IRENE JEPKOSGEI

KeMU

BUSS 342-E- commerce

Assignment 1st trimester 2019

INSTRUCTIONS:

ANSWER ALL QUESTIONS

1. Discuss how e-commerce activities can otherwise violate the personal privacy of

individuals especially bio data. (10mks)

Introduction.

Ecommerce, also known as electronic commerce or internet commerce, refers to the buying
and selling of goods or services using the internet, and the transfer of money and data to execute
these transactions. The growth and trust upon E-Commerce business totally depend on the
security and privacy policy of the site and for the development of E-commerce business most
important factor is to build trust among users. To maintain privacy in the E-commerce business,
a complete and secure system is required. Users feel hesitation in E-Commerce although online
payment system is more secured and convenient.

How e-commerce activities can otherwise violate the personal privacy of individuals especially
bio data.

Intellectual property re-selling

E-commerce business providers are freely resale the intellectual property of their customers.
This is also an issue of the privacy of the individual using online trading sites and sharing their
personal stuff without knowing the reselling rights.

Web activity correctness

E-commerce providers have no means to monitor the malicious web activities and its
consequences.

Integrity of server machine

The E-commerce sites are not providing the mechanism for the client to verify the integrity of
server machine.

Buyer’ stricking

Social engineering techniques are used for the tricking of the shopper to get the maximum
benefit of the under attacking system. The attackers gathers the credential details and use these
against the online activities of the victim such as, asking about the user’s favorite book is a
common challenge question used by various sites for authentication and login to the account.
If one of these sites is tricked into giving away a password after the challenge question is given,
then the shopper used the same logon ID and password on other sites and possibly the site will
be taken down.

Snooping the buyer’s computer

One of the easiest way to get the control over the client credentials is to get the control over
the computer of the online e-commerce user. As millions of computers are connected to the
Internet every minutes and many of the user are unaware of the security feature and network
vulnerabilities. Moreover, software and hardware vendors are not paying enough attention to
guide about the security concerns of the devices and system, they are using. In this
environment, it’s very easy to snoop the computer of the e-commerce client.

Sniffing the network

Network sniffing is the attentive monitoring of the data between the shopper’s computer and
the server of hosting company. The attacker collects data about the buyer or steals personal
information including credit card numbers, personal interest, buying pattern and etc.

Passwords guess

The guess about the user’s password is in common practice. The password guess results the
successful output using manual and automatic mechanisms. Manual method is more hard and
has less success rate, and only result positive, when the attacker have the good knowledge about
the victim as what are their liking, basic information about his/her family name, or the unique
pattern the victim commonly uses. The automated method are quite fast, has high success rate
and easy to perform. Many techniques including dictionary attack, and other tool exists that
helps the attacker to guess the user ID/password combination.

Conclusion

Privacy and security are the emerging issues in E-commerce. The paper discusses the privacy
issues in E-commerce and provides a guideline to facilitate the users in doing the online
transaction in a safe and secured mode. Currently, privacy is considered as a public issue, a
proper mechanism is needed for the enforcement of data privacy in E-commerce. We mention
some important precaution and security step that ensure that the users privacy is not at risk.

2. Online payment systems still remain a big risk to both customers’ and traders. Discuss
any E-commerce payment systems and their associated security risks. (10mks)

Introduction

Security is one of the most serious issues if we talk about eCommerce. Cases like identity theft
and payment fraud are apparently increasing day by day in eCommerce segment. It is of utmost
importance for store owners to give their customers safe and secure shopping environment.
With growing numbers of eCommerce and m-commerce transactions, there are new
opportunities for cyber criminals. As a merchant, you need to ensure that you provide the best
payment security and that your customers don’t have to worry about their data.

E-commerce payment systems and their associated security risks.

1. Fraud and chargebacks

Online transactions are “card-not-present” transactions. As e-commerce expands, opportunities

for fraudulent misuse of payment networks and data theft grow right alongside. In addition to
more obvious fraud-monitoring tools such as the customer account, validation services, and
purchase tracking, a certified Level 1 PCI DSS payment processor’s risk management staff can
sniff out fraud before it occurs.

Chargebacks, in addition to being costly, can damage business reputations; an excessive

number of chargebacks can lead to closed merchant accounts, effectively killing the business.
While chargebacks do sometimes happen for legitimate reasons, use of customer service
practices based on know-your-customer principles, and merchant accessibility, can
substantially reduce or eliminate chargebacks.

New technologies such as EMV and fingerprint recognition are also being used by PSPs to
reduce fraud and chargebacks.

Advanced EMV technology is used to validate that a payment card is genuine and facilitate the
authorization of the transaction. When a payment is made in-store, the card is inserted into a
compatible card reader, the EMV chip is read, and data is exchanged in a highly secure manner,
using encryption.

Of course, when making an online payment, the buyer manually enters card information, so
the chip appears to have no benefit. However, EMV still provides an indirect security benefit
for online payments. In the event that card information is stolen online, it’s much harder for
fraudsters to clone and use a card with an embedded EMV chip.

Consumers are becoming increasingly familiar with biometric identification, such as

fingerprint recognition, which is often used to unlock phones. It is now being introduced to
increase mobile payment security and prevent fraud. During the mobile payment process, the
buyer simply scans their fingerprint using a compatible mobile device, to prove their identity.
This is a powerful tool for fraud prevention, as it ensures the person performing the transaction
is truly authorized to do so.

While a password or PIN code can be stolen or guessed, fingerprint data requires the buyer’s
physical presence. This technology is already being implemented by Google Play, allowing
users of Android smartphones with built-in fingerprint scanners to authenticate Google Play
purchases using their fingerprints.

2. Cross-border transactions

Cross-border payments can be slow, inefficient, and expensive, but they play an important role
in global trade. Typically, national banking infrastructures can’t handle cross-border payments,
resulting in independent and non-uniform development in technologies and software platforms
that complicate or stall cross-border transactions. New developments are beginning to shape
cross-border payment requirements:

i. Emerging transnational systems will decrease reliance on correspondent networks

ii. Government-led initiatives and mandates will begin to regulate payments and fees
iii. Payment systems will manage credit risk, liquidity, and costs more effectively
iv. Multinationals will achieve economies of scale, with a side benefit of consolidating
credit risk
v. Outsourcing will increase processing efficiency and drive down costs

3. Card data security

Payment Card Industry Data Security Standards (PCI DSS) certification is required for every
merchant or business accepting credit or debit cards, online or off. PCI DSS standards require
merchants and processors to meet 12 criteria across six security arenas:

i. Build and maintain a secure network and systems

 ii. Protect cardholder data
iii. Maintain a vulnerability management program
iv. Implement strong access control measures
v. Regularly monitor and test networks
vi. Maintain an information security policy

Recent retail, government, and healthcare security breaches underscore what every merchant
knows: customer and card data security is top priority. Preventing online payment security
issues is a must for anyone doing business online. This can be done by either acquiring PCI
DSS Level 1 certification, or using a PSP-hosted payment page.

4. Multi-currency and payment methods

Global ecommerce means accepting a variety of payment methods and currencies. Electronic
payments such as e-wallets, mobile payments, and credit/debit cards help online merchants
compete in international markets by allowing their customers to pay in their native currencies.
For merchants, multi-currency, cross-border transactions can require new bank accounts, new
business entities, and new regulatory hurdles in each national market. Selecting a payment
service provider with the necessary infrastructure already in place can provide effective, and
immediate, solutions to those problems. A merchant can easily collect payment in one currency
and credit the merchant account in its home currency.

5. Technical integration

Online payment systems run the proprietary gamut across hardware and software platforms.
Credit card-affiliated payment processors, while more secure, can be expensive for online
retailers. Added to the expense is the lack of interface between processing systems—it may be
difficult or impossible for a PSP to link with other systems, resulting in processing and payment
delays, lost transactions, and expensive fees.

In true real-time processing, a combination of features, including integrated systems and

gateways, addresses liquidity issues and minimizes delays, while preserving online transaction
integrity. A payment processor that provides for immediate and individually processed
transactions can open client accounts in more than one acquiring bank, thus avoiding the delays
often inherent in automated clearinghouse processes.

For online merchants and consumers alike, the bottom line is an easy, seamless and secure
transaction process, most often provided by a PCC DSS Level 1 payment processor.
Conclusion

It takes a lot of effort and energy to keep payments secure, but you should always monitor and
analyze all data to ensure there aren’t any open gaps. Watch closely for any type of threat,
attack or suspicious activity.

3. There are many ways by which online companies can establish Customer Relationship.

Discuss any FIVE strategies. (10mks)

Introduction

Customer relationship management (CRM) is the combination of practices, strategies and

technologies that companies use to manage and analyze customer interactions and data
throughout the customer lifecycle, with the goal of improving customer service relationships
and assisting in customer retention and driving sales growth. CRM systems compile customer
data across different channels, or points of contact between the customer and the company,
which could include the company's website, telephone, live chat, direct mail, marketing
materials and social media. CRM systems can also give customer-facing staff detailed
information on customers' personal information, purchase history, buying preferences and
concerns.

Customer relationship management strategies

Marketing automation: CRM tools with marketing automation capabilities can automate
repetitive tasks to enhance marketing efforts at different points in the lifecycle. For example,
as sales prospects come into the system, it might automatically send the prospects marketing
materials, typically via email or social media, with the goal of turning a sales lead into a full-
fledged customer.

Sales force automation: Sales force automation tools track customer interactions and
automate certain business functions of the sales cycle that are necessary to follow leads and
attract and obtain new customers.

Contact center automation: Designed to reduce tedious aspects of a contact center agent's
job, contact center automation might include prerecorded audio that assists in customer
problem-solving and information dissemination. Various software tools that integrate with the
agent's desktop tools can handle customer requests in order to cut down on the time of calls
and to simplify customer service processes.
 Geolocation technology, or location-based services: Some CRM systems include
technology that can create geographic marketing campaigns based on customers' physical
locations, sometimes integrating with popular location-based GPS apps. Geolocation
technology can also be used as a networking or contact management tool in order to find sales
prospects based on a location.

Workflow automation: CRM systems help businesses optimize processes by streamlining

mundane workloads, enabling employees to focus on creative and more high-level tasks.

Lead management: Sales leads can be tracked through CRM, enabling sales teams to input,
track and analyze data for leads in one place.

Human resource management (HRM): CRM systems help track employee information, such
as contact information, performance reviews and benefits within a company. This enables the
human resource department to more effectively manage the internal workforce.

Analytics: Analytics in CRM help create better customer satisfaction rates by analyzing user
data and helping create targeted marketing campaigns.

AI: Artificial intelligence (AI) technologies, such as Salesforce Einstein, have been built into
CRM platforms to automate repetitive tasks, identify customer buying patterns to predict future
customer behaviors and more.

Conclusion

CRM systems work best when companies spend time cleaning up their existing customer data
to eliminate duplicate and incomplete records before they supplement CRM data with external
sources of information.
References

Budak C, Goel S, Rao J, Zervas G (2016) Understanding emerging threats to online

advertising. ACM Conference on Economics and Computation pp: 561-578.

Lee I (2016) User Privacy Concerns for E-Commerce. IGI Global:Encyclopedia of E-

Commerce Development, Implementation, and Management pp: 1780-1787.

Ackerman MS (2004) Privacy in pervasive environments: next generation labeling

protocols. Personal and Ubiquitous Computing 8: 430-439.

Ackerman MS, Davis TD (2003) Privacy and security issues in e-commerce. New economy
handbook pp: 911-930.

Smith R, Shao J (2007) Privacy and e-commerce: a consumer-centric perspective. Electronic

Commerce Research 7: 89-116.

Corbitt BJ, Thanasankit T, Yi H (2003) Trust and e-commerce: a study of consumer

perceptions. Electronic commerce research and applications 2: 203-215.

Lau RY (2007) Towards a web services and intelligent agents-based negotiation system for
B2B eCommerce. Electronic Commerce Research and Applications 6: 260-273.

Castañeda JA, Montoso FJ, Luque T (2007) The dimensionality of customer privacy
concern on the internet. Online Information Review 31: 420-439.

Kritzinger E, Smith E (2008) Information security management: An information security

retrieval and awareness model for industry. Computers & Security 27: 224-231.