Class Review

This class and the Electronic Commerce textbook by Gary Schneider helped provide a framework for developing an e-commerce website. The text book has helped explain the business strategies for e-commerce and things to consider when choosing a strategy to pursue. It also detailed the various technologies out there for electronic commerce; from web server and electronic commerce software to payment and security systems. This class has definitely opened my eyes to all of the back office aspects to an e-commerce website. First thinking about conducting e-commerce online we usually think of basic things like what your strategy might be, security that you’d offer, and how sales would be conducted; however, this book went into depth about many of the other important aspects often overlooked. Understanding the different security features, software available, and strategies that one could undertake can help anyone interested in online business understand all that is entailed in pursuing this type of business model. Although at times quite technical, the textbook and class helped introduce me to the tools for e-commerce, the various strategies that a company can take, and all of the trends and issues that companies face online.

Chapter 11 Class notes

What you should know
· B2C versus B2B
· Payment Methods
o Cash
o Cheque
o Debit card
o Credit card
· Online payments
o Bank EFT
o Credit Card
§ Over 85% worldwide use credit card, US-95%, only 5% of all credit card transactions (in all methods) are done online, accounts for 50% of all credit card fraud
o Scrip (fake money, etc. – ex: Canada Tire Money, Air Miles – can’t exchange it for cash but I can use it to buy merchandise online)
§ Flooz
§ beenz
· Consumer concerns
o Privacy and security
o Independence (don’t want the merchant dictating what form of payment you must use-ex: we only take visa not M/C)
o Portability-want to be able to take it from place to place (ex: not just on my own desktop-buy on different computers)
o Convenience
o Phishing – bank or trusted authority that gives you money – and you have a 3rd party that is trying to portray themselves as that authority and emailing you or contacting you telling you that you must fix something on your bank account, etc – but the link doesn’t actually take you to your bank – gets your info

Payment Cards
· Types of cards
o Credit cards – open loop processing – whenever you perform a transaction, there is always a third party involved (Visa and M/C – another bank, clearing house, etc)
o Charge cards-Amex – closed loop processing (no other authority) – have to pay your bill off at the end of the month
o Debit cards
o Single use card – changes the number each transaction
· Advantages *****
o Consumer protection from fraud
o Worldwide acceptance
o Currency conversion handled
o Merchant protection (authorization/verification)
o Merchant assurance from issuing companies – bank covers for merchants if the person buying can’t pay – guaranteed you are going to get paid
· Disadvantages *****
o Costs to merchants: per transaction and monthly fees
o Costs to consumers: annual fee
· Payment processing
o EMV Standard – standard system where data is transferred
o 30 day shipping requirements (if you bill the credit card – you have to ship in within 30 days) – often now see that they do not bill credit card until the product is shipped
o Merchant accounts required to accept credit cards
o General payment service providers– IcVerify – authorizes transactions-3rd party
o Online payment service providers – internet secure, payment online, paypal merchants, Reg.net for FRM
o Figure 11.3

Electronic Cash (in the PayPal account – not in a bank)
· Advantages
o Good for micro payment (<$1) and small payment (<$10) transactions
o Readily exchanged for real cash (unlike Scrip)
o Useful for those who cannot get credit cards
o No need for authorizations, as required by payment cards
o Independence: unrelated to any proprietary network or storage device
o Portability: freely transferable between two parties (across borders)
o Convenience: doesn’t require any special hardware/software
· Disadvantages
o Not standardized or universally accepted
o No audit trail, due to independence and privacy
o Security issues: potential for “double spending” and “money laundering”
o Security issues: susceptible to forgery

o Online systems
§ Authorize.net
§ Checkfree
§ Clickshare
§ Echarge
§ Pay pal
§ Vallista
§ worldpay

Electronic Wallets (not only can it be used as a debit card or credit card but it also has all my medical and passport info, other important data)
o server side
o Billeo services
o Microsoft passport
o Yahoo Wallet
o client side
o llium ewallet
o sxipper for firefox
o smart cards-micro processor trip – stores all your info on one card, benefits over magnetic

Chapter 11-Key Concept - Payment Systems for E-commerce

Online Payment Basics
Four ways to pay for purchases: Cash, checks, credit cards, and debit cards account for more than 90% of all consumer payments in the US. A small but growing percentage of consumer payments are made by electronic transfer. The most popular consumer electronic transfers are automated payments of auto loans, insurance payments, and mortgage payments made from consumers’ checking accounts. Scrip is digital cash minted by a company instead of by a government. Most scrip cannot be exchanged for cash; it must be exchanged for goods or services by the company that issued the scrip. Scrip is like a gift certificate.

Payment card -all types of plastic cards that consumers (and some businesses) use to make purchases. The main categories of payment cards are credit cards, debit cards, and charge cards. A credit card, such as a Visa or a MasterCard, has a spending limit based on the user’s credit history; a user can pay off the entire credit card balance or pay a minimum amount each billing period. Credit card issuers charge interest on any unpaid balance. A charge card, offered by companies such as American Express, carries no spending limit, and the entire amount charged to the card is due at the end of the billing period. Charge cards do not involve lines of credit and do not accumulate interest charges. Several payment card companies now offer cards with disposable numbers- single use cards
Advantages and disadvantages of payment cards
For merchants, payment cards provide fraud protection. When a merchant accepts payment cards for online payment or for orders placed over the telephone, the merchant can authenticate and authorize purchases using a payment card processing network. The greatest advantage of using payment cards is their worldwide acceptance. However, payment card service companies charge merchants per transaction fees and monthly processing fees. The consumer pays no direct transaction based fees for using payment cards, but the prices of goods and services are slightly higher.
-MasterCard International-Europay-have implemented a single standard for the handling of payment card transactions called the EMV standard (Europay, Mastercard, and Visa). In a brick and mortar store, customers walk out of the store with purchases in their possession, so charging and shipment occur nearly simultaneously. Online stores must ship merchandise within 30 days of charging a payment card. Because the penalties for violating this law can be significant, most online and mail order merchants don’t charge payment card accounts until they ship merchandise.
Open and closed loop systems: in some payment card systems, the card issuers pays the merchants that accept the card directly and doesn’t use an intermediary, such as a bank or clearinghouse system- closed loop systems-Ex: American Express. Open loop systems involve three or more parties. Open loop system-Visa or MasterCard-neither Visa nor MasterCard issues cards directly to consumers. Visa and MasterCard are credit card associations that are operated by the banks who are members in the associations. Member banks-customer issuing banks-responsible for establishing customer credit limits.
Merchant Accounts: A merchant bank or acquiring bank is a bank that does business with sellers that want to accept payment cards. To process payment cards for Internet transactions, an online merchant must set up a merchant account. When the merchant’s bank collects credit card receipts on behalf of the merchant from the payment card issuer, it credits their value to the merchant’s account. When a cardholder successfully contests a charge, the merchant bank must retrieve the money it placed in the merchant account is a process called a chargeback. To ensure that sufficient funds are available to cover chargebacks, a merchant bank might require a company to maintain funds on deposit in the merchant account.
Processing Payment Cards online: software packaged with e-commerce software can handle payment card processing automatically, or merchants can contract with a third party to handle payment card processing- payment processing service providers. Banks connect to an Automatic Clearing House through highly secure, private leased telephone lines. The merchant sends the card info to a payment card authorization company, which reviews the customer account and, if it approves the transaction, sends the credit authorization to the issuing bank. Then the issuing bank deposits the money in the merchant’s web site receives confirmation of the acceptance of the consumer transaction. The merchant website confirms the sale to the customer over the internet.

Electronic cash
Electronic cash (e-cash or digital cash) describes any value storage and exchange system created by a private (nongovernmental) entity that doesn’t use paper documents or coins and that can serve as a substitute for government-issued physical currency. Because e-cash is issued by private entities, there is a need for common standards among all e-cash issuers so that one issuer’s e-cash can be accepted by another issuer. E-cash shows particular promise in two applications: the sale of goods and services priced less than $10 – the loser threshold for credit card payments-and the sale of all goods and services to those without credit cards.
-Internet payments for items costing from a few cents to approximately a dollar are called micropayments.
Privacy and security of e-cash
Concerns about electronic payment methods include privacy and security, independence, portability, and convenience. Electronic cash has unique security problems. First, it must be possible to spend electronic cash only once, just as with traditional currency. Second, e-cash ought to be anonymous, just as hard currency is. That is, security procedures should be in place to guarantee that the entire e-cash transaction occurs only between two parties, and that the recipient knows that the electronic currency being received is not counterfeit or being used in two different transactions. Electronic cash has the advantages of being independent and portable. Advantage-E-cash portability means that it must be freely transferable between any two parties.
Holding e-cash: online and offline cash
Two widely accepted approaches to holding cash exist today: online storage and offline storage. Online cash storage means that the consumer doesn’t personally possess electronic cash. Instead, a trusted third party-an online bank-is involved in all transfers of electronic cash and holds the consumers’ cash accounts-helps prevent fraud by confirming that the consumer’s cash is valid. Offline cash storage is the virtual equivalent of money kept in a wallet. The customer holds it-software safeguards must be used to prevent fraudulent or double spending. Double spending is spending a particular piece of electronic cash twice by submitting the same e=currency to two different vendors.
Advantages and disadvantages of e-cash
E-cash transactions are more efficient (and therefore less costly) than other methods, and that efficiency should foster more business, which eventually means lower prices for consumers. E-cash transfers occur on an existing infrastructure – the internet-and through existing computer systems. Thus, the additional costs that users of e-cash must incur are nearly zero. E-cash doesn’t require that one party obtain an authorization, as is required with credit card transactions. Disadvantages-no audit trail, e-cash is just like real cash in that it cannot be easily traced. Another problem arises: money laundering. Money laundering is a technique used by criminals to convert money that they have obtained illegally into cash that they can spend without having it identified as the proceeds of an illegal activity.
How e-cash works
To begin using e-cash, a consumer opens an account with an e-cash issuer (such as a bank that issues e-cash or a private cendor of e-cash such as paypal) and presents proof of identity. The consumer can then withdraw e-cash. After the issuer verifies the consumer’s identity, it gives the consumer a specific amount of e-cash and deducts the same amount from the consumer’s account
Providing security for e-cash
Cryptographic algorithms are the key to creating tamperproof e-cash that can be traced back to its origins. A two part lock provides anonymous security that also signals when someone is attempting to double spend cahs. When a second transaction occurs for the same e-cash, a complicated process comes into play the reveals the attempted second use and the identity of the original e-cash holder. Double spending can neither be detected nor prevented with truly anonymous e-cash. Anonymous e-cash is e-cash that, like bills and coins, can not be traced back to the person who spent it. One way to be able to trace e-cash is to attach a serial number to each e-cash transaction. -The absence of e-cash standards means that consumers are faced with choosing form an array of proprietary e-cash alternatives – none of which are interoperable. Interoperable software runs transparently on a variety of hardware configurations and on different software systems.

Electronic wallet (sometimes called an e-wallet), serving a function similar to a physical wallet, holds credit card numbers, electronic cash,, owner identification, and owner contact info and provides that info at an electronic commerce site’s checkout counter-give consumers the benefit of entering their info just once. When consumers select items to purchase, they can then click their e-wallet to order the items quickly. E-wallets fall into two categories based on where they are stored. A server side electronic wallet stores a customer’s info on a remote server belonging to a particular merchant or wallet publisher. The main weakness – a security breach could reveal thousands of users’ personal info. A client side e-wallet stores a consumer’s info on his or her own computer. A disadvantage of client side wallets is that they aren’t portable-not available when a purchase is made for a computer other than the computer on which the wallet resides. This removes the risk that an attack on a client side e-wallet vendor’s server could reveal the sensitive info. However, an attack on the user’s computer could yield that info.

Stored value Cards
One solution that could reduce all those cards to a single plastic card is called a stored value card. A stored value card can be an elaborate smart card with a microchip or a plastic card with a magnetic strip that records the currency balance. The main different is that a smart card can store larger amounts of info and includes a processor chip on the card. The card readers needed for smart cards are different, too. Common stored value cards include prepaid phone, copy, subway, and bus cards. Many people use the terms “stored-value card” and smart card interchangeably.
-Most magnetic strip cards hold value that can be recharged by inserting them into the appropriate machines, inserting currency into the machine, and withdrawing the card; the card’s strip stores the increased cash value.
A smart card is a stored value card that is a plastic card with an embedded microchip that can store info. A smart card can store about 100 times the amount of info that a magnetic strip plastic card can store. A smart card can hold private user data, such as financial facts, encryption keys, account info, credit card numbers, health insurance info, medical records. Smart cards are safer than conventional credit cards because the info stored on a smart card is encrypted.

Internet technologies and the banking industry
Check processing
In the past, checks were processed physically by banks and clearinghouses. The retailer’s bank would then send the paper check to a clearing house which would manage the transfer of funds from the consumer’s bank to the retailer’s account. Banks have been working for years to develop technologies that will help them reduce the float. In 2004, a US law went into effect that many bankers believe will eventually eliminate the float.
Phishing attacks
The basic structure of a phishing attack is fairly simple. The attacker sends email messages to a large number of recipients who might have an account at the targeted web site. The email message tells the recipient that his or her account has been compromised and it is necessary for the recipient that his or her account has been compromised and it is necessary for the recipient to log in to the account to correct the matter. The email message includes a link that appears to be a link to the login page of the web site. The link actually leads the recipient to the phishing attack perpetrator’s website, which is disguised to look like the targeted website. The unsuspecting recipient enters his or her login name and password, which the perpetrator captures and then uses to access the recipient’s account.
Organized Crime, Identity theft, and phishing attacks
US laws define organized crime, also called racketeering, as unlawful activities conducted by a highly organized, disciplined association for profit. The associations that engage in organized crime are often differentiated from less organized groups such as gangs and from organized groups that conduct unlawful activities for political purposes such as terrorist organizations-traditionally engaged in criminal activities such as drug trafficking, gambling, money laundering, prostitution, pornography production and distribution, extortion, truck hijacking, fraud, theft, and insider trading. Identity theft is a criminal act in which the perpetrator gathers personal info about a victim and then uses that information to obtain credit. There are two elements in phishing, the collection of the info (done by collectors) and the use of the info (done by cashers).
Phishing attack countermeasures
Since spam is a key elements of phishing attacks, any protocol change that improves email recipients’ ability to identify the source of an email message will also help to reduce the threat of phishing attacks. The most important step that companies can take today-is to educate their web site users. Another anti-phishing technique is to monitor online chat rooms that are used by criminals.

Key Concept Chapter 10 – Electronic Commerce Security

In the late 1970s, the Defense Department formed a committee to develop computer security guidelines for handling classified info on computers- Trusted Computer System Evaluation Criteria.-spelled out rules for mandatory access control.

Online Security Issues Overview
-Computer security is the protection of assets from unauthorized access, use, alteration, or destruction-two general types of security: physical and logical. Physical security includes tangible protection devices, such as alarms, guards, fireproof doors, security defenses. Protection of assets using nonphysical means is called logical security. Any act or object that poses a danger to computer assets is known as a threat.
-Countermeasure is the general name for a procedure, either physical or logical, that reduces, or eliminates a threat. There are four general actions that an organization could take, depending on the impact (cost) and the probability of the physical threat: Contain and control, Prevent, Insurance or backup plan, Ignore.
-An eavesdropper is a person or device that can listen in on and copy internet transmissions. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks are called crackers/hackers.
-Computer security is generally classified into three categories: secrecy, integrity, and necessity.
-A security policy is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviours are acceptable and which aren’t. The policy primarily addresses physical security, network security, access authorizations, virus protection, and disaster recovery. Minimum level of acceptable security for most electronic commerce operations:
Secrecy: prevent unauthorized persons from reading messages and business plans, obtaining credit card numbers, or deriving other confidential info; Integrity: enclose info in a digital envelope so that the computer can automatically detect messages that have been altered in transit; Availability: provide delivery assurance for each message segment so that messages or message segments cannot be lost undetectably; Key management: provide secure distribution and management of keys needed to provide secure communications; Nonrepudiation: provide undeniable, end to end proof of each message’s origin and recipient; Authentication: securely identify clients and servers with digital signatures and certificates.
A security policy covers many security concerns that must be addressed by a comprehensive and integrated security plans: Authentication: who is trying to access the e-commerce site; Access control: who is allowed to log on to and access the e-commerce site; Secrecy: who is permitted to view selected information; Data integrity: who is allowed to change data; Audit: who or what causes specific events to occur, and when

Security for client computers
Cookies-The internet provides a type of connection between web clients and servers called a stateless connection. In a stateless connection, each transmission of info is independent, that is, no continuous connection (also called an open session) is maintained between any client and server on the internet. Cookies are small text files that web servers place on web client computers to identify returning visitors. Also allow web servers to maintain continuing open sessions with web clients. Cookies were invented to solve the stateless connection problem by saving info about a web user from one set of server client message exchanges to another. Two ways of categorizing cookies: by time duration and by source. Time duration cookie categories include: session cookies which exist until the web client ends the connection (or session) and persistent cookies which remain on the client computer indefinitely. Another way of categorizing cookies is by their source. Cookies can be placed on the client computer by the web server site, in which case they are called first party cookies, or cookies. A third party cookie originates on a web site other than the site being visited.
Web bugs- a tiny graphic that a third party web site places on another site’s web page. When a site visitor loads the web page, the web bug is delivered by the third-party site, which can then place a cookie on the visitor’s computer. A web bug’s only purpose is to provide a way for a third party web site to place cookies from that third party site on the visitor’s computer.
Active content refers to programs that are embedded transparently in web pages and that cause action to occur-can display moving graphics, download and play audio, or implement web based spreadsheet programs. An applet is a small application program. Because active content modules are embedded in web pages, they can be completely transparent to anyone browsing a page containing them. A Trojan horse is a program hidden inside another program or web page that masks its true purpose. Zombies are equally threatening-it is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers. Zombie attacks can be very difficult to trace.
Java Applets-The web server sends the Java applets along with web pages requested by the web client. In most cases, the Java applet’s operation will be visible to the site visitor, however, it is possible for a Java applet to perform functions that would not be noticed by the site visitor. Java is platform independent, it can run on many different computers. Once downloaded, embedded Java code can run on a client’s computer, which means that security violations can occur. Untrusted Java applets are those that have not been established as secure.
JavaScript is a scripting language developed by Netscape to enable Web page designers to build active content. When a user downloads a web page with embedded Java Script code, it executes o the user’s (client) computer. Like other active content vehicles, JavaScript can be used for attacks by executing code that destroys the client’s hard disk, discloses the email stored in client mailboxes, etc. JavaScript code can also record the URLS of web pages a user visits and capture info entered into web forms. Unlike Java applets, a Java Script program cannot commence on its own.
An ActiveX control is an object that contains programs and properties that web designers place on web pages to perform particular tasks. ActiveX controls run only on computers with windows operating systems. The security danger with Active X controls is that once they are downloaded, they execute like any other program on a client computer-full access to all system resources.
Graphics and Plug Ins-Some graphics file formats have been designed specifically to contain instructions on how to render a graphic. That means that any web page containing such a graphic could be a threat because the code embedded in the graphic could cause harm to a client computer-browser plug ins, which are programs that enhance the capabilities of browsers, handle web content that a browser cannot handle-perform tasks for a browser, such as playing audio clips, displaying movies, or animating graphics. Pose security threats-users download these plug in programs and install them so their browsers can display content that cannot be included in HTML tags. Viruses, worms, and antivirus software-A virus is software that attaches itself to another program and can cause damage when the host program is activated. A worm is a type of virus that replicates itself on the computers that it infects. A macro virus is a type of virus that is coded as a small program, called a macro, and is embedded in a file. Multivector virus-can enter a computer system in several different ways (vectors).
Digital Certificates- way to control threats from active content is to use digital certificates- an attachment to an email message or a program embedded in a web page that verifies that the sender or web site is who or what it claims to be. It contains a means to send an encrypted message-encoded so other cannot read it-to the entity that sent the original web page or email message. Digital certificates are issued by a certification authority (CA)- requires entities applying for digital certificates to supply appropriate proof of identity.
A key is simply a number used with the encryption algorithm to lock the characters of the message being protected so that they are undecipherable without the key.
Steganography-process of hiding info within another piece of info. This other info resides in the background and is undetectable by anyone without the correct decoding software. A way of hiding an encrypted file within another file so that a casual observer cannot detect that there is anything of importance in the container file. In this two step process, encrypting the file protects it form being read, and steganography makes it invisible.

Communication Channel security
-Secrecy is the prevention of unauthorized info disclosure. Privacy is the protection of individual rights to nondisclosure. Software applications called sniffer programs provide the means to record info that passes through a computer or router that is handling internet traffic.
-An integrity threat, also known as active wiretapping, exists when an unauthorized party can alter a message stream of info. Unlike secrecy threats, where a viewer simply sees info he or she should not, integrity threats can cause a change in the actions a person or corporation takes because a mission critical transmission has been altered. Cybervandalism is the electronic defacing of an existing web site’s page. The electronic equivalent of destroying property or placing graffiti on objects, cybervandalism occurs whenever someone replaces a web site’s regular content with his or her own content. Masquerading or spoofing pretending to be someone you are not, or representing a web site as an original when it is a fake-is one means of disrupting web sites. Domain name servers (DNSs) are the computers on the internet that maintain directories that link domain names to IP addresses.
-The purpose of a necessity threat, also known by other names such as a delay, denial, or denial of service threat, is to disrupt normal computer processing, or deny processing entirely.
Threats to wireless networks-If not protected, a wireless network allows anyone within that range to log in and have access to any resources connected to that network. The security of the connection depends on the Wireless Encryption Protocol (WEP), which is a set of rules for encrypting transmissions from the wireless devices to the WAPs. Attackers-wardrivers, warchalking.
-Encryption is the coding of info by using a mathematically based program and a secret key to produce a strong of characters that is unintelligible. The science that studies encryption is called cryptography- the science of creating messages that only the sender and receiver can read. Cryptography is different from steganography, which makes text undetectable to the naked eye. Cryptography doesn’t hide text; it convents it to other text that is visible, but doesn’t appear to have any meaning.
Encryption Algorithms: the program that transforms normal text, called plain text, into cipher text (the unintelligible string of characters) is called an encryption program. The logic behind an encryption program that includes the mathematics used to do the transformation-is called an encryption algorithm. Hash coding is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length. It is a fingerprint for the message because it is almost certain to be unique for each message. Asymmetric encryption or public key encryption, encodes messages by using two mathematically related numeric keys. One key of the pair, called a public key, is freely distributed to the public at large- to anyone interested in communicating securely with the holder of both keys. The public key is used to encrypt messages using one of several different encryption algorithms. The second key-called a private key-belongs to the key owner, who keeps the key secret. The owner uses the private key to decrypt all messages received. One of the most popular technologies used to implement public key encryption today is called Pretty Good Privacy (PGP). PGP is a set of software tools that can use several different encryption algorithms to perform public key encryption. Symmetric encryption, also known as private key encryption, encodes a message with one of several available algorithms that use a single numeric key to encode and decode data. Because the same key is used, both the message sender and the message receiver must known the key-very fast and efficient.
-Comparing Asymmetric and Symmetric Encryption Systems: Public key (asymmetric) systems provide several advantages over private key (symmetric) encrpyion methods. First, the combination of keys required to provide private messages between enormous numbers of people is small. If n people want to share secret info with one another, then only n unique public key pairs are required – far fewer than an equivalent private key system. Second, key distribution isn’t a problem. Each person’s public key can be posted anywhere and doesn’t require any special handling to distribute. Third, public key systems make implementation of digital signatures possible. Public key systems have disadvantages. One disadvantage is that public key encryption and decryption are significantly slower than private key systems. Don’t replace private key systems, but serve as a complement to them.
-Secure Sockets Layer (SSL) Protocol: SSL provides a security “handshake” in which the client and server computers exchange a brief burst of messages. In those messages, the level of security to be used for exchange of digital certificates and other tasks is agreed upon. Each computer identifies the other. After identification, SSL encrypts and decrypts info flowing between the two computers. Info in both the HTTP request and any HTTP response is encrypted. Secure Sockets Layer allows the length of the private session key generated by every encrypted transaction to be set at a variety of bit length. A session key is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
Secure HTTP (S-HTTP): Secure HTTP (S-HTTP) is an extension to HTTP that provides a number of security features, including client and server authentication, spontaneous encryption, and request/response nonrepudiation. S-HTTP provides symmetric encryption for maintaining secret communications and public key encryption to establish client/server authentication. S-HTTP differs from SSL in the way it establishes a secure session. SSL carries out a client/server handshake exchange to set up a secure communication, but S-HTTP sets up security details with special packet headers that are exchanged in S-HTTP. A secure envelope encapsulates a message and provides secrecy, integrity, and client/server authentication. S-HTTP is no longer used by many web sites. SSL has become a more generally accepted standard for establishing secure communication links between web clients and web servers.

Security for Server Computers
-The server is the third link in the client-internet server e-commerce path between the user and a web server.
Web Server Threats-Web server software is designed to deliver web pages by responding to HTTP requests. A web server can compromise secrecy if it allows automatic directory listings.
-Dictionary attack programs cycle through an electronic dictionary, trying every work in the book as a password. Users’ passwords, once broken, may provide an opening for illegal entry into a server that can remain undetected for a long time.
-buffer is an area of memory set aside to hold data read from a file or database. A buffer is necessary whenever any input or output operation takes place because a computer can process file info much faster than the info can be read from input devices or written to output devices.
-An access control list is a list or database of files and other resources and the usernames of people who can access the files and other resources.
-firewall is software or hardware and software combination that is installed in a network to control the packet traffic moving through it. Most organizations place a firewall at the internet entry point of their networks. The firewall provides a defense between a network and the internet or between a network and any other network that could pose a threat.
-networks inside the firewall are often called trusted, whereas networks outside the firewall are called untrusted. Acting as a filter, firewalls permit selected message to flow into and out of the protected network.
-Firewalls are classified into the following categories: packet filter, gateway server, and proxy server. Packet filter firewalls examine all data flowing back and forth between the trusted network and the internet. Packet filtering examines the source and destination addresses and ports of incoming packets and denies or permits entrance to the packets based on a preprogrammed set of rules. Gateway servers are firewalls that filer traffic based on the application requested. Gateway servers limit access to specific applications such as Telnet, FTP, and HTTP. In contrast to a packet filter technique, an application level firewall filters requests and logs them at the application level, rather than at the lower IP level. A gateway firewall provides a central point where all requests can be classified, logged, and later analyzed. Proxy server firewalls are firewalls that communicate with the internet on the private network’s behalf. Intrusion detection systems are designed to monitor attempts to login to servers and analyze those attempts for patterns and might indicate a cracker’s attack is underway. Once the intrusion detection system identifies an attack, it can block further attempts that originate form the same IP address. In addition to firewalls installed on organizations’ networks, it is possible to install software only firewalls on individual client computers-personal firewalls.

Ch.9 Key Concept-Electronic Commerce Software

Web Hosting Alternatives
When companies need to incorporate electronic commerce components, they may opt to run servers in house-self hosting. Many midsize and smaller companies decide that a third-party web hosting service provider is a better choice than self hosting. A number of companies called Internet service providers (ISPs) provide internet access to companies and individuals-some offer web hosting as well-sometimes call themselves commerce service providers (CSPs). These firms often offer web server management and rent application software (such as databases, shopping carts, and content management programs) to businesses, sometimes called managed service providers. Service providers offer clients hosting arrangements that include shared hosting, dedicated hosting, and co-location. Shared hosting means that the client’s web site is on a service that hosts other web sites simultaneously and is operated by the service provider at its location. Dedicated hosting-service provider makes a web server available to the client, but the client doesn’t share the server with other clients of the service provider. The service provider is responsible for maintaining the routers, and other network hardware. In a co-location service, the service provider rents a physical space to the client to install its own service hardware. The client installs its own software and maintains the server-the service provider is responsible only for providing a reliable power supply and a connection to the internet through its routers and other networking hardware. The best hosting services provide web server hardware and software combinations that are scalable, which means they can be adapted to meet changing requirements when their clients grow.

Basic functions of electronic commerce software
Inexpensive end of the spectrum-externally hosted stores that provide software tools to build an online store on a host’s site. At the other end- software suites that can handle high transaction volumes and include a broad assortment of features and tools. The type of e-commerce software an organization needs depends on several factors- the expected size of the enterprise and its projected traffic and sales, budget, etc. All e-commerce solutions must at least provide:
-a catalog display, shopping cart capabilities, transaction processing
Additional software components: middleware that integrates the e-commerce system with existing company info systems that handle inventory control, order processing, and accounting, enterprise application integration, web services, integration with enterprise resource planning software, supply chain management software, CRM, content management software, knowledge management software
Catalog display
A static catalog is a simple list written in HTML that appears on a web page or a series of web page. A dynamic catalog stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the web site itself. It can feature multiple photos of each item, detailed descriptions, and a search tool.
Shopping cart
In the early days of e-commerce, shoppers selected items they wanted to purchase by filling out online forms. This system was awkward for ordering more than one or two items at a time. One problem with forms-based shopping was that shoppers had to write down product codes, unit prices, and other info about the product before going to the order form, which was inevitably on another page. Today, shopping carts are a standard of e-commerce. It keeps track of the items the customer has selected and allows customers to view the contents of their cards, add new items, or remove items. To order an item, the customer simply clicks that item.
Transaction processing
Transaction processing when the shopper proceeds to the checkout by clicking a checkout button. Then, the e-commerce software performs any necessary calculations such as volume discounts, sales taxes, and shipping costs. Most complex part of the online sale.

Advanced functions of e-commerce software
Middleware
Establish the connections between their e-commerce software and their existing accounting systems. Most of the cost of middleware isn’t the software itself, but the consulting fees needed. Making a company’s info systems work together is called interoperability.
Enterprise application integration and databases
A program that performs a specific function, such as creating invoices, calculating payroll or processing payments received from customers, is called an application program/application software. An application server is a computer that takes the request messages received by the web server and runs application programs that perform some kind of action based on the contents of the request messages. The actions that the application server software performs are determined by the rules-business logic. Links among these scattered applications so that the organization’s business logic can be interconnected is called application integration/enterprise application integration-accomplished by programs that transfer info from one application to another, programmers are using XML data feeds more. Application servers are usually grouped into two types: page based and component based systems. Page based application systems return pages generated by scripts that include the rules for presenting data on the web page with the business logic. Larger businesses often prefer to use a component based application system that separates the presentation logic from the business logic. Application servers usually obtain the business logic info they use to build web pages from databases. A database manager is software that stores info in a highly structured way. Large information systems that store the same data in many different physical locations are called distributed info systems and the databases within those systems are called distributed database systems. Most web stores selling many products use a database that stores product info, including size, color, type, and price details.
Web services
Web services as a combination of software tools that let application software in one organization communicate with other applications over a network by using a specific set of standard protocols known by their acronyms: SOAP, UDDI, and WSDL.
How web services work: a key element of the web services approach is that programmers can write software that accesses these units of business application logic without knowing the details of how each unit is implemented. Web services can be mixed and matched with other web services to execute a complex business transaction. The first web services were info sources. The web services model allowed programmers to incorporate these info sources into software applications.
SOAP, WSDL, and UDDI Specifications: three rule sets (usually called protocols or specifications) let programs work with the formatted (using XML or HTML) data flows to accomplish the communication that makes web services work. The simple object access protocol (SOAP) is a message-passing protocol that defines how to send marked up data from one software application to another across a network. The characteristics of the logic units that make up specific web services are described using the web services description language (WSDL). They can use the info in a WSDL description to modify an application program so it can connect to a web service. Programmers (and, eventually, the programs themselves) need to find the location of web services before they can interpret their characteristics (described in WSDL) or communicate with them (using SOAP). The set of protocols that identify locations of web services and their associated WSDL descriptions is called the Universal Description, Discovery, and Integration (UDDI) specification.
The future of web services: Much of the data in web services applications is stored and transmitted in XML format. Because there are so many variations of XML is in use today, it is critical that data providing and data using partners agree on which XML implementation to use. No web services management standards or history of best practices – this lack of standards means that each web service subscriber needs a detailed agreement (specifying service levels, quality of service standards, and so on) with each web services provider.
Integration with ERP Systems
Many B2B web sites must be able to connect to existing info systems such as enterprise resource planning software. Enterprise resource planning (ERP) software packages are business systems that integrate all facets of a business.

E-Commerce Software for small and midsize companies
Basic Commerce Service Providers
Using a service provider’s shared or dedicated hosting services instead of building in-house servers or using a co-location service means that the staffing burden shifts from the company to the web host. CSPs have the same advantages as ISP hosting services, spreading the cost of a large web site over several “renters” hosted by the service.
Mall style commerce service providers
Mall style CSPs provide small businesses with an Internet connection, web site creation tools, and little or no banner advertising clutter. Web hosts in this group charge a monthly fee that is often higher than that of lower end providers, and may also charge one time setup fees. Some of these providers also charge a percentage of or fixed amount for each customer transaction. The CSP processes the acceptance and authorization of credit cards on behalf of the merchant.

E-commerce software for midsize to large businesses
The midrange packages allow the merchant to have explicit control over merchandising choices, site layout, internal architecture, and remote and local management options. The midrange and basic e-commerce packages differ on price, capability, database connectivity, software portability, software customization tools, and computer expertise required of the merchant.
Web site development tools
Although they are more often used for creating small business site, it is possible to construct the elements of a midrange e-commerce web site using the web page creation and site management tools – Macromedia Dreamweaver, Microsoft FrontPage. After creating the web site with these development tools, the designer can add purchased software elements, such as shopping carts and content management software, to the site. The final step is to create the middleware that connects the site to the company’s existing product and transaction processing databases. Buying and using midrange e-commerce software is more expensive than using CSPs. Midrange software traditionally offers connectivity to database systems that store catalog info.

E-commerce software for large businesses
Larger businesses require many of the same advanced capabilities as midsize firms, but the larger firms need to handle higher transaction loads. They need dedicated software applications to handle specific elements of their online business. The distinction between midrange and large scale e-commerce software is much clearer than the one between basic systems and midrange systems. The tell tale sign is price. Commerce software in this class is sometimes called enterprise-class software- a system that serves multiple locations or divisions of one company and encompasses all areas of the business or enterprise.
Enterprise class e-commerce software
Enterprise-class software provides good tools for linking to and supporting supply and purchasing activities. For a selling business, e-business software provides standard e-commerce activities, such as secure transaction processing and fulfillment, but it can also do more. In contrast, both basic and midrange e-commerce packages usually require an administrator to check inventory manually and place orders explicitly for items that need to be replenished. A merchant server houses the e-business system and key back end software. It processes payments, computes shipping and taxes, and sends a message to the fulfillment department when it must ship goods to a purchaser.

Supply Chain Management Software
Supply chain management (SCM) software helps companies to coordinate planning and operations with their partners in the industry supply chains of which they are members-performs two general types of functions: planning and execution. SCM planning software helps companies develop coordinated demand forecasts using info from each participant in the supply chain. SCM execution software helps with tasks such as warehouse and transportation management.
Content Management Software
Most e-commerce software comes with wizards and other automated helpers that create template-driven pages, such as home pages, about pages, and contact pages. But most businesses want to customize web pages. Content management software helps companies control the large amounts of text, graphics, and media files that have become a key part of doing business.
Knowledge management software
An increasing number of large companies have achieved cost savings by using content management software. Software is designed to help companies manage info that, until recently, was stored in paper reports, schedules, analyses, and memos. KM software helps companies do four main things: collect and organize info, share the info among users, enhance the ability of users to collaborate, and preserver the knowledge gained through the use of info so that future users can benefit from the learning of current users-includes tools that read e-documents scanned paper documents, email messages, and web pages.

Ch. 8 Key Concept-Web Server Hardware and Software

Web Server Basics
Elements of a web server: hardware (computers/related components), operating system software, and web server software.

Types of web sites
First step in planning a web server-determine what the company wants to accomplish with the server. Decisions about sever hardware and software should be driven by the volume and type of web activities expected. Types of sites include:
-Development sites: simple sites that companies use to evaluate different web design with little initial investment. A development site can reside on an existing PC running web server software.
-Intranets: corporate networks that house internal memos, corporate policy handbooks, expense account worksheets, budgets, newsletters, and a variety of other corporate documents
-Extranets: allow certain authorized parties outside the company to access parts of the information in the system
-Transaction-processing sites such as business to business and business to consumer electronic commerce sites that must be available 24 hours a day, seven days a week. These sites must have spare server computers for handling high traffic volumes and must run web and commerce software that is efficient and easily upgraded.
-Content delivery sites: deliver content such as news, histories, summaries, and other digital information. Content must be presented rapidly on the visitor’s screen. Sites must be available 24 hours a day, seven day a week and hardware requirements are similar to those of transaction-processing commerce sites.
Web clients and web servers
When people use their internet connections to become part of the web, their computers become web client computers on a worldwide client/server network- used in LANs, WANs, and the web. The client computer request services from the server. Web browser software is the software that makes computers work as web clients-called web client software. Web software is platform neutral-it lets computers communicate with each other easily and effectively.
Dynamic content
A dynamic page is a web page whose content is shaped by a program in response to user requests, whereas a static page is an unchanging page retrieved from disk. Static pages require less computing power than dynamic page delivery. Dynamic content is nonstatic information constructed in response to a web client’s request-use of databases, etc.
On a web site that is a collection of HTML pages, the content on the site can be changed only by editing the HTML in the pages. This doesn’t allow customized pages to be produced in response to specific queries. To create customized pages, web sites use one of two basic approaches: server-side scripting or a dynamic page generation technology.
Server side scripting: in server side scripting programs running on the web server creates the web pages before sending them back to the requesting web clients as parts of response messages are slow.
Dynamic page generation technologies: Server side scripts are mixed with HTML tagged text to create dynamic web pages. The future of dynamic web page generation: critics of dynamic page creation technologies- do not really solve the problem of dynamic web page generation. They argue that these dynamic page creation approaches merely shift the task of creating dynamic pages from people who write HTML code to ASP programmers. The Apache Cocoon Project- outlined a more complex model of the web page generation process that identifies four areas of concern (logic, content, style, and management). It lets web page developers divide the work into these four areas of concern and it breaks the direct connection between logic and style. By separating the logic (the work of programmers) and styles (the work of graphic artists) that is combined in the structure of HTML, web designers could make dynamic web page design easier in the future.
Various Meanings of “Server”
A server is any computer used to provide files of make programs available to other computers connected to it through a network. The software that the server computer uses to make these files and programs available called server software. Some servers are connected through a router to the internet-can run software, called web server software that makes files on those servers available to other computers on the internet. When a server computer is connected to the internet and is running web server software it is called a web server. The server computer that handles incoming and outgoing email is usually called an email server, and the software that managers email activity on that server is frequently called email server software. The server computer on which database management software runs is often called a database server.
Web client/ server communication
A web page containing many graphics and other objects can be slow to appear in the client’s web browser window because each page element (each graphic or multimedia file) requires a separate request and response.
Two tier client/server architecture
The basic web client/server model is a two tier model because it has only one client and one server. The message that a web client sends to request a file or files from a web server is called a request message-consists of three major parts:
-request line (contains a command, the name of the target resource (a filename and a description of the path to that file on the server), and the protocol name and version number)
-optional request headers (contain info about the types of files that the client will accept in response to this request)
-optional entity body (sometimes used to pass bulk info to the server)
When the server receives the request message it executes the command included in the message by retrieving the web page file from its disk and then creating a property formatted response message to send back to the client. A server’s response consists of three parts that are identical in structure to a request message: a response header line indicates the HTTP version used by the server, the status of the response and an explanation of the status information. Response header fields follow the response header line. A response header field returns info describing the server’s attributes. The entity body returns the HTML page requests by the client machine.
Three tier and N-tier client/server architectures
A three tier architecture extends the two tier architecture to allow additional processing (ex: collecting the info from a database needed to generate a dynamic web page) to occur before the web server responds to the web client’s request. The client request is formulated into an HTTP message by the web browser, sent over the internet to the web server, and examined by the web server. The web server analyzes the request and determines that responding to the request requires the help of the server’s database. The server sends a request to the database management software to search for, retrieve, and return all information about exotic fruit in the catalog database. The database info flows back through the database management software system to the server, which formats the response into an HTML document and sends that documents inside an HTTP response message back to the client over the internet.

Software for web servers
Operating systems for web servers
Operating system tasks include running programs and allocating computer resources such as memory and disk space to programs. Open source software is developed by a community of programmers who make the software available for download at no cost.
The performance of one web server differs from that of another based on workload, operating system, and the size and type of web pages served.

Electronic Mail
E-mail is the most popular form of business communication
Email conveys messages from one destination to another in few seconds. One feature of email is that documents, pictures, movies, worksheets, or other information can be sent along with the message itself.
Email drawbacks-annoyance, amount of time that businesspeople spend answering their email today, about 5 mins per message
The computer virus is a program that attaches itself to another program and can cause damage when the host program is activated. The most frustrating and expensive problem associated with email today is the issue of unsolicited commercial email – spam.
Individual user antispam tactics
-reduce the likelihood that a spammer can automatically generate their email addresses-using an email address that is more complex, individuals can reduce the chances that a spammer can randomly generate his or her address. A second way to reduce spam is to control the exposure of an email address.
Basic Content Filtering: all content filtering solutions require software that identifies content elements in an incoming email message that indicate the message is (or is not) spam. Most basic content filters examine the email headers and look for indications that the message might be spam. The software can be placed on individual users’ computers-client level filtering or on mail server computers-server level filtering. The most common basic content filtering techniques are black lists and white lists. A black list spam filter looks for From addresses in incoming messages that are known to be spammers-can delete the message or put it into the separate mailbox for review. The biggest drawback to the black list approach is that spammers frequently change their email servers, which means that a balck list must be continually updated to be effective. A white list spam filter examines From addresses and compares them to a list of known good sender addresses and usually applied at the individual user level, although it is possible to do the filtering at the organization level if the email administrator has access to all individuals’ address books. The main drawback to this approach is that it filters out any messages sent by unknown parties, not just spam.
Challenge-responses content filtering: one content filtering technique uses a white list as the basis for a confirmation procedure called challenge-response, compares all incoming messages to a white list. If the message is from a sender who isn’t on the white list, an automated email response is sent to the sender. This message (the challenge) asks the sender to reply to the email (the response). These challenges are designed so that a human can respond easily, but a computer would have difficultly formulating the response. One major drawback to challenge response systems is that they can be abused. Another issue with challenge-response systems will arise if they become widespread. Most mail that any individual receives from unknown sender. A challenge-response system thus doubles the amount of useless email messages that must be handled by the Internet’s infrastructure.
Advanced content filtering: advanced content filters that examine the entire email message can be more effective than basic content filters that only examine the message headers on the IP address of the email sender. When the filter identifies an indicator in a message, it increases that message’s spam “score”. Bayesian revision is a statistical technique in which additional knowledge is used to revise earlier estimates of probabilities. In software that contains a naïve Bayesian filter the software begins by not classifying any messages. The user reviews messages and indicates to the software which messages are spam and which aren’t/ The software gradually learns (by revising its estimates of the probability that a message element appears in a spam message) to identify spam messages.

Ch.12: planning for e-commerce

Planning electronic commerce initiatives
- keys to successful implementation of info technology projects: planning and execution.
-when setting objectives consider the role of the project, intended scope, and resources available
Identifying objectives
-Common objectives: increasing sales in existing markets, opening new markets, serving existing customers better, identifying new vendors, coordinating more efficiently with existing vendors, or recruiting employees more effectively. Linking Objectives to business strategies
-Can use tactics called downstream strategies to improve the value that the business provides to its customers. Pursuing upstream strategies is when focusing on reducing costs or generating value by working with suppliers.
First wave- firms conducted e-commerce without setting specific and measurable goals. Second wave- closer look at the benefits and costs
Measuring benefits
Complication occur when trying to measure things such as brand awareness or sales because the increases can be caused by other things that the company is doing at the same time or by a general improvement in the economy. Some sites use online surveys to gather this data; most settle for estimates based on the length of time each visitor remains on the site and how often visitors return.
Total cost of ownership
Many sites track costs by activity and calculate a total cost for each activity. Total cost of ownership (TCO)-include a wide variety of costs related to the activity-hardware, software, design work outsourced, salaries.
Opportunity costs
One of the largest and most significant costs -the cost of not undertaking an initiative-opportunity cost (lost benefits)
Web site costs
Large portion of the costs is from labor (79%). Estimates for the cost of creating a web business at three different levels: a basic entry level, a level comparable to most existing web competitors and a level that makes the website stand out-true differentiator. Annual cost to maintain and improve a site once it is up and running-whether it is a small site or a large site-will be between 50% and 200% of its initial cost. Smaller organizations can control their costs by using a combination of a third party hosting service and packaged electronic commerce software.
Return on Investment (ROI)
Payback method, net present value method, internal rate of return method-return on investment (ROI)-measure the amount of income (return) that will be provided by a specific current expenditure. ROI has some built in biases that can lead managers to make poor decisions. First, ROI requires that all costs and benefits be stated in dollars. Because it is usually easier to quantify costs than benefits, ROI measurements can be biased in a way that gives undue weight to costs. Second, ROI focuses on benefits that can be predicted. It also tends to emphasize short run benefits over long run benefits. This biases ROI calculations to weigh short term costs and benefits more heavily than long term costs and benefits.

Strategies for developing electronic commerce web sites
When companies began establishing their presences on the web, the typical web site was a static brochure that wasn’t updated frequently with new information
1994-1996 -STATIC BROCHURE (contact info, logo and other branding, some product information, financial statements
1996-1999-TRANSACTION PROCESSING (static brochure, plus: complete product catalog, shopping cart, secure payment processing, order info inquiries, shipment tracking
1999-Present-FULL RANGE OF AUTOMATED BUSIENSS PROCESSES (transaction processing, plus: personalization, interactive capabilities, frequently updated content, customer relationship management tools).
Internal development vs. outsourcing
-Using internal people to lead projects helps to ensure that the company’s specific needs are addressed and that the initiative is congruent with the goals and the culture of the organization. However, few companies are large enough or have in house expertise. OPTIONS:
The internal team: the first step is determining which parts of an electronic commerce project to outsource is to create an internal team that is responsible for the project. Members should be recognized by their peers as successful individuals so the project doesn’t suffer from lack of credibility. The internal team should hold ultimate and complete responsibility for the electronic commerce initiative, from the setting of objectives to the final implementation and operation of the site.
Early outsourcing: outsource the initial site design and development to launch the project quickly. The outsourcing team then trains the company’s info systems professionals in the new technology before handing the operation of the site to them-early outsourcing.
Late outsourcing: more traditional approaches, the company’s info systems professionals do the initial design and development work, implement the system, and operate the system until it becomes a stable part of the business operation. Once the company has gained all the competitive advantage provided by the system, the maintenance of the electronic commerce system can be outsourced so that the company’s info systems professionals can turn their attention and talents to developing new technologies that will provide further competitive advantage.
Partial outsourcing: In partial outsourcing, which is also called component outsourcing, the company identifies specific portions of the project that can be completely designed, developed, implemented, and operated by another firm that specializes in a particular function. One of the most common elements of electronic commerce initiatives that companies outsource using this approach is the web hosting activity. Providers of internet connectivity, applications, and business services (including ISPs, CSPs, MSPs, and ASPs) offer web hosting services to companies that want to operate electronic commerce sites, but that do not want to invest in the hardware and staff needed to create their own web servers.
Selecting a hosting service
The internal team should be responsible for selecting the ISP that will provide the site’s hosting service. It can consult an ISP directory. The team should obtain the advice of consultants that rate service providers (ISPs, ASPs, and CSPs); the most important factors to evaluate: functionality, reliability, bandwidth and server scalability, security, backup and disaster recovery, cost
New Methods for Implementing Partial Outsourcing
Incubators: an incubator is a company that offers start up companies a physical location with offices, accounting and legal assistance, computers, and Internet connections at a very low monthly cost. Receives an ownership interest in the company-10% and 50%. When the company grows to the point that it can obtain venture capital financing or launch a public offering of its stock, the incubator sells all or part of its interest and reinvests the money in new incubator candidates.
Fast Venturing: In fast venturing an existing company that wants to launch an electronic commerce initiative joins external equity partners and operational partners that can offer the experience and skills needed to develop and scale up the project very rapidly. Venture Sponsor: develops idea, staffs internal team, creates prototype, provides all or most of the start up funds (is the existing company that wants to launch the electronic commerce initiative) Equity partners: review and refine ideas, provide advice, evaluate prototype, provide contacts (including operational partners) (entities that have provided start up money to new ventures in the past and have developed knowledge about operating new ventures) Operational partners: turn ideas into a business plan, provide financial, technical, and operations expertise, provide industry best practices knowledge, scale up prototype to an operating model (people and companies that previously have built web business sites)

Managing electronic commerce implementations
Use formal management techniques. Project management, project portfolio management, specific staffing, and postimplementation audits are methods businesses use to efficiently administer their e-commerce projects.
Project management is a collection of formal techniques for planning and controlling the activities undertaken to achieve a specific goal-developed by the US military in the 1950s and the 1960s to develop weapons and other large systems. The project plan includes criteria for cost, schedule, and performance-it helps project managers make intelligent trade off decisions regarding these three criteria. Information systems development projects are much more likely to fail than other types of projects. Causes-rapidly changing technologies, long development times, and changing customer expectations, many teams rely on project management software to help. E-commerce initiatives are more successful that other types of info system implementations in general.
Project portfolio management is a technique in which each project is monitored as if it were an investment in a financial portfolio. The CIO records the projects in a list and updates the list regularly with current information about each project’s status. Project management software tracks the details of how each project is accomplishing its specific goals. In project portfolio management, the CIO assigns a ranking for each project based on its importance to the strategic goals of the business and its level of risk.
Staffing
The business management function should include internal staff. The business manager should be a member of the internal team that sets the objectives for the project. The business managers is responsible for implementing the elements of the business plan and reaching the objectives set by the internal team.
A project manager is a person with specific training or skills in tracking costs and the accomplishment of specific objectives in a project. An account manager keeps track of multiple web sites in use by a project or keeps track of the projects that will combine to create a larger web site. Most larger projects will have a test version, a demonstration version, and a project version of the web site located on different servers. The test version is the under construction version of the web site. The demonstration version has features that have passed testing and must be demonstrated to an internal audience. The production version is the full operating version of the site that is available to customers and other visitors. The account manager supervises the location of specific web pages and related software installations as they are moved from test to demonstration to production.
Applications specialists maintain accounting, human resources, and logistics software. As web sites have become more complicated, the need for web programmers, who design and write the underlying code for dynamic database-driven web pages, has increased.
Content creators – write original content; content managers/editors-purchase existing materials and adapt it for use on the site.
Customer service personnel help design and implement customer relationship management activities in the electronic commerce operation. They can issue and administer passwords, design customer interface features, handle customer email and telephone requests for service of follow up action, and conduct telemarketing for the site.
The systems administrator is responsible for the system’s reliable and secure operation.
Network operations staff functions include load estimation and load monitoring, resolving network problems as they arise, designing and implementing fault resistant technologies, and managing any network operations that are outsourced to service providers or telephone companies.
Database administration-support activities such as transaction processing, order entry, inquiry management, or shipping logistics

Post implementation Audits
-formal review of a project after it is up and running. The audit should result in a comprehensive report that analyzes that project’s overall performance, how well the project was administered, whether the organizational structure was appropriate for the project, and the specific performance of the project team(s). Summaries of member performance can help managers decide which employees should be included in future projects.

Ch. 7 Key Concept-The Legal Environment of Electronic Commerce

Businesses operating on the web face additional factors: (1) the web extends a company’s reach beyond traditional boundaries; (2) the web increases the speed and efficiency of business communications.

Borders and Jurisdiction
The relationship between geographic boundaries and legal boundaries in based on: power, effects, legitimacy, and notice.
Power: control over physical space and the people and objects that reside in that space. For laws to be effective a government must be able to enforce them. The ability of a government to exert control-jurisdiction.
Effects: relationship between physical proximity and the effects or impact of a person’s behaviour.
Legitimacy: the legitimate right to create and enforce laws derives from the mandate of those who are subject to those laws. Legitimacy is the idea that those subject to laws should have some role in formulating them.
Notice: People receive constructive notice that they have become subject to new laws and cultural norms when they cross an international border.
Jurisdiction on the internet
Defining, establishing, and asserting jurisdiction is more difficult on the internet-because geographic boundaries do not exist.
Subject-matter jurisdiction: a court’s authority to decide a particular type of dispute.
Personal jurisdiction: determined by the residence of the parties. A court has personal jurisdiction over a case if the defendant is a resident of the state in which the court is located. An out of state person or corporation can also voluntarily submit to the jurisdiction of a particular state court by agreeing to do so in writing or by taking certain actions in the state. Forum selection clause- contract will be enforced according to the laws of a particular state. Long arm statutes create personal jurisdiction over nonresidents who transact business or commit tortuous acts in the state.
Jurisdiction in international commerce: jurisdiction across international borders is governed by treaties between the countries. Non-US corporations and individuals can be sued in US courts if they conduct business or commit tortuous acts in the US. Foreign courts can enforce decisions against US corporations or individuals through the US court system if those courts can establish jurisdiction over the matter. Courts asked to enforce the laws of other nations sometimes follow a principle called judicial comity.
Contracting and Contract Enforcement in e-commerce
Any contract includes three essential elements: an offer, an acceptance, and consideration. On the internet – offers and acceptances can occur when parties exchange e-mail messages, engage in electronic data interchange (EDI), or fill out forms on web pages. When a seller advertises goods for sale on a web site, that seller is not marking an offer, but is inviting offers from potential buyers. When a buyer submits an order, which is an offer, the seller can accept that offer and create a contract. Written contracts on the web: certain categories of contracts aren’t enforceable unless the terms are put into writing and signed by both parties. Contracts for the sale of goods worth more than $500 and contracts that require actions that cannot be completed within one year must be created by a signed writing. A writing exists when the terms of a contract have been reduced to some tangible form.
Warranties on the web: any contract for the sale of goods includes implied warranties. A seller implicitly warrants that the goods it offers for sale are fit for the purposes for which they are normally used. Sellers can avoid some implied warranty liability by making a warranty disclaimer. A warranty disclaimer is a statement declaring that the seller will not honor some or all implied warranties.
Authority to Form Contracts: In general, courts will not hold a person or corporation whose identity has been forged to the terms of the contract; however, if negligence on the part of the person or corporation contributed to the forgery, a court may hold the negligent party to the terms of the contract.
Terms of service agreements: a site visitor is held to the terms of service even if that visitor has not read the text or clicked a button to indicate agreement with the terms.

Use and protection of intellectual property in lone business
Intellectual property –all products of the human mind.
Copyright infringement: a copyright is a right granted by a government to the author or creator of a literary or artistic work. Gives the author or creator the sole and exclusive right to print, publish, or sell the work-include virtually all forms of artistic or intellectual expression. In the US, works created after 1977 are protected for the life of the author plus 70 years. Many countries required the creator of a work to register that work to obtain copyright protection. US law still allows registration, but registration is no longer required. Most US web pages are protected by the automatic copyright provision of the law because they arrange the elements of words, graphics, and HTML tags in a way that creates an original work. The fair use of a copyrighted work includes copying it for use in criticism, comment, news reporting, teaching, scholarship, or research-provide a citation to the original work. An entity becomes liable for vicarious copyright infringement if it is capable of supervising the infringing activity and obtains a financial benefit from the infringing activity.
Patent Infringement: a patent is an exclusive right granted by the government to an individual to make, use, and sell an invention. In the US, patents on inventions protect the inventor’s rights for 20 years. A patent on the design for an invention provides protection for 14 years. To be patentable, an invention must be genuine, novel, useful, and not obvious given the current state of technology.
Trademark Infringement: a trademark is a distinctive mark, device, motto, or implement that a company affixes to the goods it produces for identification purposes. A service mark is similar to a trademark, but it is used to identify services provided.

Cybersquatting is the practice of registering a domain name that is the trademark of another person or company in the hopes that the owner will pay huge amounts of money to acquire the URL. A related problem, called name changing, occurs when someone registers purposely misspelled variations of well known domain names. Name stealing occurs when someone posing as a site’s administrator changes the ownership of the site’s assigned domain name to another site and owner. Disputes that arise when one person has registered a domain name that is an existing trademark or company name are settled by the World Intellectual Property Association. A domain name ownership change occurs when owner info maintained by a public domain registrar is changed in the registrar’s database to reflect a new owner’s name and business address.
Protecting Intellectual Property Online
Several industry trade groups have proposed solutions to the current problems in digital copyright protection, including host name blocking, packet filtering, and proxy servers. One promising technique employs steganography to create a digital watermark. The watermark is a digital code or stream embedded undetectably in a digital image or audio file. It can be encrypted to protect its contents, or simply hidden among the bits-digital info-comprising the image or recording. Copy control is an electronic mechanism for limiting the number of copies that one can make of a digital work.
Defamation
A defamatory statement is a statement that is false and that injures the reputation of another person or company. If the statement injures the reputation of a product or service instead of a person, it is called product disparagement. A person must establish that the defamatory statement caused injury. Per se defamation-a court deems some types of statements to be so negative that injury is assumed. An important exception in US law exists for statements that are defamatory-but that are about a public figure. Statements of personal opinion are true statements and thus neither defamatory nor disparaging.
Deceptive trade practices
If the objects being manipulated are trademarked, however, these manipulations can violate the trademark holder’s rights. Web sites that include links to other sites must be careful not to imply a relationship with the companies sponsoring the other sites unless a relationship exists. Trademark dilution is the reduction of the distinctive quality of a trademark by alternative uses.
Advertising Regulation
Advertising is regulated primarily by the federal trade commission – publishes regulations and investigates claims of false advertising. Bait advertising, consumer lending and leasing, endorsement and testimonials, energy consumption statements for home appliances, guarantees and warranties, prices
Online crimes
-includes online versions of crimes that have been undertaken for years in the physical world, including theft, stalking, distribution of porn, and gambling. Other crimes, such as commandeering one computer to launch attacks on other computers, are new. Law enforcement agencies - obstacle they face is the issue of jurisdiction. Another problem facing law enforcement officers is the difficulty of applying law that were written before the internet.

Ethical Issues
The Electronic Communications Privacy Act of 1986 is the main law governing privacy on the Internet today. This law was enacted before the general public began its wide use of the internet. The law was written to update existing law that prevented interception of audio signal transmissions so that any type of electronic transmissions would be given the same protections. One of the major privacy controversies in the US today is the opt in versus opt out issue. The most common policy used in US companies today is an opt out approach. In an opt out approach, the company collecting the info assumes that the customer doesn’t object to the company’s use of the info unless the customer specifically chooses to deny permission. In the less common opt in approach the company collecting the info doesn’t use the info for any other purpose unless the customer specifically chooses to allow that use.

Taxation and Electronic Commerce
Firms that engage in e-commerce must comply with these multiple tax laws from their first day of existence. Income taxes are levied by national, state, and local governments on the net income generated by business activities. Transaction taxes which include sales taxes, use taxes, excise taxes, and customer duties, are levied on the products or services that the company sells or uses. Property taxes are levied by states and local governments on the personal property and real estates used in the business. Web businesses are income taxes and sales taxes.
Nexus
A government acquires the power to tax a business when that business establishes a connection with the area controlled by the government.
US Income Taxes
A basic principle of the US tax system is that any verifiable increase in a company’s wealth is subject to federal taxation. Any company whose US based web site generates income is subject to US federal income tax. A web site maintained by a company in the US must pay federal income tax on income generated by a company in the US must pay federal income tax on income generated outside of the US.
US State Sales Taxes
Businesses that establish nexus with a state must file sales tax returns and remit the sales tax they collect from their customers. If a business ships goods to customers in other states, it is not required to collect sales tax from those customers unless the business has established nexus with the customer’s state. A use tax is a tax levied by a state on property used in that state that was not purchased in that state. Larger businesses use complex software to manage their sales tax obligation. Some purchasers are exempt from sales tax, such as certain charitable organizations and businesses buying items for resale.
EU Value Added Taxes
The Value Added Tax is assessed on the amount of value added at each stage of production-is collected by the seller at each stage of the transaction. Companies based in EU countries must collect VAT on digital goods no matter where in the EU the products are sold. Non EU companies that sell into the EU must now register with EU tax authorities and levy, collect, and remit VAT if their sales include digital goods delivered into the EU.

ch.6 Key Concept

Key Concept
This chapter discusses a new options brought on by the internet for supply chain management and procurement. It discusses a variety approaches that companies have taken with regards to obtaining materials and selling products online.

Origins of auctions
-earliest records of auctions-Babylon (500 BC)-men bid against each other for the women they wished to marry.
-Auctions became common activities in 17th century England (taverns held regular auctions of art and furniture)
-bids -price willing to pay for an item.
-private valuations- amounts bidders are willing to pay for the item
-Shill bidders-People employed by the seller or the auctioneer can make bids on behalf of the seller
-English auctions: bidders publicly announce their successive higher bids until no higher bid is forthcoming-item sold to the highest bidder. (aka ascending price auction, open auction). Minimum bid is the price at which an auction begins. If no bidders are willing to pay that price, the item is removed from the auction. A minimum acceptable price-reserve price.
-Yankee auctions: English auctions that offer multiple units of an item for sale and allow bidders to specify the quantity they want to buy. The highest bidder is allotted the quantity bid. If items remain after satisfying the highest bidder, remaining items are allocated to successive lower bidders. Successful bidders only pay the price bid by the lowest successful bidder.
-Dutch auctions: open auction in which bidding starts at a high price and drops until a bidder accepts the price – descending price auctions.
-First price sealed bid auctions: bidders submit bids independently and are prohibited from sharing info with each other and the highest bidder wins. Successive lower bidders are awarded the remaining items at the prices they bid.
-Second price sealed bid auctions: the highest bidder is awarded the item at the price bid by the second highest bidder. Encourages all bidders to bid the amount of their private valuations-vickrey auctions.
-Open outcry double auctions: buy and sell offers are shouted by traders standing in an area on the exchange floor called a trading pit.
-Sealed bid double auctions: buyers and sellers each submit combined price quantity bids to an auctioneer. The auctioneer matches the sellers’ offers to the buyers’ offers until all the quantities offered for sale are sold to buyers.
-Reverse (seller bid) auction: multiple sellers submit bids to a single buyer. The prices go down as the bidding continues until no seller is willing to bid lower.

Online Auctions and related Businesses
-General consumer auctions: most successful consumer auction today – eBay. Third party assurance provider- provide assurance that the privacy policies of the websites meet certain standards (ex: eTRUST). Sellers and buyers must register – sellers pay eBay a listing fee and a sliding percentage of the final selling price and buyers pay none to eBay. eBay is a computerized version of the English auction-allows the seller to set a reserve price. The main difference between eBay and a live English auction is that bidders don’t know who placed which bid until the auction is over. It has a minimum bid increment, amount by which one bid must exceed the previous bid. eBay offers a platform called eBay Stores within its auction site-sellers can establish eBay stores that show items for sale. Yahoo! success early in attracting large numbers of auction participants because it offered its auction service to sellers at no charge – less successful in attracting buyers, resulting in less bidding action. Amazon also added auctions to its list of products and services. Marketing tactics: Auctions Guarantee – addressed concerns raised in the media by eBay customers about being cheated by sellers.
Buyers of more expensive items can protect themselves by using a third party escrow service which holds the buyer’s payment until he or she receives and is satisfied with the purchased item.
-Specialty consumer auctions: identify special interest market targets and create specialized web auction sites.
-Consumer reverse auctions and group purchasing sites: visitor fills out a form that describes the item or service in which he or she is interested. The site then routes the visitor’s request to a group of participating merchants who reply to the visitor by email with offers to supply the item at a particular price.
-Group purchasing site – the seller posts an item with a price – as individual buyers enter bids on an item the site can negotiate a better price with the item’s provider. The posted price ultimately decreases as the number of bids increase.
-Business to business auctions: Large companies sometimes have liquidation specialists who find buyers for these unusable inventory items. Smaller businesses often sell their unusable and excess inventory to liquidation brokers, firms that find buyers for these items.
-Auction related services: growth of eBay auction sites has encouraged to create businesses that provide auction-related services of various kinds – these include escrow services, auction software and auction consignment services.
-Auction Escrow services: when purchasing high value items, buyers can use an escrow service to protect their interests. An independent party that holds a buyer’s payment until the buyer receives the purchased item and is satisfied that the item is what the seller represented it to be.
-Auction directory and info services: guidance for new auction participants and helpful hints and tips for more experienced buyers and sellers along with directories of online auction sites.
-Auction software: companies sell auction management software and services for both buyers and sellers. For sellers, these companies offer software and services that can help with or automate tasks such as image hosting, advertising, page design, bulk repeatable listings, feedback tracking and management, report tracking, and email management. For buyers, a number of companies sell auction sniping software. Sniping software observes auction progress until the last second and as the auction is about to expire, the sniping software places a bid high enough to win the auction. Auction consignment services take an item and create an online auction for that item, handle the transaction, and remit the balance of the proceeds after deducting a fee.

Wireless application protocol allows web pages formatted in HTML to be displayed on devices with small screens, such as PDAs and mobile phones.
Mobile Business-Revenue models for mobile business can be developed once mobile phones, notebook computers with wireless internet connections, and online marketplaces are interconnected in ways that let people switch among modes of access seamlessly. Intelligent Software Agents–programs that search the web and find items for sale that meet a buyer’s specifications. Simon is one of the best shopping agents currently available.
Virtual Communities-gathering place for people and businesses that doesn’t have a physical existence. Various forms, including Usenet newsgroups, chat rooms, and websites – offer people a way to connect with each other and discuss common issues and interests. Virtual learning community (ex: WebCT).
Early web communities-one of the first web communities was the WELL-whole earth electronic links – series of dialogs– members pay a monthly fee to participate in its forums and conferences.
Web Community Consolidation-virtual communities for consumers can succeed as money making propositions if they offer something sufficiently valuable to justify a charge for membership.
-Web log: websites that contain commentary on current events or specific issues written by individuals. Most of the early blogs were focused on technology topics or on topics about which people have strong beliefs (political or religious issues).
-Social networking websites: sole purpose of community-useful tools for persons who want to make new local friends, established acquaintances before moving to a new location, obtain advice of various kinds, or who are looking for a job.
-Idea Based Virtual Communities: Other web sites create communities based on the connections between ideas.
- Revenue Models for Web Portals and Virtual Communities-by the late 1990s, virtual communities were selling advertising to generate revenue. Beginning in 1998, a wave of purchases and mergers occurred among these sites- emerged still used an advertising only revenue generation model and included all the features offered by virtual community sites, search engine sites, web directories, and other info providing and entertainment sites.
-Advertising supported web portals and virtual communities: because web portals ask their members to provide demographic info about themselves, the potential for targeted marketing is very high. Second wave portal strategies are based less on up front site sponsorship payments and more on the generation of revenues from continuing relationships with people who use their portal sites. The larger portals that have survived are turning to mixed models.
- Monetizing refers to the conversion of existing regular site visitors seeking free info or services info fee paying subscribers or purchasers of services.
-Internal web portals and virtual communities: growing number of large organizations have built web portals to provide info to their employees. Internal web portals run on the intranet – save significant amounts of money by replacing the printing and distribution of paper memos, newsletters, and other correspondence with a web site.

Application
Hedgehog is an online company that works with e-procurement. It develops industry specific auctions and exchanges. It is a company that helps bring suppliers and buyers together and offers a variety of auctions such as: multi-format reverse auctions, Dutch auctions, and sealed bid auctions. In addition, the company provides information for businesses interested in being involved in auctions.

Ch. 5 - Key Concept

Key Concept:
This chapter talks about the buying and selling between businesses online. It discusses the processes for managing the purchasing of materials, managing of inventory, creating and maintaining supplier relationships, and the production of end products. It also looks at how these areas are affected by the changes in technology and the growth of the internet.

Purchasing, logistics, and support activities
-Necessary characteristic of purchasing, logistics, and support activities is flexibility
Purchasing Activities
-Include identifying vendors, evaluating vendors, selecting specific products, placing orders, and resolving any issues (late deliveries, incorrect quantities, incorrect items, and defective items)
-Supply chain- all activities in the value chain to design, produce, promote, deliver, and support each component of a product
-Procurement includes all purchasing activities, plus the monitoring of all elements of purchase transactions-managing and developing relationship with key suppliers (supply management)
-Sourcing: identifying suppliers and determining the qualifications of those suppliers (e-sourcing) – specialized web purchasing sites
-Spend –the total dollar amount of the goods and services that a company buys during a year
-Direct materials are materials that become part of the finished product in a manufacturing process. Two types: Replenishment purchasing: (company negotiates long term contracts for most of the materials that it will need), spot market/spot purchasing (purchasing based excess demand)
-Indirect materials: are all other materials that the company purchases, including factory supplies such as sandpaper, hand tools, and replacement parts for manufacturing machinery.
-Logistics- objective to provide the right goods in the right quantities in the right place at the right time. The management of materials as they go from the raw materials through production to become finished goods is important to logistics.
-Knowledge management is the intentional collection, classification, and dissemination of info about a company, its products, and its processes. This type of knowledge is developed over time buy individuals working with a company (difficult to gather and distill).
E-Government-operate businesslike activities-employ people, buy supplies from vendors, and distribute benefit payments of many kinds. They also collect a variety of taxes and fees from their constituents
Network model of economic organization- shift from hierarchical structures towards network structures. More organizations are now giving their Procurement Departments new tools to negotiate with suppliers, including the possibility of forming strategic alliances. Supply web- networks are more flexible and can respond to changes in the economic environment more quickly

Electronic Data interchange
-Electronic data interchange is a computer to computer transfer of business info between two businesses that uses a standard format. -The business info exchanged is often transaction data but can include other info like price quotes and order status inquires.
-Emergence of large businesses in the late 1800s and early 1900s brought the need to create formal records of business transactions.
-1950s: companies began to use computers to store and process internal transaction records, but the info flow between businesses continued to be printed on paper
-1960s: exchanging transaction info on punched cards or magnetic tape.
-1960s and 1970s: Advances in data communications technology -trading partners to transfer data over telephone lines
-1968: freight and shipping companies joined together to form the Transportation Data Coordinating Committee which was charged with exploring ways to reduce paperwork. It created a standardized info set that included all the data elements commonly used.
-a set of cross industry standards for electronic components, mechanical equipment, and other widely used items was created- American National Standards Institute.
-1979: ANSI chartered a new committee to develop uniform EDI standards. This committee is called the Accredited Standards Committee X12 – the administrative body-Data Interchange Standards Association (DISA)
- mid 1980s-the United Nations Economic Commission and EDI experts worked on designing a common set of EDI standards
-1987: UN published its first standards under the title EDI for Administration, Commerce, and Transport

Value added networks
-Trading partners can implement the EDI network and EDI translation processes using one of two basic approaches:
-Direct connection EDI: requires each business in the network to operate its own on site EDI translator computer – connected directly to each other using modems and dial up telephone lines or dedicated leased lines – troublesome when located in different time zones and when transactions are time-sensitive or high in volume. The dedicated leased line option can become very expensive. -a company might decide to use the services of a value added network. A company that provides communications equipment, software, and skills needed to receive, store, and forward electronic messages that contain EDI transaction sets-a company must install EDI translator software that is compatible with the VAN. To send an EDI transaction set to a trading partner, the VAN customer connects to the VAN using a dedicated or dial up telephone line and then forwards the DEI formatted messages to the VAN. The VAN logs the message and delivers it to the trading partner’s mailbox on the VAN computer. The trading partner then dials in to the VAN and retrieves its EDI formatted messages from the mailbox-indirect connection EDI

EDI on the Internet
-The major roadblocks to conducting EDI over the internet were concerns about security and inability to provide audit logs and third party verification. As the TCP/IP structure of the internet was enhanced with secure protocols less worry of security issues.
-Nonrepudiation is the ability to establish that a particular transaction actually occurred
Open Architecture of the Internet
-Mid 1990s-a number of firms began providing EDI services on the internet. Companies that originally provided traditional VAN services now offer EDI on the internet
-Context Inspired Component Architecture –a set of standards for assembling business messages that provides a predictable structure for the content of those messages but that also provides more flexibility than EDI transaction sets.
Financial EDI
-The EDI transaction sets that provide instructions to a trading partner’s bank. When EFT’s involve two banks, they are executed using an automated clearing house system-which is a service that banks use to manage their accounts with each other. EDI capable banks are banks that are equipped to exchange payment and remittance data through VAN services for nonfinancial transactions-value added banks. Non bank VANs that can translate financial transaction sets into ACH formats and transmit them to banks that aren’t EDI capable are called financial VANS

Supply Chain Management using Internet technologies
-When companies integrate their supply management and logistics activities across multiple participants in a particular product’s supply chain, the job of managing that integration is called supply chain management
-Businesses establish long term relationships with a small number of very capable suppliers called tier one suppliers, in turn develop long term relationship with a large number of suppliers that provide components and raw materials to them. These tier two suppliers manage relationships with the next level of suppliers, tier three suppliers-that provide them with components and raw materials. The long term relationships à supply alliances
-Clear communications and quick responses to those communications are key elements of successful supply chain management. The only major disadvantage of using Internet technologies in supply chain management is the cost of the technologies.

Using Materials-tracking technologies with EDI and E-commerce
-Companies have been using optical scanners and bar codes to track the movement of materials
-Bar codes allow companies to scan materials as they are received and track them as they move
-Second wave of e-commerce-radio frequency identification devices -small chips that use radio transmissions to track inventory
-Main goals of supply chain management is to help each company in the chain focus on meeting the needs of the consumer at the end of the supply chain-ultimate consumer orientation
-The task of developing info exchange resources that can provide supplier performance summaries is one of the great challenges that B2B electronic commerce faces as it moves into its second wave

Electronic Marketplaces and portals
- info hubs for each major industry-would offer news, research reports, analyses of trends, and in depth reports on companies in the industry-offer marketplaces and auctions in which companies in the industry could contact each other and transact businesses, hubs would be vertically integrated called vertical portals/vortals-didn’t turn out to be exactly correct
Independent industry marketplaces
-The first company to launch hubs that followed the vertical portal model created trading exchanges that were focused on a particular industry- industry marketplaces (focused on a single industry, independent exchanges (not controlled by a company that was an established buyer or seller in the industry), public marketplaces (open to new buyers and sellers just entering the industry). Collectively à independent industry marketplaces
Private stores and customer portals
-As established companies in various industries watched new businesses open marketplaces, they became concerned that these independent operators would take control of transactions from them in supply chains.
-A private store has a password-protected entrances and offers negotiated price reductions on a limited selection of products-usually those that the customer has agreed to purchase in certain minimum quantities.
-Customer portal sites offer private stores along with services such as part number cross referencing, product usage guidelines, safety info, and other services that would be needlessly duplicated if the sellers were to participate in an industry marketplace.
Private company marketplaces
-E-procurement software allows a company to manage its purchasing function through a web interface. It automates many of the authorizations and other steps that are part of business procurement operations
-Include requests for quote posting areas, auctions, and integrated support for purchasing direct materials
-Companies that implement e-procurement software usually requires their suppliers to bid on their business
Industry consortia-sponsored marketplaces
-An industry consortia-sponsored marketplace is a marketplace formed by several large buyers in a particular industry
Five general forms of marketplaces that exist in B2B electronic commerce today:
-Private stores on sellers’ sites: one seller, many buyers, ex: Dell, few products, fixed pricing
-Customer portals: few sellers, many buyers, ex: Grainger, catalog based, fixed pricing
-Independent industry marketplaces: many sellers, many buyers, ex: ChemConnect, offer auctions, dynamic pricing
-Consortia sponsored marketplaces: few buyers, many sellers, Ex: Exostar, buyer control, fixed pricing
-Private company marketplaces: one buyer, many sellers, Ex: Harley Davidson, sellers bid on major buyers’ business

Application
Walmart at one time used a VAN intermediary to help manage the numerous suppliers the company has around the world. With the growth on the internet, Walmart moved online to internet EDI to help communicate with its suppliers, better manage its inventories, and increase its efficiency while reducing costs. In addition, Walmart deals with many small companies. These small companies can better afford the internet EDI system and compete with the many large companies supplying to Walmart.