Important Factors Affecting E-Commerce: 1) Successful Marketing Campaign a) Low tech, high touch marketing vs.

high tech, high touch marketing b) Internet marketing i) E-mail marketing (1) Defining the reach, span (2) Direct e-mail (3) Language translation (global market) (4) Outsourcing e-mail marketing (a) Huge e-mail volume (b) Inadequate staff (c) Lack of technical support (5) E-mail system be set up to sort and direct emails automatically ii) Web-based promotions (1) Click rewards, point-based rewards, sweepstakes (2) Click miles, discount (3) Virtual coupons iii) Online advertising (1) Web page banner ads (2) Register with search engines (3) Pop-up boxes (4) Alliance with advertising/game dot com companies iv) Please refer to the handouts for more resource entries 2) Successful Customer Relationship Management System (CRM) a) Data mining (algorithms, statistical tools) i) SAS, SPSS, DataSage ii) Group/rank customers by profitability, sales, number of visits per week, expenditure per visit, etc.; retention forecast. b) Online tracking i) Web cookie ii) Log-file analysis location, IP address, time of visit, frequency of visit, and others

c) Online survey d) Online registration e) Technology Interactivity i) Effective and attractive Web site (HTML) ii) Java Script / VBScript to enhance functionality iii) Smooth communication between clients browser and a server iv) Managing customer database is essential 3) Safe And Secured Online Monetary Transaction a) Electronic Debit b) Micropayments c) E-payments in B2B transactions d) E-billing in B2C e) Online banking 4) Security Issue a) Morden cryptosystems i) Key (1) a binary/digital string based on bits of a message as a password (2) Key length determines the strength of encryption, requires more time and computing power to break the code. (3) Present policy No cryptosystem to a foreign government or a country with embargo restriction (January 2000) ii) Secret-key (symmetric secret key) cryptography (1) Delivery of the symmetric secret key (2) Insecure on a large network (3) Large number of symmetric keys iii) A key distribution center (KDC) (1) A different symmetric key with every user (2) A session key for a single transaction iv) Public key cryptography (1976, Stanford University) (1) Public key, private key (asymmetric) (2) A message encrypted using a public key can only be decrypted by a private key

(3) Higher level of privacy (4) Mathematically related, computationally infeasible to deduce (5) No way to validate the ownership of a public key b) Digital signature i) Plain text message ii) Hash function hash value a message digest iii) Encrypt the message digest to get a signature using the senders private key iv) Encrypt the message using the public key v) Decode the message digest, and the message using asymmetric approach vi) Apply the hash function to the original message to match the message digest message integrity vii) Dependent on the content of the message viii) No proof of actual delivery of the message acclaim key stolen ix) Timestamping by a third party timestamping agencys private key (time and date) c) PKI PK, Digital certificate, CA (a) A digital combination of your name, public key, a serial number, expiration date, signature of CA, and others (VeriSyn.com) (b) DC capabilities built into many e-mail packages d) Security protocols i) SSL (Secure Sockets Layer) (1) By Netscape Communications (2) Built into Web Browsers (Netscape, Internet Explorer) (3) It operates between TCP/IP (Transmission Control Protocol/Internet Protocol) and application programs (4) Sockets secured using Public key cryptography/ session keys (symmetric secret keys) for a particular transaction and DC to authenticate the server (5) Does not protect private information (6) PCI cards installed on the Web server to secure data for the entire transaction from the client ii) SET (Secure Electronic TransactionTM) (1) Developed by Visa Intl and Master Card

(2) To protect e-commerce payment transaction (3) Credit/debit card information, digital certificate, digital wallet (4) Process (a) Digital certificate to digital wallet by SET (b) Encrypted credit and order / DC to merchant (c) Merchant forward to bank for payment (d) Merchant bank send purchase amount and their own DC to customer bank for approval (e) Authorize to pay (f) Credit card authorization from merchant bank to merchant (g) Merchant confirms to customer (5) Merchant never sees customers credit card information (6) Cost on software, time consuming iii) Security Attacks (1) Denial-of-service (2) Viruses (in attachment, audio clip, video clip, games) (a) Transient virus attack a specific program (b) Resident virus once loaded into the memory of a computer, operates for the duration of the computers use (c) Logic bomb triggers when a given condition is met (d) Trojan horse hides within a friendly, legitimate program to do background damage (e) Examples (i) Melissa (March 1999) a Word attachment (ii) ILOVEYOU (May 2000) 10 to 15 billion dollar damages within a few hours (iii)A video clip to give attacker access to the infected computers, to launch a denial of service attack (June 2000). (3) Worms similar to a virus, infect files on its own over a network. Snapper, Mywife, Witty are the examples. Witty, a highly malicious worm, is capable of

corrupting the hard drives of infected machines, preventing normal operation of the PC and eventually causing it to crash. iv) Network Security (1) Firewalls (a) Protect LANs from outside intruders (b) Packet-filtering firewalls (i) Prevent any data packets with local network addresses (ii) Check only the source of data (c) Application level gateway (i) Screen the actual data (d) Good for small networks and home users. (2) Kerberos (MIT) (a) 70% to 90% attacks come from inside (b) freely available, open-source protocol (c) Ticket Granting Service (TGS) vs. Key Distribution Center (d) Symmetric key criptography to authenticate users in a network. (e) Log in and password to get a TGT (f) Send the decrypted TGT to get ST to access specific network services (3) Biometrics the dominant security technology of the future (a) Finger prints - Compaq provides a biometrics PC card. When it is installed on a PC, a small camera takes a photo of the individuals fingerprint. This is then used for identification of the frequent user to simplify access to the PC. (b) Eyeball iris scan (c) Face scan (d) Biopassword The biopassword software program studies the rhythm and timing of an individuals typing to create a profile. This is then used to either permit or deny access. (4) Steganography and digital watermarking (a) BURIED UNDER YARD (b) Digital watermarks (visible or invisible) (c) Protect digital publishers

(d) Watermarking software using cryptographic keys to generate and embed steganographic digital watermarks into music and images.