Online business models and strategies

Threats to Online Businesses

The internet has forever changed the manner in which people operate in our society. The internet has also had a profound effect upon the ability of business owners to have instant access to consumers on an international level. As a result, the presence of online businesses has increased dramatically in the past five years. The new influx of online businesses has also resulted in an increase in threats associated with these businesses. The purpose of this discussion is to examine the front-end and back-end threats associated with the online business industry. In addition the research will compare and contrast the strategies of EBay and Amazon in eliminating their losses and gaining market share in the U.S. Let us begin our discussion with a brief overview of online businesses.

Overview of Online businesses

There are now thousands of businesses that are involved in ecommerce. Some of these businesses also have traditional stores, while others such as EBay and Amazon operate solely on the internet. According to an article found in the Journal of International Business Studies, even though the dotcom bust meant the end of many online businesses it did not mean that ecommerce could or would not become a lucrative form of business.

Indeed, companies such as EBay and Amazon have proven that the internet can be a very lucrative place. To this end the article contends that many entrepreneurs choose to conduct business online because of the inherent benefits associated with the internet. For instance, the article posits

The e-commerce corporations (EGGs) are unique in four ways. First, from their inception, ECCs have multinational accessibility. Second, EGGs compete not just with domestic firms but also with firms all over the world. Third, these new breed of Internet-based multinationals (ECCs) are largely small or medium sized firms that strategically use complementary assets through networks of partnerships and alliances. Finally, unlike traditional multinationals, EGGs on the Internet have a unique set of advantages based on network resources, open accessibility, innovative entrepreneurship, and information sharing."

Indeed the internet offers businesses a unique set of opportunities to reach customers in an unprecedented manner. Although these opportunities create a platform upon which businesses can become extremely successful, it has also created a plethora of threats. The next section of this discussion will focus on specific threats related to the front-end and back-end systems of online businesses.

Front-end and Back-End System Threats

Every online business has to deal with threats related to how their business is run. One of the primary threats that internet businesses face has to do with front-end and back-end systems. Front-end systems refer to a workstation or group of workstations that supply operators with the ability to network with a large-scale computer system. The back end system refers to business and legacy systems that support inventory, order processing, and receivables for both buyers and suppliers in Business-to-Business ecommerce.

Threats to Front End Systems

According to an article entitled "What is E-commerce," the threats to front end systems include the following Web Server or Internet Connection overload due to unforeseen demand for access causing a loss in performance or problems with the system. This threat to the front end system can lead to a loss if revenues for an online business. This loss of revenue occurs because consumers may choose to do business with another internet company.

Web sites that have the wrong price or product information. This is a threat to online businesses because profits can be eroded if products are sold at a price that is not correct.

Disclosure of private information that is often held within a website. This information could include personal data such as phone numbers, addresses and credit card information. This threat usually exists when security features are not installed properly.

This is perhaps the single most prevalent threat to online businesses, because identity theft is a serious problem that can ruin the credit of the victim. Identity theft is defined as "the practice of using the identity of another to obtain credit. After the identity thief defaults, lenders and credit bureaus attribute the default to the impersonated consumer."

Web pages that have been changed to display obscene or pornographic materials. This can occur when a system is vulnerable and is infiltrated by hackers. These individuals often have the capacity to alter the contents of a web page. When this occurs online businesses can loose customers because they may be offended by the content and never return to the site.

Failure of the web server because of software or hardware is unreliable or because there are operational mistakes. This could cause an online business to loose their reputation because such problems tend to draw a great deal of attention in media outlets.

All of these threats are present for online businesses as it relates to front end systems. There are many tactics that can be used to minimize these threats, but in most cases these threats cannot completely be eliminated. In addition to front end threats, online businesses also have to content with back end threats. According to the article "What is E-commerce" these threats are as follows

Failure to connect front end and back end systems. This can have the effect of causing incorrect or out of date information to be displayed on websites. For an online business this threat means that commitments made to customers cannot be realized.

An unexpected number of transactions from ecommerce web servers degrading the performance of essential internal systems. This threat means that critical business functions will be disturbed and the functions that these systems depend on will also be disrupted.

Internal systems vulnerable to unauthorized access through the internet. This threat means that there will be serious disruption of business through hackers corrupting critical information.

Front-end applications can also be subverted to pass incorrect information to back end systems that makes them functions in ways that are not desirable.

This is a threat because it has the potential to cause important business systems to fail because they can not handle the onslaught of unexpected data.

Vulnerability analysis and assessment tools

To analyze how vulnerable a company is to certain threats, companies perform vulnerability analysis and rely upon certain assessment tools.

As far as vulnerability analysis or risk assessment is concerned, online businesses must use risk management to find out what threats are present and how to reduce the presence of such threats. Vulnerability analysis can be used to measure the risks associated with many different types of threats that an organization may face.

According to the book "Surviving Security: How to Integrate People, Process, and Technology" such an analysis can be utilized to check an organization's system for vulnerabilities and also the likelihood that a vulnerability will be effectively exploited. The analysis of these vulnerabilities should not only include electronic risks, but also physical risks, that might involve an individual using a floppy disk and steal data or modifying the system. The book also explains that Vulnerabilities are the main method a threat event can use to cause harm or loss. According to Charles LeGrand, a vulnerability is the absence of or ineffective implementation of safeguards or controls. For example, the failure to adequately safeguard a known hole in a Web server might allow an attacker or business competitor to shut down your organization's Web server, your main means of revenue."

Also, the author asserts that in addition to analyzing the host- and network-level threats, online businesses should view the applications running on the company's systems, including both Web and e-mail servers. The author also asserts that most successful attacks usually come as a result of mis-configured or un-patched Web servers. This aspect of an analysis guarantees that an organization covers the main points of attack for networks and systems.

Techniques used in Vulnerability Analysis

There are three primary techniques that are used to analyze vulnerability. These techniques include the following Informal Approach- the advantage of this approach is that it requires no additional skills for carrying out the analysis. In addition, this type of analysis can be performed quickly. There are also some disadvantages associated with this approach. For instance, the analysis may be incorrect or skewed because the analysis is ore subjective than objective.

In addition, because the analysis is not detailed some vulnerability may be overlooked.

Baseline Approach -- the primary advantage of this approach is the minimal amount of time and resources that are required. Additionally, this approach features pre-assessed safeguards that are recommended in manuals. Another advantage of this approach is that it provides security across the entire organization. The disadvantage of this approach is that the security levels may be too low or too high.

Detailed risk analysis -- the primary advantage of this approach is that the safeguards are usually justifiable. In addition, there security level prescribed to each level of the system. The primary disadvantage of this type of assessment is the time, effort and expense associated with carrying out such an analysis.

As it relates to assessment tools there are several different tools that are now available to online businesses. According to an article entitled "Three Vulnerability Assessment Tools Put to the Test"

Vulnerability assessment systems scan operating systems and applications for potential problems, such as the use of default passwords or configurations and open ports. This can give administrators a head start in fixing problems and will, hopefully, let IT organizations more effectively beat bad guys to the punch."

The above factors are only true when vulnerability systems find all the problems that may be present in an application.

Research has often demonstrated a gap between the best vulnerability assessment tools and the weaknesses in a test network. However IT employees who are responsible for securing IT assets will find the use of a vulnerability assessment tool beneficial even if all it does is eliminate some of the monotonous work they are confronted with.

When vulnerability assessment tools were first made available, scanning was the primary method utilized. However, today there are also tools such as intrusion-detection software (IDS); this software is different from scanning software in that it works by looking for patterns of illegitimate network traffic that might be consistent with a breach of the system. On the other hand, scanners work by identifying whether or not a computer's actual configuration is vulnerable to attack. In other words the IDS is reactive, whereas the scanning software is proactive.

EBay and Amazon

Now that we have discussed the general vulnerabilities that online businesses are confronted with, let us focus on and compare some of the vulnerabilities that specific companies have to deal with. As it relates to this aspect of the discussion we will focus on EBay and Amazon, two of the largest online businesses in the world.

EBay is the largest internet auction site in the world. The company has been able to generate billions of dollars a year by simply serving a host site fro people all around the world that want to offer products for sale. Although the company has been extremely successful, the very structure of the company makes it vulnerable to some very unique threats.

The first of which is auction fraud. Auction fraud is the most reported type of internet fraud and cost EBay and consumer millions of dollars each year. This type of fraud occurs in several different ways. The primary way that this type of fraud is committed involves sellers that advertise a product, the buyer or winning bidder pays for the product and the product is never received. An article entitled Online Auction Fraud: Are the Auction Houses Doing All They Should or Could to Stop Online Fraud?

Some online sellers have put items up for auction, taken the highest bidder's money, and never delivered the merchandise. In addition, consumers who paid by certified check or money order have little recourse when it comes to getting their money back.(21) With fraudulent online auction users recognizing the difficulty in retrieving a check or money order, it is not surprising that payment by check or money order accounts for ninety-three percent of fraudulent payments.

This type of fraud is problematic for EBay because if the seller never receives the product the buyer can then refuse to accept the charges and EBay will not get there commission from the sell.

To avoid this problem the company has attempted to implement several safeguards that include allowing the buyer to file a complaint with EBay. EBay then investigates such claims and attempts to rectify the situation. The company also allows buyers and sellers to leave rating for one another. On EBay an individuals ratings help others to determine whether or not the buyer or seller is trustworthy and whether doing business with the individual will end in a successful transaction. If potential buyers see negative ratings there are less likely to do business with that individual.

As it relates to more general threats such as identity theft EBay attempts to use safeguards such as password protection and usernames to safeguard the personal information of users. The company also recommends that users change their passwords frequently, as this decreases greatly the likelihood of their identities being compromised.

Although EBay has attempted to implement many safeguards, the company has experienced major problems with "Spoof Emails." According to Ebay's Security Center this is actually a form of Phishing. The company explains

Some thieves on the Internet, simply go fishing, or 'phishing', as the practice has come to be known, trolling the sea of online consumers in hopes of netting unsuspecting victims. One method of phishing is the sending of 'spoof' (fake) emails, which copy the appearance of popular Web sites or companies in an attempt to commit identity theft or other crimes."