E-Commerce I
Tom Kelliher, CS 102
Nov. 22, 2004
Web sites due in two weeks.
Read 10.4--10.5 and Chapter 10 Above & Beyond. Questions on pg. 600: 17,
18, 21. Questions on pg. 607: A3, A4.
JavaScript lab.
- Introduction and discussion.
E-commerce II --- lab.
The advantages of e-commerce:
- To start, ask students.
- Use search engines to find best prices. froogle.com, bizrate.com,
shopper.com, priceline.com
- Can find almost anything.
- Great prices on used items through online auctions.
- No sales tax. (Sometimes; for now!)
The disadvantages of e-commerce:
- To start, ask students.
- Can't see items (important for clothes).
- Concern over eavesdropping on connection, e-commerce site being
hacked, marketing of customer data.
- Shipping costs.
- Have to wait for package to arrive.
But: package tracking; typical delivery times.
Personal experience:
- Credit card information hacked (McGlen).
- Item advertised was not item delivered (video card).
- SPAM.
- Phishing expeditions.
- Shop with merchants whom you know and trust.
- Look for and read each merchant's delivery, return, and privacy
policies.
- Never transmit sensitive data over a page which does not have an
address beginning with
https://
and a locked padlock icon.
- Make online purchases with a credit card, not a debit card.
- Don't hit the ``BUY'' button more than once --- be patient.
- Never send credit card info via e-mail.
- Print and save all online receipts at least until you receive all
ordered items in good condition.
- Search for the best prices before buying.
Background:
- Digital Certificates: sent by Web site; used to encrypt session data.
But still, how do you know the site is legitimate?
- Certificate authorities: organizations which vouch for e-commerce
sites.
Web browsers have a list of them. Sometimes, the list must be updated.
- Site spoofing: Counterfeit Web sites (
www.whitehouse.gov
vs. www.whitehouse.com
).
- Unauthorized disclosure: Sending sensitive data in the clear.
Why would they do that?
- Unauthorized action: Unauthorized alteration of Web pages.
- Data alteration: Intercept and modification of data being transmitted
to a Web site.
Encryption via SSL guards against all of these. 128-bit encryption is best
(no one can break). Don't accept anything below 64-bit (only NSA can
break) --- 56 or 40.
Thomas P. Kelliher
Wed Nov 17 08:05:48 EST 2004
Tom Kelliher