Emerging Technologies for E-Commerce - Essay Example

1. Introduction A large civil engineering company, A.R. Brown Limited, requires a fully integrated E-Commerce website which they can use to communicate internally among their divisions, project managers and senior management executives, as well as externally with their clients/customers, suppliers, collaborating partners and sub-contractors. In addition to above, a company also needs an interactive “blog” for its users and customers to allow them to share their comments/feedbacks on various projects. This report presents a strategic plan for creating an E-Commerce website and an interactive “blog” for A.R. Brown Limited. In preparing the strategic plan, the following activities have been carried out: identifying and prioritizing problems, evaluating possible solutions, discussing selected technologies, considering security issues and their solutions, and estimating budget. 2. Problems identification and prioritization A.R. Brown Limited is currently facing a number of issues: S. No. Issue Priority Rational 1. Loss and corruption of data High Data corruption or loss of data is a common occurrence amongst businesses that can have serious consequences on the overall running of business, if adequate measures are not taken by a company. 2. Inadequate support for emerging trends in working practices Medium In order to keep up with the market, company needs a system that can support emerging trends in working practices. 3. Inadequate communication with field workers High Adequate communication with field workers is considered a vital tool for any civil engineering company to ensure on-time completion of projects with quality work. 4. Inadequate communication with collaborating partners and sub-contractors. High Communication gap between a company and its collaborating partners and sub-contractors can directly impact the progress of the project and can lead to severe business losses. 5. Missing project deadlines High Failure of project managers to deliver the projects on time can be damaging for a company. This can lead to a gradual destruction of company’s brand image; even worst, it can result in the slow death of a company. 3. Recommended solutions 3.1 Design approaches for e-commerce website E-commerce website design has evolved considerably in few recent years with the incorporation of new business models which primarily focuses on savings, revenues, and customer relationships. A recent study (Wen, Chen & Hwang, 2001) has highlighted two broad design strategies for e-commerce websites: Informational/communicational strategy can be applied to websites that are meant to support business activities, rather than replacing them. In other words, this design strategy is used for Web marketing. The important point to note is that this strategy does not support online-transactions. Online/transactional strategy is suitable for websites that can support online transactions and enhance company’s overall sales. Furthermore, it has been found (Wen, Chen & Hwang, 2001) that there are existing twelve (12) e-commerce website design models based on two design strategies. Discussed below, the first four models are based on informational/communicational strategy while the rest are based on online/transactional strategy: Brand awareness and image building model provides detail and rational information about the company and its offerings. This model is best to indicate company’s edge over its competitors to current and prospective customers. Example websites for this model are Ford (www.ford.com) and Reebok (www.reebok.com). Cost saving model provides cost-effective and productivity savings. Cost-savings can be achieved through reduction in brochure printing, distribution costs and order-taking as customers use fill-out forms online. On the other hand, productivity savings results from reduction in order and processing costs, and efficient inventory management. Microsoft (www.microsoft.com) and FedEx (www.fedex.com) are popular examples of this model. Promotion model targets potential customers to the commercial site of the company. These websites usually offers free digitized gifts, such as, software, photographs, music, to attract users. Some example websites are Auto-By-Tel (www.autobytel.com) and Kodak (www.kodak.com). Info-mediary model lures consumers to provide information about their surfing and purchasing habits through offering free gifts, such as, Internet hours or hardware. Through collecting this valuable information, businesses can target their marking campaigns effectively. Examples websites based on info-mediary model includes Audio Review (www.audioreview.com) and New York Times (www.NYTimes.com). Brokerage model brings buyers and sellers together and facilitate transactions. This model can allow its owner to make money through charging a fee against each transaction. World Chemical Exchange (www.chemconnect.com) and eTrade (www.etrade.com) are best examples of this model. Retail model based websites, also called E-tailers, are an Internet version of classic wholesalers and retailers of goods and services. Examples of the retail model include eToys (www.etoys.com) and Land’s End (www.landsend.com). Mall model based websites, also called E-mall, hosts online merchants and may charge setup, monthly listing and/or per transaction fees for providing the services. Popular examples of e-malls are Yahoo Shopping (www.shopping.yahoo.com) and zShops (www.zshops.com). Advertising model provides content, either free or charged, and services, such as, e-mails, chat or forums, along with advertising messages in the form of banner ads. This model is appropriate for websites where the volume of viewer’s traffic is large. Yahoo! (www.yahoo.com) and Free Merchant (www.freemerchant.com) are examples of this model. Subscription model includes websites which contains high value-added contents and requires users to subscribe through payment in order to gain access to these contents. Examples of the subscription model are Quote.com (www.quote.com) and ESPN Sports Zone (www.sportszone.com). Community model depends on loyalty of users, rather than high traffic volume. For these websites, users are the main source of content and/or money. This model may also impose subscription fee for premium services. Some example websites are Family Radio (www.familyradio.com) and Guru (www.guru.com). Manufacturer model allows manufacturers to bypass wholesalers and retailers, and reach buyers directly. From consumer’s perspective, this model can help in achieving cost savings; whilst, from manufacturer’s point of view, improved customer services and better understanding of customer preferences are major benefits of this model. Micron (www.micron.com) and Flowerbud (www.flowerbud.com) are based on this model. Customization model allows customers to customize the contents as per their preferences, which makes these websites highly user-friendly and attractive for users. Examples of customization model are My Netscape (www.netscape.com) and Intelligent Agents, such as, www.bargainfinder.com. At this point, it is crystal clear that the required website design must be based on informational/communicational strategy. However, as far as design model is concerned, there are no hard and fast rules and the website can follow its own model that can accommodate all requirements and address major issues of the company as highlighted in Section 2. 3.1.1 Secure user interaction/interface It has been found (Yee, n.d.) that the security of any computer system significantly depends on the information passed on by the user interface, the decision of the users, and the interpretation of their actions. Therefore, the correct use of software is equally important as the correctness of the software itself. Yee (n.d.) has identified ten (10) key principles for secure interface design which are listed below: Path of Least Resistance: The most natural way to perform any action should be considered as the most secure way. Appropriate Boundaries: There should be a clear distinction between objects and between actions along boundaries that are important to the user. Explicit Authorization: Other actors must be provided with user’s authorities strictly as a result of an explicit user action. Visibility: The user shall be allowed to review any active actors and authority relationships that would affect security-relevant decisions. Revocability: The user shall be allowed to revoke granted authorities whenever required. Expected Ability: The user shall not get the impression for any action that cannot actually be done. Trusted Path: There shall be a trusted and infallible communication channel between the user and any entity which is capable of manipulating authorities on the user’s behalf. Identifiability: All distinct objects and distinct actions should have foolproof identifiable and distinguishable representations. Expressiveness: The interface should allow users to (a) describe security policies without unnecessary difficulty, and (b) express security policies in terms that fit their goals. Clarity: Before performing any security-relevant action, the user must be clearly informed with the effects of that action. Besides following the above key design principles, any e-commerce website can be made secure through using Secure Sockets Layer (SSL) digital certificates which provide crucial online identity and security to help establish trust between parties involved in online transactions over digital networks. An authenticated SSL certificate allows the receiver of a digital message to be confident of both the identity of the sender and the integrity of the message (VeriSign, n.d.). The procedure to obtain an authenticated SSL certificate, as outlined by VeriSign (n.d), starts from the initiation of a certificate request, preferably by a webmaster, which results in the creation of two encrypted keys - a private key and a public key. The public key is sent to a Certificate Authority (CA), such as VeriSign, who verifies the following checks before issuing certificate to the requesting company: The requesting company must be the registrant of the Internet domain name they have certified. The requesting company must be registered in one or more countries. The requesting company name must be the same as that on the certificate the CA is signing. If requested by any individual on behalf of the company, then that person must be an employee of that company. On positive verification of the above checks, the CA signs off on the public key and send it back to the requesting company. As soon as the company loads the public key into the web server, the SSL starts functioning, provided that both the private and the public keys align perfectly with each other. Once SSL starts executing, it ensures that the end user receives the information from the server without any kind of alteration or modification. Figure 1: How Authenticated SSL Certificate works? (Source: VeriSign, n.d.) 3.1.2 Interactive blog Web logs, commonly called blogs, offer businesses to keep their customers as well as employees up-to-date on important developments and trends, and provide a practical and easy way to share knowledge, get feedback and engage readers (Wood et al., n.d.). Blogs are incredibly simple to set up and maintain, presenting an attractive form of business communication. They can be added to an existing website, used alone or created using a number of Internet services which are available to establish a site for bloggers; some popular examples are MSN Spaces, Google’s Blogspot, Yahoo 360, Xanga.com and LiveJournal (Wood et al., n.d.). 3.2 An enquiries system An enquiry system is an essential tool in today’s competitive market that allows businesses to classify inquiries of their customers on a number of factors, such as, age group, complaint type etc. 3.3 Estimated Budget 3.3.1 Setup and Development Costs An ecommerce website can cost from the hundreds to tens of thousands of dollars, depending on the size and complexity of the solution. Firstly, a domain needs to be registered which costs around £5 to £20 approximately. Next is hosting of the site which costs around £100 per annum for an average ecommerce website (ComeUpSmiling Ltd., n.d.). As far as the web design is concerned, the price is far more difficult to predict as it may vary, depending on the design style and complexity of the features, plus advanced options such as enquiry system. Most development companies use their experience to estimate a development cost, depending upon aspects such as time required to complete the development, the value the project will deliver for the client etc. Some companies prefer to charge a monthly fee, typically £100+, while some charge as one-time payment that normally costs in several thousand pounds (ComeUpSmiling Ltd., n.d.). An alternative to buy website from some development company, is to make use of ecommerce or shopping cart package. Actnic costs £399 + VAT (with an extra £250 + VAT for one year’s support). JShop Server is £200 + VAT (with an extra £100 + VAT for installation and one year’s support). RomanCart packages involve an annual fee, starting at £49.99 + VAT. osCommerce, Yahoo’s Sitebuilder and PayPal are free of charges (ComeUpSmiling Ltd., n.d.). 3.3.2 Maintenance Costs If the ecommerce website is developed using any package, then there might be per month charges for maintenance ranging from £10 to £50, depending on the size and options of the website. However, if the website has been developed in-house or purchased from vendor, then there is no need to be concerned much about maintenance cost. Keeping the above estimates in focus, the initial budget for the required website shall be £2,000 to £2,500. 4. Suggested technologies E-Commerce solution can be either Thin Client – with browser front-ends – or Thick Client – with native windows-like GUI. E-commerce application generally involves building and interacting with components which are distributed all over the network. Any ecommerce solution can be divided into multiple tiers on the basis of tasks that are performed by these tiers. These tiers are generally broadly classified into Presentation Services or User Interface Tier, Business Logic or Middleware Tier, and Database Services or Data Source Tier (Raj, 2000). 4.1 Front-end technologies (Presentation Services or User Interface Tier) Raj (2000) has identified the following front-end technologies for Microsoft’s Windows platform: JavaScript HTML XML Visual C++/MFC Visual Basic Visual Interdev, Visual J++/WFC, ActiveX Controls/COM, Active Template Library (ATL) Win32 API VB Script Jscript DHML C# .NET Windows Forms 4.2 Back-end technologies (Database Services or Data Source Tier) Raj (2000) has identified the following back-end technologies for Microsoft’s Windows platform: Microsoft SQL Server 5. Security issues and solutions Ecommerce cannot survive without the trust of prudent business operators and clients, and therefore, to keep this trust alive, businesses must take appropriate measures to ensure constant review of network security issues at their ecommerce and customer sites, and device solutions for security issues. 5.1 Security components The main tool used by businesses to protect their internal network is the firewall that allows only external users with specific characteristic to access a network. However, there are hacker tools such as SMTPTunnel and ICMPTunnel that allow hackers to pass information through the allowed ports (Marchany & Tront, 2002). Similarly, there are software devices called sniffer programs that are found at the endpoints of the network connections to monitor network. Transaction privacy can be threatened by unauthorized network monitoring through these sniffer programs. (Marchany & Tront, 2002) Solution: Encrypting network traffic, converting the network to a switched topology and filtering unknown access are some of the effective countermeasures against firewall penetration and sniffer attack. (Marchany & Tront, 2002) 5.2 Viruses Viruses are the most nuisance threat in the world of ecommerce. They are simply disruptive in nature and usually take advantage of the built-in insecurity of client systems, mostly in older versions of Windows 9x or MacOs 8.x, to do their damage. (Marchany & Tront, 2002) Solution: Since, viruses need “system privileges” in order to be effective, therefore, it is important for clients to use operating system that prevents viruses from acquiring the required privileges. Examples of such operating systems are Windows NT, Windows 2000, Unix, VMS and other multi-user operating systems. (Marchany & Tront, 2002) 5.3 Trojon horses Trojon horse programs are more serious threat as compared to viruses because they not only facilitate breaking into another system but also permit data integrity attacks (Marchany & Tront, 2002). The BackOrifice, Netbus, BO2K hacker tools allow a remote user to control, examine, monitor any information on the target PC. They are even capable of using the target PC to send information to the net without the knowledge or consent of the legitimate user. The hackers and criminals use these programs for nefarious purposes such as forgery, data modification and eavesdropping (Marchany & Tront, 2002). Solution: To avoid Trojon horses attack, the user must be technical enough to understand how to use a web browser because defense mechanisms in case of these attacks are reduced to being reactive instead of proactive. (Marchany & Tront, 2002). 5.4 The Distributed Denial of Service Attacks (DDOS) DoS attack scripts are the most common, effective and easiest to implement attacks available on the web which do not cause any damage to the victim site but overwhelms the access paths to it (victim site) with incoming packets (Marchany & Tront, 2002). The Distributed Denial of Service (DDOS) attacks are the latest evolution of DoS attacks that installs slave daemons on every individual machine of the compromised network. These slave daemons launches an ICMP, SYN, UDP or smurf flood attack at the command of master systems that are also compromised. The hacker simply sends the attack command to the masters, which in turn sends the command to their slave daemons. These master and slave programs can launch the attack against a single site through tens of thousands of machines. Popular examples of DDOS programs are TFN, Trinoo, Win Trinoo and Stacheldracht (Marchany & Tront, 2002). Solution: Since, the success of DDOS attacks depends on the inability of intermediate sites to detect, contain and eradicate the penetration of their network, therefore, businesses must ensure to perform standard system maintenance on regular basis. Proper system administration training is also the easiest method of encountering this and other types of attacks (Marchany & Trott, 2002). References ComeUpSmiling Ltd. (n.d.). How much does an Ecommerce site cost. Retrieved November 15, 2009, from http://www.comeupsmiling.com/webdesign/design_main/eguide.html Marchany, R.C. & Tront, J.G. (2002). Ecommerce security issues. Paper presented at 35th Hawaii International Conference. Retrieved November 15, 2009, from http://csdl.computer.org/comp/proceedings/hicss/2002/1435/07/14350193.pdf Raj, G.S. (2000). Emerging technologies for ecommerce. Retrieved November 15, 2009, from http://gsraj.tripod.com/etorgfit.html VeriSign. (n.d.). How to create an e-commerce web site. Retrieved November 15, 2009, from http://www.retail-revival.com/ecommerceSite.pdf Wen, H.J., Chen, H.G. & Hwang, H.G. (2001). E-commerce Web site design: strategies and models. Information Management & Computer Security, 9(1). Retrieved November 15, 2009, from http://www.csus.edu/indiv/c/chingr/mis182/eComWebSiteDesign.pdf Wood, W., Behling, R. & Haugen, S. (n.d.). Blogs and business: opportunities and headaches. Retrieved November 15, 2009, from http://www.iacis.org/iis/2006_iis/pdfs/wood_behling_haugen.pdf Yee, K.P. (n.d.). User interaction design for secure systems. Retrieved November 15, 2009, from http://people.ischool.berkeley.edu/~ping/sid/uidss.pdf Read More