Beruflich Dokumente
Kultur Dokumente
Objectives of Module
Definition
Launching Types
An Of
E-Business Systems
E-Commerce
Systems
People
Differences
Involved
Quality
Attributes
Introduction to
E-Commerce Systems
Introduction
“We live in an era of e-everything” – David Chaffey
Everywhere we look, we are likely to see an e-
something:
E-Commerce
E-Banking
E-Dating
E-Government
E-Learning
E-Logistics
…
What are E-Commerce Systems?
Viewing a product list online?
Ordering products online and paying by cheque or in
person?
Ordering and paying online plus having the product
delivered?
Getting information (e.g. share prices) from a
website for free?
Using your mobile to get online news or even
topping up your prepaid balance?
E-Commerce Systems
Business-to-BusinessBusiness-to-Consumer
Consumer-to-Consumer
Company A
Seller Company B
Company C
•One-to-Many Relationship
Buy-Side B2B Systems
Sellers
Company A
Buyer Company B
Company C
•One-to-Many Relationship
Electronic Marketplace (or
Exchange)
Sellers Services Buyers
Company A Company X
Company C Company Z
•Many-to-Many Relationship
•Exchange is usually owned and operated by a 3rd party
•Businesses meet to exchange goods/services
Collaborative B2B Systems
Others
Government
Buyers
Industrial
Hub
Associations Sellers
Manager
Universities Community
•Many-to-Many Relationship
•Only business partners participate
•Facilitates communication, sharing of designs, planning information, etc
Business to Consumer (B2C)
Businesses sell products/services to
consumers
Usually take on the form a website through
which consumers can browse through
products/services, order and pay online
Typical Examples:
Amazon.com
Extending your internet subscription online
Consumer to Consumer (C2C)
Consumers buying/selling products and
services amongst themselves
Typical Examples:
E-Bay
di-ve.com Classifieds
Differences between E-
Commerce Systems and
Other Systems
Introduction
A number of differences exist between e-
commerce systems and other types of
systems
The most important ones are:
They are content-driven
They are exposed to the world
They are Browser Based
Enormous User Base
They are likely to change quite often
Content Driven (1/2)
Most e-commerce sites are connected to a
database
View product lists
Compare prices
View orders
…
What information should my site display?
Is it organised in the best possible way?
Is it easy for a use to find what she wants
Content Driven (2/2)
72% of users know beforehand what they are
looking for
This indicates we should provide an easy
means by which users can search for the
product they need
Usability and Navigability of websites are
very important issues.
A customer who has a bad first impression of
a site is not likely to return
Importance of Navigability
Why people abandon transactions online….
15% 14%
Delivery/Payment/Pricing
Problems
10%
Browser Compatibility
4% Problems
5%
0%
Reasons
Exposed to the world
The internet is an open network of networks
E-Commerce sites require the transfer of
private information
Customer details
Credit card numbers
E-Commerce systems need to be secure
In security circles, it is always assumed that
whatever you send online can be seen by
everyone else on the internet
Enormous Userbase (1/3)
Ideally, an e-commerce website will attract
vasts amounts of visitors
This is a mixed blessing
Ideal scenario
Thousands of people visit my e-commerce site
daily
They all see products they like and buy them
I become very very rich
Enormous Userbase (2/3)
Some bad scenarios:
Thousands of people visit my website
The website cannot cope with the load and starts crashing
every few minutes
I get it fixed
People come back
They order items but my business models have not been
adapted to e-commerce
How do I deliver products?
40%
36%
35%
30%
30%
25%
20%
15% 14%
10% 8%
7%
5%
5%
0%
Touch Security Delivery Browse Trust Other
How secure do online stores need
to be before people use them?
45% 44%
42%
40%
35%
30%
25%
20%
15% 13%
10%
5%
1%
0%
Watertight Minor Risks Considerable Security Not
Security Risks Important
Possible security breaches (1/2)
Fraud resuting in direct financial loss
Transfer of funds
Destruction of financial records
Theft of information
Confidential
Proprietry
Technological
Risk of intruder passing this information on to a
competing company or people with malicious
intend
Possible security breaches (2/2)
Disruption of service
E.g. Denial of Service Attacks
Inconveniences to customers
Loss of business
Loss of customer confidence
Intrusions into customer files
Dishonesty
Human Mistakes
Network Failures
Security in brick-and-mortar stores
In tradional businesses:
Merchants expect to be paid with real money
When they accept credit, they require signatures
At the end of the day:
Alarm is set
Security Guards employed
Police available in case of a break in
Most people say no to the first question but yes to the second.
Why?
Identifying Security Principals
Principals in online security are:
People
Processes
Machines
Keys, passwords, etc
aaTTyUIjhg^&bvv$%vDDDg*$$$csdad
Intercepts
But cannot
Understand
James
Peter messages
????
Evil Hacker
Confidentiality / Secrecy (2/3)
Data needs to be encrypted in order for
secrecy to prevail
There are various encryption techniques and
algorithms
Security algorithms should be updated over
time.
One early popular algorithm was DES.
It is now crackable in 3 hours.
Latest popular encryption algorithm is AES
Confidentiality / Secrecy (3/3)
SSL (Secure Sockets Layer) is the prevailing
encryption mechanism for e-commerce today.
Uses Public/Private Key Encryption Methods
All major browsers support SSL
SSL supports certificates and thus handles other
aspects of security besides encryption
It is beyond the scope of this course to enter into
exactly how SSL works as this would require a
whole course to trash out
Authentication (1/2)
Intercepts
James
Peter
Evil Hacker
Authentication (2/2)
Passwords are a weak form of authentication
Current mainstream technique for ensuring
authentication is the use of certificates
Individuals (and organisations) can obtain
certificates from a certificate authority and use the
certificate to encrypt their messages
Recipients can verify the sender’s certificate with a
certification authority so as to ascertain the identity
of the person
Integrity (1/2)
Hello James. Please give me your account num
Intercepts
and
Modifies
James
Peter Message
Ok. My account
number is 55421221
Evil Hacker
Integrity (2/2)
Certificates and Public Key Infrastructure also
cater for integrity
Recipients can detect if the original message
has been changed and request the sender to
resend the message
What needs to be secured? (1/2)
Clients – They are vulnerable to
Viruses
Hackers
Servers
Exposed to anothorised access
Intrusions could lead to a reducion in speed or worse
Server resourses may be used for purposes other than
those originally intended
What needs to be secured? (2/2)
Networks
The entry point to computer systems
Can become the root cause for infringment if not
secured
A weak network can allow data to be easily
tampered with
Common cases occuring due to a loophole in
network security:
Fradulent Identities
Eavesdropping
Common Threats on the Web (1/6)
Accidental Threats
Arise from human error
Generally due to lack of awareness and training
Poor password choices
Accidental business transactions
Accidental disclosure of information
Use of incorrect software
Physical accidents
E.g. spilling of coffee, unplugging servers, etc
Common Threats on the Web (2/6)
Malicious Threats
Specially intended to cause harm to people,
systems and networks
Malicious Software
Viruses
Trojans
Worms
Social Engineering Threats
E.g. pretending to be an employee of a company and
asking for private information
Common Threats on the Web (3/6)
Authorisation Threats
Hacker attempts to bypass security by posing as
an authorised user
Needs to gain knowledge about a valid username
and password combination
Various techniques exist:
Dictionary Attacks
Brute-Force Attacks
Short Attacks
…
Common Threats on the Web (4/6)
Application Threats
Exploit vulnerabilities in applications deployed as part of a
web system
Applications can include
Web Servers
FTP Servers
DNS Servers
…
Victim
Spoofed Ping Requests
Hacker’s PC
Replies to Victim
Network Attacks (3/3)
Ping of Death
Hackers send thousands of ping requests per second to a victim
They send data which is beyond the 64k ICMP limit
Can cause a total system crash
Other Attacks
DNS Attacks
Spoofing
Host Overflow
Length Overflow
Zone Transfer
Distributed Denial-of-Service (DDoS)
Same as DoS but involves hundreds (or thousands) of simultaneous attacks
Security Counter-measures (1/5)
Physical Security
Make sure hardware is physcialy secure
Security Guards
Alarms
Security Procedures
Safety Procedures
Security Counter-measures (2/5)
Secure Authentication and Messaging
Use of public key cryptography
Ensure that
Messages received from a user are actually from that
user
Messages received from a user have not been
tampered with
Security Counter-measures (3/5)
Firewall Solutions
A firewall sits on the perimiter of your network
Control network traffic flow
System Administrator may close
Ports / protocols
Traffic from/to certain systems
…
Useful against
Various network attacks
Spyware
Unauthorised usage
Not the silver bullet of security
Security Counter-measures (4/5)
Bandwidth Managers
Limit the use of bandwidth by different
Protocols
Applications
Particular Sources and Destinations
Useful against DoS attacks
Example:
Give high bandwidth to secure ports
Give low bandwidth to unsecured ports (prevents DoS
attacks)
Security Counter-measures (5/5)
Disaster Recovery and Backup
Disaster recovery plan
Everyone should know what to do if the worst-
case scenario were to happen
Regular backups are useful and essential
E-Payments
How payments are made online
Origins of Money and Payments
Money began with the concept of bartering
Economic System got more complicated and tokens
started being used.
Items carried an intrinsic value
E.g. Precious stones, shells, etc
E.g. Silver dollar was made of $1 worth of silver
After tokens, were detached from inherent value,
notational money was adopted
Credit system developed
People pay without actually having the money
Credit cards
Real-world Cash
Medium of exchange to simplify transactions
Has a standard value and helps decide worth of goods
Electronic money must fulfill this criteria as well
Benefits of cash
Convenience
Wide acceptance
Anonymity
No hidden or other cost of use
No audit trail
Disadvantage of cash is in the cost of holding it
Loss of potential interest in bank
Cost of security
Cost of transport
Electronic Money (E-Money)
E-Money is an electronic medium for making
payments
Includes
Credit cards
Smart cards
Debit cards
Electronic funds transfer
Automated Clearinghouse (ACH) systems
It is notational and can be
Online or Off-line
Identified of Anonymous
Types of E-Money (1/2)
Identified and Online (+I+L)
Unique to credit card and debit cards transactions
Customer is easily identifiable
Card is validated against a bank’s computer before
payment is made
Identified and Offline (+I-L)
Purchasing by cheque, travelers cheques, money orders,
etc
Merchant asks for ID to make sure the identity of the
purchaser is known
No verification is made
Types of E-Money (2/2)
Anonymous and Online (-I+L)
Cash transactions where the purchaser is anonymous
Depositing money in an online account
Purchase made on the spot for cash
Anonymous and Offline (-I-L)
Unique to electronic cash
E.g. Transfering funds from a credit card to another
account using an ATM which does not have a direct
connection to the VISA/MasterCard network
Q. Create a webpage and make the following table.
ABC Company Limited
Staff Details
S.N.
Name
Address
Salary
1.
Hari Dhital
Banepa
15000
2.
Kedar Sharma
Panauti
17000
Total
32000
Analysing Cash, Cheques and Credit Cards
Cash Y Y Y Y Y N Y Y
Cheque Y Y N Y N Y N Y
Credit
Card Y Y N Y N - N Y
Internet-Based Payments
Electronic payments are financial
transactions made without the use of paper
documents such as cheques.
E.g. Having your stipends credited to your
account, paying for a product with your
smartcard
Internet-based payment systems are a form
of electronic payment
Important Properties for E-Payments
Bank A ACH
6. ACH Credits Bank A with €300
5. Bank B Approves
4. ACH Queries Bank B
2 8. Bank A Bank B
“Not on Us” releases
Deposit “Hold”
7. Bank B Debits Account
with €300
1. Order
Details 2. Request for
Payment Network Interchange using
VISA, Mastercard,
4. Electronic American Express, etc
Receipt
Secure
Cardholder
Certificate
Maintenance Technology
& Infrastructure
Enhancement 2
6
Fulfillment Design
5 3
Marketing
4
Business Planning and Strategising
Hardware
Software
ISP
People
People Involved
Business People
Graphics Designers
People with library science background
Database Designers
Programmers
Web Architects
Network Security Experts
Project Managers
Software Development Lifecycles