Summary

This document provides an overview of retail models, focusing on online retail and service industries. It discusses the current trends and future vision of online retail, including the growing mobile e-commerce, and use of social networks. Analyzing the different industries like finance, insurance, real estate, and travel, it explores the challenges and benefits of online operations.

Full Transcript

REVISION Saturday, July 20, 2024 6:27 PM LECTURE 5: OVERVIEW OF RETAIL MODELS Important keywords: - Online retail: type of e-commerce whereby a business sells goods/services directly to consumers from a website - HUMAN INTERACTION INTEGRATION, HUMAN TOUCH: THE LEVEL/INTENSITY DEPENDS ON WH...

REVISION Saturday, July 20, 2024 6:27 PM LECTURE 5: OVERVIEW OF RETAIL MODELS Important keywords: - Online retail: type of e-commerce whereby a business sells goods/services directly to consumers from a website - HUMAN INTERACTION INTEGRATION, HUMAN TOUCH: THE LEVEL/INTENSITY DEPENDS ON WHICH SERVICE INDUSTRY A. Online retail: Now & the vision 1. Now: Growing mobile e-commerce Use of social network to interact with customers/stores Growing online retail Wide selection of goods for comparison Specialty retail sites: what can’t be found in e-commerce sites e.g. shopee? Specialty sites are the platforms, the provider. Subscription based model, especially for digital product & service Big data for predictive marketing & personalisation 2. The vision in the future: Reduced costs: search & transaction cost, no need transportation cost, find lowest prices Lower market entry cost: no need high capital investment, low operating costs, automation improves efficiency Less physical stores, but never pure-play Disintermediation in some industries Growing omni-channel B. Environment of online retail sector: Service industries: - Finance (high human integration): need human assistance, usually for opening up account or when problem occurs. Present in form of online & mobile banking, loans (pay later), digital credit, e-wallet. -> challenges: Prone to fraud/scam using the financial insitution's reputation Technological disruption, maintenance, server error Cybersecurity (data theft) Online customer trust -> benefits/advantages: Improved customer experience: convenience, personalisation Reduced costs: cost-effective system to monitor Improved efficiency: automation, quick response to customers Big data -> personalisation, predictive marketing - Insurance (high human integration): need human assistance for reimbursement (most of the time personalized) and consultation; embedded insurance at the point of sale, e.g. checkout page; or insurance as value-added service, e.g. shopify provide resources and partnerships that help merchants understand their insurance needs, thus enhancing the overall shopping experience. -> challenges: Cybersecurity (data theft, technological disruption) Prone to fraud/scam using the insurance insitution's reputation; fraud in claims processing Failure to automate online claim processes -> break customer trust and reduce customer satisfaction -> advantages: Improved customer service: personalisation, quick response, convenience Improved efficiency: faster claims processing, automation, employees focus on core tasks Transparency: detailed information of premiums on website, customer can do comparison; also improve online trust Big data: personalisation, predictive marketing - Real estate (high human integration): need human assistance for on-site survey, consultation as property is high-commitment good; online property listing providing house listing, virtual tours, loan calculators, research materials, make offers online, e.g. PropertyGuru -> challenges: Intense competition among numerous platforms: property sellers can put up ads on different platforms at the same time Fraud/scam transactions: prone to deepfake, negatively impact online trust & reputation Cybersecurity: data theft & technological disruptions -> advantages: Convenience: quick search, filter features, map-based search, can be accessed anywhere anytime, easy online booking for survey & consultation Transparency: product & price comparison, picture & video of the property, detailed information posted on platform Big data: personalisation, algorithm, predictive marketing - Travel (low human integration): most of the time no need human assistance unless problem occurs (e.g. refund claims); very B2C, appears as Online Travel Agents e.g. Booking.com, Agoda. -> For consumers: convenience E-commerce Page 1 -> For consumers: convenience -> For suppliers: Focused customer pool & targeted advertising -> challenges: Intense competition with numerous OTAs with innovative business models & offering, e.g. Airbnb; or other OTAs offering bigger discount & lower rates; also consider official accomodation & transportation websites that generally offer lower rates Cybersecurity: data theft, data protection Regulatory compliance: travel-specific regulations, e.g. during pandemic Wavering customer loyalty: Many customers would have no problem booking with another brand or company if certain conditions, including price, schedule, or locations, were preferable. -> advantages: Reduced cost: disintermediation, mainly automated & self-service, cost-effective Transparency: price comparison, detailed information, pictures & videos of the accommodation & transportation Convenience: quick search & booking anywhere anytime Big data: personalisation, predictive marketing, algorithm -> 4 major sectors in online travel market: Airline tickets Hotel reservation Car rental Travel package -> Online travel industry characteristics: Intense competition Price competition Industry consolidation: larger players acquiring smaller competitors, e.g. Booking.com's acquisition of Kayak (OTA from Brazil). This leads to reduced competition & higher prices for consumers. Impact of meta-search engines: Google helps drive traffic to OTAs websites & provide price comparison, though this also put pressure on margins & harder differentiation for each OTA provider. Influence of mobile app & social media: change in consumer behavior to reserve travel via mobile app, looking up for online reviews from social media, hence influencing travel decisions. - Business services (subjective, some may have high human integration & vice versa): consulting usually has high human integration (e.g. Esri Malaysia), advertising & marketing low human integration (socmed ads, PPC ads) -> challenges: Intense competition: must enhance value propositions Security concerns against cyber threats Maintaining quality of service when done online -> advantages: Wider reach & access to clients Cost-effective: reduce overhead associated with capital; increase profitability Improved efficiency: automation of various processes, e.g. client onboarding, initial consultation, project management Big data -> customer data, personalisastion, predictive marketing, long-term CRM Convenience: providers work from anywhere, clients access services at their convenience - Professional service (high human integration): need face-to-face further consultation & approach; legal, accounting (e.g. Xero) - Health service (e.g. DcotorOnCall, Doctor2U) -> challenges: Security concerns against cyber threats Maintaining quality of service when done online Limited efficiency: many processes still rely on face-to-face/manual interactions -> advantages: Wider reach & access to clients Improved efficiency: automation of various processes, e.g. doctor consultation Big data -> customer data, personalisation, predictive marketing, long-term CRM Convenience - Educational service (50:50 human integration; moderate): face-to-face learning still on demand; online learning program (e.g. British council, online courses, hybrid learning) -> challenges: Disparity in access to reliable & functional tech & internet Maintaining student engagement & motivation in virtual environment Technical issues & difficulties Maintaining quality of course content & delivery Increasing competition with numerous institutions offering similar programs Difficult to build trust & credibility of online programs -> advantages: Convenience in accessibility Cost-effective: usually cheaper; no need transportation cost; some online courses no need to open up physical learning center Diverse course offerings Wider reach Improved learning experience: personalized learning, flexibility, lifetime access E-commerce Page 2 - Online career service (recruitment) -> moderate human integration: still need human integration in interview, training, appraisal; e.g. linkedin, indeed, jobstreet -> challenges: Fraud/scam using the company's reputation Disparity in tech & accessibility -> advantages: Making recruitment process more efficient & cost-effective Hire the most-suitable candidates: Many online recruitment platforms offer tools for applicant tracking and screening, enabling employers to filter candidates based on specific criteria. E.g. linkedin Convenience & flexibility: apply jobs from anywhere at anytime, employers review applications & conduct interviews remotely Transparency: location-based job vacancies, salary search, criteria & job description C. On-demand service companies: what can't be found on retail e-commerce e.g. Shopee & Lazada; usually specific specialisaition; connect waiting-time-sensitive customers with independent service providers or agents. The online platform serves as a mediator between a business & customer, allowing them to find each other & engage in customer-provider relationship, e.g. Uber (driver-customer), Netflix (video contents-customer). Usually payment done via online payment system, and such platform focus on single domain area, also customer can choose the service they require from wide selection of choices provided in the platform. Also depends on online reputation system, such as peer review on app. Rely more on gig workers than full-time ones, creating concerns on job security, wages, working conditions. Also concern pertaining to safety & quality control. -> Characteristics of on-demand service: Delay sensitivity: customers expect goods/services to be delivered immediately Agent independence: serve as independent contractors in the sense that they decide whether and when to work and receive payments from the platform for each service completion. D. Strategic analysis factors 1. Key industry strategic factors Barriers to entry (low) Power of suppliers (moderate) Power of customers (high) Existence of substitutes (high) Industry value chain Nature of intra-industry competition (high) 2. Firm-specific factors: because of intra-industry competition Firm value chain: outsource & collaboration Synergies: created by collaboration of value chain with other firms Technology: sharing technology Core competencies: gain plus point from synergies & collaboration, one-stop for customers, wider & targeted reach with same customer pool Social & legal challenges: leverage reputation, market share, and legal protection under bigger firms that we collaborate with E. Four types of online retailing business models: ○ Omnichannel: a hybrid between online and brick-to-mortar business, provides a seamless and integrated shopping experience across multiple channels, including online, mobile, and brick-and-mortar stores. ○ Factory-Direct: Factory who manufactures goods and directly sells to customers with no intermediary. Example: Casper. ○ Catalogue Merchant: Retailer that primarily uses a product catalogue to showcase and sell its merchandise. ○ Virtual Merchant: retailer that operates exclusively online without any physical storefronts. These businesses conduct all sales through their websites or mobile apps, offering products or services directly to consumers over the internet. LECTURE 6 : OVERVIEW OF AUCTIONS, INTERACTIVE BIDDING, AND BARTERING CONCEPTS Important keywords: - Auction market mechanism by which buyers make bids & sellers place offers; competitive & dynamic pricing until the final price is reached - Electronic auction (e-auction): auction conducted online - Dynamic pricing: price fluctuates based on supply & demand at any given time - 7 major types of auctions: english, dutch, first-price sealed-bid, vickrey, double auction (open-outcry), double auction (sealed-bid), reverse auction (seller-bid) A. Types of dynamic pricing in auction E-commerce Page 3 1. One buyer-one seller - Negotiation: a process of bargaining or discussion between buyer & seller aimed at reaching an agreement that is acceptable to both parties. -> Online negotiation: a back-and-forth process of bargaining until buyer and seller reach mutually agreeable price; done online. -> usually used in online auctions such as eBay where customer can request price offer to seller. Seller can either counter, reject, or accept the offer. -> Advantages: Price flexibility & better deals Customization tailored to meet the specific needs of buyer & seller Relationship building between buyer & seller, may lead to repeat transactions Conflic resulation -> Disadvantages: Might be time-consuming: lengthy process, delaying transaction, potential lost sales opportunities Might also harm relationship between buyer & seller Inequality in power dynamic, e.g. buyer might have greater power of seller when buying goods with lots of substitutes; reversely, seller might negotiate much higher price when selling limited edition products - Bartering: the exchange of goods & services; usually without the use of money and skip the middle-man but would be much safer if done with credible middle-man -> electronic bartering (e-bartering): bartering conducted online, usually by a bartering exchange; usually C2C barter exchanges; e.g. bartering through social media -> example of online bartering systems: BizX, where businesses can sell products in exchange for digital currency "BizX dollars" which can be used for business operations on the platform. -> Advantages: Very simple because there's no use of money: no inflation & devaluation, foreign exchange, monetary issues Not influenced by problems of international trade, e.g. balance of trade. Resources are perfectly utilized; people produce just enough for them to get by and trade takes place at the right amount they need. -> Disadvantages: Indivisibility of goods: some goods may not be able to be broken down to smaller value or even lose value due to the nature of the goods, e.g. agricultural & animal stock produce Absence of common measure of value: disagreements on the value/worth of goods/services Absence of storage of wealth: the storage of perishable items in the barter system did not last & could not be used to measure wealth; unlike money where the more we store, the greater our wealth. Absence of double coincidence of wants: need to find trading partner that actually needs what we're offering; match their availability 2. One buyer-many seller: usually in B2B & B2G - Reverse auction: multiple sellers compete to win a contract/sell their products to a single buyer; buyer specifies their requirements and invites sellers to submit bids aimed at obtaining the best price -> characteristics: Buyer-centric Competitive bidding Time-limited -> Examples: procurement , government contracts, construction project -> Advantages Price deal Time efficiency accelerate decision-making & procurement cycle time Access to wider supplier base Transparency: all sellers gain same information, promoting fairness & transparency, can help build trust among sellers & buyer Get the most suitable goods/service because of clear requirements Opportunities for smaller suppliers -> Disadvantages: Quality mismatch due to lower price Can also strain relationship with sellers because they feel undervalued Pressure on sellers, mostly harm small sellers - RFQ: "Request for Quotation" in reverse auction, buyer issues an RFQ to invite sellers to submit bids. RFQ usually includes details of bids e.g. description of products, quanity, delivery requirements, T&C, etc. E-commerce Page 4 of products, quanity, delivery requirements, T&C, etc. - Tendering: A formal invitation by buyer (usually government) for suppliers to submit sealed bids for goods or services, often used in public procurement. -> key differences between tender vs reverse auctions: Process: tender is more formal & regulated, usually bids are evaluated after deadline. Meanwhile reverse auction is usually less formal and features real-time bidding. Timeframe: tender usually has longer timeframe for submission & evaluation, while reverse auction conducted within shorter timeframe for quick decision-making Outcome: winning the tender usually based on price & other criteria e.g. quality, while reverse auction primarily focuses on price (lowest bid usually wins) 3. Many buyer-one seller: forward/regular auction - English auction (ascending-price auction, open auction, open-outcry) Bids are publicly announced Bidding price increases until no one is willing to bid higher Minimum bid: the starting price. Item not sold if theres no bidders willing to pay. Reserve price: seller's minimum price. Item not sold if this price is not met. - Dutch auction (descending-price auction) Bidding starts at a high price the drops until bidder accepts the price Similar items for sale Use a clock, price drops with each tick. First bidder to stop the clock wins the bid, if item remains the clock will be restarted. Generally better for seler because buyer will not let bid drop much; fear of losing if bid is undervalued -> Yankee auction: a variation of dutch auction One or more identical items are offered for sale at the same time Not using auto-bidding Bidders can specify desired quantity; only highest bidder can do this If some items still remain, they will be allocated to next highest bidders until all items distributed Bidders pay lowest successful bidder price -> Drawbacks: Winning bidders tend not to bid their full private valuation so seller does not obtain maximum price Bidders risk getting caught up in the excitement and bidding more than private valuation (winner’s curse) - Sealed-bid auction Bidders submit bids independently Silent auction; not publicly announced; don't know who is placing bids & what the bid prices are Each bidder only bids once Highest bid wins - First-price sealed-bid auction Sealed bids Highest bidder wins and pays Multiple items can be auctioned; similar to yankee, if some items still remain, next highest bidder get the items at their bid price - Second-price sealed bid auction (vickrey auction) Highest bidder wins but pays the price of the second-highest bid Encourage bidders to bid their true value (private valuation)since they won't pay more than necessary Seller yields higher returns Reduce tendency for bidder collusion - Double auctions Buyer and sellers each submit combined price-quantity bids to auctioneer Example: New York Stock Exchange, now mostly via electronic system Either sealed-bid or open-outcry -> Sealed bid: Buyers & sellers declare combined price-quantity bids Auctioneer matches seller offers with buyer offers Buyers & sellers cannot modify their bids -> Open-outcry: Same with sealed-bid but buyers & sellers can modify bids based on knowledge gained from other bids. 4. Many buyers-many sellers : dynamic exchange B. BENEFITS OF E-AUCTIONS -> to sellers: Larger reach & increased revenue Optimal price setting Removal of expensive intermediaries Liquidation E-commerce Page 5 Liquidation Lower transaction costs Lower administrative costs Better customer relationships -> to buyers: Opportunities to find unique items & collectibles Lower prices Anonymity Convenience Entertainment -> to e-auctioneers: Higher repeat purchase A stickier web site Expansion of the auction business C. LIMITATIONS OF E-AUCTION - Long cycle time - Possibility of fraud - Security - Auction software - Equipment for buyers - Limited participation D. TYPES OF E-AUCTION FRAUD - Bid Shielding: phantom bidder joins the auction (an be from seller side/just random people doing it for fun) to manipulate the bidding price - Shilling: bid shielding but confirmed from seller side - Deepfake: using fake identities to join bidding/become seller in an auction - Bid Siphoning: fraudulent sellers lure bidders from official aution site to buy the same products at lower price, but these fraud sellers won't actually deliver the item E. PROTECTING AGAINST E-AUCTION FRAUD - Rating system - Watch list - Proxy bidding - User identity verification - Nonpayment punishment - Fixed pricing LECTURE 7: SUPPLY CHAIN ROLE & IMPORTANCE A. HOW BUSINESS USE INTERNET IN OUTOURCING & OFFSHORING - Outsourcing: when business uses other organisations to perform specific activities; typically used for manufacturing; all process of outsourcing in brick- and-click; can be done within the country, e.g. outsource logistic company, manufacturing company (supplier); Upside of outsourcing: can monitor properly because outsourced companies are legit, there's contract to sign, can track the products - Offshoring: outsourcing done by organisations in other countries; offshoring purchasing, research & development, record keeping, information management; usually part of outsourcing; typically for pure play e-commerce (only focus on digital channels) How internet helps outsourcing & offshoring: - Communication & collaboration tools: video conferencing, instant messaging, project management software for seamless communication & coordination between company and its outsourced/offshored teams regardless of location. - Cloud computing & online storage: e.g. Google/icloud for easy sharing of data, documents, files; facilitating the transfer of work - Online talent & freelancing platforms/websites allow companies to quickly find and engage specialized skills for outsourced projects - Online training platform/software enabling effective onboarding & management of remote teams; e.g. Adobe learning manager B. HOW BUSINESS USE INTENRET TO IMPROVE PROCUREMENT (PURCHASING), LOGISTICS, AND OTHER BUSINESS ACTIVITIES - Procurement (supply chain management): include all purchasing activities, monitoring all purchase transaction elements & managing and developing supplier relationships; such as identifying the need for product/material, submitting purchase requisition, evaluate potential suppliers, negotiation, create purchase order, receiving & inspecting delivered goods, etc -> procurement staff must have high product knowledge to identify & evaluate appropriate suppliers (e-sourcing: the use of internet technologies in sourcing activities) -> must purchase consistent quality of supplies to sell consistent quality products; better not change suppliers frequently -> 2 types of material purchasing : Direct vs indirect materials purchasing 1. Direct materials/products: core to the production process; finished product needs replenishment e.g. Wood for furniture, clay to make coffee mugs TRICKY: Dashcam at target = finished products E-commerce Page 6 TRICKY: Dashcam at target = finished products But dashcam in toyota = not direct/finished product as it still becomes part of another product (car) Something that is part of another product is not direct product! 2. Indirect materials/products: provide the necessary support to the primary amterials that go into an item's production; includes factory suppliers & replacement parts for machinery; Maintenance, repair, and operating (MRO) supplies are example of indirect materials purchased on recurring basis, e.g. office supplies, safety equipment, cleaning supplies - Logistics: process of planning, implementing, and controlling the efficient flow and storage of goods, services, and related information from the point of origin to the point of consumption to meet customer requirements; usually must be JIT; such as transportation management, warehousing & inventory management, customer service, demand forecasting -> proper logistics is delivering products to customers at the right product, right time, right quality, right place - Finance & administration: include financial management such as budgeting, financial reporting; also include human resource managmenet such as recruitment, training. How internet helps support these activities: - Procurement: E-commerce Platforms like Alibaba & DHGate to identify suppliers, gain supplier information, make orders online, enhancing efficiency & reducing costs E-procurement system (B2B Portals) like Walmart and Jaya Grocer that facilitates communication, collaboration, transaction between suppliers, which includes catalog management, order processing, and inventory management. Integration of IoT and other technologies such as AI to predict demand for warehousing and reducing costs (Walmart), and Cloud platforms like Google to accommodate more effective plant equipment performance & generate quick alerts to customers’ requests for maintenance and trade- ins. - Logistics: Real-time data such as delivery tracking systems (GPS) facilitates easy monitoring of shipments and adjusting warehouse capacity & costs. Automation and portable computing such as simple barcode scanning helps easier inventory management and order processing, minimizing manual errors & improving efficiency. (e.g. Amazon & Walmart) Integration of AI & robots to deliver products to customers improves shipment efficiency, achieve JIT, and pursue sustainable logistic activities. - Finance & administration (human resource management) Online financial management tools e.g. Xero enables real-time tracking of budgets, quick and more accurate financial reporting, improving overall financial performance & faster decision making. Automated financial processes such as invoicing and payroll reduces administrative burdern and improves accuracy (e.g. usually recorded in B2B portals) Collaborative & communication tools e.g. Zoom & Slack enables flexible communication, on-job training, and employee engagement. Human resource management systems like Oracle human resource cloud facilitates employee information, recruitment, onboarding, and overall employment management to gain valuable insights and helps appraisal. C. SUPPLY WEB: Supply chain in e-commerce; network of interconnected supply chains and supply networks. - Advantages: 1. Just in time (main benefit): restock at the right time, no need to store so much in warehouse; usually look at current & forecasted demand and add safety net stock (10-15%) 2. Cooperative relationships with suppliers; better coordination with logistics partners 3. Customer benefits: quicker & accurate delivery; reduced error; faster transaction processing 4. Clear & quick communication, more responsive to customers 5. Adaptive to change in market demand & supplier conditions 6. Cost-effective in handling costs 7. Share information about defects, change in customer demand, product change & adjustment - SUPPLY WEB also help cost management and improve efficiency through: Internet of things: hardware & software for online transaction Cloud storage: update all information, e.g. cust & supplier data JIT (Just in time): thanks to cloud storage; lower inventory cost & higher efficiency, e.g. instead of having 5 distribution centers we can just have 1 DC because we know our demand Inter-firm trade: e.g. affiliate companies Automation: RFID, QR, BARCODE -> less people involvement; e.g. Plan-o-gram for product replenishment, alert supplier, track products Increased productivity Increased accuracy thanks to automation & use of technologies -> but supply web can't 100% replace supply chain, only improve supply chain D. MATERIALS-TRACKING TECHNOLOGIES - RFID (Radio Frequency Identification Devices): small chips using radio transmissions to track inventory quicker and more accurately than bar codes. 2 types of RFID: ○ Active RFID: have their own power supply, hence their signal can be detected from far away; More expensive but provide greater reliability especially for tracking assets over larger area in real-time; e.g. automated toll payment Passive RFID: have no internal power supply and rely on radio frequency energy transmitted from the RFID reader to power the chip & enable E-commerce Page 7 ○ Passive RFID: have no internal power supply and rely on radio frequency energy transmitted from the RFID reader to power the chip & enable communication; inexpensive and have shorter read range; e.g. tags on goods that can be scanned by the tag reader -> RFID can be integrated in Collaborative, planning, forecasting and replenishment (CPFR) for efficient supply chain management: CPFR is project when suppliers & retailers collaborate in planning and demand forecasting to optimize flow of materials along the supply chain; e.g. Planogram: diagram or model that indicates the placement of retail products on shelves, as well as the layout for the entire store, usually aims to optimize arrangement of goods to maximize sales. -> RFID enables Real-time location systems (RLTS): bar code tracking system used by fulfillment centres; e.g. IKEA has RFID on its goods to track inventory in real-time - EDI (Electronic data interchange): computer-to-computer exchange of business documents in a standard electronic format between business partners, e.g. digital purchase orders, invoices, and shipping notices. EDI helps streamlining exchange of important business documents, especially in procurement & logistics, while also reducing costs, enabling faster processing times, improving accuracy. Especially better for long-term efficiencies for companies with high volumes of repetitive transactions. - UPC (Universal product code): standardized barcode used for tracking trade items in stores. It consists of 2 main components: machine-readable barcode (black vertical bars), and unique 12 digit number beneath it. Usually used in retail to identify products & facilitate checkout process. Different than passive RFID! -> Passive RFID use radio frequency to automatically identify & track chips attached to objects from a distance, and usually contain more information than a UPC barcode. E. BUILDING & MAINTAINING TRUST IN SUPPLY CHAIN & WEB Major issues in maintaining trust in supply chain : 1. Can't have supply webs in all countries, e.g. Africa has abundant resources but might not have access to internet 2. Security challenges: partners can spill information, cut ties in a sudden, etc 3. Developing trusts 4. Must maintain effective continual communication & information sharing that is credible How internet and web helps maintaining trust in supply chain: The web can facilitate trust-building in supply chains by enhancing transparency, communication, traceability, and performance monitoring. For instance, real-time tracking of shipments and inventory levels can ensure that all parties have access to the same information, reducing information asymmetries and enabling better coordination. Additionally, centralized communication platforms and collaborative tools can foster open dialogue and feedback mechanisms, which are crucial for addressing issues and improving supplier performance. This approach can be seen in the implementation of blockchain technology by companies like Walmart, where they have the walmart supplier center website which enables the tracking of products from farm to table, ensuring authenticity and compliance with standards, thereby building trust among suppliers, retailers, and consumers F. SUPPLY CHAIN MODEL (PORTER'S VALUE CHAIN) E-commerce Page 8 Support: - Infrastructure: physical existences, e.g. warehouse, distribution centre. E.g. IKEA - HR: recruiting, people management - Tech - Procurement -> margin: find how to reduce costs -> support does cost management, especially procurement (e.g. through e-auction) -> Reverse logistics: retailers taking back from customers, e.g. inbound logistics -> help reduce waste Primary: - Inbound logistics: receive from suppliers - Operations: break down supply to respective operations -> inbound to operations: high waste management; costly - Outbound logistics: send to suppliers or consumers - Marketing & sales - Service: after sales/during customer encounter -> Objective: increase sales -> FIFO : First in first out; sell product first before receiving more manufacture products LECTURE 9 & 10: ELECTRONIC COMMERCE SECURITY IMPORTANT KEYWORDS: Security: the practices and technologies designed to protect computer systems, networks, and data from unauthorized access, damage, or theft. Security policy: a document that states in writing how a company plans to protect its physical and information technology (IT) assets. Physical vs logical security: - Physical security: protection using tangible devices, e.g. alarms, guards, security fences. - Logical security: protection using non-physical means, e.g. firewalls & encryption - Key differences: 1. Nature of Assets: Physical security primarily deals with protecting tangible assets such as buildings, equipment, and people, whereas logical security focuses on safeguarding intangible assets such as data, information systems, and networks. 2. Methods of Protection: Physical security relies on physical barriers, surveillance, and access control mechanisms to deter and prevent unauthorized access. In contrast, logical security utilizes encryption, firewalls, and authentication protocols to safeguard digital assets and prevent cyber attacks. 3. Scope of Impact: While physical security protects against physical threats such as theft or vandalism, logical security defends against cyber E-commerce Page 9 3. Scope of Impact: While physical security protects against physical threats such as theft or vandalism, logical security defends against cyber threats such as data breaches, malware infections, and network intrusions. 4. Response to Threats: In the event of a security breach, physical security measures may involve immediate responses such as de ploying security personnel or triggering alarms. Conversely, logical security breaches may require responses such as isolating compro mised systems, patching vulnerabilities, and conducting forensic investigations. 5. Nature of assets: Physical security primarily deals with protecting tangible assets such as buildings, equipment, and people, whereas logical security focuses on safeguarding intangible assets such as data, information systems, and networks. Risk management model (based on probability of threat & cost impact) Elements of computer security: - Secrecy: protecting against unauthorized data disclosure & ensuring data source authenticity - Integrity: ensuring accuracy & reliability of data by preventing unauthorized data modification -> Integrity violation occurs when an e-mail message is intercepted and changed before reaching destination. E.g. Man-in-the-middle (MITM) exploit/attack - Necessity: preventing data delays or denials (removal) Active content: digital content or web elements that can execute code or perform actions within a webpage or an application. Cookies: small text files that web servers place on web client to identify returning visitors. - Session cookie: Exists until the browser session ends. The purpose is to remember users actions & preferences during sessions (BENEFIT: CONVENIENCE). Session cookie doesn’t occupy much space and can enhance website performance by reducing server requests. E.g. Use for temporary data storage, such as shopping cart items or login credentials within a single session. - Persistent cookie: Remains on the user’s device until they expire (expiry date, usually 3-6 months) or are manually deleted (not permanent, because if remains permanently it can be harmful to clients data). The purpose is to remember user preferences and login information across multiple sessions (BENEFIT: CONVENIENCE). This type of cookie may occupy much space and help aid in website performance optimization by reducing server requests. E.g. Use for long-term data storage, such as remembering login credentials, language preferences, or personalized advertising settings. Cookies by their sources: First-party cookies: placed on client computer by the web server site, set by the website you are currently visiting. Purpose: Improve your experience (like remembering login details or preferences) and gather data for the website owner. Control: Less intrusive, easier to manage through your browser settings. Third-party cookies: Other websites or services (like advertisers) on the site you're visiting. Purpose: Track your activity across different sites to show you targeted ads. Control: More intrusive, often blocked by browsers for privacy reasons. Web bug/beacon: small, invisible image or piece of code embedded in a web page or email. It's usually 1x1 pixel in size and transparent, so you can't see it with the naked eye. Purpose: To track user activity on web pages or in emails. How: Sends information (like if an email was opened) back to the server when the page or email is loaded. Example: Email Tracking, when A company includes a web bug in an email. When you open the email, the bug reports back to the company that the email was viewed. A. WHAT SECURITY RISKS ARISE IN ONLINE BUSINESS & HOW TO MANAGE THEM? Security risks: Man-in-the-middle attack: when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. E.g. fake banking website. Goal is to steal personal information. -> Protection: Encryption, Web browser encryption (SSL/TLS), End-to-end encryption; encryption ensures that data cannot be read by unauthorized parties. E-commerce Page 10 Malware: any type of malicious software designed to harm or exploit any programmable device, service or network, transmitted through software & it is intangible. 6 main kinds of malware: 1. Worms: malware that can propagate or self-replicate from one computer to another without human activation after breaching a system. Typically, a worm spreads across a network through your Internet or LAN (Local Area Network) connection. 2. Virus: a specific type of malware that self-replicates by inserting its code into other programs. Usually the same code is copied by the host, typically through a malicious program downloaded on your device and most of the time done unconsciously, hence the virus can spread. 3. Ransomware: a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker. 4. Trojan horse: a type of malware that downloads onto a computer disguised as a legitimate program, typically steal confidential data. Usually transmitted through USB, drives, transfer of documents. Prevent trojan by scanning every document and drive used. 5. Spam: spam message, typically ads (adware), which most of the times send spam emails that delivers malware to your device 6. Bot programs: self-propagating malware that infects its host. Malware is delivered in download format via social media or email messages that advise clicking a link. Bots, or Internet robots, are also known as spiders, crawlers, and web bots. Can be transmitted through emails. -> All malware transmitted when opening something. But trojan is when you use external device, bot program is hosting information, spam is through adware, worm is through public network. -> Protection: Antivirus software, Firewalls, Digital certificates, Regular software updates; Antivirus software detects and removes malware, firewalls block unauthorized access, digital certificates verify the authenticity of websites, and regular updates fix security vulnerabilities. Deepfake: when our personal data that is used as fake identities to purchase and transact online, such as address and payment information might be used by cybercriminals in a fraud online transaction, as well as used to deceive people when the criminals pretend to be seller using our personal data. -> Protection: Authentication, Verification, Digital certificates; Authenticating and verifying the identity of users and using digital certificates can help prevent fraud and impersonation. Steganography: the practice of concealing information within another message or physical object (digital content) to avoid detection. Steganography is often used in security and privacy protection to conceal sensitive information from prying eyes. E.g. cybercriminals use steganography to hide stolen data or malicious code in images, audio files and other media. -> Protection: Regular data audits, Advanced threat detection systems to help identify malicious code. Secrecy threats: theft of sensitive/personal information, such as… - Sniffer programs: record information passing through computer or router handling internet traffic - Backdoor: users can run a program without going through the normal authentication procedures - Eavesdropping: the act of secretly listening to or intercepting private communications. Purpose: to gather information without the knowledge or consent of the parties involved. - Password attack: attackers breach through your accounts using your password, usually easy passwords/same passwords throughout all accounts. -> Protection: Encryption, Strong passwords, Two-factor authentication, Firewalls; Encrypting data, using strong passwords, enabling two-factor authentication, and using firewalls can protect against unauthorized access and data interception. Integrity threats: any actions or events that compromise the accuracy and reliability of data through unauthorized ways. - Cybervandalism: the act of intentionally damaging, defacing, or destroying digital property. Purpose: To cause disruption, chaos, or damage without any financial gain. Example: Hacking a website to replace its content with offensive messages or images. - Masquerading (spoofing): pretending to be someone else or a fake web site representing itself as original. E.g. fake banking website. Can be used when doing deepfake or MITM Attack. - Phishing: trick victims into disclosing confidential info, such as for banking and payment systems. -> Protection: Firewalls, Digital certificates, Antivirus software, Authentication; Firewalls block unauthorized access, digital certificates verify website authenticity, antivirus software detects malware, and authentication ensures that users are who they claim to be. Necessity threats: any actions or events that prevent users from accessing data or services when they need them. - Delay, denial, and denial-of-service (DDOS) Attack: Overloading a server, website, or network with excessive traffic to make it unavailable to users. E.g. the attacker floods a website with so many requests that it crashes and becomes inaccessible. -> Protection: Firewalls, Availability measures (load balancers, redundant servers), DDoS mitigation services; Firewalls block malicious traffic, availability measures ensure continuous service, and DDoS mitigation services help absorb and mitigate attack traffic. Wireless network threats: various threats due to their use of radio waves, which can be intercepted and exploited. E.g. eavesdropping through wireless communication, network spoofing (create fake network that appear to be legitimate), data tampering (send fake data/message of wi-fi network). -> Protection: Wireless encryption protocol (WEP/WPA), Firewalls, VPN; Encrypting wireless communications, using firewalls to protect the network, and VPNs to secure data transmission can protect against eavesdropping and spoofing. E-commerce Page 11 Hacking: gaining unauthorized access to computers, networks, or data. 3 types of hacker: - White hat hacker: Ethical hackers who help organizations find and fix security vulnerabilities. Example: A cybersecurity professional who tests a company's security to improve it. - Grey hat hacker: may break the law but without malicious intent, often to expose vulnerabilities. Example: A hacker who finds a security flaw in a system and reports it without permission. - Black hat hacker: Malicious hackers who exploit systems for personal gain, such as stealing data or causing damage. Example: A hacker who breaks into a bank's system to steal money. -> Protection: Firewalls, Encryption, Regular software updates, Authentication, Digital certificates; Firewalls block unauthorized access, encryption secures data, regular updates fix vulnerabilities, authentication verifies users, and digital certificates ensure website authenticity. How to manage security risks: Encryption: coding information using mathematically-based program & a secret key, transforming normal text into cipher text. - Decryption: program to decode or decrypt messages. - Wireless encryption protocol (WEP): a set of rules for encrypting transmissions from wireless devices to wireless access points - Public-key encryption (asymmetric): Uses a pair of keys, such as a public key for encryption and a private key for decryption. The public key is shared, while the private key remains secret. E.g. A user uses public key encryption to send an encrypted message to another user. The recipient uses their private key to decrypt the message. - Private-key encryption (symmetric): Uses the same key for both encryption and decryption. The key is shared between the sender and receiver, hence enabling Users to encrypt a message to other individuals on the system. Very fast & efficient yet doesn’t work well in large environments because of number of keys required. E.g. A company uses private key encryption to secure emails sent between employees. The same key is used for both encryption and decryption. - Web browser encryption: the use of encryption technologies to secure the data transmitted between your web browser and the websites you visit. 1. Secure Sockets Layer (SSL) Protocol: authenticate the identity of a website and establish a secure, encrypted connection. E.g. website with HTTPS protocol name (protect your login credentials and financial information), padlock icon in your browser's address bar (means connection is encrypted). - End-to-end encryption: data is encrypted on your device and only decrypted by the intended recipient's device. Messages or data are encrypted before they leave your device and can only be decrypted by the recipient's device, making it impossible for intermediaries to read the data. E.g. Whatsapp chat. Firewalls: security tool that helps protect your computer or network from unwanted access and cyber threats (like a gatekeeper, can be software or hardware). All traffic must pass through the firewalls, so only authorized traffic can pass and it is immune to penetration. It also filters permits of selected messages through network. Digital certificates: program embedded in web page that proves the identity of a website, organization, or individual online. A trusted organization called a Certificate Authority (CA) issues the digital certificate. E.g. SSL certificate or HTTPS website. Physical security: security means verified by scanning physical identification of users, e.g. fingerprint reader, biometric security (eye/face id). Usually on client devices. Antivirus software: program to detect, prevent, and remove malware (malicious software) from your computer or device. E.g. Mcafee E-commerce Page 12 Antivirus software: program to detect, prevent, and remove malware (malicious software) from your computer or device. E.g. Mcafee Anonymous web services: online tools and platforms that help you browse the internet and use online services without revealing your identity or personal information. E.g. VPN, anonymous browser mode (incognito), anonymous search engine (DuckDuckGo), anonymous email service (Protonmail) Authentication: process of verifying the identity of a user, device, or system. E.g. password, fingerprint scan, face id, two-factor authentication. Verification: verifying whether someone who is trying to log in or information received is true/accurate. E.g. digital signature, link on email when signing up. Availability: ensuring that information, systems, and services are accessible and usable whenever needed. E.g. data backups, using multiple servers to host a website, regular maintenance. Key management: handling keys for encryption & decryption in a secure manner throughout the lifecycle. Nonrepudiation: ensures a party cannot deny the authenticity of their signature on a document or the sending of a message. E.g. signing an email with your private key so the recipient can verify it with your public key. TLS (Transport Layer Security): cryptographic protocol designed to provide secure communication over a computer network. It ensures that the data sent between applications, such as web browsers and servers, remains private and intact. E.g. encryption, authentication, integrity. -> TLS vs SSL: TLS is like a newer, upgraded, and safer version of SSL, since TLS uses stronger encryption and has faster connection. B. HOW TO CREATE SECURITY POLICY? 1. Determine security needs: which area, part of your technology (hardware & software) or data that needs to be protected? Or lacking security protocols? Identify security needs through consultation with IT Professionals, risk & technological assessment. 2. Determine security approaches: do you want to implement a strict, average, or relaxed security? ○ Strict: give users access only to the information and functions that they need to do their jobs. Usually used by auditors. ○ Average: gives users access to objects, based on the authorities that you have assigned them. ○ Relaxed: allow authorized users access to most objects on the system. You restrict access only to confidential information. A single department or small company might use the relaxed approach on their systems. 3. Determine what information assets need to be protected: usually can be among these 3 or all… ○ Confidentiality: Information that is not generally available to people in your company. E.g. payroll, new technology that hasn’t been announced yet. ○ Competitiveness: Information that gives you an advantage over your competition, such as product specifications, formulas, and pricing guidelines. ○ Operations: Information about your computer that is essential for the daily operations of your business, such as customer records and inventory balances. 4. Determine the suitable security tools/methods based on the chosen security approach and assessment: authentication? Encryption? Availability measures? 5. Create the draft of security policy, then after the document is approved, complete it. C. HOW TO IMPLEMENT SECURITY ON WEB CLIENT COMPUTERS? 1. Physical & logical security: install antivirus, firewalls (logical); allow face ID & fingerprint reading (physical) 2. Deny/allow selective cookies: to prevent your data that is saved on a website getting leaked & used for malicious purposes 3. Use strong password: to prevent password attack & getting hacked 4. Availability measures: conduct data backups 5. Use anonymous web service: to prevent wireless network threats D. HOW TO IMPLEMENT SECURITY ON WEB SERVER COMPUTERS? 1. SSL & Digital certificate: HTTPS to guarantee web security 2. TLS (Transport Layer Security) 3. Digital certificate 4. Establish password requirements: for user authentication, prevent unauthorized access 5. Availability measures: regular update, backup, maintenance, software 6. Authentication & verification 7. Encryption 8. Physical & logical security E. HOW TO IMPLEMENT SECURITY IN THE COMMUNICATION CHANNELS BETWEEN COMPUTERS? 1. Server-side: - Use encryption for messages and any information exchanged by users on your platform - Authentication & verification - Physical & logical security 2. Client-side: - Use anonymous web services - Strong password - Physical & logical security E-commerce Page 13 F. WHAT ORGANIZATIONS PROMOTE COMPUTER, NETWORK, AND INTERNET SECURITY 1. Computer Emergency Response Team (CERT): group of information security experts responsible for the protection against, detection of and response to an organization's cybersecurity incidents. Primarily monitor over virus, worms, and information attack. 2. White hat hackers : ethical hackers, also called computer forensics 3. National cybersecurity alliance: American Non-profit organization that promotes cyber security awareness and education. 4. Information security forum: independent information security body first founded in UK. The ISF is a paid member organization and delivers a range of content, activities, and tools that can be used by businesses, government, and individuals to enhance their information security. 5. Cybersecurity Malaysia: national cybersecurity specialist agency under the Ministry of Digital. The organization provides response and management of cyber security incidents for all types of internet users. Performs 24x7 computer security incident response services to any user, company, government agency or organisation. E-commerce Page 14

Use Quizgecko on...
Browser
Browser