ELC 200

1
ELC 200

• Day 22

2
Agenda

• Questions from last Class?
• Assignment 5
• Due April 17
• Assignment 6, 7 8 will be posted by Next Class
• 2 more assignments left
• Operations Finance ???
• EBiz plan and presentations
• Due May 8 _at_ 8AM
• More to come
• Two more Quizzes
• April 20 May 4
• Today's discussion is on Law, Ethics, andCyber
  Crime

3
Internet Security

• Cyber attacks are on the rise
• Internet connections are increasingly a point of
  attack
• The variety of attacks is on the rise
• Why now?
• Because thats where the money and information
  is!

4
Internet Security (cont.)

• Factors have contributed to the rise in cyber
  attacks
• Security and ease of use are antithetical to one
  another
• Security takes a back seat to market pressures
• Security of an EC site depends on the security of
  the Internet as a whole
• Security vulnerabilities are mushrooming
• Security is compromised by common applications
• Especially Microsoft products
• Buffer Overflows exploits

5
Basic Security Issues

• From the user s perspective
• How can the user be sure that the Web server is
  owned and operated by a legitimate company?
• How does the user know that the Web page and form
  do not contain some malicious or dangerous code
  or content?
• How does the user know that the Web server will
  not distribute the information the user provides
  to some other party?

6
Basic Security Issues (cont.)

• From the company s perspective
• How does the company know the user will not
  attempt to break into the Web server or alter the
  pages and content at the site?
• How does the company know that the user will not
  try to disrupt the server so that it is not
  available to others?

7
Basic Security Issues (cont.)

• From both parties perspectives
• How do they know that the network connection is
  free from eavesdropping by a third party
  listening in on the line?
• How do they know that the information sent back
  and forth between the server and the user s
  browser has not been altered?

8
Basic Security Issues (cont.)

• Authorization
• The process that ensures that a person has the
  right to access certain resources
• If the door is unlocked, are you authorized to
  enter?
• Authentication
• The process by which one entity verifies that
  another entity is who they claim to be by
  checking credentials of some sort

9
Basic Security Issues (cont.)

• Auditing
• The process of collecting information about
  attempts to access particular resources, use
  particular privileges, or perform other security
  actions
• Surveillance Cameras
• Confidentiality (privacy)
• Only authorized entities can view the
  information

10
Basic Security Issues (cont.)

• Integrity
• As applied to data, the ability to protect data
  from being altered or destroyed in an
  unauthorized or accidental manner
• Availability
• Nonrepudiation
• The ability to limit parties from refuting that
  a legitimate transaction took place, usually by
  means of a signature

11
Exhibit 9.2General Security Issues at E-Commerce
Sites
12
Types of Cyber Attacks

• Technical attack
• An attack perpetrated using software and systems
  knowledge or expertise
• Nontechnical attack
• An attack in which a perpetrator uses chicanery
  or other form of persuasion to trick people into
  revealing sensitive information or performing
  actions that compromise the security of a network
• Social Engineering

13
Types of Cyber Attacks (cont.)

• Common vulnerabilities and exposures (CVEs)
• Publicly known computer security risks or
  problems these are collected, enumerated, and
  shared by a board of security-related
  organizations (cve.mitre.org)
• http//www.cert.org/
• Denial-of-service (DoS) attack
• An attack on a Web site in which an attacker
  uses specialized software to send a flood of data
  packets to the target computer with the aim of
  overloading its resources

14
Types of Cyber Attacks (cont.)

• Distributed denial of service (DDoS) attack
• A denial-of-service attack in which the attacker
  gains illegal administrative access to as many
  computers on the Internet as possible and uses
  these multiple computers to send a flood of data
  packets to the target computer
• Malware
• A generic term for malicious software

15
How Hackers Hack

• Many Techniques
• Social Engineering
• Get someone to give you their password
• Cracking
• Guessing passwords
• A six letter password (no caps)
• gt 300 million possibilities
• Merriam-Webster's citation files, which were
  begun in the 1880s, now contain 15.7 million
  examples of words used in context and cover all
  aspects of the English vocabulary.
• http//www.m-w.com/help/faq/words_in.htm
• Buffer Overflows
• Getting code to run on other PCs
• Load a Trojan or BackDoor
• Snoop and Sniff
• Steal data
• Denial of Service (DOS)
• Crash or cripple a Computer from another computer
• Distributed Denial of Service (DDOS)
• Crash or cripple a Computer from multiple
  distributed computers

16
DOS attacks

• Kill the PC with one packet
• Exploits problem in O/S
• Teardrop
• WinNuke
• Kill the PC with lots of packets
• Smurf
• Frag
• Tribal Flood Network

17
SMURF Attack
Image from www.circlemudd.org
18
Attacks Requiring Protection

• Denial-of-Service (DoS) Attacks
• Make the system unavailable (crash it or make it
  run very slowly) by sending one message or a
  stream of messages. Loss of availability

Single Message DOS Attack (Crashes the Victim)
Server
Attacker
19
Attacks Requiring Protection

• Denial-of-Service (DoS) Attacks
• Make the system unusable (crash it or make it run
  very slowly) by sending one message or a stream
  of messages. Loss of availability.

Message Stream DOS Attack (Overloads the Victim)
Server
Attacker
20
Distributed Denial-of-Service Attacks
Distributed DOS (DDoS) Attack Messages Come from
Many Sources
Attack Command
DoS Attack Packets
Computer with Zombie
Attacker
Attack Command
Server
DoS Attack Packets
Computer with Zombie
21
Types of Cyber Attacks (cont.)

• Virus
• A piece of software code that inserts itself
  into a host, including the operating systems, to
  propagate it cannot run independently but
  requires that its host program be run to activate
  it
• Worm
• A software program that runs independently,
  consuming the resources of its host from within
  in order to maintain itself and propagating a
  complete working version of itself onto another
  machine

22
Types of Cyber Attacks (cont.)

• Trojan horse
• A program that appears to have a useful function
  but that contains a hidden function that presents
  a security risk
• Two of the better-known Trojan horses Back
  Orifice and NetBus
• Self-contained and self-installing utilities
  that can be used to remotely control and monitor
  the victim s computer over a network (execute
  commands, list files, upload and download files
  on the victims computer)

23
Trojan Horse Attack on Bugtraq List

• BugTraqa full disclosure moderated mailing list
  for the detailed discussion and announcement of
  computer security vulnerabilities
• What they are
• How to exploit them
• How to fix them

24
Trojan Horse Attack on Bugtraq List (cont.)

• SecurityFocus.com experts have been fooled
• Sent the code containing a Trojan horse
• to its 37,000 BugTrac subscribers
• Network Associates server found itself under
  attack
• The way the list is moderated did not change

25
Attacks Requiring Protection

• Malicious Content
• Viruses
• Infect files
• propagate by executing infected program
• Payloads may be destructive
• Worms
• propagate by themselves
• Trojan horses
• appear to be one thing, such as a game, but
  actually are malicious
• Snakes
• combine worm with virus, Trojan horses, and other
  attacks

26
Trojans and BackDoors

• The trick is get the a backdoor (unauthorized
  entry) on a machine
• Easy way
• Get the user to load it himself
• Cracked Software (WAREZ)
• Free Software (KAZAA)
• Hard Way
• Get a password
• Create a buffer overflow
• Microsoft can teach you how
• Most Common Trojans and backdoors
• SubSeven
• ServU
• Netbus
• Back Orifice
• If have download cracked software (illegal) or
  have loaded KAZAA chances are that you have been
  hacked!

27
I get at least one of these a day.
28
Snoop and Sniff
29
How Viruses Work
30
Getting Rid of Viruses

• Get a good Virus Projection Software
• Free (not Recommended)
• Anti-Vir
• Avast
• AVG
• Not Free
• Norton AntiVirus
• MacAfee
• Free for UMFK students and staff
• http//www.umfk.maine.edu/it/antivirus/
• Update definition files often

31
How Worms work

• Worms are pieces of software that self replicate
  over networks
• Choke networks
• Famous Worms
• Morris worm the first worm
• Code Red went after IIS servers
• Melissa e-mail worm
• Slammer - SQL worm
• Blaster Windows RPC worm
• MyDoom another e-mail worm that creates a
  BackDoor on your computer

32
Security Technologies

• Internet and EC security is a thriving business
• Firewalls and Access Control
• One major impediments to EC is the concern about
  the security of internal networks
• Sidestep the issue by letting third parties host
  their Web sites
• Primary means of access control is password

33
Security Technologies (cont.)

• Firewall
• A network node consisting of both hardware and
  software that isolates a private network from a
  public network
• Intrusion detection system (IDS)
• A special category of software that can monitor
  activity across a network or on a host computer,
  watch for suspicious activity, and take automated
  action based on what it sees

34
Security Technologies (cont.)

• Security risk management
• A systematic process for determining the
  likelihood of various security attacks and for
  identifying the actions needed to prevent or
  mitigate those attacks
• Assessment
• Planning
• Implementation
• Monitoring

35
Managerial Issues

• How can the global nature of EC impact business
  operations?
• What sorts of legal and ethical issues should be
  of major concern to an EC enterprise?
• What are the business consequences of poor
  security?

36
Managerial Issues (cont.)

• Are we safe if there are few visitors to our EC
  site?
• Is technology the key to EC security?
• Where are the security threats likely to come
  from?

37
Chapter 10Payments and Order Fulfillment
1
38
Learning Objectives

• Understand the crucial factors determining the
  success of e-payment methods
• Describe the key elements in securing an
• e-payment
• Discuss the players and processes involved in
  using credit cards online
• Describe the uses and benefits of purchase cards

39
Learning Objectives (cont.)

• Describe different categories and potential uses
  of smart cards
• Discuss various online alternatives to credit
  card payments and identify under what
  circumstances they are best used
• Describe the processes and parties involved in
  e-checking

40
Learning Objectives (cont.)

• Describe the role of order fulfillment and
  back-office operations in EC
• Describe the EC order fulfillment process.
• Describe the major problems of EC order
  fulfillment
• Describe various solutions to EC order
  fulfillment problems

41
LensDoc Organizes Payment Online

• The Problem
• LensDoconline retailer of contact lenses, sun
  and magnifying glasses
• Dental care and personal care products
• Customers pay by credit card (90 of all online
  purchases in the U.S.)
• Easy to purchase
• Easy to purchase fraudulently
• Contact lenses cannot be returned once used, but
  unsatisfied customers want their money back

42
LensDoc (cont.)

• Solutions
• Process credit card purchases by hand
• Require
• Home address
• Shipping address
• Assumption is that if the card being used is a
  fraudulent one, the perpetrator is unlikely to
  know the cardholders address

43
LensDoc (cont.)

• The Results
• Investigating alternative methods of payment
• Cash cards
• Special card-swiping peripherals
• Credit card processing services
• Currently disadvantages outweigh advantages of
  any of these alternatives

44
Electronic Payments

• Paying with credit cards online
• Until recently consumers were extremely reluctant
  to use their credit card numbers on the Web
• This is changing because
• Many of people who will be on the Internet in
  2004 have not even had their first Web experience
  today
• 85 of the transactions that occur on the Web are
  B2B rather than B2C (credit cards are rarely used
  in B2B transactions)

45
Electronic Payments (cont.)

• Four parties involved in e-payments
• Issuer
• Customers must obtain e-payment accounts from an
  issuer
• Issuers are usually involved in authenticating a
  transaction and approving the amount involved
• Customer/payer/buyer
• Merchant/payee/seller
• Regulator

46
Electronic Payments (cont.)

• Key issue of trust must be addressed
• PAIN
• Privacy
• Authentication and authorization
• Integrity
• Nonrepudiation

• Characteristics of successful e-payment methods
• Independence
• Interoperability and portability
• Security
• Anonymity
• Divisibility
• Ease of use
• Transaction fees

47
Security for E-Payments

• Public key infrastructure (PKI)a scheme for
  securing e-payments using public key encryption
  and various technical components
• Foundation of a number of network applications
• Supply chain management
• Virtual private networks
• Secure e-mail
• Intranet applications

48
Security for E-Payments

• Public key encryption
• Encryption (cryptography)the process of
  scrambling (encrypting) a message in such a way
  that it is difficult, expensive, or time
  consuming for an unauthorized person to
  unscramble (decrypt) it

49
Security for E-Payments (cont.)

• All encryption has four basic parts
• Plaintextan unencrypted message in
  human-readable form
• Ciphertexta plaintext message after it has been
  encrypted into unreadable form
• Encryption algorithmthe mathematical formula
  used to encrypt the plaintext into ciphertext and
  vice versa
• Keythe secret code used to encrypt and decrypt a
  message

50
Security for E-Payments (cont.)

• Two major classes of encryption systems
• Symmetric (private key)
• Used to encrypt and decrypt plain text
• Shared by sender and receiver of text
• Asymmetric (public key)
• Uses a pair of keys
• Public key to encrypt the message
• Private key to decrypt the message

51
Security for E-Payments (cont.)

• Public key encryptionmethod of encryption that
  uses a pair of keysa public key to encrypt a
  message and a private key (kept only by its
  owner) to decrypt it, or vice versa
• Private keysecret encryption code held only by
  its owner
• Public keysecret encryption code that is
  publicly available to anyone

52
Exhibit 10.1Private Key Encryption
53
Exhibit 10.2Key Sizes Time to Try All Possible
Keys
54
Security for E-Payments (cont.)

• Digital signaturesan identifying code that can
  be used to authenticate the identity of the
  sender of a message or document
• Used to
• Authenticate the identity of the sender of a
  message or document
• Ensure the original content of the electronic
  message or document is unchanged

55
Security for E-Payments (cont.)

• Digital Signatureshow they work
• Create an e-mail message with the contract in it
• Using special software, you hash the message,
  converting it into a string of digits (message
  digest)
• You use your private key to encrypt the hash
  (your digital signature

56
Security for E-Payments (cont.)

1. E-mail the original message along with the
   encrypted hash to the receiver
2. Receiver uses the same special software to hash
   the message they received
3. Company uses your public key to decrypt the
   message hash that you sent. If their hash matches
   the decrypted hash, then the message is valid

57
Exhibit 10.3Digital Signatures
58
Security for E-Payments (cont.)

• Digital certificatesverification that the holder
  of a public or private key is who he or she
  claims to be
• Certificate authorities (CAs)third parties that
  issue digital certificates

59
Crypto, Digital Signature and Digital Certificates

• Cryptography provides security by using
  encryption
• Ensures privacy
• Digital Signatures are just like a real signature
• DCMA makes them just as legally binding as a
  signed paper document
• Digital Certificates uses Cryptographic
  techniques to prove Identity

60
Digital Signature
Encrypted for Confidentiality
DS
Plaintext
Sender
Receiver
Add Digital Signature to Each Message Provides
Message-by-Message Authentication
61
Digital Signature Sender

• To Create the Digital Signature
• Hash the plaintext to create
• a brief message digest This is
• NOT the digital signature
• 2. Sign (encrypt) the message
• digest with the senders private
• key to create the digital
• Signature

Plaintext
Hash
MD
Sign (Encrypt) MD with Senders Private Key
DS
62
Digital Signature
Send Plaintext plus Digital Signature Encrypted
with Symmetric Session Key
DS
Plaintext
Sender Encrypts
Receiver Decrypts
Transmission
63
Digital Signature Receiver
1. Hash the received plaintext with the
same hashing algorithm the sender used. This
gives the message digest 2. Decrypt the
digital signature with the senders public key.
This also should give the message digest. 3. If
the two match, the message is authenticated The
sender has the true Partys private key
DS
Received Plaintext
2. Decrypt with True Partys Public Key
1. Hash
MD
MD
3. Are they Equal?
64
Public Key Deception
Verifier Must authenticate True Person.
Believes now has TPs public key Believes True
Person is authenticated based on Impostors
public key True Person, here is a message
encrypted with your public key.
Impostor I am the True Person. Here is
TPs public key. (Sends Impostors public key)
Here is authentication based on TPs private
key. (Really Impostors private key) Decryption
of message from Verifier encrypted with
Impostors public key, so Impostor can decrypt it
Critical Deception
65
Digital Certificates

• Digital certificates are electronic documents
  that give the true partys name and public key
• Applicants claiming to be the true party have
  their authentication methods tested by this
  public key
• If they are not the true party, they cannot use
  the true partys private key and so will not be
  authenticated
• Digital certificates follow the X.509 Standard

66
Digital Signatures and Digital Certificates

• Public key authentication requires both a digital
  signature and a digital certificate to give the
  public key needed to test the digital signature

Digital Certificate True Partys Public Key
Certificate Authority
Applicant
DS
Plaintext
Verifier
67
Standards for E-Payments

• Secure socket layer (SSL)protocol that utilizes
  standard certificates for authentication and data
  encryption to ensure privacy or confidentiality
• Transport Layer Security (TLS)as of 1996,
  another name for the Secure Socket Layer protocol

68
Standards for E-Payments (cont.)

• Secure Electronic Transaction (SET)a protocol
  designed to provide secure online credit card
  transactions for both consumers and merchants
  developed jointly by Netscape, Visa, MasterCard,
  and others

69
Electronic Cards and Smart Cards

• Payment cardselectronic cards that contain
  information that can be used for payment purposes
• Credit cardsprovides holder with credit to make
  purchases up to a limit fixed by the card issuer
• Charge cardsbalance on a charge card is supposed
  to be paid in full upon receipt of monthly
  statement
• Debit cardcost of a purchase drawn directly from
  holders checking account (demand-deposit account)

70
Electronic Cards and Smart Cards (cont.)

• The Players
• Cardholder
• Merchant (seller)
• Issuer (your bank)
• Acquirer (merchants financial institution,
  acquires the sales slips)
• Card association (VISA, MasterCard)
• Third-party processors (outsourcers performing
  same duties formerly provided by issuers, etc.)

71
Exhibit 10.4Online Credit Card Processing
72
Electronic Cards and Smart Cards (cont.)

• Credit card gatewayan online connection that
  ties a merchants systems to the back-end
  processing systems of the credit card issuer

• Virtual credit cardan e-payment system in which
  a credit card issuer gives a special transaction
  number that can be used online in place of
  regular credit card numbers

73
Electronic Cards and Smart Cards (cont.)

• Electronic wallets (e-wallets)a software
  component in which a user stores credit card
  numbers and other personal information when
  shopping online the user simply clicks the
  e-wallet to automatically fill in information
  needed to make a purchase
• One-click shoppingsaving your order information
  on retailers Web server
• E-walletsoftware downloaded to cardholders
  desktop that stores same information and allows
  one-click-like shopping

74
Electronic Cards and Smart Cards (cont.)

• Security risks with credit cards
• Stolen cards
• Reneging by the customerauthorizes a payment and
  later denies it
• Theft of card details stored on merchants
  computerisolate computer storing information so
  it cannot be accessed directly from the Web

75
Electronic Cards and Smart Cards (cont.)

• Purchasing cardsspecial-purpose payment cards
  issued to a companys employees to be used solely
  for purchasing nonstrategic materials and
  services up to a preset dollar limit
• Instrument of choice for B2B purchasing

76
E-Cards (cont.)

• Benefits of using purchasing cards
• Productivity gains
• Bill consolidation
• Payment reconciliation
• Preferred pricing
• Management reports
• Control

77
Exhibit 10.5Participants Process of Using a
Purchasing Card
78
Smart Cards

• Smart cardan electronic card containing an
  embedded microchip that enables predefined
  operations or the addition, deletion, or
  manipulation of information on the card

79
Smart Cards (cont.)

• Categories of smart cards
• Contact carda smart card containing a small gold
  plate on the face that when inserted in a
  smart-card reader makes contact and so passes
  data to and from the embedded microchip
• Contactless (proximity) carda smart card with an
  embedded antenna, by means of which data and
  applications are passed to and from a card reader
  unit or other device

80
Smart Cards (cont.)

• Securing smart cards
• Theoretically, it is possible to hack into a
  smart card
• Most cards can now store the information in
  encrypted form
• Same cards can also encrypt and decrypt data that
  is downloaded or read from the card
• Cost to the attacker of doing so far exceeds the
  benefits

81
Smart Cards (cont.)

• Important applications of smart card use
• Loyalty
• Financial
• Information technology
• Health and social welfare
• Transportation
• Identification

82
E-Cash and Innovative Payment Methods

• E-cashthe digital equivalent of paper currency
  and coins, which enables secure and anonymous
  purchase of low-priced items
• Micropaymentssmall payments, usually under 10

83
E-Coin.net

• System consists of three participants
• User
• Opens an account with eCoin.com
• Downloads a special e-wallet to their desktop PC
• Purchases some eCoins with a credit card
• Merchantembeds a special eCoin icon in its
  payment page
• eCoin serveroperates as a broker
• Keeps customer and merchant accounts
• Accepts payment requests from the customers
  e-wallet
• Computes embedded invoices for the merchant

84
E-Cash and Payment Card Alternatives (cont.)

• Wireless payments
• Vodafone m-pay bill system that enables
  wireless subscribers to use their mobile phones
  to make micropayments
• Qpass (qpass.com)
• Charges to qpass account, are charged to a
  specified credit card on a monthly basis

85
Stored-Value Cards

• Stores cash downloaded from bank or credit card
  account
• Visa casha stored-value card designed to handle
  small purchases or micropayments sponsored by
  Visa
• Mondexa stored-value card designed to handle
  small purchases or micropayments sponsored by
  Mondex, a subsidiary of MasterCard

86
E-Loyalty and Reward Programs

• Loyalty programs online
• B2C sites spend hundreds of dollars acquiring new
  customers
• Payback only comes from repeat customers who are
  likely to refer other customers to a site
• Electronic scripta form of electronic money (or
  points), issued by a third party as part of a
  loyalty program can be used by consumers to make
  purchases at participating stores

87
E-Loyalty and Reward Programs (cont.)

• Beenza form of electronic script offered by
  beenz.com that consumers earn at participating
  sites and redeem for products or services
• Consumer earns beenz by visiting, registering, or
  purchasing at 300 participating sites
• Beenz are stored and used for later purchases
• Partnered with MasterCard to offer
  rewardzcardstored-value card used in U.S. and
  Canada for purchases where MasterCard is accepted
• Transfer beenz into money to spend on Web, by
  phone, mail order, physical stores

88
E-Loyalty and Reward Programs (cont.)

• MyPoints-CyberGold
• Customers earn cash for viewing ads
• Cash used for later purchases or applied to
  credit card account
• Prepaid stored value cardsused online and
  off-line
• RocketCash
• Combines online cash account with rewards program
• User opens account and adds funds
• Used to make purchases at participating merchants

89
Internetcash

• Teenage marketprimary reason for going online
• Communicating with friends via email and chat
  rooms
• homework
• Researching information
• Playing games
• Downloading music or videos

90
Internetcash (cont.)

• Why they do not shop online
• Parents will not let them children their (the
  parents) credit cards online
• They cannot touch the products
• It is difficult to return items purchased on the
  Web
• They do not have the money
• Transaction may be insecure

91
Internetcash (cont.)

• InternetCash offers prepaid stored-value cards
  sold in amounts of 10, 20, 50, and 100
• Must be activated to work
• Gives the user shopping privileges at online
  stores that carry an InternetCash icon
• Purchases are automatically deducted from the
  value of the card
• InternetCashs transactions are anonymous

92
Internetcash (cont.)

• InternetCash is facing obstacles
• First, they have to find retailers willing to
  sell the cards
• Must persuade merchants to accept the card for
  online purchases
• Legal issues

93
Person-to-Person Payments

• Person-to-person (P2P) paymentse-payment schemes
  (such as paypal.com) that enable the transfer of
  funds between two individuals
• Repaying money borrowed
• Paying for an item purchased at online auction
• Sending money to students at college
• Sending a gift to a family member

94
Global B2B Payments

• Letters of credit (LC)a written agreement by a
  bank to pay the seller, on account of the buyer,
  a sum of money upon presentation of certain
  documents
• TradeCard (tradecard.com)innovative e-payment
  method that uses a payment card

95
Electronic Letters of Credit (LC)

• Benefits to sellers
• Credit risk is reduced
• Payment is highly assured
• Political/country risk is reduced

• Benefits to the buyer
• Allows buyer to negotiate for a lower purchase
  price
• Buyer can expand its source of supply
• Funds withdrawn from buyers account only after
  the documents have been inspected by the issuing
  bank

96
TradeCard Payments

• TradeCard allows businesses to effectively and
  efficiently complete B2B transactions whether
  large or small, domestic or cross-border, or in
  multiple currencies
• Buyers and sellers interact with each other via
  the TradeCard system
• System
• Checks purchase orders for both parties
• Awaits confirmation from a logistics company that
  deliveries have been made and received
• Authorizes payment completing financial
  transaction between the buyer and seller

97
E-Checking

• E-checkthe electronic version or representation
  of a paper check
• Eliminate need for expensive process
  reengineering and takes advantage of the
  competency of the banking industry
• eCheck Secure (from vantaguard.com) and
  checkfree.com provide software that enables the
  purchase of goods and services with e-checks
• Used mainly in B2B

98
Order Fulfillment Overview

• Order fulfillmentall the activities needed to
  provide customers with ordered goods and
  services, including related customer services
• Back-office operationsthe activities that
  support fulfillment of sales, such as accounting
  and logistics
• Front-office operationsthe business processes,
  such as sales and advertising, that are visible
  to customers

99
Overview of Logistics

• Logisticsthe operations involved in the
  efficient and effective flow and storage of
  goods, services, and related information from
  point of origin to point of consumption
• Delivery of materials or services
• Right time
• Right place
• Right cost

100
Exhibit 10.9Order Fulfillment and Logistics
Systems
101
EC Order Fulfillment Process

• Steps in the process of order fulfillment

• 1. Payment clearance
• 2. In-stock availability
• 3. Arranging shipments
• 4. Insurance
• 5. Production (planning, execution)
• 6. Plant services
• 7. Purchasing and warehousing

• 8. Customer contacts
• 9. Returns (Reverse logisticsmovement of returns
  from customers to vendors)
• 10. Demand forecast
• 11. Accounting, billing

102
Order Fulfillment and the Supply Chain

• Order fulfillment and order taking are integral
  parts of the supply chain.
• Flows of orders, payments, and materials and
  parts need to be coordinated among
• Companys internal participants
• External partners
• The principles of supply chain management must be
  considered in planning and managing the order
  fulfillment process

103
Problems in Order Fulfillment

• Manufacturers, warehouses, and distribution
  channels were not in sync with the e-tailers
• High inventory costs
• Quality problems exist due to misunderstandings
• Shipments of wrong products, materials, and parts
• High cost to expedite operations or shipments

104
Problems in Order Fulfillment (cont.)

• Uncertainties
• Major source of uncertainty is demand forecast
• Demand is influenced by
• Consumer behavior
• Economic conditions
• Competition
• Prices
• Weather conditions
• Technological developments
• Customers confidence

105
Problems in Order Fulfillment (cont.)

• Demand forecast should be conducted frequently
  with collaborating business partners along the
  supply chain in order to correctly gauge demand
  and make plans to meet it
• Delivery times depend on factors ranging from
  machine failures to road conditions
• Quality problems of materials and parts (may
  create production time delays)
• Labor troubles (such as strikes) can interfere
  with shipments

106
Problems in Order Fulfillment (cont.)

• Order fulfillment problems are created due by
  lack of coordination and inability or refusal to
  share information
• Bullwhip effectlarge fluctuations in inventories
  along the supply chain, resulting from small
  fluctuations in demand for finished products

107
Solutions to Order Fulfillment Problems

• Improvements to order taking process
• Order taking can be done on EDI, EDI/Internet, or
  an extranet, and it may be fully automated.
• In B2B, orders are generated and transmitted
  automatically to suppliers when inventory levels
  fall below certain levels.
• Result is a fast, inexpensive, and a more
  accurate process
• Web-based ordering using electronic forms
  expedites the process
• Makes it more accurate
• Reduces the processing cost for sellers

108
Solutions to Order Fulfillment Problems (cont.)

• Implementing linkages between order-taking and
  payment systems can also be helpful in improving
  order fulfillment
• Electronic payments can expedite order
  fulfillment cycle and payment delivery period
• Payment processing significantly less expensive
• Fraud can be controlled better

109
Inventory Management Improvements

• Inventories can be minimized by
• Introducing a make-to-order (pull) production
  process
• Providing fast and accurate demand information to
  suppliers
• Inventory management can be improved (inventory
  levels and administrative expenses) can be
  minimized by
• Allowing business partners to electronically
  track and monitor orders and production
  activities
• Having no inventory at by digitizing products

110
Automated Warehouses

• B2C order fulfillmentsend small quantities to a
  large number of individuals
• Step 1 retailers contract Fingerhut to stock
  products and deliver Web orders
• Step 2 merchandise stored SKU warehouse
• Step 3 orders arrive
• Step 4 computer program consolidates orders from
  all vendors into pick waves

111
Automated Warehouses (cont.)

• Step 5 picked items moved by conveyors to
  packing area computer configures size and type
  of packing types special packing instructions
• Step 6 conveyer takes packages to scanning
  station (weighed)
• Step 7 scan destination moved by conveyer to
  waiting trucks
• Step 8 full trucks depart for Post Offices

112
Same Day, Even Same Hour Delivery

• Role of FedEx and similar shippers
• From a delivery to all-logistics
• Many services
• Complete inventory control
• Packaging, warehousing, reordering, etc.
• Tracking services to customers

113
Same Day, Even Same Hour Delivery (cont.)

• Supermarket deliveries
• Transport of fresh food to people who are in
  homes only at specific hours
• Distribution systems are critical
• Fresh food may be spoiled

114
Partnering Efforts

• Collaborative commerce among members of the
  supply chain results in
• Shorter cycle times
• Minimal delays and work interruptions
• Lower inventories
• Less administrative cost
• Minimize bullwhip effect problem

115
Order Fulfillment in B2B

• Using e-marketplaces and exchanges to ease order
  fulfillment problems
• Both public and private marketplaces
• E-procurement system controlled by one large
  buyer, suppliers adjust their activities and IS
  to fit the IS of the buyer
• Company-centric marketplace can solve several
  supply chain problems
• Use an extranet
• Use a vertical exchange

116
Order Fulfillment in B2B (cont.)

• Players in B2B fulfillment

• Shippers (sellers)
• Receivers (buyers)
• Carriers
• Third-party logistics providers
• Warehouse companies

• Vertical e-marketplaces
• Transportation
• e-marketplaces
• Logistics software application vendors

117
Handling Returns

• Necessary for maintaining customer trust and
  loyalty using
• Return item to place it was purchased
• Separate logistics of returns from logistics of
  delivery
• Completely outsource returns
• Allow customer to physically drop returned items
  at collection stations

118
UPS Provides Broad EC Services

• Electronic tracking of packages
• Electronic supply chain services for corporate
  customers by industry including
• Portal page with industry-related information
• Statistics
• Calculators for computing shipping fees
• Help customers manage electronic supply chains

119
The UPS Strategy (cont.)

• Improved inventory management, warehousing, and
  delivery
• Integration with shipping management system
• Notify customers by e-mail of
• Delivery status
• Expected time of arrival of incoming packages

120
The UPS Strategy (cont.)

• Representative tools
• 7 transportation and delivery applications
• Track packages
• Analyze shipping history
• Calculate exact time-in-transit
• Downloadable tools
• Proof of delivery
• Optimal routing features
• Delivery of digital documents
• Wireless access to UPS system

121
Managerial Issues

• What B2C payment methods should we use?
• What B2B payment methods should we use?
• Should we use an in-house payment mechanism or
  outsource it?
• How secure are e-payments?
• Have we planned for order fulfillment?
• How should we handle returns?
• Do we want alliances in order fulfillment?
• What EC logistics applications would be useful?

122
Summary

• Crucial factors determining the success of an
  e-payment method
• Key elements in securing an e-payment
• Online credit card players and processes
• The uses and benefits of purchasing cards
• Categories and potential uses of smart cards
• Online alternatives to credit card payments

123
Summary (cont.)

• E-check processes and involved parties
• The role of order fulfillment and back-office
  operations in EC
• The order fulfillment process
• Problems in order fulfillment
• Solutions to order fulfillment problems