‭Lecture 2‬‭- E-commerce Technologies 1‬

‭●‬ ‭Top Innovations since 2000‬

‭○‬ ‭Early 2000s‬
‭■‬ ‭Setting the stage‬
‭●‬ ‭The rise of the internet‬
‭●‬ ‭Mobile Revolution‬
‭○‬ ‭Mid 2000s‬
‭■‬ ‭Birth of social media and web 2.0‬
‭●‬ ‭Social Media Platforms‬
‭●‬ ‭Web2.0‬
‭○‬ ‭User Generated Content‬
‭○‬ ‭Early 2010s‬
‭■‬ ‭Mobile and Cloud Computing‬
‭●‬ ‭Smartphone and Mobile Apps‬
‭●‬ ‭Cloud Computing emerges‬
‭○‬ ‭Mid 2010s‬
‭■‬ ‭AI, IOT and Big Data‬
‭●‬ ‭AI and machine learning‬
‭●‬ ‭IOT‬
‭●‬ ‭Big data and analytics‬
‭○‬ ‭Early 2020s‬
‭■‬ ‭Blockchain, 5G and Quantum Computing‬
‭●‬ ‭Blockchain Technology‬
‭●‬ ‭5G Connectivity‬
‭●‬ ‭Quantum Computing‬
 ‭○‬

‭●‬ ‭e-Commerce Presence Map‬

‭○‬ ‭Website/App‬
‭■‬ ‭Traditional, Mobile, Tablet‬
‭●‬ ‭Search, Display, Affiliates, Sponsorships‬
‭○‬ ‭Social Media‬
‭■‬ ‭Facebook, X, Insta‬
‭●‬ ‭Conversation, Engagement, Sharing, Advice‬
‭○‬ ‭Email‬
‭■‬ ‭Internal Lists and Purchases List‬
‭●‬ ‭Newsletters, Updates, Sales‬
‭○‬ ‭Offline Media‬
‭■‬ ‭Print, Tv and Radio‬
‭●‬ ‭Education, Exposure, Branding‬
‭●‬ ‭Trends in e-Commerce Infrastructure 2021-2022‬
‭○‬ ‭Online Activity Surge:‬
‭■‬ ‭COVID-19 pandemic boosts online activities (work, shopping,‬
‭entertainment).‬
‭■‬ ‭Strain on Internet and e-commerce infrastructure.‬
‭○‬ ‭Mobile Dominance:‬
‭■‬ ‭Smartphones and tablets dominate Internet access.‬
‭○‬ ‭Mobile App Explosion:‬
‭■‬ ‭Threatens the Web as the primary source of online software.‬
‭○‬ ‭Cloud Computing:‬
‭■‬ ‭Reshapes computing and storage.‬
‭■‬ ‭Key role in delivering software and online content.‬
‭○‬ ‭IPv6 Transition:‬
‭■‬ ‭Internet runs out of IPv4 addresses; IPv6 adoption continues.‬
‭○‬ ‭Big Data Growth:‬
‭■‬ ‭Lower storage costs and database advances lead to increased data‬
‭collection.‬
‭○‬ ‭Internet of Things (IoT):‬
‭■‬ ‭Millions of sensor-equipped devices connected to the Internet.‬
‭■‬ ‭Fuels smart devices (homes, cars, wearables).‬
‭○‬ ‭Artificial Intelligence (AI):‬
‭■‬ ‭Funding and interest explode.‬
‭■‬ ‭Applications in logistics, self-driving cars, and personal assistants.‬
‭○‬ ‭Augmented & Virtual Reality:‬
‭■‬ ‭AR/VR applications and hardware gain traction.‬
‭○‬ ‭HTML5 Popularity:‬
‭■‬ ‭Enables rich, visually engaging web applications similar to native‬
‭apps.‬
‭○‬ ‭Voice Search‬
‭○‬ ‭Blockchain Security‬
‭○‬ ‭AI Assisted Shopping‬
‭○‬ ‭Flexible Payment Options‬
‭○‬ ‭Social Media Commerce‬
‭○‬ ‭Growth in Subscription Models‬
‭●‬ ‭Stages in the Development of the internet‬
‭○‬ ‭Innovation‬
‭■‬ ‭1961-1974‬
‭○‬ ‭Institutionalisation‬
‭■‬ ‭1975-1995‬
‭○‬ ‭Commercialisation‬
‭■‬ ‭1995 →‬

‭●‬ ‭Innovation Phase (1961-1974)‬

‭○‬ ‭1961‬
‭■‬ ‭Leonard Kleinrock (MIT) publishes a paper on packet switching.‬
‭■‬ ‭Significance:‬
‭●‬ ‭Birth of the packet-switching concept, foundational for the‬
‭Internet.‬
‭○‬ ‭1962‬
‭■‬ ‭J. C. R. Licklider (MIT) envisions an "Intergalactic Computer‬
‭Network."‬
‭■‬ ‭Significance:‬
‭●‬ ‭Early vision of a global computer network.‬
‭○‬ ‭1969‬
‭■‬ ‭BBN Technologies receives ARPA contract to build ARPANET.‬
‭■‬ ‭The first packet-switched message is sent from UCLA to Stanford.‬
‭■‬ ‭Significance:‬
‭●‬ ‭ARPANET marks a major step toward modern networking‬
‭○‬ ‭1972‬
‭■‬ ‭E-mail was invented by Ray Tomlinson (BBN).‬
‭■‬ ‭Larry Roberts writes the first e-mail utility program for listing,‬
‭forwarding, and responding.‬
‭■‬ ‭Significance:‬
‭●‬ ‭E-mail has become the first killer app of the Internet.‬
‭○‬ ‭1973‬
‭■‬ ‭Ethernet and Local Area Networks (LANs) invented by Bob Metcalfe‬
‭(Xerox PARC Labs).‬
‭■‬ ‭Significance:‬
 ‭●‬ B
‭ irth of client/server computing, enabling local area‬
‭networks and efficient resource sharing.‬
‭○‬ ‭1974‬
‭■‬ T‭ CP/IP was invented by Vint Cerf (Stanford) and Bob Kahn (BBN).‬
‭■‬ ‭Significance:‬
‭●‬ ‭Provides a common communication standard for networking,‬
‭allowing different computers and networks to communicate‬
‭efficiently, forming the foundation of the modern Internet.‬

‭●‬ ‭Institutional Phase‬

‭○‬ ‭1976:‬
‭■‬ ‭Event: The Apple I is released.‬
‭■‬ ‭Details: It is the first computer developed by Apple, available in kit‬
‭form.‬
‭○‬ ‭1977:‬
‭■‬ ‭Event: Lawrence Landweber envisions CSNET (Computer Science‬
‭Network).‬
‭■‬ ‭Details: CSNET is a pioneering network for U.S. universities and‬
‭industrial computer research groups that could not directly connect‬
‭to ARPANET. It was a significant step toward the development of the‬
‭global Internet.‬
‭○‬ ‭1980:‬
‭■‬ ‭Event: TCP/IP is officially adopted as the DoD standard‬
‭communications protocol.‬
‭■‬ ‭Details: The Department of Defense, the largest computing‬
‭organization in the world, adopts TCP/IP and packet-switched‬
‭network technology.‬
‭○‬ ‭1981:‬
‭■‬ ‭Event: IBM introduces its first personal computer, the IBM PC.‬
‭■‬ ‭Details: This marks the beginning of the popularity of personal‬
‭desktop computers, which form the foundation for today’s internet‬
‭and provide millions of people with access to the Internet and Web.‬
‭○‬ ‭1984:‬
‭■‬ ‭Event: Apple Computer releases the HyperCard program as part of‬
‭its Macintosh operating system.‬
 ‭○‬ -‭ Details: HyperCard introduces the concept of “hyperlinked” documents‬
‭and records, allowing users to jump from one page or record to another, a‬
‭concept that is commercially introduced at this time‬

‭●‬ ‭Development of the Internet Timeline (Continued)‬

‭○‬ ‭1984‬
‭■‬ ‭Domain Name System (DNS) introduced‬
‭■‬ ‭DNS translates IP addresses into easily understandable words.‬
‭○‬ ‭1989‬
‭■‬ ‭Tim Berners-Lee proposes the World Wide Web (WWW) based on‬
‭HTML‬
‭■‬ ‭Concept of hyperlinked documents using a markup language‬
‭(HTML) is introduced.‬
‭○‬ ‭1990‬
‭■‬ ‭NSF assumes responsibility for a civilian internet backbone‬
‭■‬ ‭ARPANET is decommissioned.‬
‭■‬ ‭The Internet becomes open for civilian use.‬
‭○‬ ‭1993‬
‭■‬ ‭First graphical web browser, Mosaic, is introduced‬
‭■‬ ‭Developed by Marc Andreessen and the National Center for‬
‭Supercomputing Applications.‬
‭■‬ ‭Simplifies access to HTML documents, making the web more‬
‭user-friendly.‬
‭○‬ ‭1994‬
‭■‬ ‭Netscape Corporation founded by Andreessen and Jim Clark‬
‭■‬ ‭First banner advertisements appear ([Link], October 1994).‬
‭■‬ ‭Marks the beginning of e-commerce.‬
‭●‬ ‭Commercialization Phase (1995–Present)‬
‭○‬ ‭1995‬
‭■‬ ‭NSF privatizes the internet backbone‬
‭■‬ ‭Commercial carriers take over operations.‬
‭■‬ ‭Fully commercial civilian internet emerges.‬
‭■‬ ‭Major telecom companies (AT&T, Sprint, GTE, UUNet, MCI) operate‬
‭the backbone.‬
‭■‬ ‭Network Solutions gains a monopoly on assigning internet‬
‭addresses.‬
‭■‬ ‭E-commerce begins‬
‭■‬ ‭Jeff Bezos founds Amazon.‬
‭■‬ ‭Pierre Omidyar forms AuctionWeb (eBay).‬
‭○‬ ‭1998‬
‭■‬ ‭ICANN (Internet Corporation for Assigned Names and Numbers)‬
‭founded‬
‭■‬ ‭Governance over domain names shifts to a private nonprofit‬
‭international organization.‬
‭○‬ ‭1999‬
‭■‬ ‭First full-service online bank, First Internet Bank of Indiana,‬
‭launches‬
‭■‬ ‭Marks expansion of business on the web beyond retail.‬
‭○‬ ‭2003‬
‭■‬ ‭Internet2 Abilene network upgraded to 10 Gbps‬
‭■‬ ‭Major milestone in developing ultra-high-speed transcontinental‬
‭networks.‬
‭○‬ ‭2005‬
‭■‬ ‭NSF proposes the GENI (Global Environment for Network‬
‭Innovations) initiative‬
‭■‬ ‭Aims to develop new core internet functionality.‬
‭■‬ ‭Recognition that future security and functionality may require‬
‭rethinking internet technology.‬
‭○‬ ‭2006‬
‭■‬ ‭U.S. Senate holds hearings on "Network Neutrality"‬
‭■‬ ‭Debate over differential pricing by backbone providers vs. content‬
‭providers and device makers.‬
‭●‬ ‭Development of the Internet Timeline (Continued)‬
‭○‬ ‭2007‬
‭■‬ ‭Apple iPhone introduced‬
‭■‬ ‭Marks the start of mobile internet transformation.‬
‭■‬ ‭Smartphones have become essential for communication, social‬
‭media, and business.‬
‭○‬ ‭2008‬
‭■‬ ‭Cloud computing becomes a billion-dollar industry‬
‭■‬ ‭Supports large-scale applications for organizations and individuals.‬
‭○‬ ‭2010‬
‭■‬ ‭Internet-enabled smartphones become primary online access‬
‭platform‬
‭■‬ ‭Internet access shifts from desktops to mobile devices.‬
‭○‬ ‭2011‬
‭■‬ ‭ICANN expands the domain name system‬
‭■‬ ‭Top-level domains grow from 300 to thousands.‬
‭○‬ ‭2012‬
‭■‬ ‭World IPv6 launch‬
‭■‬ ‭Addresses the need for more IP addresses due to the growing‬
‭number of internet-connected devices.‬
‭○‬ ‭2013‬
‭■‬ ‭Internet of Things (IoT) begins to emerge‬
‭■‬ ‭Smart devices connect to the internet, integrating with homes and‬
‭workplaces.‬
‭○‬ ‭2014‬
‭■‬ ‭Apple introduces Apple Pay and Apple Watch‬
‭■‬ ‭Expands mobile payment and wearable technology integration.‬
‭○‬ ‭2015‬
‭■‬ ‭FCC adopts net neutrality regulations‬
‭■‬ ‭ISPs required to treat all internet traffic equally.‬
‭○‬ ‭2017‬
‭■‬ ‭FCC repeals broadband consumer privacy rules‬
‭■‬ ‭ISPs allowed to collect and sell consumer data.‬
‭○‬ ‭2018‬
 ‭‬
■ F‭ CC officially repeals net neutrality regulations‬
‭■‬ ‭ISPs gain more control over internet access and speed.‬
‭ ‬ ‭2019‬
○
‭■‬ ‭ road deployment of 10 Gbps internet begins‬
B
‭■‬ ‭Faster broadband services expand.‬
‭○‬ ‭2020‬
‭■‬ ‭ ovid-19 pandemic‬
C
‭■‬ ‭Increased demand for internet services.‬
‭■‬ ‭Rise in remote work, education, and streaming services.‬

‭●‬ ‭Where it All Started‬

‭○‬ ‭Packet Switching‬

‭‬
■
‭○‬ ‭Digital messages are divided into fixed length packets of bits‬
‭■‬ ‭About 1,500 bytes‬
‭○‬ ‭Header Information indicates both the origin and the ultimate destination‬
‭address of the packet, the size of the message, and the number of packers‬
‭the receiving node should expect.‬
‭○‬ ‭Each receipt of each packet is acknowledged by the receiving computer for‬
‭time‬
‭○‬ ‭The network is not passing info, only acknowledgements‬
‭■‬ ‭Called Latency‬
‭●‬ ‭The TCP/IP Architecture and protocol suite‬

‭○‬
‭■‬ T‭ CP/IP is an industry standard suite of protocols for large‬
‭internetworks‬
‭■‬ ‭It’s purpose is to provide high-speed communication network links‬

‭●‬ ‭Routing Internet Messages: TCP/IP and Packet Switching‬

‭○‬
‭■‬ T‭ he internet uses packet switched networks and the TCP/IP‬
‭communication protocol to send, route and assemble messages‬
‭■‬ ‭Messages are broken into packets and packets from the same‬
‭message can travel along different routes‬
‭●‬ ‭The Hierarchical Domain Name System‬

‭○‬
‭■‬ D
‭ omain Name System (DNS), which is used to translate‬
‭human-readable domain names (like‬‭[Link]‬‭)‬‭into IP‬
‭addresses that computers use to identify each other on the‬
‭network.‬

‭●‬ ‭Pieces if the internet puzzle: Name and Addresses‬

‭○‬ ‭IP Addresses‬
‭■‬ ‭Every device connected to the internet must have a unique address‬
‭number and Internet (IP) address‬
‭○‬ ‭Domain Names‬
‭■‬ ‭Allows expression such as [Link] to stand for numeric IP‬
‭locations‬
‭○‬ ‭DNS Servers‬
‭■‬ ‭Databases that keep track of IP Addresses and Domain Names on‬
‭the internet‬
‭○‬ ‭Root Servers‬
‭■‬ ‭Central directories that list all domain names currently in use fro‬
‭specific domains‬
‭●‬ ‭.com root servers‬
‭■‬ ‭DNS servers consult root servers to look up unfamiliar domain‬
‭names when routing traffic‬
‭●‬ ‭Client/Server Computing Model‬

‭○‬
‭■‬ T‭ he Client/Server Model involves a server providing resources or‬
‭services to clients over a network.‬
‭■‬ ‭Clients request data or applications from the server, which hosts a‬
‭shared database and manages centralized processing.‬
‭■‬ ‭This model enables efficient resource sharing and centralized‬
‭control, commonly used in web services and enterprise systems.‬
‭●‬ ‭The Cloud Computing Model‬

‭○‬
‭■‬ I‭n the cloud computing model, hardware and software services are‬
‭provided on the internet by vendors operating very large server‬
‭farms and data centres‬

‭●‬ ‭Essential characteristics of Cloud Computing‬

‭○‬ ‭On demand self service‬
‭■‬ ‭Users can access computing resources (storage) automatically when‬
‭needed‬
‭○‬ ‭Ubiquitous network access‬
‭■‬ ‭Cloud resources are accessible via standard networks devices, this‬
‭includes mobile platforms‬
‭○‬ ‭Location independent resource pooling‬
‭■‬ ‭Resources shared among multiple users, dynamically allocated‬
‭based on demand‬
‭■‬ ‭Users do not know the physical location of resources‬
‭○‬ ‭Rapid Elasticity‬
‭■‬ ‭Resources can scale up or down quickly to meet demand‬
‭○‬ ‭Measured service‬
‭■‬ ‭Users are charged based on actual resource usage‬
‭●‬ ‭Cloud Computing Service Models‬
‭○‬ ‭Infrastructure as a Service (IaaS)‬
‭■‬ ‭Provides processing, storage, networking and other computing‬
‭resources‬
‭■‬ ‭Users run their own applications on third party infrastructure‬
‭■‬ ‭Example: AWS (Amazon Web Services)‬
‭●‬ ‭S3 (Simple Storage Service)‬
‭○‬ ‭Data Storage‬
‭●‬ ‭EC2 (Elastic Compute Cloud)‬
‭○‬ ‭Running applications‬
‭■‬ ‭Pay as you use pricing model‬
‭○‬ ‭Software as a Service (SaaS)‬
‭■‬ ‭Users access vendor hosted software via the internet‬
‭■‬ ‭No need for local installation or maintenance‬
‭■‬ ‭Examples‬
‭●‬ ‭Google G Suite‬
‭○‬ ‭Online Business Applications‬
‭●‬ ‭[Link]‬
‭○‬ ‭CRM and other business tools‬
‭○‬ ‭Platform as a Service (PaaS)‬
‭■‬ ‭Provides infrastructure and development tools for building‬
‭applications‬
‭■‬ ‭Developers build, test and deploy applications on cloud hosted‬
‭platforms‬
‭■‬ ‭Examples‬
‭●‬ ‭IBM Cloud‬
‭○‬ ‭Software development and testing‬
‭●‬ ‭Salesforce Lightning Platform‬
‭○‬ ‭Application development and hosting‬
‭●‬ ‭Cloud Computing Models‬
‭○‬ ‭1. Public Cloud‬
‭■‬ ‭Description:‬
‭●‬ ‭Third-party service offering computing, storage, and software‬
‭services to multiple customers.‬
‭■‬ ‭Managed By:‬
‭●‬ ‭Third-party cloud service providers (CSPs).‬
‭■‬ ‭Uses:‬
‭●‬ ‭Suitable for companies without major privacy concerns.‬
‭●‬ ‭Ideal for pay-as-you-go IT services.‬
‭●‬ ‭Used by companies lacking IT resources and expertise.‬
‭○‬ ‭2. Private Cloud‬
‭■‬ ‭Description:‬
‭●‬ ‭Cloud infrastructure dedicated to a single organization,‬
‭hosted internally or externally.‬
‭■‬ ‭Managed By:‬
‭●‬ ‭In-house IT team or a private third-party host.‬
‭■‬ ‭Uses:‬
‭●‬ ‭Suitable for companies with strict privacy and security needs.‬
‭●‬ ‭Preferred by organizations that need full control over data‬
‭sovereignty.‬
‭○‬ ‭3. Hybrid Cloud‬
‭■‬ ‭Description:‬
‭●‬ ‭Combination of public and private cloud services that‬
‭function as separate entities.‬
‭■‬ ‭Managed By:‬
‭●‬ ‭In-house IT teams, private hosts, or third-party providers.‬
‭■‬ ‭Uses:‬
‭●‬ ‭Best for companies needing partial in-house IT control.‬
‭●‬ ‭Useful for businesses willing to assign part of their IT‬
‭infrastructure to a public cloud partition.‬
‭●‬ ‭The Hourglass Model of the internet‬

‭○‬
‭■‬ ‭The lower layers contains bit carrying infrastructure‬
‭●‬ ‭Cables and Switches‬
‭■‬ ‭The upper layer contains user applications such as email and the‬
‭Web‬
‭■‬ ‭The narrow waist are transportation protocols such as‬
‭●‬ ‭The Internet Architecture‬

‭○‬
‭‬ H
■ ‭ ierarchical Structure of the internet‬
‭■‬ ‭Backbone‬
‭●‬ ‭Core high speed networks that from the primary pathways‬
‭fro data transition across the internet‬
‭■‬ ‭Regional Hubs‬
‭●‬ ‭Include Internet Exchange Points‬
‭○‬ ‭Facilitate the exchange of internet traffic between‬
‭different networks‬
‭■‬ ‭Regional domains connected to these hubs, which further branch‬
‭out to Local ISPs (Internet Service Providers)‬
‭●‬ ‭Theses ISPs provide connectivity to end users including hosts‬
‭(Servers at educational institutions) and home clients with‬
‭their Client IP address‬
‭■‬ ‭The diagram also mentions various technologies and protocols like‬
‭T1 Lines, DSL, Fiber Optics (FOS), Cable, and SMTP (Simple Mail‬
‭Transfer Protocol) for email services.‬
‭■‬ ‭POPs (Points of Presence) are indicated as access points where‬
‭users can connect to the ISP's network.‬
‭●‬ ‭Time to download a 10 megabyte file by type of internet service‬

‭○‬

‭●‬ ‭Wireless Network Internet Access Technologies‬

‭○‬
‭●‬ ‭Innovative Internet Access Technologies‬
‭○‬ ‭1. Drones‬
‭■‬ ‭Google's Project Wing:‬
‭●‬ ‭Uses solar-powered drones for 5G wireless Internet.‬
‭●‬ ‭Drones can fly at 65,000 feet for several years.‬
‭●‬ ‭Spun off into an independent business unit in 2018.‬
‭○‬ ‭2. Balloons‬
‭■‬ ‭Google's Project Loon:‬
‭●‬ ‭High-altitude balloons in the stratosphere for uninterrupted‬
‭connectivity.‬
‭●‬ ‭Successfully tested in Sri Lanka, Peru, and Kenya.‬
‭●‬ ‭Demonstrated data transfer over 621 miles using seven‬
‭balloons.‬
‭○‬ ‭3. Facebook Connectivity Lab‬
‭■‬ ‭Focuses on solar-powered drones, tether-tenna, satellites, and‬
‭infrared lasers.‬
‭■‬ ‭Aquila Drone:‬
‭●‬ ‭Solar-powered, with a wingspan of a Boeing 737.‬
‭●‬ ‭Designed to fly at 60,000 to 90,000 feet for up to three‬
‭months.‬
‭●‬ ‭Uses laser communications for data beaming.‬
‭○‬ ‭4. Microsoft's Airband Initiative‬
‭■‬ ‭Uses white spaces (unused TV frequencies) for rural broadband.‬
‭■‬ ‭Faces opposition from broadcasters due to potential interference.‬
‭■‬ ‭Developing devices compatible with the 802.11af Wi-Fi standard.‬
‭Case Study Question Answers‬‭(Akamai)‬

‭ . Why does Akamai need to geographically disperse its servers to deliver its‬
1
‭customers’ web content?‬
‭Akamai disperses its servers globally to‬‭reduce latency‬‭,‬‭increase speed‬‭, and‬‭improve‬
‭reliability‬‭. By storing content closer to end users,‬‭the company minimizes‬‭network‬
‭congestion‬‭and avoids delays caused by data traveling‬‭long distances. This also enhances‬
‭the performance of‬‭high-bandwidth applications‬‭such‬‭as video streaming and online‬
‭gaming.‬

‭ . If you wanted to deliver software content over the Internet, would you sign up for‬
2
‭Akamai’s service? Why or why not?‬
‭Yes, because Akamai's‬‭content delivery network (CDN)‬‭improves‬‭download speeds‬‭,‬
‭reliability‬‭, and‬‭security‬‭. The company provides‬‭load‬‭balancing‬‭,‬‭DDoS protection‬‭, and‬
‭edge computing‬‭capabilities, which ensure a seamless‬‭experience for users. However, if‬
‭cost is a concern or if an organization has its own robust infrastructure, alternatives like‬
‭Amazon CloudFront‬‭or‬‭Google Cloud CDN‬‭might be considered.‬

‭ . Do you think Internet users should be charged based on the amount of bandwidth‬
3
‭they consume, or on a tiered plan where users would pay in rough proportion to their‬
‭usage?‬
‭A‬‭tiered plan‬‭is more practical because it allows‬‭users to choose a level of service that‬
‭meets their needs. Heavy users, such as businesses or gamers, would pay for higher‬
‭bandwidth, while casual users would pay less. A strict‬‭pay-per-use model‬‭might‬
‭discourage innovation and limit access to essential services. However,‬‭flat-rate pricing‬
‭may not be sustainable as data consumption continues to grow.‬
‭Lecture 3‬‭- E-Commerce Technologies 2‬

‭●‬ ‭Building an E-Commerce Site: A Systematic Approach‬

‭○‬ ‭Most important management challenges‬
‭■‬ ‭Developing a clear understanding of business objectives‬
‭■‬ ‭Knowing how to choose the right technology to achieve those‬
‭objectives‬

‭●‬ ‭Pieces of the site: Building Puzzle‬

‭○‬ ‭Main Areas where you will need to make decisions‬
‭■‬ ‭Human resources are organisational capabilities‬
‭●‬ ‭Creating a team with skill set needed to build and manage a‬
‭successful site‬
‭■‬ ‭Hardware/Software‬
‭■‬ ‭Telecommunications‬
‭■‬ ‭Site design‬

‭●‬ ‭The systems development life cycle‬

‭○‬ ‭Methodology for understanding business objectives of a system and‬
‭designing an appropriate solution‬
‭○‬ ‭Five major steps‬
‭■‬ ‭System Analysis/Planning‬
‭■‬ ‭Systems Design‬
‭■‬ ‭Building the system‬
‭■‬ ‭Testing‬
‭■‬ ‭Implementation‬
‭●‬ ‭Website Systems Development Life Cycle‬

‭○‬

‭●‬ ‭System Analysis/Planning‬

‭○‬ ‭Business Objectives‬
‭■‬ ‭List capabilities you want your site to have‬
‭○‬ ‭System Functionalities‬
‭■‬ ‭List of information system capabilities needed to achieve business‬
‭objective‬
‭○‬ ‭Information requirements‬
‭■‬ ‭Information elements that system must produce to achieve business‬
‭objective‬
‭●‬ B
‭ usiness objectives, System objectives and information requirement of a typical‬
‭E-Commerce site (Example)‬

‭○‬

‭●‬ ‭System Design: Hardware and Software Platforms‬

‭○‬ ‭System Design Specification‬
‭■‬ ‭Description of main components of a system and their relationship‬
‭to one another‬
‭○‬ ‭Two components of system design‬
‭■‬ ‭Logical Design‬
‭●‬ ‭Data flow diagrams‬
‭●‬ ‭Processing Functions‬
‭●‬ ‭Databases‬
‭■‬ ‭Practical Design‬
‭●‬ ‭Specifies actual physical‬
‭●‬ ‭Software components‬
‭●‬ ‭Models‬
‭●‬ ‭Logical Design for a simple Website‬

‭○‬

‭○‬

‭●‬ ‭Build/Host your own V/S Outsourcing‬

‭○‬ ‭Outsourcing‬
‭■‬ ‭Hiring vendors to provide services involved in building site‬
‭○‬ ‭Build own V/S outsourcing‬
‭■‬ ‭Build your own require team with diverse skill set‬
‭■‬ ‭Choice of software tools‬
‭■‬ ‭Both risks and possible benefits‬
‭○‬ ‭Host own V/S outsourcing‬
 ‭■‬ ‭Hosting‬
‭●‬ ‭Hosting company responsible for ensuring site is accessible‬
‭24/7 for monthly fee‬
‭●‬ ‭Co-Location‬
‭○‬ ‭Firms purchases or leases Web Server (With control‬
‭over its operations), but server is located at vendor’s‬
‭facility‬

‭●‬ ‭Choices in Building and Hosting‬

‭○‬

‭●‬ ‭Testing, Implementation and Maintenance‬

‭○‬ ‭Testing‬
‭■‬ ‭Unit Testing‬
‭■‬ ‭System‬
‭■‬ ‭Acceptance testing‬
‭○‬ ‭Implementation and maintenance‬
‭■‬ ‭Maintenance is ongoing‬
‭■‬ ‭Maintenance cost‬
‭●‬ ‭Similar to development cost‬
‭■‬ ‭Benchmarking‬
‭●‬ ‭Factors in Website Optimization‬
‭○‬ ‭Page Delivery‬
‭■‬ ‭Content delivery network‬
‭■‬ ‭Edge caching‬
‭■‬ ‭Bandwidth‬
‭○‬ ‭Page Content‬
‭■‬ ‭Optimize HTML‬
‭■‬ ‭Optimize images‬
‭■‬ ‭Site Architecture‬
‭■‬ ‭Efficient Page Styles‬
‭○‬ ‭Page Generation‬
‭■‬ ‭Server response time‬
‭■‬ ‭Device based accelerators‬
‭■‬ ‭Efficient resource allocation‬
‭■‬ ‭Resource utilization thresholds‬
‭■‬ ‭Monitoring Site performance‬

‭●‬ ‭Simple V/S Multi-tiered Web Site Architecture‬

‭○‬ ‭System Architecture‬
‭■‬ ‭Arrangement of software, machinery and tasks in an information‬
‭system needed to achieve a specific functionality‬
‭○‬ ‭Two-Tier‬
‭■‬ ‭Web server and database server‬
‭○‬ ‭Multi-tier‬
‭■‬ ‭Web application server‬
‭■‬ ‭Backend‬
‭●‬ ‭Legacy databases‬
‭●‬ ‭2 Tier Architecture‬

‭○‬
‭■‬ W
‭ eb Server responds to requests for web pages and a database‬
‭server provides backend data storage‬

‭●‬ ‭Multi-Tier Architecture‬

‭○‬
‭■‬ A
‭ physical design describes the hardware and software needed to‬
‭realise the logical design‬

‭●‬ ‭Basic Functionality Provided by Web Servers‬

‭○‬ ‭Processing of HTTP requests‬
‭■‬ ‭Receive and respond to client requests for HTML pages‬
‭○‬ ‭Security Services (SSL/Transport layer security)‬
‭■‬ ‭Verify username and password‬
‭■‬ ‭Process certificates and private/public key information required for‬
‭credit card process and other secure information‬
‭○‬ ‭File transfer protocol‬
‭■‬ ‭Permits transfer of very large files from server to server‬
‭○‬ ‭Search Engine‬
 ‭ ‬ ‭Indexing of site content‬
■
‭■‬ ‭Keyword search capability‬
‭ ‬ ‭Data capture‬
○
‭■‬ ‭Log file of all visits, time, duration and referral source‬
‭○‬ ‭Email‬
‭■‬ ‭Ability to send, receive and store email messages‬
‭○‬ ‭Site management tools‬
‭■‬ ‭Calculate and display key site statistics‬
‭●‬ ‭Unique visitors‬
‭●‬ ‭Page request‬
‭●‬ ‭Origin of requests‬
‭●‬ ‭Check links on pages‬

‭●‬ ‭Application Server and their functions‬

‭○‬ ‭Catalog display‬
‭■‬ ‭Provides a database for product description and prices‬
‭○‬ ‭Shopping Cart‬
‭■‬ ‭Accepts order and clears payments‬
‭○‬ ‭List Server‬
‭■‬ ‭Creates and serves mailing lists and manages email marketing‬
‭campaigns‬
‭○‬ ‭Proxy Server‬
‭■‬ ‭Monitors and controls access to main web server‬
‭■‬ ‭Implements firewall protection‬
‭○‬ ‭Mail Server‬
‭■‬ ‭Manges internet email‬
‭○‬ ‭Audio/Video Server‬
‭■‬ ‭Stores and delivers streaming media content‬
‭○‬ ‭Chat server‬
‭■‬ ‭Creates and environments for online real time text and audio‬
‭interactions with customers‬
‭○‬ ‭News Server‬
‭■‬ ‭Provides connectivity and displays internet news feeds‬
‭○‬ ‭Fax Server‬
 ‭ ‬ ‭Provides fax reception and transmission using a web server‬
■
‭○‬ ‭Groupware server‬
‭■‬ ‭Creates workgroup environments for online collaboration‬
‭○‬ ‭Database Server‬
‭■‬ ‭Stores customer, product and price information‬
‭○‬ ‭Ad Server‬
‭■‬ ‭Maintain web enabled database of advertising banners that permits‬
‭custom and personalized display of advertisements based on‬
‭consumer behavior and characteristics‬
‭○‬ ‭Auction Server‬
‭■‬ ‭Provides a transaction environment for conducting online auctions‬
‭○‬ ‭B2B server‬
‭■‬ ‭Implements buy, sell and link marketplaces for commercial‬
‭transactions‬

‭●‬ ‭Open Source Software Options‬

‭○‬ ‭Web Server‬
‭■‬ ‭Apache‬
‭●‬ ‭Leading web server for small and medium businesses‬
‭○‬ ‭Shopping cart, online catalog‬
‭■‬ ‭Many providers‬
‭●‬ ‭osCommerce, Zen Cart, AgoraCart, X-cart,‬
‭.AspDotNetStorefront‬
‭○‬ ‭Credit card processing‬
‭■‬ ‭Credit card acceptance is provided in shopping cart software‬
‭■‬ ‭May need a merchant account from a bank‬
‭○‬ ‭Database‬
‭■‬ ‭MySQL‬
‭○‬ ‭Programming/Scripting Language‬
‭■‬ ‭PHP‬
‭●‬ ‭Server-side scripting language embedded in HTML‬
‭■‬ ‭JavaScript‬
‭●‬ ‭Client-side language for user interface components.‬
‭■‬ ‭ROR & Django‬
 ‭ ‬ ‭Popular open-source web frameworks.‬
●
‭■‬ ‭Python & Perl‬
‭●‬ ‭Other open-source programming languages for web‬
‭development.‬
‭ ‬ ‭Analytics‬
○
‭■‬ ‭Tracks customer activity and web advertising success.‬
‭■‬ ‭Google Analytics‬
‭●‬ ‭Provides tracking tools, commonly used for ads on Google.‬
‭■‬ ‭Most hosting services offer analytics tools.‬
‭■‬ ‭Open Source Alternatives‬
‭●‬ ‭Matomo & Open Web Analytics.‬

‭●‬ ‭Web Server Software‬

‭○‬ ‭Apache‬
‭■‬ ‭Leading Web Server Software‬
‭●‬ ‭52% of market‬
‭■‬ ‭Works with UNIX, Linux operating systems‬
‭○‬ ‭Microsoft internet information server (IIS)‬
‭■‬ ‭Second major Web server software‬
‭●‬ ‭20% of market‬
‭■‬ ‭Windows based‬

‭●‬ ‭Site management Tools‬

‭○‬ ‭Basic tools‬
‭■‬ ‭Included in all Web Servers‬
‭●‬ ‭Verify that links on pages are still valid‬
‭●‬ ‭Identify orphan files‬
‭○‬ ‭3rd Party software for advanced management‬
‭■‬ ‭Monitor customer purchases, marketing campaign effectiveness‬
‭●‬ ‭WebTrends Analytics 10‬
‭●‬ ‭Google Analytics‬
‭●‬ ‭Dynamic Page Generation Tools‬
‭○‬ ‭Dynamic Page generation‬
‭■‬ ‭Contents stored in databases and fetched when needed‬
‭○‬ ‭Common Tools‬
‭■‬ ‭CGI, ASP, JSP, ODBC‬
‭○‬ ‭Advantages‬
‭■‬ ‭Lower menu costs‬
‭■‬ ‭Permits easy online market segmentation‬
‭■‬ ‭Enables cost free price discrimination‬
‭■‬ ‭Enables content management system (CMS)‬

‭●‬ ‭Application Server‬

‭○‬ ‭Web application servers‬
‭■‬ ‭Provide specific business functionality required for a web site‬
‭■‬ ‭Type of middleware‬
‭●‬ ‭Isolate business applications form web servers and databases‬
‭■‬ ‭Single function applications being replaced by integrated software‬
‭tools that combine all functionality needed for E-commerce site‬

‭●‬ ‭E-Commerce Merchant Server Software‬

‭○‬ ‭Provide functionality for sales‬
‭■‬ ‭Online Catalog‬
‭●‬ ‭List of products available on Website‬
‭■‬ ‭Shopping cart‬
‭●‬ ‭Allows shoppers to set aside, review, edit elections, and then‬
‭make purchase‬
‭■‬ ‭Credit Card Processing‬
‭●‬ ‭Working in with the shopping cart‬
‭●‬ ‭Verifies card and puts through credit to company’s account at‬
‭checkout‬
‭●‬ ‭Merchant Server Software Packages‬
‭○‬ ‭Integrated environment that includes most functionality needed‬
‭○‬ ‭Key factors when selecting a package‬
‭■‬ ‭Functionality‬
‭■‬ ‭Support for different business models‬
‭■‬ ‭Business process modelling tools‬
‭■‬ ‭Visual site management and reporting‬
‭■‬ ‭Performance and scalability‬
‭■‬ ‭Connectivity to existing business systems‬
‭■‬ ‭Compliance with standard‬
‭■‬ ‭Global and multicultural capability‬
‭■‬ ‭Local sales and shipping tax‬

‭●‬ ‭Web Services and Open Source Options‬

‭○‬ ‭Options for small firms‬
‭■‬ ‭Hosted e commerce sites‬
‭●‬ ‭Offer site building tools and templates‬
‭●‬ ‭Example‬
‭○‬ ‭Yahoo Merchant Solutions‬
‭■‬ ‭Open source merchant server software‬
‭●‬ ‭Build custom site‬
‭●‬ ‭Requires a programmer (expert)‬

‭●‬ ‭The Hardware Platform‬

‭○‬ ‭Underlying computing equipment needed for e-commerce functionality‬
‭○‬ ‭Objective‬
‭■‬ ‭Enough platform capacity to meet peak demand without wasting‬
‭money‬
‭○‬ ‭Understand the factors that affect speed, capacity and scalability of a site‬
‭●‬ ‭Right-Sizing your Hardware platform: The Demand Side‬
‭○‬ ‭Customer demand‬
‭■‬ ‭Important factor that affect the speed of the site‬
‭○‬ ‭Factors in overall demand‬
‭■‬ ‭Number of simultaneous users in peak periods‬
‭■‬ ‭Nature of customer requests‬
‭●‬ ‭User profile‬
‭■‬ ‭Type of content‬
‭●‬ ‭Dynamic vs static web pages‬
‭■‬ ‭Required Security‬
‭■‬ ‭Number of items in inventory‬
‭■‬ ‭Number of page requests‬
‭■‬ ‭Speed of legacy applications‬
‭●‬ ‭The speed of legacy applications in e-commerce refers to‬
‭how fast an old system processes orders, loads pages, or‬
‭updates inventory.‬
‭●‬ ‭Example:‬‭An online store running on outdated software‬
‭might take several seconds to load product pages or process‬
‭a checkout, causing customers to leave. In contrast, a‬
‭modern e-commerce platform runs faster, improving the‬
‭shopping experience.‬

‭●‬ ‭Right-Sizing your Hardware Platform: The Supply Side‬

‭○‬ ‭Scalability‬
‭■‬ ‭Ability of a site to increase in size as demand warrants‬
‭○‬ ‭Ways to scale hardware‬
‭■‬ ‭Vertically‬
‭●‬ ‭Increase processing power of individual components‬
‭■‬ ‭Horizontally‬
‭●‬ ‭Employ multiple computers to share workload‬
‭■‬ ‭Improve processing architecture‬
‭●‬ ‭Vertical and Horizontal scaling techniques (Hardware)‬
‭○‬ ‭Use faster computer‬
‭■‬ ‭Deploy edge servers, presentation servers and data servers‬
‭○‬ ‭Create a cluster of computer‬
‭■‬ ‭Use many computer at the same timer to balance loads‬
‭○‬ ‭Use Appliance server‬
‭■‬ ‭Use special purpose computers optimised for their tasks‬
‭○‬ ‭Segment workload‬
‭■‬ ‭Split incoming work to specialised computers‬
‭○‬ ‭Batch requests‬
‭■‬ ‭Combine related request for data into groups, process as group‬
‭○‬ ‭Manage connections‬
‭■‬ ‭Reduce connection between processes and computers to a‬
‭minimum‬
‭○‬ ‭Aggregate user data‬
‭■‬ ‭Aggregate user data from legacy applications in single data pools‬
‭○‬ ‭Cache‬
‭■‬ ‭Store frequently used data in cache rather that on the disk‬

‭●‬ ‭Improving the processing architecture of your site‬

‭○‬ ‭Separate static content from dynamic content‬
‭■‬ ‭Use specialized servers for each type of workload‬
‭○‬ ‭Cache static content‬
‭■‬ ‭Increase RAM to the gigabyte range and store static content in RAM‬
‭○‬ ‭Cache database lookup tables‬
‭■‬ ‭Use Cache tables used to look up database records‬
‭○‬ ‭Consolidate business logic on dedicated servers‬
‭■‬ ‭Put shopping cart, credit card processing and other cpu intensive‬
‭activity on dedicated servers for it‬
‭○‬ ‭Optimise ASP code‬
‭■‬ ‭Examine code‬
‭○‬ ‭Optimise the database schema‬
‭■‬ ‭Examine database search times and take steps to reduce access‬
‭times‬
‭●‬ ‭Other E Commerce Site tools‬
‭○‬ ‭Website design‬
‭■‬ ‭Basic Business considerations‬
‭●‬ ‭Enabling customers to find and buy what they need‬
‭○‬ ‭Tools for web site optimisation‬
‭■‬ ‭Search engine placement‬
‭●‬ ‭Metags, Title, Content‬
‭○‬ ‭Use relevant keywords for better indexing.‬
‭●‬ ‭Identify Market Niches & Localize‬
‭○‬ ‭Target specific audiences and regions.‬
‭●‬ ‭Offer Expertise‬
‭○‬ ‭Provide valuable, authoritative content.‬
‭●‬ ‭Links‬
‭○‬ ‭Use backlinks to increase credibility.‬
‭●‬ ‭Search Engine Ads‬
‭○‬ ‭Paid promotions to boost visibility.‬
‭●‬ ‭Local E-Commerce‬
‭○‬ ‭Optimize for local searches and businesses.‬
‭●‬ ‭E commerce Website features that annoy customer‬
‭○‬ ‭Requiring user to view ad or Flash introduction before going to Web site‬
‭content‬
‭○‬ ‭Pop-up and pop-under ads and windows‬
‭○‬ ‭Too many clicks to get to the content‬
‭○‬ ‭Links that don’t work‬
‭○‬ ‭Confusing navigation; no search function‬
‭○‬ ‭Requirement to register and log in before viewing content or ordering‬
‭○‬ ‭Slow loading pages‬
‭○‬ ‭Content that is out of date‬
‭○‬ ‭Inability to use browser’s Back button‬
‭○‬ ‭No contact information available (Web form only)‬
‭○‬ ‭Unnecessary splash/flash screens, animation, etc.‬
‭○‬ ‭Music or other audio that plays automatically‬
‭○‬ ‭Unprofessional design elements‬
‭○‬ ‭Text not easily legible due to size, color, format‬
‭○‬ ‭Typographical errors‬
‭○‬ ‭No or unclear returns policy‬

‭●‬ ‭8 Important factors in successful ECommerce site design‬

‭○‬ ‭Functionality‬
‭■‬ ‭Pages that work, load quickly and point the customer towards your‬
‭product offerings‬
‭○‬ ‭Informational‬
‭■‬ ‭Links that customers can easily find to discover more about your‬
‭and your products‬
‭○‬ ‭Ease of use‬
‭■‬ ‭Simple, fool-proof navigation.‬
‭○‬ ‭Redundant navigation‬
‭■‬ ‭Alternative navigation to the same content.‬
‭○‬ ‭Ease of purchase‬
‭■‬ ‭One or two clicks to purchase.‬
 ‭○‬ ‭Multi Browser functionality‬
‭■‬ ‭Site works with the most popular browsers.‬
‭○‬ ‭Simple Graphics‬
‭■‬ ‭Avoids distracting, obnoxious graphics and sounds that the user‬
‭cannot control.‬
‭○‬ ‭Legible Text‬
‭■‬ ‭Avoids backgrounds that distort text or make it illegible.‬

‭●‬ ‭Tools for interactivity and active content‬

‭○‬ ‭CGI (Common gateway interface)‬
‭■‬ ‭Runs scripts on a server for dynamic web content.‬
‭○‬ ‭ASP (Active Server Pages)/[Link]‬
‭■‬ ‭Microsoft’s framework for interactive web apps.‬
‭○‬ ‭Java, JSP and JavaScript‬
‭■‬ ‭Java for backend, JSP for dynamic pages, JavaScript for client-side‬
‭interactivity.‬
‭○‬ ‭ActiveX and VBScript‬
‭■‬ ‭Microsoft tools for interactive content (now outdated).‬
‭○‬ ‭Coldfusion‬
‭■‬ ‭Adobe’s server-side language for web apps.‬
‭○‬ ‭Web 2.0 design elements‬
‭■‬ ‭User-driven design with interactivity.‬
‭■‬ ‭Widgets, Mashups‬
‭●‬ ‭Small web apps and data combinations for richer content.‬

‭●‬ ‭Personalisation tools‬

‭○‬ ‭Personalisation‬
‭■‬ ‭Ability to treat people based on personal qualities and prior history‬
‭with site‬
‭○‬ ‭Customisation‬
‭■‬ ‭Ability change the product to better fit the needs of the customer‬
‭○‬ ‭Cookies‬
‭■‬ ‭Primary method to achieve personalisation‬
‭●‬ ‭Developing a mobile website and building mobile application‬
‭○‬ ‭3 types of m commerce software‬
‭■‬ ‭Mobile Website‬
‭●‬ ‭Responsive Web Design‬
‭■‬ ‭Mobile Web app‬
‭■‬ ‭Native‬
‭○‬ ‭Planning and building mobile presence‬
‭■‬ ‭Use systems analysis/design to identify unique and specific business‬
‭objectives‬

‭●‬ U
‭ nique features that must taken into account when designing a mobile web‬
‭presence‬
‭○‬ ‭Hardware‬
‭■‬ ‭Mobile hardware is smaller, and there are more resource‬
‭constraints in data storage and processing power‬
‭○‬ ‭Connectivity‬
‭■‬ ‭Mobile platform is constrained by slower connection speeds than‬
‭desktop Web Sites‬
‭○‬ ‭Displays‬
‭■‬ ‭Mobile displays are much smaller and require simplification. Some‬
‭screens are not good in sunlight‬
‭○‬ ‭Interface‬
‭■‬ ‭Touch screen technology introduces new interaction routines‬
‭different from the traditional mouse and keyboard‬
‭■‬ ‭Mobile platform is not a good data entry tool but can be a goo‬
‭navigational tool‬

‭●‬ ‭Developing A Mobile Web Presence‬

‭○‬ ‭Design Considerations‬
‭■‬ ‭Platform constraints‬
‭●‬ ‭Smart/Tablet‬
‭○‬ ‭Performance and cost‬
‭■‬ ‭Mobile Website‬
‭●‬ ‭Least expensive‬
‭■‬ ‭Mobile app‬
‭●‬ ‭Can utilize API‬
‭■‬ ‭Native app‬
‭●‬ ‭Most expensive‬
‭●‬ ‭Requires more programming‬
‭Case Study 2‬ ‭- Skyscanner‬

‭Summary of the Skyscanner Case Study‬

S‭ kyscanner, founded in 2003 by Gareth Williams, Barry Smith, and Bonamy Grimes, is a‬
‭leading travel metasearch platform that aggregates flight, hotel, and car rental‬
‭information. Initially focused on flight price aggregation, the company expanded to‬
‭provide additional services like hotel bookings and travel data insights. Skyscanner’s‬
‭global reach grew through international websites in multiple languages and strategic‬
‭acquisitions like Fogg and Distinction. It also introduced a mobile app that integrates all‬
‭travel planning services. Skyscanner differentiates itself with competitive pricing, a‬
‭user-friendly interface, and a two-sided marketplace model serving both travelers and‬
‭industry players. Additionally, it utilizes Amazon Web Services (AWS) for scalable IT‬
‭infrastructure and GitHub for software development. The company also promotes‬
‭sustainable travel by highlighting eco-friendly flights.‬

‭Answers to the Case Study Questions‬

‭1.‬ W
‭ hy did Skyscanner adopt Amazon Web Services (AWS)?‬
‭Skyscanner adopted AWS to optimize performance, scale its infrastructure based‬
‭on internet traffic, and reduce costs. AWS allows the platform to handle over 100‬
‭million monthly users efficiently.‬

‭2.‬ ‭What strategic decisions enabled Skyscanner to become a leader in its industry?‬

‭ ‬ E‭ xpansion into international markets with multilingual support.‬

○
‭○‬ ‭Addition of hotel and car hire services for a complete travel booking‬
‭experience.‬
‭○‬ ‭Development of a mobile app to improve accessibility.‬
‭○‬ ‭Acquisition of companies like Fogg and Distinction to enhance services.‬
‭○‬ ‭Launch of Travel Insight to provide data-driven insights for airlines.‬
‭ .‬ W
3 ‭ hat are the primary benefits of Skyscanner’s mobile app?‬

‭‬ C
○ ‭ ombines flight, hotel, and car rental searches in one platform.‬
‭○‬ ‭Provides price comparisons and travel deals.‬
 ‭ ‬ ‭Offers a “recent search” feature for user convenience.‬
○
‭○‬ ‭Suggests activities at travel destinations.‬
‭ .‬ ‭How did Skyscanner ensure that users could use its services in different‬
4
‭countries?‬
‭○‬ ‭Developed international websites with support for over 30 languages.‬
‭○‬ ‭Expanded into key markets like China, Singapore, Australia, and the U.S.‬
‭○‬ ‭Acquired companies with expertise in travel services for different regions.‬
‭5.‬ ‭How has Skyscanner managed to outperform its competitors?‬
‭○‬ ‭Provides cheaper prices through partnerships with 1,200+ travel‬
‭companies.‬
‭○‬ ‭User-friendly website and app with seamless navigation.‬
‭○‬ ‭Two-sided marketplace model benefits both travelers and service‬
‭providers.‬
‭○‬ ‭Uses cloud computing and automation for efficiency.‬
‭○‬ ‭Offers sustainability features, such as highlighting eco-friendly flights.‬
‭Lecture 4 -‬‭E-Commerce technology 3‬

‭●‬ ‭The E-Commerce Security Environment‬

‭○‬ ‭Scope of the problem‬
‭■‬ ‭Overall size of and losses due to cybercrime unclear‬
‭■‬ ‭Global economic impact of cybercrime and cyberespionage‬
‭between $455 billion to $600 billion‬
‭■‬ ‭Security product providers indicate increasing cybercrime‬
‭■‬ ‭Online credit card fraud one of the most high-profile forms‬
‭○‬ ‭Underground economy marketplaces sell stolen information, malware and‬
‭more‬

‭●‬ ‭Security Threats in the E-commerce Environment‬

‭○‬ ‭Three key points of vulnerability in e-commerce environment:‬
‭○‬ ‭Client Side - Phishing, malware, spyware‬
‭○‬ ‭Server Side - hacking, cyber-vandalism, data breaches‬
‭○‬ ‭Communications pipeline (Internet communications channels)‬
‭■‬ ‭Man-in-the-middle attacks, DoS/DDoS attacks‬

‭●‬ ‭What is good E-Commerce Security‬

‭○‬ ‭To Achieve the highest degree of security‬
‭■‬ ‭New technologies‬
‭■‬ ‭Organisational policies and procedure‬
‭■‬ ‭Industry standards and laws‬
‭○‬ ‭Other Factors‬
‭■‬ ‭Time value of money‬
‭■‬ ‭Cost of security v/s potential loss‬
‭■‬ ‭Security often breaks weakest link‬

‭●‬ ‭The E-Commerce Security Environment‬

 ‭○‬
‭■‬ E‭ -commerce security is multi-layered, and must take into account‬
‭new technology, policies and procedures, and laws and industry‬
‭standards.‬

‭●‬ C
‭ ustomer and Merchant Perspectives on the different dimensions of E-Commerce‬
‭Security‬

‭Integrity‬

‭‬ C
● ‭ ustomer:‬‭Was my info altered?‬
‭●‬ ‭Merchant:‬‭Was site data altered? Is customer data valid?‬

‭Nonrepudiation‬

‭●‬ C
‭ ustomer:‬‭Can someone deny their action later?‬
‭Merchant:‬‭Can customer deny ordering?‬

‭Authenticity‬

‭‬ C
● ‭ ustomer:‬‭Who am I dealing with?‬
‭●‬ ‭Merchant:‬‭Who is the customer really?‬

‭Confidentiality‬

‭●‬ ‭Customer:‬‭Can others read my messages?‬

 ‭●‬ ‭Merchant:‬‭Are messages/data safe from unauthorized access?‬

‭Privacy‬

‭‬ C
● ‭ ustomer:‬‭Can I control how my data is used?‬
‭●‬ ‭Merchant:‬‭Is customer data used or shared improperly?‬

‭Availability‬

‭‬ C
● ‭ ustomer:‬‭Can I access the site?‬
‭●‬ ‭Merchant:‬‭Is the site up and running?‬

‭●‬ ‭The Tension between security and other values‬

‭○‬ ‭Ease of use‬
‭■‬ ‭The more security measure added, the more difficult a site is to use‬
‭and slower it becomes‬
‭○‬ ‭Public safety and the criminal uses of the Internet‬
‭■‬ ‭Use of technology by criminals to plan crimes or threaten‬
‭nation-state‬

‭●‬ ‭Security Threats in the eCommerce Environment‬

‭○‬ ‭Three key points of vulnerability in e-commerce environment:‬
‭■‬ ‭Client‬
‭■‬ ‭Server‬
‭■‬ ‭Communications pipeline‬
‭●‬ ‭Typical eCommerce transaction‬

‭○‬
‭■‬ I‭n a typical e-commerce transaction, an online consumer accesses‬
‭the online store through an internet service provider. The web‬
‭servers at the online store connect to its database server to collect‬
‭and share information with the customer’s credit card bank and the‬
‭merchant’s bank. The order is shared with the warehouse, which‬
‭arranges for shipping to the online consumer.‬

‭●‬ ‭Vulnerable Points in an eCommerce transaction‬

‭○‬ ‭The online consumer computer is vulnerable to web beacons. The‬
‭connection between the online consumer and internet service provider is‬
‭vulnerable to WI FI listening and wire taps. The online store is vulnerable‬
‭to a customer list hack. The database server is vulnerable to an S Q L‬
‭injection attack. The customer credit card bank is vulnerable to a DOS‬
 a‭ ttack, card theft, or other hack. The connection between the customer‬
‭credit card bank and the merchant bank is vulnerable to a security breach‬
‭that also impact the online store.‬

‭●‬ ‭Malicious Code‬

‭○‬ ‭Exploits and exploit kits‬
‭○‬ ‭Malvertising‬
‭○‬ ‭Drive-by downloads‬
‭○‬ ‭Viruses‬
‭○‬ ‭Worms‬
‭○‬ ‭Ransomware‬
‭○‬ ‭Trojan horses‬
‭○‬ ‭Backdoors‬
‭○‬ ‭Bots, botnets‬

‭●‬ ‭Potentially Unwanted Programmes‬

‭○‬ ‭Browser parasites‬
‭■‬ ‭Monitor and change user’s browser‬
‭○‬ ‭Adware‬
‭■‬ ‭Used to call pop up ad‬
‭○‬ ‭Spyware‬
‭■‬ ‭Tracks Users keystrokes, emails, IMs‬

‭●‬ ‭Phishing‬
‭○‬ ‭Any deceptive, online attempt by a third party to obtain confidential‬
‭information for financial gain‬
‭○‬ ‭Tactics‬
‭■‬ ‭Social Engineering‬
‭■‬ ‭Email Scams and BEC Phishing‬
‭■‬ ‭Spear Phishing‬
‭○‬ ‭Use for identity fraud and theft‬
‭●‬ ‭Hacking, Cybervandalism and Hacktivism‬
‭○‬ ‭Hacking‬
‭■‬ ‭Hacker vs Crackers‬
‭■‬ ‭Goals‬
‭●‬ ‭Cybervandalism, Data Breaches‬
‭○‬ ‭Cybervandalism‬
‭■‬ ‭Disrupting, Defacing, Destroying Web site‬
‭○‬ ‭Tiger Teams and Bug bounty hunters‬
‭○‬ ‭Hacktivism‬

‭●‬ ‭Data Breaches‬

‭○‬ ‭Organization loses control over corporate information to outsiders‬
‭○‬ ‭Data breaches an enabler for credential stuffing attacks‬
‭○‬ ‭Yahoo and Equifax two of the most notorious‬
‭○‬ ‭Leading Causes‬
‭■‬ ‭Hacking‬
‭■‬ ‭Unauthorized access‬
‭■‬ ‭Employee error/negligence‬

‭●‬ ‭Insight on Society: Equifax: Really Big Data Hacked‬

‭○‬ ‭What organizational and technological failures led to the data breach at‬
‭Equifax?‬
‭■‬ ‭The Equifax data breach was caused by a combination of‬
‭organizational and technological failures. Technologically, the‬
‭company failed to patch a known vulnerability (Apache Struts‬
‭CVE-2017-5638) in a timely manner, despite having access to the fix.‬
‭Organizationally, Equifax lacked effective internal controls, such as‬
‭proper asset management, patch management, and incident‬
‭response procedures. These shortcomings, along with inadequate‬
‭encryption practices and poor oversight of sensitive data, allowed‬
‭attackers to access personal information of over 147 million people.‬
 ‭○‬ ‭What Technical Solution are Available to combat data breaches‬
‭■‬ ‭Encryption – Protects sensitive data by making it unreadable‬
‭without authorized access, ensuring stolen data cannot be easily‬
‭used.‬
‭■‬ ‭Multi-Factor Authentication (MFA) – Adds a strong layer of security‬
‭beyond passwords, reducing the risk of unauthorized access.‬
‭■‬ ‭Regular Patching and Updates – Fixes known software‬
‭vulnerabilities, closing common entry points used by attackers.‬

‭●‬ ‭Credit Card Fraud/Theft‬

‭○‬ ‭Hacking and looting of corporate servers is primary cause‬
‭○‬ ‭Central security issue: establishing customer identity‬
‭■‬ ‭E-signatures‬
‭■‬ ‭Multi-factor authentication‬
‭■‬ ‭Fingerprint identification‬

‭●‬ ‭Identity Fraud/Theft‬

‭○‬ ‭Unauthorized use of another person’s personal data for illegal financial‬
‭benefit‬
‭■‬ ‭Social security number‬
‭■‬ ‭Driver’s license‬
‭■‬ ‭Credit card numbers‬
‭■‬ ‭Usernames/passwords‬

‭●‬ ‭Spoofing, Pharming and Spam‬

‭○‬ ‭Spoofing‬
‭■‬ ‭Attempting to hide one’s true identity by using someone else’s‬
‭e-mail or I P address‬
‭○‬ ‭Pharming‬
 ‭■‬ A ‭ utomatically redirecting a U R L to a different address, to benefit‬
‭the hacker‬
‭ ‬ ‭Spam (Junk) Websites‬
○
‭■‬ ‭Offer collection of advertisements for other sites, which may‬
‭contain malicious code‬

‭●‬ ‭Sniffing and Man in the Middle Attacks‬

‭○‬ ‭Sniffer‬
‭■‬ ‭Eavesdropping program monitoring networks‬
‭■‬ ‭Can identify network trouble spots‬
‭■‬ ‭Can be used by criminals to steal proprietary information‬
‭○‬ ‭Email Wiretaps‬
‭■‬ ‭Recording e-mails at the mail server level‬
‭○‬ ‭Man in the Middle Attack‬
‭■‬ ‭Attacker intercepts and changes communication between two‬
‭parties who believe they are communicating directly‬

‭●‬ ‭Denial of Service and Distributed Denial of Service Attacks‬

‭○‬ ‭Denial of service (D o S) attack‬
‭■‬ ‭Flooding website with pings and page request‬
‭■‬ ‭Overwhelm and can shut down site’s web servers‬
‭■‬ ‭Often accompanied by blackmail attempts‬
‭■‬ ‭Botnets‬
‭○‬ ‭Distributed Denial of Service (D D o S) attack‬
‭■‬ ‭Uses hundreds or thousands of computers to attack target network‬
‭■‬ ‭Can use devices from Internet of Things, mobile devices‬
‭○‬ ‭DDOS Smokescreening‬

‭●‬ ‭Insider Attacks‬

‭○‬ ‭Biggest financial threat to businesses‬
‭○‬ ‭Employee access to privileged information‬
 ‭‬ P
○ ‭ oor security procedures‬
‭○‬ ‭Insiders more likely to be source of cyberattacks than outsiders‬

‭●‬ ‭Poorly Designed Software‬

‭○‬ ‭Increase in complexity of and demand for software has led to increase in‬
‭flaws and vulnerabilities‬
‭○‬ ‭SQL Injection Attacks‬
‭○‬ ‭Zero-Day Vulnerabilities‬
‭○‬ ‭Heartbleed bug; Shellshock (BashBug); F R E A K‬

‭●‬ ‭Social Network Security Issues‬

‭○‬ ‭Manual sharing scams‬
‭■‬ ‭Sharing of files that link to malicious sites‬
‭○‬ ‭Fake offerings, fake Like buttons, and fake apps‬

‭●‬ ‭Think you Smartphone is secure‬

‭○‬ ‭What types of threats do smartphones face‬
‭■‬ ‭Malware and Spyware‬‭– Malicious apps can steal personal data,‬
‭track activities, or control your device without your knowledge.‬
‭■‬ ‭Phishing Attacks‬‭– Fake texts, emails, or websites trick users into‬
‭revealing sensitive information like passwords or banking details.‬
‭■‬ ‭Unsecured Wi-Fi Networks‬‭– Public or open networks can be used‬
‭by attackers to intercept your data or inject malware.‬
‭○‬ ‭Are there any vulnerabilities specific to mobile devices?‬
‭■‬ ‭App Permissions Abuse – Many mobile apps request access to‬
‭sensitive data (location, contacts, microphone, etc.) that they may‬
‭not need, increasing the risk of data leakage.‬
‭■‬ ‭Insecure Mobile Apps – Poorly coded or unverified apps can have‬
‭security flaws or be intentionally malicious, exposing users to data‬
‭theft or device compromise.‬
 ‭■‬ O ‭ perating System Fragmentation – Especially in Android, many‬
‭devices run outdated OS versions due to manufacturer or carrier‬
‭delays, leaving them open to known exploits.‬
‭ ‬ ‭What qualities of apps make them a vulnerable security point in‬
○
‭smartphone use?‬
‭■‬ ‭Excessive Permissions – Apps that request more access than‬
‭necessary (e.g., contacts, camera, location) increase the risk of data‬
‭misuse or leakage.‬
‭■‬ ‭Poor Coding Practices – Insecure code can lead to vulnerabilities like‬
‭data exposure, insecure communication, or susceptibility to‬
‭injection attacks.‬
‭■‬ ‭Lack of Encryption – Apps that don’t encrypt data in transit or at‬
‭rest make it easier for attackers to intercept or access sensitive‬
‭information.‬
‭○‬ ‭Are apps more or less likely to be subject to threats than traditional P C‬
‭software programs?‬
‭■‬ ‭Mobile apps are generally more likely to face certain types of‬
‭threats than traditional PC software due to factors like excessive‬
‭permissions, constant connectivity, and less secure coding practices.‬
‭Users often grant apps broad access to personal data, and mobile‬
‭devices are more frequently exposed to insecure networks. While‬
‭PC software can present deeper system-level risks, mobile apps‬
‭tend to be more vulnerable to privacy breaches and data leaks,‬
‭making them a common target for attackers.‬

‭●‬ ‭Technology Solutions‬

‭○‬ ‭Protecting Internet Communications‬
‭■‬ ‭Encryption‬
‭○‬ ‭Securing Channels of Communication‬
‭■‬ ‭S S L, T L S, V P N s, Wi-Fi‬
‭○‬ ‭Protecting Networks‬
‭■‬ ‭Firewalls, proxy servers, I D S, I P S‬
‭○‬ ‭Protecting Servers and Clients‬
‭■‬ ‭O S security, anti-virus software‬
‭●‬ ‭Tools available to achieve eCommerce Security‬

‭○‬

‭●‬ ‭Encryption‬
‭○‬ ‭Transforms data into cipher text readable only by sender and receiver‬
‭○‬ ‭Secures stored information and information transmission‬
‭○‬ ‭Provides 4 of 6 key dimensions of eCommerce Security‬
‭■‬ ‭Message integrity‬
‭■‬ ‭Nonrepudiation‬
‭■‬ ‭Authentication‬
‭■‬ ‭Confidentiality‬

‭●‬ ‭Symmetric key Cryptography‬

‭○‬ ‭Sender and receiver use same digital key to encrypt and decrypt message‬
‭○‬ ‭Requires different set of keys for each transaction‬
‭○‬ ‭Strength of encryption: Length of binary key‬
‭○‬ ‭Data Encryption Standard (D E S)‬
‭○‬ ‭Advanced Encryption Standard (A E S)‬
 ‭○‬ ‭Other standards use keys with up to 2,048 bits‬

‭●‬ ‭Public Key Cryptography‬

‭○‬ ‭Uses two mathematically related digital keys‬
‭■‬ ‭Public key (widely disseminated)‬
‭■‬ ‭Private key (kept secret by owner)‬
‭○‬ ‭Both keys used to encrypt and decrypt message‬
‭○‬ ‭Once key used to encrypt message, same key cannot be used to decrypt‬
‭message‬
‭○‬ ‭Sender uses recipient’s public key to encrypt message; recipient uses‬
‭private key to decrypt it‬

‭○‬
‭■‬ S‭ tep 1, the sender creates a digital message, for example buy X Y Z‬
‭at 100 dollars. Step 2, the recipient’s public key is applied to the‬
‭message. Step 3, Application of the recipient’s key produces an‬
‭encrypted cipher text message, for example 1 0 1 0 1 1 0 1 1 1 0 0 0‬
‭1. Step 4, the encrypted message is sent over the internet to the‬
‭recipient. Step 5, the recipient’s private ley is used to decrypt the‬
‭message, in this case buy X Y Z at 100 dollars.‬

‭●‬ ‭Public Key Cryptography using Digital Signatures and Hash Digest‬
 ‭○‬ S‭ ender applies a mathematical algorithm (hash function) to a message and‬
‭then encrypts the message and hash result with recipient’s public key‬
‭○‬ ‭Sender then encrypts the message and hash result with sender’s private‬
‭key-creating digital signature-for authenticity, nonrepudiation‬
‭○‬ ‭Recipient first uses sender’s public key to authenticate message and then‬
‭the recipient’s private key to decrypt the hash result and message‬

‭○‬
‭■‬ S‭ tep 1, the sender creates an original message, for example buy X Y‬
‭Z at 52 dollars. Step 2, the sender applies a hash function, producing‬
‭a 128-bit hash result. Step 3, the recipient’s public key is used to‬
‭encrypt the message and hash result. Step 4, The sender encrypts‬
‭the result, again using his or her private key or digital signature. This‬
‭process creates signed cipher text including hash digest. Step 5, the‬
‭result of this double encryption, cipher text including hash digest, is‬
‭sent over the internet. Step 6, the receiver uses the sender’s public‬
‭key to authenticate the message, resulting in authenticated cipher‬
‭text. Step 7, the receiver uses his or her private key to decrypt the‬
‭hash function and the original message, in this case buy X Y Z at 52‬
‭dollars.‬

‭●‬ ‭Digital Envelopes‬

‭○‬ ‭Address weaknesses of‬
 ‭■‬ ‭Public key cryptography‬
‭●‬ ‭Computationally slow, decreased transmission speed,‬
‭increased processing time‬
‭■‬ ‭Symmetric Key Cryptography‬
‭●‬ ‭Insecure transmission lines‬
‭ ‬ ‭Uses symmetric key cryptography to encrypt document‬
○
‭○‬ ‭Uses public key cryptography to encrypt and send symmetric key‬

‭○‬
‭■‬ T‭ he sender creates an original message, in this case a diplomatic‬
‭report. The message is encrypted in cipher text using a symmetric‬
‭session key, which is itself encrypted with the recipient’s public key‬
‭to create a digital envelope and is sent over the internet to the‬
‭recipient. The recipient uses a private key to decrypt the symmetric‬
‭session key and then the symmetric key to decrypt the diplomatic‬
‭report.‬

‭●‬ ‭Digital Certificate and Public Key Infrastructure‬

‭○‬ ‭Digital certificate includes:‬
‭■‬ ‭Name of subject/company‬
‭■‬ ‭Subject’s public key‬
‭■‬ ‭Digital certificate serial number‬
‭■‬ ‭Expiration date, issuance date‬
 ‭ ‬ ‭Digital signature of C A‬
■
‭ ‬ ‭Public Key Infrastructure‬
○
‭■‬ ‭C A s and digital certificate procedures‬
‭■‬ ‭P G P‬

‭○‬
‭■‬ A
‭ n institution, or individual subject, requests a certificate via the‬
‭internet to certification authorities or C A’s. The C A’s send the‬
‭digital certificate which includes a serial number, version, issuer‬
‭name, issuance and expiration date, subject name, subject public‬
‭key, C A signature and other information, to the institution or‬
‭individual subject via the internet. The certificate can be supplied to‬
‭a transaction partner such as an online merchant or customer.‬

‭●‬ ‭Limitation of PKI‬

‭○‬ ‭Doesn’t protect storage of private key‬
‭■‬ ‭P K I not effective against insiders, employees‬
‭■‬ ‭Protection of private keys by individuals may be haphazard‬
‭○‬ ‭No guarantee that verifying computer of merchant is secure‬
‭○‬ ‭C A s are unregulated, self-selecting organizations‬

‭●‬ ‭Securing Channels of Communication‬

‭○‬ ‭Secure Sockets Layer (S S L)/Transport Layer Security (T L S)‬
 ‭ ‬ E‭ stablishes secure, negotiated client-server session‬
■
‭○‬ ‭VPN‬
‭■‬ ‭Allows remote users to securely access internal network via the‬
‭Internet‬
‭○‬ ‭Wireless (Wi-Fi) Networks‬
‭■‬ ‭W P A 2‬
‭■‬ ‭W P A3‬

‭●‬ ‭Secure Negotiated Sessions using TLS‬

‭○‬
‭■‬ T‭ he client browser sends a request for a secure session to the‬
‭merchant server via the internet. Session I D and methods of‬
‭encryption are negotiated. The merchant server grants the secure‬
‭session. Certificates are exchanged between the client and‬
‭merchant and the identity of both parties is established. The client‬
‭generates a session key and uses a server public key to create the‬
‭digital envelope, sends it to server, and the server decrypts using‬
‭the private key. The encrypted transmission using the client‬
‭generated session key begins.‬
‭●‬ ‭Protecting Networks‬
‭○‬ ‭Firewall‬
‭■‬ ‭Hardware or software that uses security policy to filter packets‬
‭●‬ ‭Packet Filters‬
‭●‬ ‭Application gateways‬
‭■‬ ‭Next generation firewalls‬
‭○‬ ‭Proxy Servers‬
‭■‬ ‭Software servers that handle all communications from or sent tot‬
‭the internet‬
‭○‬ ‭Intrusion detection systems‬
‭○‬ ‭Intrusion Detection Systems‬

‭●‬ ‭Firewalls and Proxy Servers‬

‭○‬
‭■‬ W
‭ ith a firewall, remote clients and servers that seek to access local‬
‭clients, and local clients that seek to access remote clients and‬
‭servers, via the internet must pass through the firewall on a web‬
‭server. With a proxy server, local clients on internal networks‬
‭seeking to access remote clients and servers on external networks,‬
‭and remote clients and servers on external networks seeking to‬
 a‭ ccess local clients on internet networks, via the internet, use a‬
‭proxy server.‬

‭●‬ ‭Protecting Servers and Clients‬

‭○‬ ‭Operating System and Application Software Security‬
‭■‬ ‭Upgrades, patches‬
‭○‬ ‭Anti-Virus Software‬
‭■‬ ‭Easiest and least expensive way to prevent threats to system‬
‭integrity‬
‭■‬ ‭Requires daily updates‬

‭●‬ ‭Management Policies, Business Procedure and Public Laws‬

‭○‬ ‭Managing risk includes:‬
‭■‬ ‭Technology‬
‭■‬ ‭Effective management policies‬
‭■‬ ‭Public laws and active enforcement‬

‭●‬ ‭Security Plan: Management policies‬

‭○‬ ‭Risk assessment‬
‭○‬ ‭Security policy‬
‭○‬ ‭Implementation plan‬
‭■‬ ‭Security organization‬
‭■‬ ‭Access controls‬
‭■‬ ‭Authentication procedures, including biometrics‬
‭■‬ ‭Authorization policies, authorization management systems‬
‭○‬ ‭Security audit‬

‭●‬ ‭Developing an eCommerce Security Plan‬

 ‭○‬

‭●‬ ‭What are Biometrics‬

‭○‬ ‭Biometrics refers to the use of unique physical or behavioral‬
‭characteristics—such as fingerprints, facial recognition, iris patterns, or‬
‭voice—to identify and authenticate individuals. It offers a secure and‬
‭convenient way to verify identity, commonly used in smartphones, security‬
‭systems, and access controls. Because biometric traits are unique to each‬
‭person, they are harder to replicate or steal than passwords.‬
‭●‬ ‭How can the use of biometrics make e-commerce more secure?‬
‭○‬ ‭The use of biometrics can make e-commerce more secure by providing a‬
‭strong, reliable method of user authentication. Unlike passwords or PINs,‬
‭biometric traits like fingerprints or facial recognition are unique and‬
‭difficult to steal or replicate. This reduces the risk of fraud and‬
‭unauthorized access to user accounts during online transactions.‬
‭Biometrics also streamline the login and payment process, enhancing both‬
‭security and user convenience in e-commerce.‬
‭●‬ ‭What are some of the potential dangers in using biometrics?‬
‭○‬ ‭While biometrics offer strong security, they also come with potential‬
‭dangers. If biometric data like fingerprints or facial scans are stolen, they‬
‭cannot be changed like a password, making the breach permanent. There‬
 a‭ re also privacy concerns, as misuse or unauthorized sharing of biometric‬
‭data can lead to surveillance or identity theft. Additionally, biometric‬
‭systems can sometimes produce false matches or fail to recognize users,‬
‭leading to access issues or security gaps.‬

‭●‬ ‭How an online credit card transaction works‬

‭○‬
‭■‬ S‭ tep 1, a consumer makes a purchase. Step 2, S S L or T L S provides‬
‭secure connection through the internet to the merchant server.‬
 S‭ tep 3, merchant software contacts the clearinghouse over a secure‬
‭line. Step 4, the clearinghouse verifies account and balance with‬
‭issuing bank. Step 5, the issuing bank credits merchant account.‬
‭Step 6, a monthly statement is issued with debit for purchase.‬

‭●‬ ‭Case Study‬

‭1. Why has China been an ideal environment to support mobile payment systems?‬

‭China has been an ideal environment for mobile payment systems due to several factors:‬

-‭ Low Credit Card Penetration: With only 0.31 credit cards per capita (compared to 2.5 in‬
‭the U.S.), China bypassed traditional card-based systems, creating a vacuum filled by‬
‭mobile payments.‬

-‭ High Smartphone Adoption: Rapid growth in mobile internet users (from 265 million in‬
‭2010 to 835 million in 2020) provided a ready user base.‬

-‭ Cultural Acceptance: Proximity payments via QR codes became ubiquitous, even‬

‭among street vendors and musicians, fostering widespread trust and convenience.‬

-‭ Government Support: The Chinese government invested in digital infrastructure and‬

‭initially allowed tech giants like Alibaba and Tencent to dominate the space.‬

-‭ Ecosystem Integration: Apps like Alipay and WeChat Pay expanded beyond payments‬
‭into financial services (loans, investments) and daily utilities (transport, bills), making‬
‭them indispensable.‬

‭2. How has Alipay changed from its original iteration?‬

‭Alipay evolved significantly from its original escrow-based payment model:‬

-‭ Expanded Services: It diversified into financial products like Yue Bao (money market‬
‭fund), microloans (Ant Micro Loan, JieBei), and credit services (Huabei).‬
-‭ Global Reach: Expanded to serve Chinese travelers abroad and entered markets like‬
‭Pakistan and Southeast Asia.‬

-‭ Technological Advancements: Incorporated AI for fraud detection, blockchain projects,‬

‭and IoT integrations.‬

-‭ Ecosystem Growth: Transitioned from a payment tool to a "super app" offering‬

‭insurance, wealth management, and credit scoring.‬

‭3. How has WeChat grown to rival Alipay in mobile payment market share in China?‬

‭WeChat Pay leveraged its social and multifunctional platform to compete:‬

-‭ Social Integration: Built into WeChat’s messaging app (1.2 billion users), it capitalized‬
‭on P2P transactions via features like "red packets" (600 million users in 2020).‬

-‭ Exclusive Partnerships: Collaborated with services like Didi Chuxing (ridesharing) and‬
‭Meituan (food delivery), blocking Alipay in some cases.‬

-‭ Daily Utility: Enabled payments for parking, bills, travel, and even dating, increasing‬
‭user dependency.‬

-‭ Global Expansion: Partnered with firms like Travelex to facilitate cross-border payments‬
‭for Chinese tourists.‬

‭ . Why have countries like the United States been slow to adopt mobile payment‬
4
‭systems?‬

‭The U.S. lags due to:‬

-‭ Established Alternatives: Heavy reliance on credit/debit cards (2.5 cards per capita)‬
‭with robust rewards systems and consumer trust.‬

-‭ Fragmented Market: Multiple competing systems (Apple Pay, Google Pay, Samsung Pay)‬
‭lack unified adoption among merchants.‬
-‭ Privacy Concerns: Greater cultural emphasis on data privacy limits willingness to use‬
‭apps that monetize user data (unlike China).‬

-‭ Infrastructure Gaps: NFC terminals are not universally adopted, and QR code payments‬
‭are less entrenched.‬

-‭ Limited Incentives: Without a dominant ecosystem (like WeChat’s), users see little‬
‭added value over cards.‬
‭Lecture 5 -‬ ‭User experience design overview‬

‭●‬ ‭User experience design‬

‭‬
○
‭○‬ ‭Early Tool Design‬
‭■‬ ‭Humans have been designing tools for over 2.5 million years.‬
‭■‬ ‭Early examples include hand-carved axes, bows and arrows, wheels,‬
‭and airplane controls.‬
‭■‬ ‭Tools were primarily designed for functionality rather than user‬
‭experience.‬
‭○‬ ‭Ancient Recognition of User-Centered Design‬
‭■‬ ‭Some ancient cultures, like Greece and Egypt, considered usability.‬
‭■‬ ‭Hippocrates documented how medical workplaces should be‬
‭arranged for efficiency.‬
‭■‬ ‭However, most historical designs prioritized the task rather than the‬
‭user.‬
‭○‬ ‭Relevance to UX and Design‬
‭■‬ ‭Early tool-making focused on achieving objectives rather than‬
‭improving user interaction.‬
‭■‬ ‭The shift toward user-centered design emerged much later with a‬
‭focus on usability and efficiency.‬
‭‬
○
‭○‬ ‭Industrial Age and Early Ergonomics‬
‭■‬ ‭19th-century industrialization led to the first formal ideas about‬
‭ergonomics and human factors.‬
‭○‬ ‭Two key approaches emerged:‬
‭■‬ ‭Taylorism (Frederick Winslow Taylor): Focused on improving‬
‭productivity by optimizing tasks (e.g., redesigning coal shovels to‬
‭increase efficiency).‬
‭■‬ ‭Gilbreths’ Motion Study: Focused on reducing physical effort in‬
‭tasks (e.g., simplifying bricklaying steps).‬
‭○‬ ‭World War II and the Growth of User-Centered Design‬
‭■‬ ‭The complexity of military aircraft controls required intuitive and‬
‭user-friendly design.‬
‭■‬ ‭Pilots needed controls that were easy to use under extreme‬
‭conditions.‬
‭■‬ ‭After the war, ergonomics became widely applied in various design‬
‭fields.‬
‭○‬ ‭Relevance to UX and Design‬
‭■‬ ‭The shift from efficiency-focused design to user-centered design‬
‭emerged from ergonomics.‬
‭■‬ ‭Experience design became an essential consideration across‬
‭industries.‬
‭●‬ ‭What is user experience design‬
‭○‬ ‭User experience design is the process enhancing user satisfaction with a‬
‭product by improving the‬
‭■‬ ‭Usability, accessibility and pleasure provided in the interaction with‬
‭the product‬
‭○‬ ‭Associated with digital activities‬
‭■‬ ‭Not strictly about digital user experience‬
‭○‬ ‭As digital landscape grows, UXD broadens to include a growing number of‬
‭digital information system technologies‬
‭○‬ ‭The advances in detail tech are having a profound impact on user‬
‭expectations, needs and wants regarding digital experiences.‬
‭○‬ ‭Emerged from HCI, human computer interaction‬
‭○‬ ‭Understanding HCI and UXD helps frame your understanding of how digital‬
‭influences UXD considerations‬
‭○‬ ‭HCI and UXD concerned with similar objects‬
‭■‬ ‭Understanding and designing digital interactives systems for human‬
‭users‬
‭●‬ ‭UXD v/s UID‬

‭○‬
‭‬ U
■ ‭ XD focused on improving the usability of a website‬
‭■‬ ‭UID is about how a website is laid out based on procinples specified‬
‭by UXD‬
‭■‬ ‭Need to understand both to have a successful website‬
‭●‬ ‭Where does UX fit in‬

‭○‬
‭‬ U
■ ‭ X crossed the Tech, Business and Design reals‬
‭■‬ ‭Incorporating elements of each‬
‭●‬ ‭What does UX entail‬

‭○‬

‭●‬ ‭Main deliverables of UX‬

‭○‬ ‭User Personas‬
‭○‬ ‭User context‬
‭○‬ ‭Hierarchical task analysis‬
‭○‬ ‭Design goals‬
‭○‬ ‭Style guide‬
‭○‬ ‭Wireframes‬
‭○‬ ‭Prototype‬
‭●‬ ‭User Persona‬

‭○‬
‭■‬ D ‭ eveloping understanding of the people for whom you are‬
‭designing‬
‭■‬ ‭Can’t know everything about your user‬
‭■‬ ‭Create a fictional version of who and what your common users are‬
‭■‬ ‭Creating a set of persona (Fictional Characters)‬
‭●‬ ‭You have a more concrete foundation from which to launch‬
‭your design efforts‬
‭■‬ ‭A persona represents a group of users with similar behaviors,‬
‭attitudes, and motivations in purchasing, technology use, customer‬
‭service, and lifestyle, regardless of demographics.‬
‭ ‬ ‭Alan Cooper, early 1980s‬
○
‭■‬ ‭A nebulous customer base could be better understood in terms of‬
‭separate communities with their own identities‬
‭■‬ ‭Result was marketing firms started creating imaginary characters to‬
‭represent these various communities that compromised their total‬
‭customer base.‬
‭■‬ ‭Gave them a sense of the people they were trying to attract even if‬
‭it was just fictional‬
‭■‬ ‭A persona is a character representing user types within your‬
‭Product Use Context. Descriptions are often in the first person, as if‬
‭the user is speaking about themselves.‬
‭●‬ ‭User context‬

‭○‬
‭■‬ I‭mportant to understand the context in which the user will be using‬
‭the website‬
‭■‬ ‭Incorporate this into the attributes/actions that we see in the user‬
‭persona‬
‭■‬ ‭A way someone interacts with a website will differ when using it for‬
‭personal or business.‬

‭●‬ ‭Hierarchical task analysis‬

‭○‬ ‭Provides an understanding of the task users need to perform to achieve‬
‭certain goals‬

‭‬
■
‭ ‬ ‭Hierarchies are important structures from a cognitive perspective. Problem‬
○
‭solving strategies can often be organised hierarchically, where tasks are‬
‭divided into less complex subtask, and finally reach a more or less atomic‬
‭level operation, such as pressing a button.‬
‭○‬ ‭Purpose‬
‭■‬ ‭Describe the uses task structured in a hierarchy of goals, tasks,‬
‭operations and plans‬
‭○‬ ‭Goals‬
 ‭ ‬ ‭The desired state of the system‬
■
‭○‬ ‭Tasks‬
‭■‬ ‭How the goal can be fulfilled‬
‭○‬ ‭Operations and actions‬
‭■‬ ‭What the user does to perform the tasks‬
‭‬
○ ‭This is the smallest level of description of the user’s actions‬
‭○‬ ‭Hierarchies of tasks and subtasks‬
‭■‬ ‭Plans‬
‭●‬ ‭Describes under what conditions a subtask shall be‬
‭performed‬
‭■‬ ‭Stop Criteria‬
‭●‬ ‭How deep a task shall be divided into subtasks‬

‭●‬ ‭Wireframes‬

‭○‬
‭ ‬ S‭ keleton of a web page‬
■
‭■‬ ‭Architectural layout of how each page of a website functions and‬
‭how they all fit together‬
‭■‬ ‭TJ Ward‬
‭●‬ ‭shows the priority and the organisation of things on the‬
‭screen and how users will get to other parts of the site‬
‭■‬ a‭ framework of connecting “wires”, which indicates how the web‬
‭page elements are linked to each other, what their various functions‬
‭are, and how a user can navigate around the content of the site as a‬
‭whole.‬
‭■‬ ‭Map of the user path‬
‭■‬ ‭Job of UX design has several crucial overlaps with Information‬
‭Architecture.‬
‭■‬ ‭Blueprint of the website‬
‭■‬ ‭In order for the user to achieve their objectives, they need to‬
‭intuitively take the correct steps towards those objectives.‬
‭■‬ ‭Done if they have a path that they can follow, finding useful signs‬
‭along the way that guide them in the right direction. Essentially‬
‭then, you are part architect, part cartographer.‬
‭■‬ ‭keep in mind the restrictions and requirements that arise from the‬
‭technical developer, the aesthetic designer and the objectives of the‬
‭other stakeholders, all of this while representing the best interests‬
‭of the users.‬
‭■‬ ‭Wireframes can be designed in 3 different classes‬
‭●‬ ‭Low fidelity‬
‭●‬ ‭Medium fidelity‬
‭●‬ ‭High fidelity‬
‭■‬ ‭Classes determined by the amount of detail they contain‬
‭■‬ ‭UX project will require a design from each of the 3 classes‬
‭■‬ ‭Becoming more detailed as the project advances‬
‭●‬ ‭Classes in wire frames‬

‭‬
○
‭○‬ ‭Low‬
‭■‬ L‭ ow-fidelity wireframes are the most basic form of wireframing,‬
‭typically hand-drawn on paper or a whiteboard.‬
‭■‬ ‭Cost & Speed:‬
‭●‬ ‭They are cheap and quick to create.‬
‭■‬ ‭Purpose:‬
‭●‬ ‭Helps visualize the basic structure of a product without‬
‭focusing on fine details.‬
‭■‬ ‭Flexibility:‬
‭●‬ ‭Allows for idea generation, experimentation, and early-stage‬
‭refinements.‬
‭■‬ ‭Planning Stage:‬
‭●‬ ‭Used to map out layout and functionality before committing‬
‭to a detailed design.‬
‭■‬
‭○‬ ‭Medium‬
 ‭■‬ M ‭ edium-fidelity wireframes provide a more detailed representation‬
‭of the user interface.‬
‭■‬ ‭Tools:‬
‭●‬ ‭Typically created using software like Balsamiq, Axure, or‬
‭similar tools.‬
‭■‬ ‭Focus:‬
‭●‬ ‭Emphasizes UI controls and overall layout without adding‬
‭final design elements.‬
‭■‬ ‭Appearance:‬
‭●‬ ‭Designed to resemble low-fidelity wireframes to keep‬
‭attention on user flow.‬
‭■‬ ‭Purpose:‬
‭●‬ ‭Helps refine structure and navigation while maintaining‬
‭flexibility before high-fidelity design.‬
‭ ‬ ‭High‬
○
‭■‬ ‭High-fidelity wireframes are the most detailed version, also called a‬
‭composite (comp).‬
‭■‬ ‭Purpose:‬
‭●‬ ‭Represents all elements of the user journey except final‬
‭aesthetics (colors, fonts, and styling).‬
‭■‬ ‭Finalization:‬
‭●‬ ‭Serves as the near-final UI design before aesthetic‬
‭adjustments.‬
‭■‬ ‭Design Handoff:‬
‭●‬ ‭Allows UI structure to be approved before the aesthetic‬
‭designer finalizes the visual details‬
‭●‬ ‭Prototype‬

‭‬
○
‭○‬ B ‭ efore you make something, you have to make a prototype‬
‭○‬ ‭Check that everything on paper works in practice‬
‭○‬ ‭Software and Web designers create prototypes of how users will interact‬
‭with their design‬
‭○‬ ‭Every project has mistakes‬
‭○‬ ‭Small mistakes compound if not found early‬
‭○‬ ‭Reviewing the interface before final production prevents major issues.‬
‭○‬ ‭Better to be cautious than release a flawed interface‬
‭○‬ ‭Instant connectivity means users quickly notice and share flaws.‬
‭○‬ ‭Prototype final check‬
‭■‬ ‭last opportunity to refine the interface and user path before‬
‭release.‬
‭○‬ ‭Fixing issues early, it cheaper and more productive than fix them later‬