerce (EC), Degree of Similarity (DOS); Interval-Valued Fuzzy Numbers

(IVFNs) set theory; Interpretive Structural Modeling (ISM); MICMAC (Matriced Impacts
Croises Multiplication Appliquee a UN Classement) analysis.

1. INTRODUCTION: RISK ANALYSIS FROM A DECISION MAKING VIEWPOINT

E-commerce is basically trading of goods and services, or transferring funds or data, over an
electronic system, primarily the internet. Such business transactions are being carried out between
business-to-business, business-to-consumer, consumer-to-consumer or consumer-to-business. The
benefits of e-commerce comprise its round-the-clock accessibility, the speed of access, the wide
availability of goods and services for the consumer, and international reach. In this reporting, a
decision making framework has been proposed to identify and evaluate the major risk sources
associated with e-commerce practice. Risk is the combination of asset (people, property, and
information), vulnerability (weaknesses or gaps in a security program) and threats (anything that
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset).
So risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets
[Source: http://www.threatanalysis.com]. Zhi (1995) and Samantra et al (2014) described risk (risk
extent R E ) as a function of two parameters (i) the likelihood (L) , which is the possibility of an
undesirable occurrence, and (ii) the impact (I ) , which is the degree of seriousness incurs when
such desirable events take place. As risk is inherently present in every step of life; e-commerce is
also affected by some sorts of risk. The foremost concern of e-commerce is to ensure full privacy
as well as data safety with peril free operation; the same can be achieved through proper
understanding of e-commerce risks and adaptation to appropriate control measures for risk
mitigation. The task of risk assessment are of three types: semi-quantitative, quantitative or
qualitative methods (Radu 2009). In this reporting, risk has been assessed in terms of qualitative
representation; an integrated decision support framework has been proposed towards effective risk
assessment associated with e-commerce. Decision making is a cognitive process that can carefully
demarcate the scope of problem environment with the help of Decision-Makers (DMs). In this
study, the role of decision makers is to provide individuals judgment in regards of likelihood of
occurrence as well as impact against e-commerce risk sources. Qualitative information as acquired
from the decision-making group being in the form of natural language representation; application
of fuzzy set theory has been found suitable to deal with the inherent ambiguity and vagueness of
decision-making data.

2. LITERATURE REVIEW
Raptis et al (2002) developed a framework based on the CORAS method for risk analysis in e-
commerce transactions. Khokhar et al (2006) developed a decision making system to evaluate
risks in e-commerce projects. Bo and Congwei, (2009) analyzed the e-commerce security risks of
commercial banks; the authors introduced a Controlled Interval and Memory (CIM) based model
to quantify the risk. Lihua et al (2011) identified various risk factors influencing the operation of e-
commerce. An e-commerce risk early-warning system was conceptualized to determine the rating
of the risk results using the unascertained c-means clustering. Agarwal and Wu (2015) examined
the factors influencing the growth potential of e-commerce and proposed an Institution-Based N-
OLI Framework for e-commerce development. Wruck et al (2016) developed a decision support
tool to assist managers in selecting appropriate risk policies and making staff planning decisions in
uncertain conditions by using multistage stochastic modeling to analyze risk optimization
approaches and expected value-based optimization.
The aim of present reporting is to develop an integrated decision support framework that can
effectively handle the qualitative risk assessment associated with the e-commerce by employing
Interval-Valued Fuzzy Numbers (IVFNs) set theory. As compared to normal fuzzy numbers,
IVFNs set theory has been found more fruitful to analyze subjective human thought. As in fuzzy
sets theory, it is often difficult for an expert to exactly quantify his/her opinion as a number in
interval [0, 1]. Therefore, it is more suitable to represent such kind of uncertainty by an interval
(Chen and Tsao, 2008; Ashtiani et al 2009; Herrera 2011). By exploring the concept of Degree of
Similarity (DOS) delineated in the IVFNs set theory, difference risk sources have been ranked and
categorized into various risk levels. The risk sources (or risk factors) belong to catastrophic
category have been analyzed further through Interpretive Structural Modeling (ISM) in order to
form an interrelationship amongst them. Motivation of this study is to the introduce an efficient
risk assessment module in fuzzy environment that may help company managers towards effective
assessment of e-commerce risks and thereby offering a framework to quantify overall risk extent
for undertaking e-commerce.
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

3. RESEARCH METHODOLOGY
The procedural steps to carry out this research by employing Interval-Valued Fuzzy Numbers
(IVFNs) Set Theory and Interpretive Structural Modelling (ISM) have been pointed out below.
The preliminaries of IVFNs set theory could be found in (Chen and Chen, 2007; Kaufmann and
Gupta, 1991).

Step 1: Identification of various risk sources associated with e-commerce.

Step 2: Construction of linguistic scales towards assessing likelihood of occurrence as well as
impact against individual risk sources (as identified in Step 1) and their corresponding
fuzzy representation in terms of IFNs.
Step 3: Collection of decision makers response against individual risk sources in the terms of
linguistic terminologies (as obtained in Step 2) for the assignment of likelihood of
occurrence (L) and impact (consequence) of risk occurrence (I ).
Step 4: Computation of degree/extent of risk (i.e. RE L * I ) through the basic arithmetic
operation of IVFNs set theory (Refer to: Guijun and Xiaoping, 1998; Chen, 1995; Wei and
Chen, 2009)
~
Step 5: Calculation of Degree of Similarity S A , B (Refer to: Chen, 1995; Wei and Chen, 2009)
~ ~

between (i) degree of risk ( RE ) of each risk source and (ii) an ideal IVFNs i.e.
1,1,1,11,1,1,1; where A~ L I i.e. degree of risk corresponding to a particular risk source
~
~
and, B 1,1,1,11,1,1,1an ideal Interval-Valued (IV) fuzzy number.
~
Step 6: Ranking of various risk sources according to their DOS values in descending order.
Step 7: Categorization of risk sources into different levels viz. negligible, minor, marginal,
critical and catastrophic (in accordance with the predefined level values).
Step 8: Identification of risk sources that belong to catastrophic level (risks creating the highest
degree of adverse consequence on the performance of e-commerce) for further analysis
through Interpretive Structural Modeling (ISM) (Refer to: Warfield, 1974; Pfohl et al
2011; Azevedo et al 2013)
Step 9: Establishing contextual relations amongst the identified risk sources under catastrophic
level (as identified at Step 8). This represents the possible statement on relationships in
the sense whether the relations are comparative, influential and natural or temporary type.
In the present study, an influence type contextual relationship has been chosen. This
means one risk factor tends to influence another risk factor/source.
Step 10: Developing a Structural Self-Interaction Matrix (SSIM) on the basis of pairwise
comparison of various risk sources under consideration.
Step 11: Construction of the reachability matrix from the SSIM and checking for transitivity
property. Transitivity of a reachability matrix is the basic assumption of relations that if
an element A is related to B, and B is related to C, then it should be considered as A is
related to C (Ravi and Shankar, 2005). Transitivity of elements in a matrix leads to
construction of the final reachability matrix. Reachability matrix is a binary matrix in
which the entries V, A, O and X of the SSIM are converted into 1 and 0. Driver and
dependence power are also calculated in this step.
Step 12: In this step, level partitioning of reachability matrix is performed.
Step 13: Development of driving and dependence power diagram followed by MICMAC
analysis
Step 14: Development of a structural relationship hierarchy (ISM model).
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

4. CASE EMPIRICAL ILLUSTRATION

The aforesaid risk assessment model has been case empirically studied with reference to a case
company located in South India in order to find out the particular risk sources (under catastrophic
level) occurrence of which would tend to affect the e-commerce transactions utmost. Catastrophic
level of risks are calamitous and thus must be monitored and controlled appropriate action of risk
mitigation strategies. In this study linguistic scales have been utilized in order to access the e-
commerce risks in terms of its likelihood (probability) of occurrence and impact (consequence).
According to Zimmermann (1991), linguistic data are represented in words or sentences and are
very useful in dealing with situations that are too complex or ill-defined. Furthermore, to tackle the
decision-makers vague representation of human thought, IVFNs set theory has been used as
IVFNs are defined by an interval-valued membership function and are appropriate to deal with
many real life situations where available information is insufficient or ill-known. To fulfill the
purpose, five Decision-Makers (DMs) (companys stakeholders) have been selected carefully
according to their experience and work profile. The DMs have been requested to provide their
response by utilizing the linguistic scales as shown in Table 1. Total forty eight risk sources have
been identified (Step 1) and their corresponding likelihood of occurrence and impact as provided
by the DMs (expressed in linguistic terms) have been obtained as furnished in Table 2 (Step 2 and
Step 3).

Table 1. 7-members linguistic scales and corresponding fuzzy representation for risk quantification
Likelihood of Occurrence (L) Impact of risk (I) Fuzzy representation (IV fuzzy number)
Absolutely Rare (AR) Absolutely Low (AL) [(0,0,0,0,) (0, 0.1,0.1,0.15)]
Very Rare (VR) Very Low (VL) [(0,0.05,0.5,0.1) (0.1,0.25,0.25,0.35)]
Rare (R) Low (L) [(0,0.15,0.15,0.3) (0.3,0.45,0.45,0.55)]
Often (O) Moderate (M) [(0.25,0.35,0.35,0.5) (0.5,0.65,0.65,0.75)]
Frequent (F) Serious (S) [(0.45,0.55,0.55,0.7) (0.7,0.8,0.8,0.95)]
Very Frequent (VF) Critical (C) [(0.55,0.75,0.75,0.9) (0.9,0.95,0.95,1)]
Highly Frequent (HF) Highly Critical (HC) [(0.85,0.95,0.95,1) (1,1,1,1)]

Table 2. Decision makers response against individual risk sources

Sl. Potential risk sources Likelihood of occurrence (L) Impact of risk occurrence (I)
No. DM1 DM2 DM3 DM4 DM5 DM1 DM2 DM3 DM4 DM5
R1 Hacker gaining unauthorized access AR VR AR AR VF HC HC HC HC HC
R2 Absence of firewall VR VR AR VR O HC HC C HC C
R3 Lack of using cryptography VR R AR VR F C S C C S
R4 Poor key management AR R VR AR VR S S HC C C
R5 Malicious code attacks AR R AR VR VR C C HC C HC
R6 Disclosure of sensitive information VR R VR VR R HC HC C HC C
R7 Loss of audit trail R VR AR VR F S S C HC S
R8 Natural disaster-caused equipment R R AR AR O S C HC HC S
failure
R9 Human factor-caused equipment failure R R VR R VF S C HC C M
R10 Threat of sabotage in internal network R R AR AR F C C C HC C
R11 Inadequate backup systems VR VR VR VR AR C HC C HC S
R12 Software or hardware problem-caused VR VR O O VR C C C C HC
system failure
R13 Site or network overload and disruption R R O R R HC C S HC C
R14 Poor design, code or maintenance VR R R VR VR S M S C HC
procedure
R15 Wrong functions and properties R R R VR O S M S HC C
development
R16 Wrong user interface development VR R R VR AR S M C HC S
R17 Project complexity R O VR R R C L C S M
R18 Technological newness R F F F F M L C M L
R19 Continuous change of system R F O F VF M M S M M
requirements
R20 Wrong schedule estimation R O VR R O S M S S L
R21 Project behind schedule VR R AR R F S S S C M
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

R22 Project over budget VR R VR VR VR S C S C S

R23 Inadequate cash flow R O VR VR VR S C S HC S
R24 Personnel shortfalls VR R R R R C M M S C
R25 Lack of expertise and experience in e- O R AR R VR S M S HC C
commerce
R26 Loss of key person R R VR VR R M M C C HC
R27 Lack of top management support R O VR VR AR C S S HC HC
R28 Poor project planning AR R AR AR AR C C S C HC
R29 Loss of control over vendor AR O VR VR VR HC M M HC C
R30 Indefinite project scope VR R AR VR AR S S S C S
R31 Lack of contingency plans VR R O VR AR C M S HC S
R32 Business process redesign VR R O VR O S C M S M
R33 Organizational restructuring AR R VR AR F S M M M M
R34 Lack of trust between your VR R AR VR O L C S HC M
organization and merchant or customer
R35 Inappropriate media for the product and AR VR VR VR R M M S C S
service
R36 Lack of international legal standards AR VR AR AR VR C S S HC C
R37 New laws, regulations, and judicial VR O AR R F S M M HC S
decisions constantly change the online
legal landscape
R38 Uncertain legal jurisdiction VR O AR AR O S M S HC M
R39 Incompletion of contract terms AR R AR AR R C S C HC HC
R40 Loss of data control VR R AR AR VR HC S C HC HC
R41 Loss of control over information VR R VR AR AR C S S HC HC
technology
R42 Hidden cost R O VR VR VR M M S C M
R43 Unclear project objectives AR R AR VR AR S HC S C S
R44 Lack of vendor expertise and R O VR AR R M M M HC C
experience
R45 Lock-in situation R R AR AR F M S C C S
R46 Vendor offers outdated technology skill R R AR R VR M M C M HC
R47 Different users with difference in O O O O VF L M L S S
culture customers, and business style
R48 Language barrier O F AR VR F L M AL HC S

In the very next step, the multiplication of likelihood of occurrence (L) and impact of risk (I )
have been carried out to compute the degree of risk (i.e. R L I ) by using the basic arithmetic
operation of two IVFNs (Step 4). Now a similarity measure (i.e. DOS) has been calculated
~ ~ ~~
between ( A) (i.e. risk extent of a particular risk source) and an ideal IVFN (B ) , where A L I
~ ~
~
i.e. degree of risk corresponding to a particular risk source and, B 1,1,1,1,1,1,1,1 and ideal IVFN.
~
Numerous methods are available in existing literature to find out the similarity measure between
two IVFNs; but in this reporting, the formula of DOS has been used as it combines the concepts of
the geometric distance, the perimeter, the height and the center-of-gravity points of interval-valued
fuzzy numbers (Wei and Chen, 2009). DOS values of all forty-eight risk sources have been
calculated as shown in Table 3 (Step 5). The DOS values falls in the range of [0, 1] and infers a
measure of how much alike two IVFNs are. If DOS value appears equal to 0, it represents that two
fuzzy numbers are completely dissimilar; on the contrary, if DOS value approaches towards 1, it
can be inferred that two fuzzy numbers (that are under comparison) are almost similar (identical).
~
Since B 1,1,1,1,1,1,1,1 has been selected as the basis for comparison; the highest DOS value
~
~
~ ~
~ ~
~ ~
~ ~
~
between ( A) and (B ) indicates that ( A) bears highest extent of similarity with (B ); (B ) being considered
~
~
as the highest possible value of risk extent representation, the particular risk source corresponding to ( A) is
to be raked fast to impose the highest degree of adverse consequence in the context of e-commerce practice.
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

Following this philosophy, the ranking order of different risk sources have been determined
according to their DOS values arranged in descending order (Step 6); that means a particular risk
source, for example, having degree of similarity close to 1, would likely to incur the most
severe/adverse impact on the e-commerce functioning. The identified e-commerce risk influencing
factors have been categorized next into five different levels (shown in Table 4) viz. negligible
(0.100), minor (0.100-0.120), marginal (0.120-0.150), critical(0.150-0.170) and catastrophic
(0.170) based on the crisp ranges set earlier by the decision-making team (Step 7). In this
reporting, catastrophic level corresponds to the risk sources that need to be monitored and properly
controlled thereby minimizing the change of disruption/interruption in e-commerce performance.
Top five risk sources under catastrophic level (R19, R18, R9, R47, R13) have been
selected for next phase of analysis (Step 8). Structural Self-Interaction Matrix (SSIM) has been
developed as shown in Table 5 (Step 9 and Step 10). Final reachability matrix along with
transitivity analysis from SSIM has been carried out next and results have been shown in Table 6
(Step 11). Driver power and dependence power have also been calculated and presented in Table 6
(Step 11). Level partitioning of aforementioned five risk sources has now been executed (Step 12);
and, the summary of level partitioning shown in Table 7. MICMAC analysis has been performed
(Step 13); all five risk sources have been placed into their appropriate quadrant (Figure 1) viz.
autonomous, dependent, linkage and driver. Autonomous is the risk factor which have weak
driving power and weak dependence power. It has been found that three risk sources coming under
autonomous as R9, R18, R47. Dependent is the risk factor which have weak driving power and
strong dependence power. Only R13 has appeared to be present in this quadrant. Linkage risk
factors have both strong driving and dependence power; only R19 has placed in this quadrant.
Driver risk factors have strong driving power but weak dependence power, none of the risk
sources has appeared in this quadrant. Further, the ISM has been used to establish the relationship
amongst various risk sources under catastrophic level; a relationship diagram (ISM model) has
been developed (in hierarchical form) and shown herein in Figure 2 (Step 14). Developed ISM
(Figure 2) has segregated e-commerce risk sources into a hierarchy of two different levels. Level-I
includes R13 (Site or network overload and disruption), R19 (Continuous change of system
requirements) and R18 (Technological newness). Level-II encounters R9 (Human factor-caused
equipment failure) and R47 (Different users with difference in culture customers, and business
style).

Table 3. DOS corresponding to individual risk sources and corresponding ranking order
~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~ ~
~ ~
S A L , B L S AU , BU S A, B S A L , B L S AU , BU S
A, B
Potential ~ ~ ~ Ranking Potential ~ ~ ~ Ranking

risk sources order risk sources order

R1 0.099 0.192 0.138 10 R25 0.065 0.209 0.117 20

R2 0.061 0.187 0.107 25 R26 0.052 0.201 0.102 28
R3 0.077 0.219 0.130 12 R27 0.065 0.201 0.114 22
R4 0.026 0.133 0.059 42 R28 0.017 0.098 0.040 47
R5 0.030 0.141 0.065 39 R29 0.043 0.146 0.080 35
R6 0.055 0.207 0.107 24 R30 0.023 0.125 0.053 45
R7 0.077 0.215 0.129 14 R31 0.056 0.187 0.102 29
R8 0.070 0.207 0.120 19 R32 0.073 0.229 0.129 13
R9 0.117 0.292 0.185 3 R33 0.044 0.153 0.083 34
R10 0.094 0.239 0.150 7 R34 0.049 0.170 0.091 31
R11 0.023 0.131 0.055 44 R35 0.024 0.131 0.056 43
R12 0.096 0.255 0.156 6 R36 0.010 0.090 0.031 48
R13 0.108 0.301 0.180 5 R37 0.088 0.234 0.144 8
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

R14 0.042 0.181 0.088 32 R38 0.061 0.178 0.104 27

R15 0.079 0.249 0.140 9 R39 0.034 0.143 0.070 38
R16 0.038 0.164 0.079 36 R40 0.029 0.138 0.064 40
R17 0.066 0.224 0.122 18 R41 0.027 0.134 0.060 41
R18 0.121 0.310 0.193 2 R42 0.047 0.179 0.092 30
R19 0.135 0.332 0.212 1 R43 0.020 0.112 0.047 46
R20 0.070 0.229 0.126 16 R44 0.057 0.192 0.105 26
R21 0.073 0.220 0.127 15 R45 0.073 0.210 0.124 17
R22 0.033 0.164 0.074 37 R46 0.042 0.171 0.085 33
R23 0.064 0.212 0.116 21 R47 0.112 0.297 0.183 4
R24 0.055 0.215 0.109 23 R48 0.086 0.209 0.134 11
~~ ~
A L I B 1,1,1,1,1,1,1,1
Note: i.e. risk extent corresponding to a particular risk source and, ~

Table 4. Categorization of various risk sources under five distinct levels

Risk level Risk Rating Risk Sources
Range
Negligible 0.100 R4, R5, R11, R14, R16, R22, R28, R29, R30, R33, R34, R35, R36, R39, R40, R41, R42,
R43, R46
Minor 0.100-0.120 R2, R6, R23, R24, R25, R26, R27, R31, R38, R44
Marginal 0.120-0.150 R1, R2, R7, R8, R15, R17, R20, R21, R32, R37, R45, R48
Critial 0.150-0.170 R10, R11
Catastrophic 0.170 R9, R13, R18, R19, R47

Table 5. Structural Self-Interaction Matrix (SSIM)

Risk R47 R19 R18 R13
R9 A O O V
R13 A A O
R18 O V
R19 O

Table 6. Final reachability matrix with driving and dependence power

Risk R9 R13 R18 R19 R47 Driver power
R9 1 1 0 0 0 2
R13 0 1 0 1* 0 2
R18 0 0 1 1 0 2
R19 0 1 1* 1 0 3
R47 0 1 0 0 1 2
Dependence power 1 4 2 3 1 11/11
Note: 1* entries are indicated as transitivity

Table 7. Summary of level partitioning

Risk Reachability Set Antecedent set Intersection set Level
R9 R9, R13 R9 R9 II
R13 R13, R19 R9, R13, R19, R47 R13, R19 I
R18 R18, R19 R18, R19 R18, R19, I
R19 R13, R18, R19 R13, R18, R19, R13, R18, R19 I
R47 R13, R47 R47 R47 II
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

Figure 1. Driver power and dependence power matrix

Figure 2. Interpretive Structural Model (ISM) for e-commerce risk sources under catastrophic level

5. CONCLUSION
The present work aims to develop a decision support framework in order to identify and evaluate
e-commerce risks associated with an Indian case IT company by the application of IVFNs set
theory and DOS approach obtained therein. In this research, an ISM approach has also been
applied to recognize significant interrelationships and interdependencies amongst identified risk
sources (under catastrophic level). Further, a MICMAC analysis has been performed that provides
a guideline for identification followed by classification of perceived e-commerce risks in four
different quadrant/cluster based on their driving and dependence power. The above research
outcome may provide important insights to the companys risk management team leads to adopt a
proactive risk management strategy for smooth functioning of e-commerce. The risk sources that
are likely to incur catastrophic level of adverse consequence (due to occurrence of thereof) on the
e-commerce performance should be the prime concern of the case company and systematic action
requirement planning is indeed required to avoid/reduce probability of such undesirable
happenings.
The organizations undertaking e-commerce are hereby suggested to form a dedicated team for
effective management of risks to secure e-commerce transactions from possible risk attack by
identifying potential risk sources. The severity of potential risk sources can be classified into
appropriate levels by the Decision Support System (DSS) developed herein. Such categorization
may help the risk management team leads to suggest proactive risk mitigation plans. The risk
analysis team must transfer the information on risk escalating issues to relevant stakeholders for
re-scheduling of certain tasks; if possible, to manage the extent of risk immediately once it is
identified. Apart from this, an internal risk control policy must be framed in order to ensure
integrity, authenticity and confidentiality of the data and the operation involved in undertaking e-
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

commerce. The e-commerce activities should be protected from being affected by severe risks by
adapting proper risk control measures until the risk is dropped to an acceptable limit. This in turn
may limit overall risk with a potential growth in the performance of e-commerce in future.

REFERENCES
Agarwal J, Wu T (2015) Factors influencing growth potential of ecommerce in emerging
economies: an institutionbased N-OLI framework and research propositions Thunderbird
International Business Review, 57(3), 197-215.
Ashtiani B, Haghighirad F, Makui A, Montazer G (2009) Extension of fuzzy TOPSIS method
based on interval-valued fuzzy sets Applied Soft Computing, 9(2), 457-461.
Azevedo S, Carvalho H, Cruz-Machado V (2013) Using interpretive structural modelling to
identify and rank performance measures: an application in the automotive supply chain
Baltic Journal of Management, 8(2), 208-230.
Bo L, Congwei X (2009) E-commerce security risk analysis and management strategies of
commercial banks Information Technology and Applications, 1, 423-425, IEEE.
Chen S J, Chen S M (2007) Fuzzy risk analysis based on the ranking of generalized trapezoidal
fuzzy numbers Applied Intelligence, 26(1), 111.
Chen SM (1995) Arithmetic operations between vague sets In Proceedings of the International
Joint Conference of CFSA/IFIS/SOFT'95 on Fuzzy Theory and Applications, Taipei, Taiwan,
Republic of China, 206-211.
Chen T Y, Tsao C Y (2008) The interval-valued fuzzy TOPSIS method and experimental
analysis Fuzzy Sets and Systems, 159(11), 1410-1428.
Guijun W, Xiaoping L (1998) The applications of interval-valued fuzzy numbers and interval-
distribution numbers Fuzzy Sets and Systems, 98(3), 331-335.
Herrera F (2011) On the Usefulness of Interval Valued Fuzzy Sets for Learning Fuzzy Rule
Based Classification Systems Eurofuse, 3-4, Springer Berlin Heidelberg.
Kaufmann A, M M Gupta (1991) Introduction to fuzzy arithmetic: theory and applications Van
Nostrand Reinhold, New York.
Khokhar R H, Bell D A, Guan J, Wu Q (2006) Risk assessment of e-commerce projects using
evidential reasoning International Conference on Fuzzy Systems and Knowledge Discovery,
621-630. Springer Berlin Heidelberg.
Lihua M, Fengyun M, Haiyan G (2011) The e-commerce risk early-warning model based on the
unascertained C-means clustering Procedia Engineering, 15, 4740-4744.
Pfohl H C, Gallus P, Thomas D (2011) Interpretive structural modeling of supply chain
risks International Journal of physical distribution and logistics management, 41(9), 839-
859.
Radu L D (2009) Qualitative, semi-quantitative and, quantitative methods for risk assessment:
case of the financial audit Analele Stiintifice ale Universitatii Alexandru Ioan Cuza din Iasi-
Stiinte Economice, 56, 643-657.
Raptis D, Dimitrakos T, Gran B A, Stlen K (2002) The CORAS approach for model-based risk
management applied to e-commerce domain Advanced Communications and Multimedia
Security, 169-181, Springer US.
Ravi V, Shankar, R (2005) Analysis of interactions among the barriers of reverse
logistics Technological Forecasting and Social Change, 72(8), 1011-1029.
Samantra C, Datta S, Mahapatra S S (2014) Risk assessment in IT outsourcing using fuzzy
decision-making approach: An Indian perspective Expert Systems with Applications, 41(8),
4010-4022.
Warfield J N (1974) Developing subsystem matrices in structural modeling IEEE Transactions
on Systems, Man, and Cybernetics, 1, 74-80.
 DR B R AMBEDKAR NATIONAL OF TECHNOLOGY JALANDHAR-144011, INDIA
DEPARTMENT OF INDUSTRIAL AND PRODUCTION ENGINEERING
IVTH INTERNATIONAL CONFERENCE ON PRODUCTION AND INDUSTRIAL ENGINEERING, CPIE-2016

Wei S H, Chen S M (2009) Fuzzy risk analysis based on interval-valued fuzzy numbers Expert
Systems with Applications, 36(2), 22852299.
Wruck S, Vis I F, Boter J (2016) Risk control for staff planning in e-commerce
warehouses International Journal of Production Research, 1-17.
Zhi H (1995) Risk management for overseas construction projects International journal of
project management, 13(4), 231-237.
Zimmermann H J (1991) Fuzzy set theory and its applications Kluwer Academic Publishers,
Boston.