E-Commerce
Strategies and Practices
© 2005 Prosoft Learning Corporation
All rights reserved
Lesson 1:
Electronic Commerce
Foundations
Objectives
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Compare the advantages and disadvantages
of e-commerce and traditional sales methods
• Identify business growth drivers and barriers
• Distinguish between in-house and online
instant storefront options for creating an ecommerce site
Objectives
(cont’d)
• Evaluate the advantages and disadvantages of
using third-party instant storefronts
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Choose an appropriate payment method
Introduction to Web Commerce
• Example e-commerce sites
– Travelocity.com (www.travelocity.com)
– Dell Inc. (www.dell.com)
– Barnes & Noble
(www.barnesandnoble.com)
– Habitat for Humanity Gift Shop
(www.habitatgiftshop.com)
Impetus for Web Commerce
• The Internet has more than:
– 812 million Internet users
– 66.3 million registered domain names
– 300 million hosts
• Many Web users are:
– Increasingly global
– Young
– Well-educated
– Upscale
Electronic Commerce Defined
• Capabilities that contribute to e-commerce:
– Communication transport
– Data management
– Security
Types of Electronic Commerce
• Business-to-business (B2B)
• Business-to-consumer (B2C)
Microcommerce
and Macrocommerce
• Microcommerce
– Purchases between $0.01 and $5
– Generally soft goods
• Macrocommerce
– Purchases over $5
– Generally hard goods
Benefits of Electronic Commerce
• Instant worldwide
availability
• Streamlined buyerto-seller relationship
• Reduced paperwork
• Reduced errors
• Reduced time
• Easier entry into
new markets
• New business
opportunities
• Improved market
analysis
• Wider access to
assistance and
advice
• Improved product
analysis
• Ability to streamline
and automate
purchasing
Drawbacks of
Electronic Commerce
•
•
•
•
•
•
•
•
•
Intellectual property issues
Confidentiality issues
Taxation issues
Customs and interstate boundaries
Regulations
Credit card fraud
Security issues
Trust issues
Round-the-clock availability issues
E-Commerce Solutions
• In-house solution
• Instant storefront
– Online instant
storefront
– Offline/hybrid
storefront
Web Storefront
Hardware and Software
• Hardware
– Internet connection
– Web servers
– Web clients for
development and
content management
• Software
– Web server software
– Operating system
– SSL certificates
– Payment
infrastructure
– Database (DBMS)
– Web page
development
software
Ingredients of a Web Storefront
• Seven essential ingredients for success:
– Generating demand
– Accepting orders
– Fulfilling orders
– Processing payments
– Providing service and support
– Ensuring security
– Ensuring community
Generating Orders
• When developing the ordering infrastructure,
remember the following guidelines:
– Be consistent
– Eliminate redundant information
– Make ordering easy
– Accept many substitutes
– Include a bailout mechanism
Processing Payments
• Three models for electronic payment:
– Cash model
– Check model
– Credit model
Offering Service and Support
•
•
•
•
Automatic callback
Click-to-dial
Chat
Co-browsing
The Virtual Enterprise
• Temporary partnership
– Independent
companies
– Individuals
• Parties generally share:
– Costs
– Skills
– Knowledge
• Often built around a
specific venture or goal
• Technologies that
support a virtual
enterprise include:
– VPNs
– Teleconferencing
– Web servers
– Application servers
– Database servers
– Telephony
Site Implementation
•
Phased approach
1. Information-only Web site
2. Limited transactions
3. Full transactions
4. Legacy system integration
E-Commerce Guidelines
• Know your customer and use the information
you have
• Know whether you want to outsource or use
in-house experts
• Evolve
• Be flexible
• Create a business framework
• Anticipate hurdles
Summary
• Identify specific B2B and B2C issues in developing an
e-commerce site
• Compare the advantages and disadvantages of ecommerce and traditional sales methods
• Identify business growth drivers and barriers
• Distinguish between in-house and online instant
storefront options for creating an e-commerce site
• Evaluate the advantages and disadvantages of using
third-party instant storefronts
• Evaluate the advantages and disadvantages of using ecommerce storefront software
• Choose an appropriate payment method
Lesson 2:
Law and the Internet
Objectives
• Establish and protect a brand
• Identify legal and governmental aspects of ecommerce
• Identify and protect intellectual property
• Identify e-commerce taxation issues
• Avoid questionable practices
• Identify international trade laws
Introduction to
Internet Legal Issues
• Intellectual property rights
– Brand ownership
– Trademarks
– Copyrights
– Patents
• Crossing international boundaries
– Jurisdiction
• Business ethics
Electronic Publishing
•
•
•
•
Sending copyrighted material to others
Newsgroups and message boards
Artistic representations
Defamatory information
Intellectual Property Issues
• Industrial property
– Industrial designs
– Inventions
– Trademarks and
service marks
– International
protection
• Copyrighted material
– Literary works
– Musical works
– Artistic works
– Photographic
works
– Audiovisual
works
– Software
Areas of Liability
• Copyright, trademark and patent issues
– Copyright term is described as follows:
• Private authors
– 70 years after author’s death
• Corporate authors
– 95 years after first publication or 120
years after creation (whichever is
shorter)
• Privacy and confidentiality issues
• Jurisdictional issues
Copyright, Trademark
and Patent Issues
• United States copyright
– Authors have exclusive rights to their own
work for a limited time
– Authors may transfer rights to their work
• Trademarks
– “Any word, name, symbol or device, or any
combination thereof, adopted and used by
a manufacturer or merchant to identify his
goods and distinguish them from those
manufactured or sold by others"
• Patents
– Protect inventions
Privacy and Confidentiality
• Easy access to public information
• Marketing and databases
• Misuse of sensitive information
Jurisdiction and
Electronic Publishing
• Laws are territorial
• Cases have established jurisdictional
precedent:
– State of Minnesota vs. Granite Gate Resorts
• Methods for protecting a site against suits
from other states:
– Do not advertise that products are available
nationwide if some jurisdictions could be
expected to consider them illegal
– Keep "interactivity" to a minimum
Internet Taxation
• Internet Tax Freedom Act (ITFA)
– Moratorium extended until 2006
• Bit tax
• International tax
• Customs
• Tariffs
Protecting a Brand
• Threats to a brand include:
– Counterfeiting
– Unauthorized use of logos
– Domain name parodies
– Misinformation
– Rumors
– Impostors
Ethical Business Practices
• Questionable practices include:
– Selling customer information without
permission
– Spamming
– Spyware
Summary
• Establish and protect a brand
• Identify legal and governmental aspects of ecommerce
• Identify and protect intellectual property
• Identify e-commerce taxation issues
• Avoid questionable practices
• Identify international trade laws
Lesson 3:
Web Marketing Goals
Objectives
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Compare features of competitor e-commerce
sites
• Compare the advantages and disadvantages
of e-commerce and traditional sales methods
• Identify business growth drivers and barriers
• Identify e-commerce marketing goals
• Determine global versus target (niche) product
appeal
Objectives
(cont'd)
• Identify user interests specific to a target
(niche) market
• Evaluate Internet demographics and their
relevance
• Use surveys to determine customer
preferences
• Evaluate product-pricing ranges and price
changes
• Evaluate product distribution factors and
methods
• Promote and advertise an e-commerce site
Web Marketing Benefits
•
•
•
•
•
•
•
Personal selection
Online communities
Directed or opt-in e-mail
One-to-one service
Immediate purchasing
Global reach
Targeted reach
Successful Web Marketing
• Dell
– B2C
– B2B
• Cisco
– B2B
• Amazon
– B2C
Marketing Goals
• What is the business trying to accomplish?
– Improve customer service and satisfaction
– Gain access to different markets
– Sell new products
– Automate our business process to reduce
costs
Web Marketing Strategies
• Web marketing
strategies can include:
– Web site design
– Online promotion
campaigns
– Targeted marketing
programs
– Search engine
placement methods
– Traditional
promotion
campaigns
Goals
Strategies
Tactics
Growth Drivers and Barriers
• Drivers
– Access
– Around-the-clock
service
– Standardized data
interchange formats
– Increasing bandwidth
– Enabling technology
– Cost
– Ease of access
– Critical mass
– Physical location
– Diversification of
offerings
– Centralization
• Barriers
– Fragmented data and
data formats
– Fear of change
– Large segmentation
– Rapid change
– Increased
competition
– Physical location
– Saturation
– Cost
– Restrictions
– Distribution
Selecting and
Positioning Your Product
•
•
•
•
Hard goods versus soft goods
Product pricing
Global versus niche market
Product distribution and availability
Identifying Your Target Market
Demographics
Psychographics
Focus groups
Surveys
Summary
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Compare features of competitor e-commerce
sites
• Compare the advantages and disadvantages
of e-commerce and traditional sales methods
• Identify business growth drivers and barriers
• Identify e-commerce marketing goals
• Determine global versus target (niche) product
appeal
Summary
(cont'd)
• Identify user interests specific to a target
(niche) market
• Evaluate Internet demographics and their
relevance
• Use surveys to determine customer
preferences
• Evaluate product-pricing ranges and price
changes
• Evaluate product distribution factors and
methods
• Promote and advertise an e-commerce site
Lesson 4:
Online Product Promotion
Objectives
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Establish and protect a brand
• Identify the relevance of blogging to
e-commerce
• Avoid questionable practices
• Obtain browser and operating-system use
patterns
• Implement banner exchange networks and
referrer programs
• Promote and advertise an e-commerce site
• Implement on-line marketing strategies
Online Promotion Overview
• Types of online promotion
– Banner ads
– Banner exchange
– Referrer sites
– Blogs and blogads
– Pop-up and related ads
– Search engine placement
– Spam e-mail
– Targeted e-mail
– Opt-in e-mail
E-Commerce Site Categories
• Publisher site
– Primary goal is
selling
advertising
– Rates can be
based on:
• Frequency with
which ad is
displayed
• Clickthrough
• Marketer site
– Advertises on a
publisher site
– Clickthrough
destination
– Sells products
and/or services
Banner Ads
•
•
•
•
•
Banner ad vocabulary
Effective banner ads
Banner ad sizes
Choosing banner ad space
Finding ad space
Banner Sizes
Full banner
Full banner with
vertical navigation
Half banner
Vertical
banner
Square
button
Button 1
Button 2
micro
Banner Ad Positioning
Why might this be the
most effective position?
Banner Exchange Networks
• Sites display banners for complementary sites
• Can be win-win situation
• Banner exchange programs
Referrer Programs
• Referrer sites or programs direct traffic in one
direction
• One site pays another site for the traffic it
sends
Blogs and Blogads
• Web journals or Web logs
• High traffic segment
• Mainstream advertisers beginning to embrace
Pop-Up and Related Ads
• Pop-up ad types
– Pop-up: appears over current browser
windows
– Pop-under: appears under active browser
window and is not seen until covering
window is closed
– Interstitial: appears as full window between
current and target pages
– Superstitial: preloads into browser cache;
does not appear until fully cached
Search Engine Placement
• Search engines
– Uses a spider to find Web sites
• Directories
– Requires manual submission of Web site
<Meta> Tags and
Search Engines
• Keywords
– <META NAME="KEYWORDS"
CONTENT="keyword1, keyword2,
keyword3">
• Description
– <META NAME="DESCRIPTION"
CONTENT="This site provides recipes.">
• Robots
– <META NAME="ROBOTS"
CONTENT="NOINDEX">
Relevance
• Search results are ranked according to
relevance to the given search criteria
– HTML <title> tag
– Query word(s) near top of document
– Frequency of query word(s)
E-Mail and Marketing
• Types of e-mail marketing
– Spam e-mail
– Targeted e-mail
– Opt-in e-mail
• E-mail filter concerns
– Source (From:) address
– Size of To: address list
– Keywords in message topic
– Keyword in message body
Ad Performance Evaluation
• Tracking and payment
– Pay-per-click: advertiser pays a set amount
for each clickthrough
– Pay-per-lead: advertiser pays for each sales
lead generated
– Pay-per-sale: advertiser pays for each sale
resulting from a clickthrough
– Pay-per-view: advertiser pays for users
viewing the banner
Offline Product Promotion
• Types of offline promotion include:
– Radio
– TV
– Print
– Promotional giveaways
• Offline promotion is often cost-prohibitive
Ad Campaign Implementation
• Marketing considerations must include:
– Advertising budget
– Type of campaign(s)
– Online, offline or both
– Tracking campaign effectiveness
• Online business hub
• Incentives
Summary
• Identify specific B2B and B2C issues in developing an
e-commerce site
• Establish and protect a brand
• Identify the relevance of blogging to
e-commerce
• Establish and protect a brand
• Avoid questionable practices
• Obtain browser and operating-system use patterns
• Implement banner exchange networks and referrer
programs
• Promote and advertise an e-commerce site
• Implement on-line marketing strategies
Lesson 5:
Site Usability
Objectives
• Create an e-commerce site plan
• Analyze audience usability principles and
apply them to a Web site
• Analyze the results of usability tests and
implement changes
• Apply screen-flow principles to Web pages
• Evaluate click patterns and implement
changes
• Obtain browser and operating-system use
patterns
Overview of Usability Issues
1.
2.
3.
4.
Visit the site
Locate a product or service
Learn product information
Purchase the product or service
Usability Testing
• Knowing your customers
• Understanding the context
• Usability testing methods
– Paper-based walkthroughs
– Personas and role playing
– Live usability testing
– Field testing
– Click patterns
Designing the Site Hierarchy
Landing
Page
Home
Page
Product
Catalog
Category Category Category
Page
Page
Page
Product Product
Page
Page
Shopping Log on/
Cart
Register
Shipping/
Payment
Confirm
Order
Thank
You
Log on
Customer Content
Service
Pages
Landing Point
Home Page
Logon Page
Product Selection Loop
• Primary
categories
• Secondary
categories
• Special
categories
• Product list
• Product
details
Shopping Cart
and Checkout Process
• Implementing the checkout process:
– Provide information about shipping options
and costs
– Registration should be optional
– Provide payment options with instructions
for how to complete the transaction using
each option
– Provide contact information
– Provide a bailout mechanism
– Save the cart between sessions
Content Area
Page Layout Design Guidelines
• Include major navigation buttons on each
screen
• Put the most important information in the
upper-left of the screen
• Remember that users might not scroll
• Use white space effectively; avoid “busy” text
• Make sure each page conveys your marketing
message
• Make sure each page includes the company
branding
Summary
• Create an e-commerce site plan
• Analyze audience usability principles and
apply them to a Web site
• Analyze the results of usability tests and
implement changes
• Apply screen-flow principles to Web pages
• Evaluate click patterns and implement
changes
• Obtain browser and operating-system use
patterns
Lesson 6:
Customer Relationship
Management (CRM) and E-Services
Objectives
• Define the function of a knowledge base
• Use appropriate procedures to reduce costs of
e-commerce sites
• Use surveys to determine customer
preferences
• Create a customer service plan
• Use FAQ and e-mail to improve customer
service
• Apply synchronous and asynchronous
customer service methods
Managing the Customer
• CRM and customer service work together to
establish and build a loyal customer base
– CRM deals with the customer base as an
entity and as a business resource
– Customer service deals with each customer
as an individual
• Online customers demand good customer
service
Customer
Relationship Management
• Improving value to existing customers
– Downloadable product documentation
– Alerts and product reports
– Upgrade and revision announcements
– "How to" information
Generating Repeat Business
• Customer satisfaction can be negatively
influenced by the following factors:
– Difficulty in finding the desired item
– Out-of-stock or otherwise temporarily
unavailable item
– Long delivery time for item
– Item damaged in transit
– Wrong item shipped
– Billing errors
– Difficult return procedure for item
Data Mining
• Identifying opportunities to cross-sell related
items
• Identifying opportunities to up-sell higher
valued items
• Identifying relationships between customer
demographics and item sales
Establishing New Customers
• Locate and identify potential customers
• Identify ways to address potential customers
• Understand customer needs
CRM Initiatives
Analyze
customer
data to
develop a
marketing
strategy
Customer Service Concepts
• Poor customer service can be the downfall of
any e-commerce business
• E-service can save the customer and the
business money
• E-service can help to feed and to drive CRM
activities
Customer Service
Tools and Methodology
• Synchronous customer service methods
– Chat
– Telephone (callback)
– Voice chat (computer telephony)
– Co-browsing/remote control
• Asynchronous customer service methods
– E-mail
– Web forms
– User forums
Self-Service
Customer Service Methods
•
•
•
•
•
Client accounts and profiles
FAQ
Knowledge base
Help
Online communities
E-Service Action Plan
• Service plan development
– Know your customer
– Know your product
– Know your vendors
– Know your options
– Know your requirements
• Ongoing customer service management
– Customer service feedback
– Surveys
Sample Survey
Customer Service
By Doing Your Job
• Respond immediately
• Send “thank you” e-mail as immediate
feedback after a sale
• Send an immediate response to synchronous
or asynchronous support contacts
• Provide user with tools and information
• Protect user's personal information
• Post privacy policy
Integrating CRM
and Customer Service
• Quality customer service helps to drive CRM
through:
– Increased repeat sales to existing
customers
– Referrals to new customers
– Better matching of customers to products
and services
– Improved data collection activities
– Improved and enhanced data analysis
Summary
• Define the function of a knowledge base
• Use appropriate procedures to reduce costs of
e-commerce sites
• Use surveys to determine customer
preferences
• Create a customer service plan
• Use FAQ and e-mail to improve customer
service
• Apply synchronous and asynchronous
customer service methods
Lesson 7:
Business-to-Business
Frameworks
Objectives
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Identify the role of EDI in business
• Define OBI
• Define the OTP
• Define the concept of a supply chain
• Identify procurement models (includes vertical
and horizontal marketing systems)
Objectives
(cont'd)
• Identify security issues for e-commerce sites
• Compare the advantages and disadvantages
of e-commerce and traditional sales methods
• Identify e-commerce marketing goals
• Use appropriate procedures to reduce costs of
e-commerce sites
• Implement monetary conversion
E-Commerce Fundamentals
• B2C model
– General consumer sites
• B2B model
– Sites that are structured to meet the
requirements of businesses
B2C Models
• Portals
– Internet access portals such as Yahoo! or
AOL
• E-retailers
– Companies selling goods or services
• Service provider
– Specialized subset of e-retailers focusing
on services only
• Content providers
– Companies that provide information
– Supported through either subscriptions or
ad space sales
Business-to-Business (B2B)
• B2B technologies have grown up around
business needs, such as:
– Automated transactions
– Reliable ordering and tracking methods
– Reliable delivery dates and times
– Secure transfers and transaction activities
B2B Market Models
• E-distributors
– Provide products or services directly to individual
businesses
• E-procurement
– Help organize the procurement process
– Provide access to digital market segments
• Exchanges
– Also known as industry exchanges, B2B hubs or
B2B portals
– Bring together multiple sellers
• Industry consortia
– Industry-owned and industry-operated vertical
markets
Market Definitions
• Vertical and horizontal markets
– Vertical market: unites multiple
manufacturers in the same industry
– Horizontal market: a product or service is
sold to companies in different industries
• Direct and indirect goods
• Private and public markets
Business Concepts
•
•
•
•
Supply chain
Procurement
Inventory and order control
Shipping
Supply Chain Management
Supply Chain
Industry Consortium
Procurement
• Automated procurements requires fewer
manual steps
• Organizations that support automated
procurement:
– SAP
– Ariba
– DAVACO Sourcing
– Verian Technologies
Inventory and Order Control
• Order control encompasses:
– Placing orders
– Tracking orders
– Receiving orders
• Inventory management issues:
– Keep sufficient, not excessive, inventory on
hand
– Generate accurate, timely orders
– Track order status and delivery information
– JIT delivery (items delivered as needed)
– Update inventory to reflect shipped and
received items
Shipping
• Shipping time, expense and method (land, sea
or air) is determined by:
– Source and destination location
– Number of items shipped
– Type of items shipped
– Package weight and size
– Special requirements such as hazardous
materials
Internet Marketplaces
Exchanges
E-distributors
E-procurement
E-consortia
Tools and Technologies
•
•
•
•
Electronic Data Interchange (EDI)
Open Buying on the Internet (OBI)
Open Trading Protocol (OTP)
Web services
Electronic Data Interchange (EDI)
• Goals
– Enable easy and inexpensive
communication of structured information
throughout the lifetime of an electronic
transaction
– Reduce the amount of data capture and
number of transcriptions
– Improve processes by reducing errors,
delays, and expenses related to incorrectly
formatted or unformatted data
– Ensure faster handling of transactions to
increase cash flow
Strong EDI Candidates
• Handle many repetitive standard transactions
• Operate on a tight margin
• Face strong competition, requiring significant
productivity improvements
• Operate in a time-sensitive environment
• Have received requests from partner
companies to convert to EDI.
EDI Concepts
EDI and XML
• EDI message
ISA~00~
~00~
~ZZ~YOUR COMM-ID
~14~SLKP COMM-ID
~000227~1053~U~00401~000000012~0~P~>
GS~IN~YOUR COMM-ID~SLKP COMMID~20000227~1053~3~X~004010
ST~810~0001
BIG~19991118~001001~19990926~11441~~~DR
N1~RE~REMIT COMPANY, INC~92~002377703
N3~P.O. BOX 111
N4~ANYTOWN~NC~27106
N1~ST~SARA LEE FOOTWEAR
N3~SHIPPING STREET
N4~OUR TOWN~PA~17855
N1~BT~SARA LEE FOOTWEAR~92~10
N3~470 W. HANES MILL RD
N4~WINSTON SALEM~NC~27105
ITD~05~3~~~~~60
DTM~011~19991118
IT1~0001~1470~YD~2~~BP~BUYERPART
PID~F~~~~Square Rubber Hose
TDS~294000
ISS~1470~YD
CTT~1~1470
SE~19~0001
GE~1~3
IEA~1~000000012
• XML message
<PURCHASEORDER>
<poID>000271053</poID>
<VENDORINFO>
<VENDORADDRESS>P.O. Box
111</VENDORADDRESS>
<VENDORID>BIG Company
20000227</VENDORID>
</VENDORINFO>
<PAYMENTTERMS>Net
60</PAYMENTTERMS>
<PRODUCTS>
<PRODUCTINFO>
<PRODUCTNAME>Sara Lee
Footware</PRODUCTNAME>
<PRODUCTDESC>Walking
shoes</PRODUCTDESC>
<PRODUCTID>92</PRODUCTID>
<PRODUCTSIZE>10</PRODUCTSIZE>
</PRODUCTINFO>
<PRODUCTS>
</PURCHASEORDER>
EDI and Security
• Secure/Multipurpose Internet Mail Extensions
(S/MIME)
• Virtual Private Network (VPN)
EDI Applications
• When investigating an EDI application,
consider:
– What are the hardware and software
platform requirements?
– Does it provide support for the EDI
standards you need?
– Can it be expanded to support additional
standards?
– How fast can it process transactions?
Open Buying on the Internet (OBI)
• OBI transaction involves:
– Requisitioner
– Buying organization
– Selling organization
– Payment authority
Purpose
Technology
Content display
HTTP and W3C HTML
Order request
X12 850 EDI Standards
Order transmission
HTTP 1.0
Transmission security
SSL
Cryptography
SSL
Public-key certificates
X.509 version 3
Open Trading Protocol (OTP)
Key features:
– Provides trading protocol options to control
how the trade occurs
– Provides a record of a trade
– Supports real and virtual delivery of goods
and services
– Supports encrypted communication using
IPsec or TLS
Web Services
• A Web-based server application
• Developers calling a Web service need to
know:
– The data the Web service is expecting
– The expected format
– The data returned by the Web service
• Data sent to and received from a Web service
is formatted as XML
• Located using Universal Description,
Discovery and Integration (UDDI)
Summary
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Identify the role of EDI in business
• Define OBI
• Define the OTP
• Define the concept of a supply chain.
• Identify procurement models (includes vertical
and horizontal marketing systems)
Summary
(cont'd)
• Identify security issues for e-commerce sites
• Compare the advantages and disadvantages
of e-commerce and traditional sales methods
• Identify e-commerce marketing goals
• Use appropriate procedures to reduce costs of
e-commerce sites
• Implement monetary conversion
Lesson 8:
E-Commerce Site Creation
Packages — Outsourcing
Objectives
• Distinguish between in-house and online
instant storefront options for creating an ecommerce site
• Evaluate the advantages and disadvantages of
using third-party instant storefronts
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Identify outsourcing options for creating ecommerce sites
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
Objectives
(cont'd)
• Manage the site deployment process (includes
hardware, software, bandwidth, in-house
hosting, outsourcing)
• Create a storefront and identify the reasons
for its success
• Create and manage an online product catalog
(includes adding new product images,
customizing a product catalog to reflect
business and organizational changes)
Outsourcing
Site Creation Packages
• Online instant storefront
• Mid-level offline instant storefront
• High-level offline instant storefront
Choosing an E-Commerce
Site Creation Package
• Considerations:
– Budget
– Product information
– Anticipated sales and pricing structure
– Required and desired features
– Site creation and management
– Site hosting requirements
– Payment authorization
Budget
• Costs divided into four categories:
– Initial outlay
– Monthly recurring charges
– Per-product fees
– Per-transaction and percentage of
transaction fees
Product Information
• Consider these factors:
– Number of different products
– Product categories
– Availability of products
– Product information
– Hard goods or soft goods
Expected Sales
and Pricing Structure
• Examples of pricing structures
– The same price for all customers
– Discount pricing for certain customers
– Discount pricing for bulk purchases
– Wholesale pricing for B2B sales
– Auctions
Required and Desired Features
• Some features you might consider:
– Search engine and community listings
– Personalization capabilities
– User-interface customization capabilities
– Customer relationship management
features
– Security features
– Cross-selling and up-selling capabilities
– E-mail confirmation and order tracking
– Inventory tracking and reminders
Site Creation and Management
•
•
•
•
Templates
Interface with site development software
Interface for managing inventory
Online management or offline management
Site Hosting Requirements
• Ensure that the host can support the database
and e-commerce package you choose:
– Web server operating system (Windows,
Linux, others)
– Web server application (IIS, Apache, others)
– Supported databases and add-ons
– Disk space
• Choose a hosted solution
– No hardware/software requirements
The Online Instant Storefront
Online Outsourcing Solutions
• Independent storefronts
• Portal or community storefronts
Outsourcing — The Mid-Level
Offline Instant Storefront
Outsourcing — The High-Level
Offline Instant Storefront
Auctions
• List on eBay or existing auction site
• Create your own auction site
Summary
• Distinguish between in-house and online
instant storefront options for creating an ecommerce site
• Evaluate the advantages and disadvantages of
using third-party instant storefronts
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Identify outsourcing options for creating ecommerce sites
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
Summary
(cont'd)
• Manage the site deployment process (includes
hardware, software, bandwidth, in-house
hosting, outsourcing)
• Create a storefront and identify the reasons
for its success
• Create and manage an online product catalog
(includes adding new product images,
customizing a product catalog to reflect
business and organizational changes)
Lesson 9
E-Commerce
Site Creation Software
Objectives
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
• Install e-commerce site development software
for B2B and B2C sites
• Evaluate the advantages and disadvantages of
open-source and proprietary Web servers
• Manage the site deployment process
• Bind multiple IP addresses to a server
• Configure DNS appropriately for an ecommerce site
Web Server Overview
• HTML and XHTML
• HTTP
• Listens on port 80 (HTTP) and 443 (HTTPS) by
default
• Common extensions:
– CGI
– ColdFusion
– ASP
– ASP.NET
– ISAPI
• Deploy both client-side and server-side
scripting
Choosing Web Server Software
• Considerations:
– Supported extensions
– Security features
– Scalability and performance
– Reliability and recoverability
– Technical support infrastructure
Microsoft Internet
Information Services (IIS)
• Windows Server 2003 security structure
• Familiar interface
• Built-in support for Microsoft technologies
– Active Server Pages
– ASP.NET applications
– FrontPage Server extensions
– WebDAV
IIS Features
• Certificates and SSL support
• Application support
• Integrated services and products
– FTP
– NNTP
– SMTP
• Server options
– Microsoft SQL Server
– Microsoft Exchange Server
– Commerce Server 2002
• Virtual directories and virtual servers
• IIS and industry support
• Improved reliability
Preparation for IIS 6.0
•
•
•
•
Sizing the Web server
Securing the Web server
Identifying necessary services and extensions
Name resolution
Sizing the Web Server
• What is the available bandwidth of the server's
connection to the Internet?
• How many requests per minute during peak
periods?
• What other processing requirements will the
server have?
• Are there communication requirements with
other servers?
• How will the server be managed?
• How will the content be kept up-to-date?
Securing the Web Server
• To secure a Web server:
– Format all volumes using NTFS
– Disable unnecessary services
– Close unnecessary ports
– Rename the administrator account
– Make sure to use strong passwords for
accounts with administrative permission
Identifying Necessary
Services and Extensions
• Default components installed
– Common files
– Internet Information Services Manager
– SMTP
– World Wide Web Service
• Other components
– ASP.NET
– Active Server Pages
– FrontPage Server extensions
– Internet Data Connector
– Server-Side Includes
Name Resolution
• Registered name will be resolved by name
servers on the Internet
• Implement your own DNS server for internal
name resolution or subdomains
• Subdomain examples:
– us.habitatgiftshop.com
– mexico.habitatgiftshop.com
– canada.habitatgiftshop.com
IIS 6.0 Installation
• Ways to install IIS
– Add the Application server role
– Use Add Or Remove Programs
Application Server Role
Using Add Or Remove Programs
Enabling Extensions
Using IIS Manager
IIS 6.0 Configuration
• User accounts
– IUSR_computername
– IWAM_computername
– ASPNET
• Virtual servers
• Virtual directories
• Default documents
User Accounts
Additional Web Sites
• Each Web site
hosted on a Web
server is
identified by:
– An IP address
– A TCP port
– A host header
value
Web Sites and DNS
Record Type
Host Name
Host Header
IP Address
A (host)
WebSrv
(None)
12.42.192.73
CNAME (alias)
us
us.habitatgiftshop.com
12.42.192.73
CNAME (alias)
mexico
mexico.habitatgiftshop.com
12.42.192.73
CNAME (alias)
canada
canada.habitatgiftshop.com
12.42.192.73
Creating a New Web Site
Creating a Virtual Directory
Default Documents
and Directory Browsing
• When a server receives a request for a URL
that refers to a directory, it may:
– Return a default document present in that
directory
– Generate an error and refuse the request
– Return a formatted directory listing to the
browser
Default Document
Directory Browsing
Sun Java System Web Server
• Runs on the following operating systems:
– Sun Solaris 9
– Sun Solaris 8
– Trusted Solaris 8
– Red Hat Enterprise Linux AS 2.1
and ES/AS 3
– Hewlett-Packard HP-UX 11i
– IBM AIX 5.1 and 5.2
– Windows 2000 Server
– Windows XP
– Windows Server 2003
Open-Source Solutions
• LAMP-based solutions
– Linux
– Apache
– MySQL
– PHP or Perl
Apache Web Server
• Server configuration
• Virtual hosts
• Default document
Apache Server Configuration
Binding Multiple IP Addresses
Apache Virtual Hosts
Apache Default Document
Sizing Your Hardware
• Processor and
memory
– Operating system
– Web server
software
– Other services
and software
– Simultaneous
connections you
must support
• Disk space
– HTML
pages/graphics
– Operating system
– Web server
software
– Other software
– Product catalog
– Order and
customer
database (if
stored on the Web
server)
Web Server Scalability
• Scaling up
– Add processors to the Web server
– Known as Web garden
• Scaling out
– Add Web servers
– Known as Web farm
Summary
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
• Install e-commerce site development software
for B2B and B2C sites
• Evaluate the advantages and disadvantages of
open-source and proprietary Web servers
• Manage the site deployment process
• Bind multiple IP addresses to a server
• Configure DNS appropriately for an ecommerce site
Lesson 10:
Site Development
Software Implementation
Objectives
• Create an e-commerce site plan
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
• Install e-commerce site development software
for B2B and B2C sites
• Manage the site deployment process
• Identify common database planning and
configuration steps
Commerce Site
Development Overview
• Site development considerations
– Site usability
– Site performance
– Localization
– Traffic rates and bandwidth use
– Scalability options
Site Development Software
•
•
•
•
•
•
•
•
•
Platform requirements
Cost and product licensing
Ease of use
Support software
Support software requirements
Web server
Database server
Middleware and content applications
Commerce development tools
Database Servers
Sample table
Last Name
First Name
Employee
ID
Status
Doe
John
NC1440
Exempt
Cho
Mary
ST1002
Non-exempt
Peterson
Paul
ST0043
Exempt
Thomas
Ed
NC2011
Non-exempt
Flat-File Databases
• Data stored in files
– Tab delimited
– Comma-separated values (CSV)
• Disadvantages
– Repetitious data storage
– Wasted space
– Restricted performance
– Lack of standards
Relational Database
Management System (RDBMS)
• Common features
– Data definition
– Data relationships
– Data access
– Management utilities
– Access control
– Database language
– Defined procedures
– Server access control
Database Languages
• A database language lets you:
– Create the tables and the relationships
between them (DDL statements)
– Access, insert and modify table data (DML
statements)
– Create sets of executable statements
• Common languages
– SQL
– XPath
• Used with XML
• Does not support DDL statements
• Supports limited DML statements
Database Products
• Key expectations
– Performance
– Reliability
– Security
• Remote access APIs
– ODBC
– DB-LIB
– OLE DB
– ODS
• Products
– Microsoft SQL
Server
– Oracle 10g
– MySQL
– Apache Xindice
Microsoft SQL Server
2000 Features
• Key features:
– Ease of installation and use
– Self-tuning performance parameters
– Scalability to support multiple processors
and across multiple servers
– Replication support for distributed data
applications
– Integration with e-mail, XML data support,
and other Internet technologies
Commerce Site Development
• Commerce Server selection
– Target audience/application
– Web site design tools and language
compatibility
– Available Web components
– Automated transaction processing
– Workflow design and automation
– Prerequisites
– Analysis capabilities
– Security modules
Commerce Site
Development Tools
•
•
•
•
•
•
Dreamweaver MX
IBM WebSphere
Sun ONE Integration Server
NetSuite
osCommerce
Commerce Server 2002
Dreamweaver MX 2004
• ColdFusion
Studio
• ASP.NET
• JSP
• PHP
• HTML
• XHTML
IBM Web Sphere Suite
• Operating systems
– Windows
– Solaris
– OS390
• Web servers
– IBM
– Netscape
– Lotus Domino
• Databases
– DB2
– Oracle8 (and later)
Sun ONE Integration Server
NetSuite
• Hosted solution
• Targets midlevel
and enterprise
• Extensible
– NetCRM
– NetERP
osCommerce
• Open Source
– Optimized for
Apache
– PHP
scripting
– MySQL
Commerce Server 2002
• Windows 2000 or Windows Server 2003
• Integrates with
– SQL
Server
– BizTalk
Managing Commerce Server 2003
• Business Desk (BizDesk)
– Creates online catalogs
– Manages user accounts
– Analyzes applications
– Manages campaigns and profiles
• Commerce Server Manager
– Administers multiple site resources and
properties
• Pipeline Editor
– Defines business processes and sequences
requirements
Summary
• Create an e-commerce site plan
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Choose e-commerce site development
software based on cost, ease of use, and
standards compliance
• Install e-commerce site development software
for B2B and B2C sites
• Manage the site deployment process
• Identify common database planning and
configuration steps
Lesson 11:
E-Commerce Site Development
Using Commerce Server
Objectives
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Install e-commerce site development software
for B2B and B2C sites
• Create a storefront and identify the reasons
for its success
• Manage the site deployment process
• Configure DNS appropriately for an ecommerce site
• Use appropriate procedures to reduce costs of
e-commerce sites
Building Commerce
Server Solutions
• Site design process
– Identifying functionality requirements
– Designing implementation details
• Commerce Server solutions
– Development modules
– Development language choices
– Solution Sites
– Project files
• Solution Sites
Identifying
Functionality Requirements
• Administrative requirements
– Remote administration
• Technical requirements
– Database server access
– Integration with third-party servers and
applications
– Integration with operating system features
• Functional requirements
– Product ordering
– Payment
– Inventory control
Designing Implementation Details
• Are there minimum or maximum quantities
that must be enforced?
• When and how are inventory levels checked to
see whether the product is available?
• Do inventory levels update when the order is
placed for when items ship?
• Are shopping-cart totals updated
immediately? Tax and shipping costs?
• How can users remove the item from the
shopping cart?
Commerce Server
Development Modules
• Product Catalog System
– Catalog and product category structure
• Profiling System
– User registration and tracking
• Business Process Pipelines System
– Custom business processes
• Targeting System
– Automated personalization
• Business Analytics System
– Data analysis and reporting
Visual Studio .NET Project Files
Unpacking a Solution Site
• You will be
prompted for:
– Site name
– IIS Web site
– SQL Server
connection
information
– Data
warehouse
database
information
– Profiling
system
files
Commerce Site Management
• Minimizing operation costs
• System management tools
– Remote execution
– Remote access
– Remote desktop
• Communication tools and technology
– Computer telephony
– Scheduling
– Instant messaging
– Remote conferencing
Commerce Server Administration
• Tools
– Commerce Server Manager
– Commerce Site Packager
– Data Warehouse Configurator
– Data Warehouse Import Wizard
– Pipeline Editor
Commerce Server Manager
Commerce Site Packager
Data Warehouse Configurator
Pipeline Editor
Business Desk (BizDesk)
Solution Site Customization
• Site development
• Customization requirements
• Customizing the user experience
Summary
• Evaluate the advantages and disadvantages of
using e-commerce storefront software
• Install e-commerce site development software
for B2B and B2C sites
• Create a storefront and identify the reasons
for its success
• Manage the site deployment process
• Configure DNS appropriately for an ecommerce site
• Use appropriate procedures to reduce costs of
e-commerce sites
Lesson 12:
Creating an Online Catalog
Objectives
• Create and manage an online product catalog
• Identify common database planning and
configuration steps
• Connect Web pages to a database
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Create a storefront and identify the reasons
for its success
Catalog Design
• Identify business objectives
• Categorize products
• Determine which information to store
Simple Product Category Hierarchy
Dogs
Cats
Food
Toys
Treats
Food
Plush
Chew
Balls
String
Toys
Catnip
Treats
Balls
Many-to-Many Relationship
Product in Multiple Categories
Dogs
Cats
Food
Toys
Treats
Food
Plush
Chew
Balls
String
Squoosh
Ball
Bouncy
Ball
Toys
Catnip
Treats
Balls
Primary and
Secondary Categories
Reptiles
Primary categories
Food
Habitats
Live
Crickets
Secondary categories
Snakes
Geckos
Monitors
Commerce Server 2002
Catalog Definitions
• A catalog definition consists of:
– Property definitions
– Product definitions
– Category definitions
Property Definitions
Supporting Multiple Languages
• Multilingual Text
– Used to hold short textual information
• Multilingual Long Text
– Used to hold long textual information
• Multilingual Multiple Choice
– Used when there is a choice between two or
more items
• Multilingual File Name
– Used when a different file must be
referenced for each language
Product Definitions
Category Definitions
Building a Base Catalog
• Creating the base catalog
– Import an XML file
– Import a CSV file
– New Base Catalog dialog box
• Designing the category hierarchy
• Defining category relationships
• Adding products and product variants
New Base Catalog Dialog Box
Designing the Category Hierarchy
Breadcrumbs
Defining Category Relationships
Related Category
Adding Products
and Product Variants
Product Properties
Product Variants
Product Categories
Product Relationships
Virtual Catalogs
• Virtual catalogs can be used to:
– Make multiple base catalogs appear as one
catalog to the user
– Support product pricing in multiple
currencies
– Implement pricing rules that apply to a
subset of customers
Creating a Virtual Catalog
Limiting Catalogs,
Categories and Products
Defining Pricing Rules
• Pricing rules can be defined based on the
following:
– Set price
– Add amount
– Add percentage
– Discount amount
– Discount percentage
Modifying Product
Categories and Relationships
Using Commerce Server to
Support B2B Commerce
• Catalog sets
– Default catalog sets:
• Anonymous User Default CatalogSet
• Registered User Default CatalogSet
• User account overview
Catalog Sets
User Account Overview
User Profile
Summary
• Create and manage an online product catalog
• Identify common database planning and
configuration steps
• Connect Web pages to a database
• Identify specific B2B and B2C issues in
developing an e-commerce site
• Create a storefront and identify the reasons
for its success
Lesson 13:
Inventory Control
and Order Processing
Objectives
• Set product inventory quantities in a database
• Enter and manage product-shipping data in a
database
• Implement an online catalog to provide
inventory status to customers
• Create Web pages that display order and
shipping status for customers
• Implement e-mail notification for customer
orders
• Identify common database planning and
configuration steps
• Connect Web pages to a database
Inventory Management
• For most sites, the commerce server is only
one link in an inventory management chain
that could include:
– Inventory tracking
– Online catalog
– Purchasing system
– Customer order system
– Accounting server
Inventory Tracking
• Information stored in an inventory database
– Item name and description
– Unique part number or SKU
– Identifying information
– Quantity on hand
– Quantity on order
– Vendor
– Alternative vendor
– Item cost
– One or more selling prices
Online Catalog Database Tables
Purchasing System
• Determine the items to be ordered and order
quantities
• Determine the vendor from which the items
are ordered
• Generate and transmit the purchase order
• Update on-order quantities
• Receive the order and update inventory
quantities
• Generate a payment for the order
Customer Order System
Inventory Systems
Inventory Requirements
• Three automation options:
– Buy a ready-to-run inventory application
– Buy an inventory application and modify it
to your specific requirements
– Build your own inventory application
Inventory Applications
• More advanced inventory applications will
include additional functionality:
– Sales analysis and stocking level
calculations
– Automated PO generation
– Automated order receipt
– Direct integration with accounting
applications
– Direct integration with commerce
applications
Sample Inventory Table
Comparing Inventory Applications
• Application must meet:
– Inventory management requirements
– Operating system requirements
– Hardware requirements
– Prerequisite application
• What other applications are required?
• Is a specific RDBMS server required?
Commerce
Inventory Management
• Key questions:
– How do you track inventory and what
information do you need to track?
– How do you order new inventory?
– How do you manage stocking levels?
– How are customer orders processed?
Inventory Application Interfaces
Steps for Retrieving Data
• Connect to the database server
• Pass the SQL command for execution
• Retrieve results
Designing Order Systems
•
•
•
•
•
Business process
Order process
Order verification
Order management
Order system requirements
Commerce Server 2002
Order Management
Order System Implementation
•
•
•
•
Shopping carts
Automated transactions
Open orders
Completed orders
Shopping Carts
• Temporary storage for
– Order line items
– Tax rates
– Discounts
– Shipping information
• Important considerations
– Ease of deployment
– Ease of use
– Additional integration tools
– Reporting features
– Administrative interface
Open and Completed Orders
• Open orders
– Incomplete orders
– Unfulfilled orders
• Completed orders
– Profile customers and their purchasing
habits
– Design targeted marketing programs
– Identify suggested stocking levels
– Identify item sales trends
Summary
• Set product inventory quantities in a database
• Enter and manage product-shipping data in a
database
• Implement an online catalog to provide
inventory status to customers
• Create Web pages that display order and
shipping status for customers
• Implement e-mail notification for customer
orders
• Identify common database planning and
configuration steps
• Connect Web pages to a database
Lesson 14:
Payment Gateways
Objectives
• Define the process of an EFT system
• Implement online payment services for an ecommerce site
• Choose an appropriate payment method
• Install a payment gateway
• Implement online credit-card processing
• Develop and implement a transaction system
Objectives
•
•
•
•
•
•
•
(cont'd)
Implement secure order processors
Implement online check processing
Develop and implement a transaction system
Access online transaction information
Implement monetary conversion
Identify security issues for e-commerce sites
Take steps to keep sensitive information
private
Choosing Payment
Processing Methods
• Cash on delivery (c.o.d.)
• Advanced payment using check or money
order
• Credit card with offline processing
• Credit card with online processing
• Online checks or bank account debit
• Payment services, such as PayPal and BidPay
Credit Card Processing
• Set up an online merchant
• Install or connect to payment gateway
software
• Prepare the server and e-commerce site
Credit Card Processing
Behind the Scenes
Authorization Process
Settlement Process
Establishing a Merchant Account
• Which payment methods are supported?
– Visa and MasterCard
– American Express
– Discover
• What is the cost?
– Setup fees
– Monthly fees
– Per-transaction fees
– Percentage of sale
– Statement fees
Selecting a Payment Gateway
• Is the payment gateway compatible with your
shopping cart software?
• Does the payment gateway support currency
conversion for international currencies?
• Will the gateway be installed on your Web
server or hosted on a different server?
• How much does the payment gateway
software cost?
• What security features are supported by the
payment gateway?
• How does the company handle customer
support?
Managing Transactions
• Successful e-commerce transaction:
– Items must be in stock
– Payment must be approved and settled
– Item quantities must be deducted from
inventory
– Order must be shipped
• Manual transaction:
– Item returned or cancelled
– Order placed over the phone
– Customer mails a printed order
Implementing PayPal
•
•
•
•
•
PayPal account transfers
Visa
MasterCard
Discover
American
Express
• e-check
Online Check Processing
• Automated Clearing House (ACH)
Receiver authorizes Originator
RECEIVER
ORIGINATOR
RDFI makes funds
available and reports
on statement
RDFI
ACH
ACH Operator
distributes ACH
file to RDFI
Originator forwards
transaction data to
ODFI
ODFI sorts and
transmits file to
ACH Operator
ODFI
Preventing Fraud
• Costs of fraudulent transactions:
– Loss of revenue from products purchased
fraudulently
– Charge-back fees
– Possible lawsuits for identity theft losses
– Loss of goodwill
– Loss of revenue from sales with good but
suspect payment information
– Fines assessed for a high percentage of
fraudulent transactions
Protecting Customer Data
• Customer data should be secured at all points.
– As it is transferred from the Web page to
the server
– As it is transferred through the payment
gateway
– As it is transferred to the database server
for storage
– In the database
Detecting
Fraudulent Transactions
• Verify the billing address.
– Address Verification Service (AVS)
• Verify the card security code (CSC)
• Buyer Authentication Program
Preventing Cash Theft
• Use a password that is difficult to guess (use
strong password)
• Do not write down the password and leave it
where people can find it
• Change the password frequently
• Do not tell the password to co-workers unless
necessary
Summary
• Define the process of an EFT system
• Implement online payment services for an ecommerce site
• Choose an appropriate payment method
• Install a payment gateway
• Implement online credit-card processing
Summary
•
•
•
•
•
•
•
(cont'd)
Implement secure order processors
Implement online check processing
Develop and implement a transaction system
Access online transaction information
Implement monetary conversion
Identify security issues for e-commerce sites
Take steps to keep sensitive information
private
Lesson 15:
E-Service
Implementation and Support
Objectives
•
•
•
•
•
Define the function of a knowledge base
Define knowledge base components
Administer a knowledge base
Create a customer service plan
Use FAQ and e-mail to improve customer
service
• Apply synchronous and asynchronous
customer service methods
Implementing Customer Support
• E-service
– E-mail/user forums
– FAQ
– Knowledge base systems
• Designing a service plan
– Support requirements
– Most appropriate support methods
– Personnel needs
– Budget and schedule
E-Service
Implementation Overview
• Implementation process
– Identify, purchase and deploy applications
– Identify, hire and train support personnel
– Complete any custom configuration
requirements
– Add custom help and support content
– Add linking code/Web pages
E-mail/User forums
• E-mail
– E-mail links
– Support
– Customer
service
– Contact
page
• User forums
– Self-help groups
– Might be company-monitored
Implementing
Frequently Asked Questions
• FAQ pages are popular because:
– They are cost-effective and easy to
maintain
– They address the most common problems
with minimal effort by the user or company
– Users expect to see FAQ pages
Knowledge Base
• Knowledge base systems provide three options:
– Refine the search and search again
– Browse articles by category
– Send an information request to support staff
• Implementing a knowledge base
– Install required software (in-house solution)
– Install knowledge base application (in-house
solution)
– Configure knowledge base parameters
– Load initial knowledge base articles
– Organize knowledge base articles by category
– Link Web site to knowledge base application
Knowledge Base Example
Knowledge Base Administration
Summary
•
•
•
•
•
Define the function of a knowledge base
Define knowledge base components
Administer a knowledge base
Create a customer service plan
Use FAQ and e-mail to improve customer
service
• Apply synchronous and asynchronous
customer service methods
Lesson 16:
Transaction and
Web Site Security
Objectives
• Define the SET protocol
• Define and implement encryption schemes
and technologies
• Use PKI to secure transactions
• Request a digital certificate from a CA
• Install server digital certificates
• Use SSL in a transaction
• Implement secure order processors
• Identify security issues for e-commerce sites
Objectives
(cont'd)
• Take steps to keep sensitive information
private
• Take steps to detect hacker infiltration
• Report site infiltration to relevant parties
• Identify e-commerce-related forensics
concepts and techniques
• Secure a compromised site
• Avoid questionable practices
Purposes of Security
• Security should be designed using a layered
method that includes the following checks:
– Identification and authentication
– Access control
– Data confidentiality
– Data integrity
– Nonrepudiation
Encryption and Decryption
Key
Plaintext
Key
Ciphertext
Encryption
Plaintext
Decryption
Encryption Strength
• Strength of algorithm
• Secrecy of key
• Length of key
Types of Encryption
Symmetric Encryption
Shared symmetric key
Plaintext
Ciphertext
Encryption
Plaintext
Decryption
Asymmetric Encryption
Bob's Private Key
Bob's Public Key
Plaintext
Ciphertext
Plaintext
Encryption
Decryption
Alicia
Bob
Message Digests
• Two well-known hash functions
– MD5
– Secure Hash Algorithm (SHA)
Public Key Infrastructure
• A PKI implementation includes one or more
CAs
• A CA is responsible for:
– Issuing certificates
– Renewing certificates
– Revoking certificates
– Publishing a certificate revocation list
(CRL)
Certificate Types
•
•
•
•
Certificate authority certificate
Server certificate
Personal certificate
Software publisher certificate
X.509 Standard
Field
Description
Version
The version number of the certificate; currently it can be 1, 2
or 3.
Serial Number
A unique serial number for the certificate file.
Signature Algorithm ID
Indicates which message digest algorithm was used to sign the
certificate file so it can be verified using the same message
digest.
Issuer Name
The company name of the certificate issuer, most often
VeriSign for public certificates.
Validity Period
The start and end dates for which the certificate file is valid.
This range is usually one year from issuance. Once a
certificate expiration has been passed, the certificate has no
value unless it is renewed.
Subject (User) Name
Contains the holder's ID, usually the individual's name, or the
company's name for a server certificate.
X.509 Standard
(cont'd)
Field
Description
Subject Public Key Information
Contains the holder's actual public key, usually 1024 bits
long.
Issuer-Unique Identifier (v2 and
v3)
Contains a unique number identifying the issuer, most often
VeriSign's unique ID.
Subject-Unique Identifier (v2
and v3)
Similar to the issuer identifier but unique to every certificate
holder.
Extensions (v3)
Can contain whatever the generating authority wants. This
non-standard field can contain additional information such as
date of birth.
Signature
A cryptographic signature of the contents of all previous fields.
When certificate files are viewed in Windows, this field is most
often referred to as the fingerprint.
VeriSign
Secure Sockets Layer (SSL)
1. Client sends request to connect to secure server
2. Server sends pre-signed certificate to client
3. Client checks trust list to verify that certificate was
issued by trusted CA
4. Client checks CRL to make sure certificate has not
been revoked
5. Client tells server which ciphers it supports
6. Server consults its own cipher list and chooses
strongest cipher it has in common with client, then
informs client of this cipher
7. Using cipher, client generates session key, encrypts
session key using server's public key, and sends it to
server
Obtaining Certificates
• VeriSign certificates
• Creating a certificate request
– IIS
• Use the Web Server Certificate Wizard
– Apache
• openssl req -new > new.cert.csr
• Send request to CA or self-sign the certificate
Requesting a Certificate Using IIS
IIS Certificate Wizard
Installing Certificates on IIS
• Add CA to trusted root CA list if necessary
• Install the SSL certificate on the Web site
• Configure each virtual directory or application
that should support SSL
Viewing a Certificate on IIS
Certification Path
Enabling SSL on a Virtual Server
Enabling SSL on a
Specific Virtual Directory
Installing Certificates
on Apache Server
• Copy private and public key to the same
directory
• Add two SSL directives to the httpd.conf file
for each virtual host that will use SSL
– SSLCertificateFile = path and filename of
the public key
– SSLCertificateKeyFile = path and filename
of the private key
• Stop and restart the Apache server
– apachectl stop
– apachectl startssl
Implementing Microsoft
Certificate Services
• Some e-commerce situations appropriate for
implementing your own CA include:
– Issuing client certificates for authentication
– Business-to-business e-commerce
– In-house testing
Designing the CA Hierarchy
• Four types of CAs:
– Enterprise root CA
– Standalone root CA
– Enterprise
subordinate CA
– Standalone
subordinate CA
Preparing to Install
Certificate Services
• The computer name cannot be changed after
the Certificate Services has been installed
• The computer cannot be moved to a different
domain, joined to a domain or removed from a
domain after Certificate Services has been
installed
• The computer must be secured against
tampering
Installing Certificate Services
Selecting the CA Type
CA Identifying Information
Certificate Database Settings
Requesting a Certificate
Requesting a Certificate —
Certificate Type
Requesting a Certificate —
Identifying Information
Issuing a Certificate
Revoking a Certificate
• The following reason codes are defined:
– Unspecified
– Key Compromise
– CA Compromise
– Change of Affiliation
– Superseded
– Cease of Operation
– Certificate Hold
Secure Electronic
Transactions (SET)
• User installs a wallet that has digital
certificates
– Digital certificates are used to encrypt
payment data
• SET has not gained market acceptance
Securing Sensitive Data
• SSL to encrypt data during transmission
• EFS to encrypt data stored in flat file storage
• Database encryption routines to encrypt data
in a database
Identifying Attack Types
•
•
•
•
•
•
Denial-of-service
Database tampering
Buffer overflow
Social engineering
Phishing
Pharming
Protecting Against Attacks
• Disable unnecessary services
• Close unnecessary ports on computer and in
firewall
• Limit how users can connect for management
and content updates
• Limit number of accounts with administrative
permission
• Ensure servers are physically secure
• Enable security auditing and reviewing audit
logs for suspicious activity
• Keep operating system and all applications
up-to-date with security patches
Avoid Becoming
Part of the Problem
• Post privacy policy on your Web site and
follow it
• If you sell advertising space, make sure
advertisers do not download spyware or
malware to computers
• If you use e-mail marketing campaigns, send
mail only to users who have agreed to receive
it
E-Commerce Forensic Techniques
• Advance notification
– Logging
– Auditing
• Recovery plan
– A list of the recovery team members and their
responsibilities
– Procedures for dealing with the public relations
aspects of the attack
– Procedures for notifying law enforcement
– Procedures for notifying other involved parties, such
as your ISP or an ASP
– Procedures for preserving evidence
– Procedures for restoring service
Recovery Steps
•
Steps for recovering from an attack:
1. Take the affected system offline to
preserve evidence
2. Analyze the methods used and the extent
of the attack
3. Prepare a replacement server and apply
patches to keep the attack from happening
again
4. Restore service
5. Monitor the restored service
Summary
• Define the SET protocol
• Define and implement encryption schemes
and technologies
• Use PKI to secure transactions
• Request a digital certificate from a CA
• Install server digital certificates
• Use SSL in a transaction
• Implement secure order processors.
• Identify security issues for e-commerce sites
Summary
(cont'd)
• Take steps to keep sensitive information
private
• Take steps to detect hacker infiltration
• Report site infiltration to relevant parties
• Identify e-commerce-related forensics
concepts and techniques
• Secure a compromised site
• Avoid questionable practices
Lesson 17:
E-Learning Solutions
Objectives
•
•
•
•
Identify e-learning models
Define SCORM and relate it to e-learning
Identify LMS types
Differentiate between interactive Webinars and
course-based or seminar-based offerings
• Create initial navigation (landing) pages with
objectives/learning goals, a table of contents
with a completion estimate, and navigation
instructions
Objectives
(cont'd)
• Organize and present information for users
• Identify methods for assessing and reinforcing
user engagement and learning
• Use appropriate procedures to reduce costs of
e-commerce sites
E-Learning Models
• Instructor-led training
• Self-paced instruction
• Web-based instruction
Distance Learning Essentials
• Webinar-based
– Short sessions
– Also known as Webcasts
• Course/seminar-based
– Longer period of time
– Usually self-paced with progress monitored
by instructor
Distance Learning Elements
• Logon page
– Enter authentication credentials
– Might include registration button or link
• Landing page
– Table of contents
– Objectives/learning goals
– Time of completion estimates
– Site navigation instructions
– Instructor name and contact information
Presenting Information
• Web pages can use multiple frames and
windows to:
– Display more detailed information
concerning a particular topic
– Open windows to new sites
– Match terms to the proper definitions
Multimedia Options
•
•
•
•
•
Standard graphics
Scalable Vector Graphics (SVG)
SWF technology
Audio
Video
Ensuring Participant Engagement
• Polling
– A semiformal question asked of the students.
• Quizzes
– A short series of questions dispersed at strategic
locations
• Tests
– A longer series of questions usually given at the end
of a particular lesson or unit
• Chat
– A discussion forum can open the seminar for
questions from students or even a free-form
discussion of the subject
E-Learning Content
• Delivery methods
include:
– HTML documents
with text and
graphics
– Games
– Assessments
– Video presentations
– Simulations
– Case Studies
• Learning styles
– Visual learners
– Auditory learners
– Kinesthetic learners
Types of Navigation
•
•
•
•
•
•
•
Linear navigation
Table of contents
Index
Hyperlinks
Search
Learning map
Objective map
Progress Reporting
• Defining completion:
– The learner has visited all the content
pages for the topic or learning objective
– The learner has successfully completed an
assessment for the topic or learning
objective
– The learner has visited the last page of a
topic or learning objective
• Other things to track
– Assessment scores
– Time spent on specific activities
– Time spent on the content pages
Reusable Learning Objects
• Shareable Content Object Reference Model
(SCORM)
• Learning Management System (LMS)
• Learning Content Management System
(LCMS)
SCORM
• The SCORM specification (v1.2) is divided into
five sections:
– Introduction
– LMS Conformance Requirements
– Content Package Conformance
Requirements
– Sharable Content Objects (SCO)
Conformance Requirements
– Metadata Conformance Requirements
Imsmanifest.xml File Structure
<manifest>
<metadata>
</metadata>
<organizations>
<organization></organization>
</organizations>
<resources>
<resource></resource>
</resources>
</manifest>
LMS, LCMS and CMS
• Content Management Systems (CMS)
• Learning Management Systems (LMS)
• Learning Content Management Systems
(LCMS)
Summary
•
•
•
•
Identify e-learning models
Define SCORM and relate it to e-learning
Identify LMS types
Differentiate between interactive Webinars and
course-based or seminar-based offerings
• Create initial navigation (landing) pages with
objectives/learning goals, a table of contents
with a completion estimate, and navigation
instructions
Summary
(cont'd)
• Organize and present information for users
• Identify methods for assessing and reinforcing
user engagement and learning
• Use appropriate procedures to reduce costs of
e-commerce sites
Lesson 18:
Site Management
and Performance Testing
Objectives
• Measure and optimize the performance of a
transaction system
• Analyze site logs
• Conduct tests to improve site performance
• Monitor resources to ensure availability
• Identify security issues for e-commerce sites
Site Management
• Maintenance
– Updating Web pages and other content
– Verifying links and repairing broken links
– Database administration and maintenance
– System hardware maintenance
– Operating system maintenance and updates
• Security
– Monitor for security breaches
• Performance monitoring
– Web application
– Web server
– Operating system software
– Support services (such as database services)
– Computer hardware
Managing Web Site Performance
• Bottlenecks can result from a number of
causes:
– Processor too slow to meet processing
needs
– Poor disk access speed
– Insufficient RAM
– Improperly set configuration parameter
– Poorly written database queries
– Poorly written Web application
Queue Processing
• Factors affecting request processing:
– Network bandwidth
– Network adapter and network device driver
management of queued incoming packets
– Processor performance
– RAM and disk storage resources
– Operating system management of queued
processor requests
– Web site performance and time required to
service user requests
Logging and Trend Analysis
• Logs typically provide information about:
– Server efficiency
– Usage rate
– Security
Event Viewer — Security Log
Log Management
• Determine how often to analyze logs based
on:
– Mission criticality
– Server use
– Server location
– “Tempting” servers
– Recent installations
• Look for:
– Error messages
– Security violations
– Usage rates
Windows Event Viewer Logs
• Default logs
– System
– Application
– Security
HTTP Server Log Files
• Log files can
include:
– Access log
– Error log
– Referrer log
– Agent log
Sample Reporting Application
Performance Monitoring
• Resources for measuring server performance:
– Protocol analyzers (packet sniffers)
– System performance tools
– Service analysis tools
Packet Sniffers
Windows Server 2003
System Monitor
SQL Server Performance Objects
Hardware Concerns
• To improve hardware
performance:
– Increase RAM
– Improve NIC quality
– Upgrade to a faster
CPU
– Upgrade to a
motherboard with a
faster system bus
– Upgrade to a faster
disk subsystem
• Corrective actions:
– Upgrade components
– Distribute load
across multiple
servers
– Increase the capacity
of the queues
Summary
• Measure and optimize the performance of a
transaction system
• Analyze site logs
• Conduct tests to improve site performance
• Monitor resources to ensure availability
• Identify security issues for e-commerce sites