Planning and Development

E-commerce can help organizations grow their business online, but the
venture brings the most success if planned properly.
• Identify the opportunity
• Allocate resources to support e-commerce
• Align marketing and sales strategies
• Define target customers and their needs
• Create a customer service plan
• Invest in the right technology
• Identify integration requirements
• Create key performance indicators for online sales
• Look for continuous improvements

8 Things to Keep in Mind During eCommerce

Website Development

1. Website safety and security

2. Optimization of your site before and during the E-Сommerce website
development process.
3. Registration
4. Payment options
5. Mobile functionality
6. Customer support and contact information
7. Proper product descriptions and showcasing
8. Website search and filtering
SMART Web Site Goals

S: Specific M: Measurable A: Attainable R: Relevant

T: Time-bound

1. Increase conversions
2. Increase brand awareness
3. Increase traffic
4. Improve content quality
5. Increase email subscribers
6. Improve search engine rankings
7. Reducing time spent on tasks
8. Write more blogs

4 tools you can use to measure website success

• Google Analytics
• Google Search Console : SEO
• Social media insight tools : Buffer, Hootsuite, SocialPilot, MeetEdgar
• Keyword research tools : Semrush, Soovle, TopicRanker, Jaaxy.

International Issues

Most-Common International E-commerce Issues

1.Language and Localization

2.Content and Cultural Perceptions
3.Technical Infrastructure and Speed
4.Customer Support and Service
5.Currency and Payment Preferences
Resource Allocation
Resource allocation is the process of identifying all your available
resources—whether it’s labor or monetary—for a project and then strategically
assigning them to tasks that enable them to do their best work.

• Individual people
• Teams or departments
• Budget
• Time
• Hardware and software
• Real estate
• Processes
• Intellectual property
• Techniques and skill sets

Content Development
-building trust with your customers and boosting user engagement to
generating sales.
Site Map Development
-the blueprint of your site and a guide for the web design and development
process.

Easy Steps to Creating a Sitemap For a Website

• Brainstorm your website categories
• Organize your categories
• Add structure & hierarchy
• Start planning your content
• Add rough written content
• Add example images
• Sketch the basic page layout
• Share with your team
PRINCIPLES OF GOOD WEBSITE DESIGN
1. WEBSITE PURPOSE: Describing Expertise, Building Your Reputation,
Generating Leads, Sales and After Care
2. SIMPLICITY: Colour, Type, Imagery
3. NAVIGATION- Navigation is the wayfinding system used on websites where
visitors interact and find what they are looking for
4. F-SHAPED PATTERN READING- most common visitors scan text on a website.
Eye-tracking studies have found that most people see is in the top and left
areas of the screen.
5. VISUAL HIERARCHY- size, colour, imagery, contrast, typography, texture and
style.
6. CONTENT- An effective website has both great design and great content.
7. GRID BASED LAYOUT- Grids help to structure design and keep your content
organised.
8. LOAD TIME- half of web visitors expect a site to load in 2 seconds or
less and they will potentially leave a site that isn’t loaded within
seconds.
9. MOBILE FRIENDLY- adjust to different screens

Web Site Design Tools

1. Wix- does not require coding to build websites

2. Figma- excellent for prototyping, and design systems, Animation Data
Import/Export, Collaboration Tools, Endless capabilities, No mobile
application
2. Squarespace
3. Shopify
4. Canva- Library of built-in templates for teams, Real-time collaboration,
fast and reliable, User-friendly
5. WordPress- Custom design, Augmented reality, cheap, Beginner & SEO
friendly.
6. Adobe- Collaboration, Seamless integration, Affordable
7. Marvel- Customizable, Clean and simple user interface

Web Page Programming Tools

software and apps that provide web developers with the ability to debug and
test the code and interface of the website or application they're creating.
• Chrome DevTools- best tools for Web Developers, designed for both small
and large organizations
• Sass- most mature, robust, stable, and reliable CSS extension languages.
• CodePen- frontend developer
• Grunt- task automation
• GitHub- frequent choice most organizations, irrespective of their sizes
• BootStrap- open source libraries of HTML, CSS, and JavaScript
• Envato- front-end development tool
• Sublime Text- open-source software used for coding and markup
• MongoDB
• Notepad++ , REST-assured
Data Processing Tools
Software frameworks and platforms designed to handle and
process large volumes of data efficiently.
1. Apache Spark- Free and open-source, first launched in 2012, processing
big data via clustered computing
2. Apache Hadoop
3. Apache Flink
4. Google Cloud Platform
5. MongoDB- Priced per feature, Cloud, Desktop (Mac, Windows, Linux), and
on premise.
6. Sisense- Pricing is available on request. A free trial is also available.
7. RapidMiner- Big Data analytics

Data processing stages

Data processing occurs when data is collected and translated into usable
information.

1. Data collection 2. Sorting of data

3. Data input 4. Data processing
5. Data output 6. Data storage
Forms of processed data output
Graphs, tables, vector files, audio, video, documents, etc.
• Simple text files
• Spreadsheet
• Charts and graphs
• Maps, vector or image files
 E-Commerce Components

Navigation Aids
It is a navigation aid for people to find their way to any item in a
library simply by scanning any other item.

Some useful navigation aids:

• Site map: show the site hierarchy condensed onto a single page
• Breadcrumb trail : every level in the hierarchy from the top to your current
position is listed from left to right.
• Geographical or visual maps: Links are contained within a
visual metaphor.
• Navigation bars: L shape that is currently popular.
• Drop-down lists: Some sites with large quantities of links use drop-down
lists of associated links to organize them into sets while saving space.

Web Site Search Tools

• SearchStax:provides end-to-end search solutions to improve the search
experience.
• AddSearch: provides lightning-fast, effortless, and customizable site search
for any website or web application.
• Qdrant: is a vector database and similarity engine. It is an API service
that allows you to search for the closest high-dimensional vectors.
• Wizzy: is an intelligent site search solution for eCommerce website
owners. It offers comprehensive site search solutions, such as user-
friendly search, user-friendly filter, merchandising, and
personalisation.
• Keyspider: is a cloud-based enterprise search engine that provides accurate
search results. Keyspider allows you to create your own custom website
search without additional cost or time.
• Elasticsearch
• Amazon CloudSearch: is an AWS Cloud managed service that makes it
easy and affordable to set up, manage and scale a search solution on
your website or applications.
• Google Programmable Search Engine, Bing Custom Search, Amazon
Kendra etc
Databases
Allow us to manage product and customer information,
organize transactions, and efficiently deliver self-service.
A good e-commerce database design includes:
• Simple, functional database structure
• High performance
• High availability and scalability
E-commerce sites typically use databases for:
• Transaction tracking
• Product catalogs
• Non-product content, such as blog posts and “about us” pages.

Four common database types

• Relational Databases- MySQL, PostgreSQL, MariaDB, Microsoft SQL.
• Document and Key/Value Databases
• Cloud Databases
• API Databases
Ex. MongoDB, Apache Cassandra, Amazon DynamoDB, Azure CosmosDB, and
Couchbase.
Using Multiple Databases- An ecommerce store can simultaneously use
multiple databases, each for different purposes. For example, a Shopify
merchant might have the following.

Shopify’s relational database for the storefront (which merchants cannot access
directly).

A custom app using Shopify’s API that stores data in its own relational
database from Amazon Web Services.

A document database that syncs order data nightly for historic reporting.

An API database with the merchant’s payment gateway that holds customer
payment details and subscriptions.
Forms
An Online Shopping Form allowing your customers to order online through
providing their contact information, shipping address, product ID, quantity, size,
color information and select their desired delivery and payment option.

Shopping Carts
Software that allows website visitors to select, reserve, and purchase a
product or service from an E-Commerce interface.

Types of ecommerce shopping carts:

1. Hosted/self-hosted shopping cart- provided by a third party.
2. Licensed shopping cart- completely custom, good for enterprise
businesses or merchants with complex tech stacks.
How to choose the right E-commerce shopping cart?
• Pricing
• Integrations
• Accepted payment types
• Customization
• Shipping options
• User Experience
• Analytics

Checkout Procedures

• shopping cart > billing info > shipping info > shipping method > preview
order > payment > confirmation

7 essential steps any E-commerce checkout will contain:

1. Initiate checkout
2. (Optional) login or signup
3. Billing information
4. Shipping information
5. Shipping method
6. Preview Order
7. Payment confirmation
 Shipping Options
Shipping methods according to the rate, location and time of delivery.
• Flat-rate shipping- most popular option, fixed delivery price for boxes of
different sizes, best shipping option for small business
• Real-time carrier rates- FedEx, USPS, DHL, and others
• Local Shipping- useful for small companies in big cities
• International shipping- Different countries have different
regulations, trade laws, requirements, and taxes
• Same-day delivery- most profitable shipping ideas for local business owners
• Overnight delivery- order something one day and receive it on the
next business day
• Expedited shipping- faster, reduce shopping cart abandonment

Server Side Development

Type of development that involves programs that run on a server

• What is a web server?

• What software do I need to build a website?
• How do you upload files to a web server?

Django Web Framework (Python)- Extremely popular and fully featured

server-side web framework, written in Python.

Express Web Framework (Node.js/JavaScript)- Popular web

framework, written in JavaScript and hosted within the Node.js runtime
environment.
• Static web server, or stack, consists of a computer (hardware) with an
HTTP server (software). We call it "static" because the server sends its
hosted files as-is to your browser.
• Dynamic web server consists of a static web server plus extra software,
most commonly an application server and a database. We call it "dynamic"
because the application server updates the hosted files before sending
content to your browser via the HTTP server.

*Difference between static vs dynamic web server

What software do I need to build a website?
Advantages of server-side development
• Improved Data Security and Compliance.
• Faster Loading With Less Latency.
• Predictable Processing Performance.
• More Accurate User Metrics.
• Reduced Compatibility Issues.
• Make The Most of Server-Side Rendering.

**Difference between server-side development vs client-side

 Security

• Definition: Set of measures to guarantee the privacy, integrity and

availability of resources:
• objects, databases, servers, processes, channels, etc
• Involves protection of objects and securing processes and
communication channels
• Security policies ::: Specify who is authorized to access resources
(e.g.file ownership)
• Security mechanisms ::: enforce security policy (e.g. file access control)

In the literature, the terms threat and attack are commonly used to mean
more or less the same thing.

• Threat
- A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and
cause harm. That is, a threat is a possible danger that might exploit a
vulnerability.
• Attack
- An assault on system security that derives from an intelligent
threat; that is, an intelligent act that is a deliberate attempt (especially in
the sense of a method or technique) to evade security
services and violate the security policy of a system.
Security Model
• Object: Intended for use by different clients, via remote
invocation
• Principal: Authority on whose behalf invocation is issued
Security threats
• Online shopping/banking
– intercept credit card information
– purchase goods using stolen credit card details
– replay bank transaction, e.g. credit an account
• Online stock market information service
– observe frequency or timing of requests to deduce
useful information, e.g. the level of stock
• Website
– flooding with requests (denial of service)
• My computer
– receive/download malicious code (virus)

Types of security threats

• Eavesdropping
– obtaining copies of messages without authority
• Masquerading
– sending/receiving messages using the identity of another
principal without their authority
• Message tampering
– intercepting and altering messages
• Replaying
– intercepting, storing and replaying messages
• Denial of service
– flooding a channel with requests to deny access to others
Defeating the enemy

• Encryption (scrambling a message to hide its contents)

– does not prove identity of sender
• Shared secrets (keys)
– messages encrypted with the
shared key – can only be
decrypted if the key is known
• Identification (are you who you are?)
– password protection, etc
• Authentication (are you who you say you are?)
– include in message identity of principal/data, timestamp
– encrypt with shared key

Secure channels

Processes: Reliably know identity of principal

Messages: protected against tampering, timestamped to
prevent replaying/reordering.
Threats Due to Mobility…
• Mobile code (Java JVM)
– applets, mobile agents (travel collecting information)
– downloaded from server, run locally
• Security issues: what if the program...
– illegally writes to a file?
– writes over another program’s memory?
– crashes?
• Some solutions
– stored separately from other classes
– type-checking and code-validation (instruction subset)
– still does not guard fully against programming errors...

Designing Secure
• Basic message
– networks are insecure
– interfaces are exposed
• Threat analysis
– assume worst-case scenario
– list all threats - complex scenarios!!!
• Design guidelines
– log at points of entry so that violations
detected
– limit the lifetime and scope of each secret
– publish algorithms, restrict access to shared keys
– minimize trusted base
Main Security Techniques
• Access control
– implement resource protection, e.g. file protection
– essential in distributed systems (remote login)
• Firewalls
– monitor traffic into and out of intranet
• Cryptographic algorithms
– ciphers
– authentication
– digital signatures

Main Security Techniques: Access Control

• Definition
– ensure that users/processes access computer resources in a
controlled and authorized manner
• Protection domain
– is a set of rights for each resource, e.g. Unix files
– associated with each principal
• Two implementations of protection domains
– Capabilities
• request accompanied by key, simple access check
• open to key theft, or key retained when person left company
– Access control lists
• list of rights stored with each resource
• request requires authentication of principal
 Access Control

How it works: Reference Monitor

• intercepts all access attempts
• authenticates request and principal’s credentials
• applies access control
– if Yes, access proceeds
– if No, access is denied, error message returned to the
subject 15

Firewalls: How does it work

Monitor and control all communication into and out of an intranet.
• Service control:
– filter requests for services on internal hosts
– e.g. reject HTTP request unless to official webserver
• Behaviour control
– prevent illegal or anti-social
behaviour – e.g. filter ‘spam’
messages
• User control:
– allow access to authorised group of users
– e.g. dial-up services
FireWalls
• A set of processes, at different protocol levels:
• IP packet filtering
– screening of source & destination, only ‘clean’ packets proceed
– performed in OS kernel of router
• TCP gateway
– monitors TCP connection requests
• Application-level gateway
– runs proxy for an application on TCP gateway, e.g. Telnet
• Bastion
– separate computer within intranet
– protected by IP packet filtering, runs
Key Distributions

• Symmetric key cryptography

- requires sender, receiver know shared secret key
• Public key cryptography
- Sender, receiver do not share secret key- public wncryption key known to
all.
- Privare decryption key known only to receiver.

Symmetric key cryptography

Symmetric key crypto: Bob and Alice share same

(symmetric) key: K
• e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher

Public key cryptography

Cryptographic algorithms
• Encryption
– apply rules to transform plaintext to cipher text
– defined with a function F and key K
– denote message M encrypted with K by FK(M) = {M}K

• Decryption: Uses inverse function F-1K({M}K) = M

– can be symmetric (based on secret key known to both parties)

– or asymmetric (based on public key)
– separate computer within intranet
– protected by IP packet filtering, runs TCP/application gateway

Symmetric (secret key): TEA, DES

– secret key shared between principals
– encryption with non-destructive opns (XOR) plus transpose
– decryption possible only if key known
– brute force attack (check {M}K for all values of key) hard
(exponential in no of bits in key)

Asymmetric (public key): RSA

– Pair of keys (very large numbers), one public and one private
– Encryption with public key
– decryption possible only if private key known
– factorizing large numbers (over 150 decimal digits) hard
Symmetric Cryptography

• Tiny Encryption Algorithm(TEA)

– Simple & concise
– Secure and reasonabl fast
– Simple, symmetric (secret key) algorithm
– Written in C [Wheeler & Needham 1994]
– Key 128 bits (k[0]..k[3]),plaintext 64 bits (2 x 32 bits, text[0], text[1])
– In 32 rounds combines plaintext and key, swapping the two halves of
plaintext, XOR (^) and bitwise shift (<< >>)

• DES (The Data Encryption Standard 1977)

– US standard for business applications till recently
– 64 bit plaintext, 56 bit key
– cracked in 1997 (secret challenge message decrypted)
– triple-DES (key 112 bits) still secure, poor performance

• AES (Advanced Encryption Standard)

– invitation for proposals 1997
– in progress
– Key size 128, 192, 256 bits.
Asymmetric cryptography

• Trap-door functions
– pair of keys (e.g. large numbers)
– encryption function easy to compute (e.g. multiply keys)
– decryption function infeasible unless secret known (e.g. factorise the
product if one key not known)
• Idea
– two keys produced: encryption key made public, decryption key kept
secret
– anyone can encrypt messages, only participant with decryption key
can operate the trap door
• Examples
– a few practical schemes: RSA

RSA(Rivest, Shamir and Adelman)

How it works
– relies on N = P × Q (product of two very large primes)
– factorization of N hard
– choose keys e, d such that e × d = 1 mod Z where Z = (P-1) × (Q-1)
It turns out...

– can encrypt M by Me mod N

– can decrypt by Cd mod N (C is encrypted message)
Thus
– can freely make e and N public, while retaining d
In 1978 Rivest et al thought factorising numbers > 10200 would take more than
four billion years.Now (ca 2000)– faster computers, better methods numbers
with 155 (= 500 bits) decimal digits successfully factorised

In 512 bit keys insecure! The future?

- keys with 230 decimal digits (= 768 bits) recommended and

2048 bits used in some applications (e.g. defence)

Digital signatures

Why needed?
– alternative to handwritten signatures
– authentic, difficult to forge and undeniable

How it works
– relies on secure hash functions which compress a message into a so
called digest
– sender encrypts digest and appends to message as a signature
– receiver verifies signature
– generally public key cryptography used, but secret key also possible

Digital Certificates what & why?

Cryptographic Protocol

Definition
– is an abstract or concrete protocol that perform security related function
and applies cryptographic methods often as sequence of cryptographic
primitives.
- a protocol describes how the data structures and algorithms should be used.
Cryptographic protocols are widely used for secure applications-level data transport. A
cryptographic protocol usually incorporates at least some of these aspects.
- Key agreement on establishment
- Entity Authentication
- Secured application-level data transport
- Non-repudation
For example,TLS is a cryptographic protocol that is used to
secure web

Authentication

Definition
– protocol for ensuring authenticity of the sender

Secret-key protocol [Needham & Schroeder ‘78]

– based on secure key server that issues secret keys
– flaw corrected ’81
– implemented in Kerberos

Public-key protocol [Needham & Schroeder ‘78]

– does not require secure key server (7 steps)
– flaw discovered with CSP/FDR
– SSL (Secure Sockets Layer) similar to it
Secure Communication

• Secure communication provides a range of information security

solutions to ensure communications security over public and local
network.
• It includes IPsec,SSL ,PGP(Preety Good Protocols),Virtual Private
Network(VPNs).

Network Auditing

• Network Auditing is the collective measures done to analyze ,study ang

gather data about a network with the purpose of ascertaining its health in
accordance with network /organization requirements.
• It works through a systematic process where a network is analyzed for :
-- Security
-- Implementation of control
-- Availability
-- Management
-- Performance
• It uses both manual and automated technique to gather data and review
network posture.
It Reviews :
-- Each of node a network
-- Network Control and security processes
-- Network monitoring processes
-- other Data
Privacy Policies
Clearly show how data is collected, where it is stored,
how it is used and how it may be shared.
Why does your Ecommerce Store Need a Privacy Policy?

It's a Legal Obligation

•The EU's General Data Protection Regulation (GDPR)
•The California Consumer Privacy Act (CCPA)
•China's Personal Information Protection Law (PIPL)

It's Required by Third-Party Services

It Promotes Transparency

• Secure Socket Layer (SSL)- permits counseling

like Social Security numbers, MasterCard numbers, or login credentials
to be transmitted firmly.
• Secure Electronic Technology (SET)- could
be a system for making certain the safety of economic
transactions on the web.
Advantages of SSL:
Security, Trust, Compliance, Compatibility, Versatility
Advantages of SET :
Security, Privacy, Compliance, Integration, Accountability

* Difference between SSL & SET