ELC 200 - PowerPoint PPT Presentation

1 / 123
About This Presentation
Title:

ELC 200

Description:

ELC 200 Day 22 Agenda Questions from last Class? Assignment 5 Due April 17 Assignment 6, 7 & 8 will be posted by Next Class 2 more assignments left Operations ... – PowerPoint PPT presentation

Number of Views:250
Avg rating:3.0/5.0
Slides: 124
Provided by: ISFL8
Category:
Tags: elc | card | care | health | smart | solutions

less

Transcript and Presenter's Notes

Title: ELC 200


1
ELC 200
  • Day 22

2
Agenda
  • Questions from last Class?
  • Assignment 5
  • Due April 17
  • Assignment 6, 7 8 will be posted by Next Class
  • 2 more assignments left
  • Operations Finance ???
  • EBiz plan and presentations
  • Due May 8 _at_ 8AM
  • More to come
  • Two more Quizzes
  • April 20 May 4
  • Today's discussion is on Law, Ethics, andCyber
    Crime

3
Internet Security
  • Cyber attacks are on the rise
  • Internet connections are increasingly a point of
    attack
  • The variety of attacks is on the rise
  • Why now?
  • Because thats where the money and information
    is!

4
Internet Security (cont.)
  • Factors have contributed to the rise in cyber
    attacks
  • Security and ease of use are antithetical to one
    another
  • Security takes a back seat to market pressures
  • Security of an EC site depends on the security of
    the Internet as a whole
  • Security vulnerabilities are mushrooming
  • Security is compromised by common applications
  • Especially Microsoft products
  • Buffer Overflows exploits

5
Basic Security Issues
  • From the user s perspective
  • How can the user be sure that the Web server is
    owned and operated by a legitimate company?
  • How does the user know that the Web page and form
    do not contain some malicious or dangerous code
    or content?
  • How does the user know that the Web server will
    not distribute the information the user provides
    to some other party?

6
Basic Security Issues (cont.)
  • From the company s perspective
  • How does the company know the user will not
    attempt to break into the Web server or alter the
    pages and content at the site?
  • How does the company know that the user will not
    try to disrupt the server so that it is not
    available to others?

7
Basic Security Issues (cont.)
  • From both parties perspectives
  • How do they know that the network connection is
    free from eavesdropping by a third party
    listening in on the line?
  • How do they know that the information sent back
    and forth between the server and the user s
    browser has not been altered?

8
Basic Security Issues (cont.)
  • Authorization
  • The process that ensures that a person has the
    right to access certain resources
  • If the door is unlocked, are you authorized to
    enter?
  • Authentication
  • The process by which one entity verifies that
    another entity is who they claim to be by
    checking credentials of some sort

9
Basic Security Issues (cont.)
  • Auditing
  • The process of collecting information about
    attempts to access particular resources, use
    particular privileges, or perform other security
    actions
  • Surveillance Cameras
  • Confidentiality (privacy)
  • Only authorized entities can view the
    information

10
Basic Security Issues (cont.)
  • Integrity
  • As applied to data, the ability to protect data
    from being altered or destroyed in an
    unauthorized or accidental manner
  • Availability
  • Nonrepudiation
  • The ability to limit parties from refuting that
    a legitimate transaction took place, usually by
    means of a signature

11
Exhibit 9.2General Security Issues at E-Commerce
Sites
12
Types of Cyber Attacks
  • Technical attack
  • An attack perpetrated using software and systems
    knowledge or expertise
  • Nontechnical attack
  • An attack in which a perpetrator uses chicanery
    or other form of persuasion to trick people into
    revealing sensitive information or performing
    actions that compromise the security of a network
  • Social Engineering

13
Types of Cyber Attacks (cont.)
  • Common vulnerabilities and exposures (CVEs)
  • Publicly known computer security risks or
    problems these are collected, enumerated, and
    shared by a board of security-related
    organizations (cve.mitre.org)
  • http//www.cert.org/
  • Denial-of-service (DoS) attack
  • An attack on a Web site in which an attacker
    uses specialized software to send a flood of data
    packets to the target computer with the aim of
    overloading its resources

14
Types of Cyber Attacks (cont.)
  • Distributed denial of service (DDoS) attack
  • A denial-of-service attack in which the attacker
    gains illegal administrative access to as many
    computers on the Internet as possible and uses
    these multiple computers to send a flood of data
    packets to the target computer
  • Malware
  • A generic term for malicious software

15
How Hackers Hack
  • Many Techniques
  • Social Engineering
  • Get someone to give you their password
  • Cracking
  • Guessing passwords
  • A six letter password (no caps)
  • gt 300 million possibilities
  • Merriam-Webster's citation files, which were
    begun in the 1880s, now contain 15.7 million
    examples of words used in context and cover all
    aspects of the English vocabulary.
  • http//www.m-w.com/help/faq/words_in.htm
  • Buffer Overflows
  • Getting code to run on other PCs
  • Load a Trojan or BackDoor
  • Snoop and Sniff
  • Steal data
  • Denial of Service (DOS)
  • Crash or cripple a Computer from another computer
  • Distributed Denial of Service (DDOS)
  • Crash or cripple a Computer from multiple
    distributed computers

16
DOS attacks
  • Kill the PC with one packet
  • Exploits problem in O/S
  • Teardrop
  • WinNuke
  • Kill the PC with lots of packets
  • Smurf
  • Frag
  • Tribal Flood Network

17
SMURF Attack
Image from www.circlemudd.org
18
Attacks Requiring Protection
  • Denial-of-Service (DoS) Attacks
  • Make the system unavailable (crash it or make it
    run very slowly) by sending one message or a
    stream of messages. Loss of availability

Single Message DOS Attack (Crashes the Victim)
Server
Attacker
19
Attacks Requiring Protection
  • Denial-of-Service (DoS) Attacks
  • Make the system unusable (crash it or make it run
    very slowly) by sending one message or a stream
    of messages. Loss of availability.

Message Stream DOS Attack (Overloads the Victim)
Server
Attacker
20
Distributed Denial-of-Service Attacks
Distributed DOS (DDoS) Attack Messages Come from
Many Sources
Attack Command
DoS Attack Packets
Computer with Zombie
Attacker
Attack Command
Server
DoS Attack Packets
Computer with Zombie
21
Types of Cyber Attacks (cont.)
  • Virus
  • A piece of software code that inserts itself
    into a host, including the operating systems, to
    propagate it cannot run independently but
    requires that its host program be run to activate
    it
  • Worm
  • A software program that runs independently,
    consuming the resources of its host from within
    in order to maintain itself and propagating a
    complete working version of itself onto another
    machine

22
Types of Cyber Attacks (cont.)
  • Trojan horse
  • A program that appears to have a useful function
    but that contains a hidden function that presents
    a security risk
  • Two of the better-known Trojan horses Back
    Orifice and NetBus
  • Self-contained and self-installing utilities
    that can be used to remotely control and monitor
    the victim s computer over a network (execute
    commands, list files, upload and download files
    on the victims computer)

23
Trojan Horse Attack on Bugtraq List
  • BugTraqa full disclosure moderated mailing list
    for the detailed discussion and announcement of
    computer security vulnerabilities
  • What they are
  • How to exploit them
  • How to fix them

24
Trojan Horse Attack on Bugtraq List (cont.)
  • SecurityFocus.com experts have been fooled
  • Sent the code containing a Trojan horse
  • to its 37,000 BugTrac subscribers
  • Network Associates server found itself under
    attack
  • The way the list is moderated did not change

25
Attacks Requiring Protection
  • Malicious Content
  • Viruses
  • Infect files
  • propagate by executing infected program
  • Payloads may be destructive
  • Worms
  • propagate by themselves
  • Trojan horses
  • appear to be one thing, such as a game, but
    actually are malicious
  • Snakes
  • combine worm with virus, Trojan horses, and other
    attacks

26
Trojans and BackDoors
  • The trick is get the a backdoor (unauthorized
    entry) on a machine
  • Easy way
  • Get the user to load it himself
  • Cracked Software (WAREZ)
  • Free Software (KAZAA)
  • Hard Way
  • Get a password
  • Create a buffer overflow
  • Microsoft can teach you how
  • Most Common Trojans and backdoors
  • SubSeven
  • ServU
  • Netbus
  • Back Orifice
  • If have download cracked software (illegal) or
    have loaded KAZAA chances are that you have been
    hacked!

27
I get at least one of these a day.
28
Snoop and Sniff
29
How Viruses Work
30
Getting Rid of Viruses
  • Get a good Virus Projection Software
  • Free (not Recommended)
  • Anti-Vir
  • Avast
  • AVG
  • Not Free
  • Norton AntiVirus
  • MacAfee
  • Free for UMFK students and staff
  • http//www.umfk.maine.edu/it/antivirus/
  • Update definition files often

31
How Worms work
  • Worms are pieces of software that self replicate
    over networks
  • Choke networks
  • Famous Worms
  • Morris worm the first worm
  • Code Red went after IIS servers
  • Melissa e-mail worm
  • Slammer - SQL worm
  • Blaster Windows RPC worm
  • MyDoom another e-mail worm that creates a
    BackDoor on your computer

32
Security Technologies
  • Internet and EC security is a thriving business
  • Firewalls and Access Control
  • One major impediments to EC is the concern about
    the security of internal networks
  • Sidestep the issue by letting third parties host
    their Web sites
  • Primary means of access control is password

33
Security Technologies (cont.)
  • Firewall
  • A network node consisting of both hardware and
    software that isolates a private network from a
    public network
  • Intrusion detection system (IDS)
  • A special category of software that can monitor
    activity across a network or on a host computer,
    watch for suspicious activity, and take automated
    action based on what it sees

34
Security Technologies (cont.)
  • Security risk management
  • A systematic process for determining the
    likelihood of various security attacks and for
    identifying the actions needed to prevent or
    mitigate those attacks
  • Assessment
  • Planning
  • Implementation
  • Monitoring

35
Managerial Issues
  • How can the global nature of EC impact business
    operations?
  • What sorts of legal and ethical issues should be
    of major concern to an EC enterprise?
  • What are the business consequences of poor
    security?

36
Managerial Issues (cont.)
  • Are we safe if there are few visitors to our EC
    site?
  • Is technology the key to EC security?
  • Where are the security threats likely to come
    from?

37
Chapter 10Payments and Order Fulfillment
1
38
Learning Objectives
  • Understand the crucial factors determining the
    success of e-payment methods
  • Describe the key elements in securing an
  • e-payment
  • Discuss the players and processes involved in
    using credit cards online
  • Describe the uses and benefits of purchase cards

39
Learning Objectives (cont.)
  • Describe different categories and potential uses
    of smart cards
  • Discuss various online alternatives to credit
    card payments and identify under what
    circumstances they are best used
  • Describe the processes and parties involved in
    e-checking

40
Learning Objectives (cont.)
  • Describe the role of order fulfillment and
    back-office operations in EC
  • Describe the EC order fulfillment process.
  • Describe the major problems of EC order
    fulfillment
  • Describe various solutions to EC order
    fulfillment problems

41
LensDoc Organizes Payment Online
  • The Problem
  • LensDoconline retailer of contact lenses, sun
    and magnifying glasses
  • Dental care and personal care products
  • Customers pay by credit card (90 of all online
    purchases in the U.S.)
  • Easy to purchase
  • Easy to purchase fraudulently
  • Contact lenses cannot be returned once used, but
    unsatisfied customers want their money back

42
LensDoc (cont.)
  • Solutions
  • Process credit card purchases by hand
  • Require
  • Home address
  • Shipping address
  • Assumption is that if the card being used is a
    fraudulent one, the perpetrator is unlikely to
    know the cardholders address

43
LensDoc (cont.)
  • The Results
  • Investigating alternative methods of payment
  • Cash cards
  • Special card-swiping peripherals
  • Credit card processing services
  • Currently disadvantages outweigh advantages of
    any of these alternatives

44
Electronic Payments
  • Paying with credit cards online
  • Until recently consumers were extremely reluctant
    to use their credit card numbers on the Web
  • This is changing because
  • Many of people who will be on the Internet in
    2004 have not even had their first Web experience
    today
  • 85 of the transactions that occur on the Web are
    B2B rather than B2C (credit cards are rarely used
    in B2B transactions)

45
Electronic Payments (cont.)
  • Four parties involved in e-payments
  • Issuer
  • Customers must obtain e-payment accounts from an
    issuer
  • Issuers are usually involved in authenticating a
    transaction and approving the amount involved
  • Customer/payer/buyer
  • Merchant/payee/seller
  • Regulator

46
Electronic Payments (cont.)
  • Key issue of trust must be addressed
  • PAIN
  • Privacy
  • Authentication and authorization
  • Integrity
  • Nonrepudiation
  • Characteristics of successful e-payment methods
  • Independence
  • Interoperability and portability
  • Security
  • Anonymity
  • Divisibility
  • Ease of use
  • Transaction fees

47
Security for E-Payments
  • Public key infrastructure (PKI)a scheme for
    securing e-payments using public key encryption
    and various technical components
  • Foundation of a number of network applications
  • Supply chain management
  • Virtual private networks
  • Secure e-mail
  • Intranet applications

48
Security for E-Payments
  • Public key encryption
  • Encryption (cryptography)the process of
    scrambling (encrypting) a message in such a way
    that it is difficult, expensive, or time
    consuming for an unauthorized person to
    unscramble (decrypt) it

49
Security for E-Payments (cont.)
  • All encryption has four basic parts
  • Plaintextan unencrypted message in
    human-readable form
  • Ciphertexta plaintext message after it has been
    encrypted into unreadable form
  • Encryption algorithmthe mathematical formula
    used to encrypt the plaintext into ciphertext and
    vice versa
  • Keythe secret code used to encrypt and decrypt a
    message

50
Security for E-Payments (cont.)
  • Two major classes of encryption systems
  • Symmetric (private key)
  • Used to encrypt and decrypt plain text
  • Shared by sender and receiver of text
  • Asymmetric (public key)
  • Uses a pair of keys
  • Public key to encrypt the message
  • Private key to decrypt the message

51
Security for E-Payments (cont.)
  • Public key encryptionmethod of encryption that
    uses a pair of keysa public key to encrypt a
    message and a private key (kept only by its
    owner) to decrypt it, or vice versa
  • Private keysecret encryption code held only by
    its owner
  • Public keysecret encryption code that is
    publicly available to anyone

52
Exhibit 10.1Private Key Encryption
53
Exhibit 10.2Key Sizes Time to Try All Possible
Keys
54
Security for E-Payments (cont.)
  • Digital signaturesan identifying code that can
    be used to authenticate the identity of the
    sender of a message or document
  • Used to
  • Authenticate the identity of the sender of a
    message or document
  • Ensure the original content of the electronic
    message or document is unchanged

55
Security for E-Payments (cont.)
  • Digital Signatureshow they work
  • Create an e-mail message with the contract in it
  • Using special software, you hash the message,
    converting it into a string of digits (message
    digest)
  • You use your private key to encrypt the hash
    (your digital signature

56
Security for E-Payments (cont.)
  1. E-mail the original message along with the
    encrypted hash to the receiver
  2. Receiver uses the same special software to hash
    the message they received
  3. Company uses your public key to decrypt the
    message hash that you sent. If their hash matches
    the decrypted hash, then the message is valid

57
Exhibit 10.3Digital Signatures
58
Security for E-Payments (cont.)
  • Digital certificatesverification that the holder
    of a public or private key is who he or she
    claims to be
  • Certificate authorities (CAs)third parties that
    issue digital certificates

59
Crypto, Digital Signature and Digital Certificates
  • Cryptography provides security by using
    encryption
  • Ensures privacy
  • Digital Signatures are just like a real signature
  • DCMA makes them just as legally binding as a
    signed paper document
  • Digital Certificates uses Cryptographic
    techniques to prove Identity

60
Digital Signature
Encrypted for Confidentiality
DS
Plaintext
Sender
Receiver
Add Digital Signature to Each Message Provides
Message-by-Message Authentication
61
Digital Signature Sender
  • To Create the Digital Signature
  • Hash the plaintext to create
  • a brief message digest This is
  • NOT the digital signature
  • 2. Sign (encrypt) the message
  • digest with the senders private
  • key to create the digital
  • Signature

Plaintext
Hash
MD
Sign (Encrypt) MD with Senders Private Key
DS
62
Digital Signature
Send Plaintext plus Digital Signature Encrypted
with Symmetric Session Key
DS
Plaintext
Sender Encrypts
Receiver Decrypts
Transmission
63
Digital Signature Receiver
1. Hash the received plaintext with the
same hashing algorithm the sender used. This
gives the message digest 2. Decrypt the
digital signature with the senders public key.
This also should give the message digest. 3. If
the two match, the message is authenticated The
sender has the true Partys private key
DS
Received Plaintext
2. Decrypt with True Partys Public Key
1. Hash
MD
MD
3. Are they Equal?
64
Public Key Deception
Verifier Must authenticate True Person.
Believes now has TPs public key Believes True
Person is authenticated based on Impostors
public key True Person, here is a message
encrypted with your public key.
Impostor I am the True Person. Here is
TPs public key. (Sends Impostors public key)
Here is authentication based on TPs private
key. (Really Impostors private key) Decryption
of message from Verifier encrypted with
Impostors public key, so Impostor can decrypt it
Critical Deception
65
Digital Certificates
  • Digital certificates are electronic documents
    that give the true partys name and public key
  • Applicants claiming to be the true party have
    their authentication methods tested by this
    public key
  • If they are not the true party, they cannot use
    the true partys private key and so will not be
    authenticated
  • Digital certificates follow the X.509 Standard

66
Digital Signatures and Digital Certificates
  • Public key authentication requires both a digital
    signature and a digital certificate to give the
    public key needed to test the digital signature

Digital Certificate True Partys Public Key
Certificate Authority
Applicant
DS
Plaintext
Verifier
67
Standards for E-Payments
  • Secure socket layer (SSL)protocol that utilizes
    standard certificates for authentication and data
    encryption to ensure privacy or confidentiality
  • Transport Layer Security (TLS)as of 1996,
    another name for the Secure Socket Layer protocol

68
Standards for E-Payments (cont.)
  • Secure Electronic Transaction (SET)a protocol
    designed to provide secure online credit card
    transactions for both consumers and merchants
    developed jointly by Netscape, Visa, MasterCard,
    and others

69
Electronic Cards and Smart Cards
  • Payment cardselectronic cards that contain
    information that can be used for payment purposes
  • Credit cardsprovides holder with credit to make
    purchases up to a limit fixed by the card issuer
  • Charge cardsbalance on a charge card is supposed
    to be paid in full upon receipt of monthly
    statement
  • Debit cardcost of a purchase drawn directly from
    holders checking account (demand-deposit account)

70
Electronic Cards and Smart Cards (cont.)
  • The Players
  • Cardholder
  • Merchant (seller)
  • Issuer (your bank)
  • Acquirer (merchants financial institution,
    acquires the sales slips)
  • Card association (VISA, MasterCard)
  • Third-party processors (outsourcers performing
    same duties formerly provided by issuers, etc.)

71
Exhibit 10.4Online Credit Card Processing
72
Electronic Cards and Smart Cards (cont.)
  • Credit card gatewayan online connection that
    ties a merchants systems to the back-end
    processing systems of the credit card issuer
  • Virtual credit cardan e-payment system in which
    a credit card issuer gives a special transaction
    number that can be used online in place of
    regular credit card numbers

73
Electronic Cards and Smart Cards (cont.)
  • Electronic wallets (e-wallets)a software
    component in which a user stores credit card
    numbers and other personal information when
    shopping online the user simply clicks the
    e-wallet to automatically fill in information
    needed to make a purchase
  • One-click shoppingsaving your order information
    on retailers Web server
  • E-walletsoftware downloaded to cardholders
    desktop that stores same information and allows
    one-click-like shopping

74
Electronic Cards and Smart Cards (cont.)
  • Security risks with credit cards
  • Stolen cards
  • Reneging by the customerauthorizes a payment and
    later denies it
  • Theft of card details stored on merchants
    computerisolate computer storing information so
    it cannot be accessed directly from the Web

75
Electronic Cards and Smart Cards (cont.)
  • Purchasing cardsspecial-purpose payment cards
    issued to a companys employees to be used solely
    for purchasing nonstrategic materials and
    services up to a preset dollar limit
  • Instrument of choice for B2B purchasing

76
E-Cards (cont.)
  • Benefits of using purchasing cards
  • Productivity gains
  • Bill consolidation
  • Payment reconciliation
  • Preferred pricing
  • Management reports
  • Control

77
Exhibit 10.5Participants Process of Using a
Purchasing Card
78
Smart Cards
  • Smart cardan electronic card containing an
    embedded microchip that enables predefined
    operations or the addition, deletion, or
    manipulation of information on the card

79
Smart Cards (cont.)
  • Categories of smart cards
  • Contact carda smart card containing a small gold
    plate on the face that when inserted in a
    smart-card reader makes contact and so passes
    data to and from the embedded microchip
  • Contactless (proximity) carda smart card with an
    embedded antenna, by means of which data and
    applications are passed to and from a card reader
    unit or other device

80
Smart Cards (cont.)
  • Securing smart cards
  • Theoretically, it is possible to hack into a
    smart card
  • Most cards can now store the information in
    encrypted form
  • Same cards can also encrypt and decrypt data that
    is downloaded or read from the card
  • Cost to the attacker of doing so far exceeds the
    benefits

81
Smart Cards (cont.)
  • Important applications of smart card use
  • Loyalty
  • Financial
  • Information technology
  • Health and social welfare
  • Transportation
  • Identification

82
E-Cash and Innovative Payment Methods
  • E-cashthe digital equivalent of paper currency
    and coins, which enables secure and anonymous
    purchase of low-priced items
  • Micropaymentssmall payments, usually under 10

83
E-Coin.net
  • System consists of three participants
  • User
  • Opens an account with eCoin.com
  • Downloads a special e-wallet to their desktop PC
  • Purchases some eCoins with a credit card
  • Merchantembeds a special eCoin icon in its
    payment page
  • eCoin serveroperates as a broker
  • Keeps customer and merchant accounts
  • Accepts payment requests from the customers
    e-wallet
  • Computes embedded invoices for the merchant

84
E-Cash and Payment Card Alternatives (cont.)
  • Wireless payments
  • Vodafone m-pay bill system that enables
    wireless subscribers to use their mobile phones
    to make micropayments
  • Qpass (qpass.com)
  • Charges to qpass account, are charged to a
    specified credit card on a monthly basis

85
Stored-Value Cards
  • Stores cash downloaded from bank or credit card
    account
  • Visa casha stored-value card designed to handle
    small purchases or micropayments sponsored by
    Visa
  • Mondexa stored-value card designed to handle
    small purchases or micropayments sponsored by
    Mondex, a subsidiary of MasterCard

86
E-Loyalty and Reward Programs
  • Loyalty programs online
  • B2C sites spend hundreds of dollars acquiring new
    customers
  • Payback only comes from repeat customers who are
    likely to refer other customers to a site
  • Electronic scripta form of electronic money (or
    points), issued by a third party as part of a
    loyalty program can be used by consumers to make
    purchases at participating stores

87
E-Loyalty and Reward Programs (cont.)
  • Beenza form of electronic script offered by
    beenz.com that consumers earn at participating
    sites and redeem for products or services
  • Consumer earns beenz by visiting, registering, or
    purchasing at 300 participating sites
  • Beenz are stored and used for later purchases
  • Partnered with MasterCard to offer
    rewardzcardstored-value card used in U.S. and
    Canada for purchases where MasterCard is accepted
  • Transfer beenz into money to spend on Web, by
    phone, mail order, physical stores

88
E-Loyalty and Reward Programs (cont.)
  • MyPoints-CyberGold
  • Customers earn cash for viewing ads
  • Cash used for later purchases or applied to
    credit card account
  • Prepaid stored value cardsused online and
    off-line
  • RocketCash
  • Combines online cash account with rewards program
  • User opens account and adds funds
  • Used to make purchases at participating merchants

89
Internetcash
  • Teenage marketprimary reason for going online
  • Communicating with friends via email and chat
    rooms
  • homework
  • Researching information
  • Playing games
  • Downloading music or videos

90
Internetcash (cont.)
  • Why they do not shop online
  • Parents will not let them children their (the
    parents) credit cards online
  • They cannot touch the products
  • It is difficult to return items purchased on the
    Web
  • They do not have the money
  • Transaction may be insecure

91
Internetcash (cont.)
  • InternetCash offers prepaid stored-value cards
    sold in amounts of 10, 20, 50, and 100
  • Must be activated to work
  • Gives the user shopping privileges at online
    stores that carry an InternetCash icon
  • Purchases are automatically deducted from the
    value of the card
  • InternetCashs transactions are anonymous

92
Internetcash (cont.)
  • InternetCash is facing obstacles
  • First, they have to find retailers willing to
    sell the cards
  • Must persuade merchants to accept the card for
    online purchases
  • Legal issues

93
Person-to-Person Payments
  • Person-to-person (P2P) paymentse-payment schemes
    (such as paypal.com) that enable the transfer of
    funds between two individuals
  • Repaying money borrowed
  • Paying for an item purchased at online auction
  • Sending money to students at college
  • Sending a gift to a family member

94
Global B2B Payments
  • Letters of credit (LC)a written agreement by a
    bank to pay the seller, on account of the buyer,
    a sum of money upon presentation of certain
    documents
  • TradeCard (tradecard.com)innovative e-payment
    method that uses a payment card

95
Electronic Letters of Credit (LC)
  • Benefits to sellers
  • Credit risk is reduced
  • Payment is highly assured
  • Political/country risk is reduced
  • Benefits to the buyer
  • Allows buyer to negotiate for a lower purchase
    price
  • Buyer can expand its source of supply
  • Funds withdrawn from buyers account only after
    the documents have been inspected by the issuing
    bank

96
TradeCard Payments
  • TradeCard allows businesses to effectively and
    efficiently complete B2B transactions whether
    large or small, domestic or cross-border, or in
    multiple currencies
  • Buyers and sellers interact with each other via
    the TradeCard system
  • System
  • Checks purchase orders for both parties
  • Awaits confirmation from a logistics company that
    deliveries have been made and received
  • Authorizes payment completing financial
    transaction between the buyer and seller

97
E-Checking
  • E-checkthe electronic version or representation
    of a paper check
  • Eliminate need for expensive process
    reengineering and takes advantage of the
    competency of the banking industry
  • eCheck Secure (from vantaguard.com) and
    checkfree.com provide software that enables the
    purchase of goods and services with e-checks
  • Used mainly in B2B

98
Order Fulfillment Overview
  • Order fulfillmentall the activities needed to
    provide customers with ordered goods and
    services, including related customer services
  • Back-office operationsthe activities that
    support fulfillment of sales, such as accounting
    and logistics
  • Front-office operationsthe business processes,
    such as sales and advertising, that are visible
    to customers

99
Overview of Logistics
  • Logisticsthe operations involved in the
    efficient and effective flow and storage of
    goods, services, and related information from
    point of origin to point of consumption
  • Delivery of materials or services
  • Right time
  • Right place
  • Right cost

100
Exhibit 10.9Order Fulfillment and Logistics
Systems
101
EC Order Fulfillment Process
  • Steps in the process of order fulfillment
  • 1. Payment clearance
  • 2. In-stock availability
  • 3. Arranging shipments
  • 4. Insurance
  • 5. Production (planning, execution)
  • 6. Plant services
  • 7. Purchasing and warehousing
  • 8. Customer contacts
  • 9. Returns (Reverse logisticsmovement of returns
    from customers to vendors)
  • 10. Demand forecast
  • 11. Accounting, billing

102
Order Fulfillment and the Supply Chain
  • Order fulfillment and order taking are integral
    parts of the supply chain.
  • Flows of orders, payments, and materials and
    parts need to be coordinated among
  • Companys internal participants
  • External partners
  • The principles of supply chain management must be
    considered in planning and managing the order
    fulfillment process

103
Problems in Order Fulfillment
  • Manufacturers, warehouses, and distribution
    channels were not in sync with the e-tailers
  • High inventory costs
  • Quality problems exist due to misunderstandings
  • Shipments of wrong products, materials, and parts
  • High cost to expedite operations or shipments

104
Problems in Order Fulfillment (cont.)
  • Uncertainties
  • Major source of uncertainty is demand forecast
  • Demand is influenced by
  • Consumer behavior
  • Economic conditions
  • Competition
  • Prices
  • Weather conditions
  • Technological developments
  • Customers confidence

105
Problems in Order Fulfillment (cont.)
  • Demand forecast should be conducted frequently
    with collaborating business partners along the
    supply chain in order to correctly gauge demand
    and make plans to meet it
  • Delivery times depend on factors ranging from
    machine failures to road conditions
  • Quality problems of materials and parts (may
    create production time delays)
  • Labor troubles (such as strikes) can interfere
    with shipments

106
Problems in Order Fulfillment (cont.)
  • Order fulfillment problems are created due by
    lack of coordination and inability or refusal to
    share information
  • Bullwhip effectlarge fluctuations in inventories
    along the supply chain, resulting from small
    fluctuations in demand for finished products

107
Solutions to Order Fulfillment Problems
  • Improvements to order taking process
  • Order taking can be done on EDI, EDI/Internet, or
    an extranet, and it may be fully automated.
  • In B2B, orders are generated and transmitted
    automatically to suppliers when inventory levels
    fall below certain levels.
  • Result is a fast, inexpensive, and a more
    accurate process
  • Web-based ordering using electronic forms
    expedites the process
  • Makes it more accurate
  • Reduces the processing cost for sellers

108
Solutions to Order Fulfillment Problems (cont.)
  • Implementing linkages between order-taking and
    payment systems can also be helpful in improving
    order fulfillment
  • Electronic payments can expedite order
    fulfillment cycle and payment delivery period
  • Payment processing significantly less expensive
  • Fraud can be controlled better

109
Inventory Management Improvements
  • Inventories can be minimized by
  • Introducing a make-to-order (pull) production
    process
  • Providing fast and accurate demand information to
    suppliers
  • Inventory management can be improved (inventory
    levels and administrative expenses) can be
    minimized by
  • Allowing business partners to electronically
    track and monitor orders and production
    activities
  • Having no inventory at by digitizing products

110
Automated Warehouses
  • B2C order fulfillmentsend small quantities to a
    large number of individuals
  • Step 1 retailers contract Fingerhut to stock
    products and deliver Web orders
  • Step 2 merchandise stored SKU warehouse
  • Step 3 orders arrive
  • Step 4 computer program consolidates orders from
    all vendors into pick waves

111
Automated Warehouses (cont.)
  • Step 5 picked items moved by conveyors to
    packing area computer configures size and type
    of packing types special packing instructions
  • Step 6 conveyer takes packages to scanning
    station (weighed)
  • Step 7 scan destination moved by conveyer to
    waiting trucks
  • Step 8 full trucks depart for Post Offices

112
Same Day, Even Same Hour Delivery
  • Role of FedEx and similar shippers
  • From a delivery to all-logistics
  • Many services
  • Complete inventory control
  • Packaging, warehousing, reordering, etc.
  • Tracking services to customers

113
Same Day, Even Same Hour Delivery (cont.)
  • Supermarket deliveries
  • Transport of fresh food to people who are in
    homes only at specific hours
  • Distribution systems are critical
  • Fresh food may be spoiled

114
Partnering Efforts
  • Collaborative commerce among members of the
    supply chain results in
  • Shorter cycle times
  • Minimal delays and work interruptions
  • Lower inventories
  • Less administrative cost
  • Minimize bullwhip effect problem

115
Order Fulfillment in B2B
  • Using e-marketplaces and exchanges to ease order
    fulfillment problems
  • Both public and private marketplaces
  • E-procurement system controlled by one large
    buyer, suppliers adjust their activities and IS
    to fit the IS of the buyer
  • Company-centric marketplace can solve several
    supply chain problems
  • Use an extranet
  • Use a vertical exchange

116
Order Fulfillment in B2B (cont.)
  • Players in B2B fulfillment
  • Shippers (sellers)
  • Receivers (buyers)
  • Carriers
  • Third-party logistics providers
  • Warehouse companies
  • Vertical e-marketplaces
  • Transportation
  • e-marketplaces
  • Logistics software application vendors

117
Handling Returns
  • Necessary for maintaining customer trust and
    loyalty using
  • Return item to place it was purchased
  • Separate logistics of returns from logistics of
    delivery
  • Completely outsource returns
  • Allow customer to physically drop returned items
    at collection stations

118
UPS Provides Broad EC Services
  • Electronic tracking of packages
  • Electronic supply chain services for corporate
    customers by industry including
  • Portal page with industry-related information
  • Statistics
  • Calculators for computing shipping fees
  • Help customers manage electronic supply chains

119
The UPS Strategy (cont.)
  • Improved inventory management, warehousing, and
    delivery
  • Integration with shipping management system
  • Notify customers by e-mail of
  • Delivery status
  • Expected time of arrival of incoming packages

120
The UPS Strategy (cont.)
  • Representative tools
  • 7 transportation and delivery applications
  • Track packages
  • Analyze shipping history
  • Calculate exact time-in-transit
  • Downloadable tools
  • Proof of delivery
  • Optimal routing features
  • Delivery of digital documents
  • Wireless access to UPS system

121
Managerial Issues
  • What B2C payment methods should we use?
  • What B2B payment methods should we use?
  • Should we use an in-house payment mechanism or
    outsource it?
  • How secure are e-payments?
  • Have we planned for order fulfillment?
  • How should we handle returns?
  • Do we want alliances in order fulfillment?
  • What EC logistics applications would be useful?

122
Summary
  • Crucial factors determining the success of an
    e-payment method
  • Key elements in securing an e-payment
  • Online credit card players and processes
  • The uses and benefits of purchasing cards
  • Categories and potential uses of smart cards
  • Online alternatives to credit card payments

123
Summary (cont.)
  • E-check processes and involved parties
  • The role of order fulfillment and back-office
    operations in EC
  • The order fulfillment process
  • Problems in order fulfillment
  • Solutions to order fulfillment problems
Write a Comment
User Comments (0)
About PowerShow.com