Δίκτυα Προστιθέμενης Αξίας EDI & Εφαρμογές Ηλεκτρονικού Εμπορίου Payments Security Data Analytics in the E-Commerce

Δίκτυα Προστιθέμενης Αξίας EDI & Εφαρμογές Ηλεκτρονικού Εμπορίου Payments Security Data Analytics in the E-Commerce Μ. Γραμματικού, B. Μάγκλαρης {mary, maglaris}@netmode.ntua.gr 25-6-2015

Άδεια Χρήσης Το παρόν εκπαιδευτικό υλικό υπόκειται σε άδειες χρήσης Creative Commons. Για εκπαιδευτικό υλικό, όπως εικόνες, που υπόκειται σε άδεια χρήσης άλλου τύπου, αυτή πρέπει να αναφέρεται ρητώς.

Περιεχόμενα (I) Εισαγωγή Τεχνολογική Υποδομή ΗΕ/Πλατφόρμες Cloud based In House (using e-commerce platforms like magento ) Είδη Ηλεκτρονικού Εμπορίου (B2B, B2C, B2G, B2E, ) Mobile Commerce (Tablets, Smart Phones) Mobile transactions 42% annual growth (2011-2016) E-Commerce Trends New Web design trends for E-Commerce Marketing Digital content Payments 3D Printing New Business Models M2M collaborations, crowdsourcing 3

Περιεχόμενα (II) Web Marketing Social Media for E-Commerce Search Engine Optimization (SEO) Πληρωμές στο ΗΕ Είδη Πληρωμών Συστήματα Ηλεκτρονικών Πληρωμών Ασφαλής Πληρωμές στο ΗΕ Είδη Πληρωμών με ασφάλεια (tablets, smart phones, web based solutions) Ασφάλεια στην Πλατφόρμα Ασφάλεια στην Υποδομή Ασφάλεια στην Εφαρμογή Data Analytics in E-Commerce 42% of small businesses which participated in a ShopKeep POS survey, say they are using analytics to make smarter, immediate business decisions 4

Κατηγορίες Πληρωμών στο Internet Software-based prepaid payment services Paysafecard (https://www.paysafecard.com/el-gr/ ) -pre-paid card for on-line transactions and payments in your account, using just a user name and password Mobile Payments Paybox (http://www1.paybox.com/?lang=en ) -payments via mobile, Sybase mcommerce 365 is an end-to-end mobile commerce Mobipay (http://www.mobipay.com.na/ ) - payments via mobile email Payments Paypal (http://www.paypal.com/) Create an Internet account and do safe transactions 5

Different Payment Systems Cardholder-initiated transactions, using a payment card such as a credit or debit card Direct deposit payment initiated by the payer Direct debit payments for which a business debits the consumer's bank accounts for payment for goods or services Wire transfer via an international banking network such as SWIFT Society for Worldwide Interbank Financial Telecommunication (SWIFT): supplies secure messaging services and interface software to wholesale financial entities Electronic bill payment in online banking, which may be delivered by Electronic Fund Transfer (EFT) or paper check Transactions involving stored value of electronic money, possibly in a private currency 6

http://www.slideshare.net/pankhadi/electronic-payment-system- 9098194?next_slideshow=2 7

Credit Card A plastic card with a unique number Credit card issuer bank pays on behalf of the customer It is usually credit card monthly payment cycle 8

Debit Card Debit Card is like Credit Card The difference is that in case of payment through debit card, amount gets deducted from card s bank account immediately and there should be balance in bank account for the transaction to get completed 9

Smart Card 10

E-Money Electronic-Money transactions refers to situation where payment is done over the network and amounts get transferred from one financial body to the another The online payment done via credit or debit or smart card. 11

Electronic Fund Transfer Electronic Funds Transfer (EFT) is the electronic transfer of money from one bank account to another, either within a single financial institution or across multiple institutions, through computer-based systems and without the direct intervention of bank staff EFTs in the United States referred as electronic checks or e-checks 12

Methods of Online Payment https://en.wikipedia.org/wiki/e-commerce_payment_system Net Banking It does not involve any sort of physical card Allows one to specify which bank they wish to pay from The user is redirected to the bank's website, where one can authenticate oneself Approve the payment It is typically seen as being safer than using credit cards 13

Methods of Online Payment https://en.wikipedia.org/wiki/e-commerce_payment_system PayPal Allowing payments and money transfers to be made through the Internet The fees depend on : the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient's account type 14

PayPal 15

Methods of Online Payment https://en.wikipedia.org/wiki/e-commerce_payment_system Google Wallet Transfer money online It can send payments as attachments via email Easy to use (https://play.google.com/store/apps/details?id=com.google.android.apps.walletnfcrel&hl=en) Bitcoin Bitcoin is an innovative payment network and a new kind of money (https://bitcoin.org/en/) It is a decentralized virtual currency Bitcoin is often called the first cryptocurrency Bitcoin is more correctly described as the first decentralized digital currency How it works: Once you have installed a Bitcoin wallet on your computer or mobile phone, it will generate your first Bitcoin address and you can create more whenever you need one. You can disclose your addresses to your friends so that they can pay you or vice versa. This is pretty similar to how email works, except that Bitcoin addresses should only be used once 16

Payment as a Service https://en.wikipedia.org/wiki/payments_as_a_service 17

Payment as a Service While CyberCash eventually failed, more elegant solutions began to take hold PayPal is the predominant electronic wallet in the U.S. Similar regional electronic wallet solutions are operating in different countries including: WebMoney and Yandex.Money (the operator of the largest search engine in Russia) in Russia Alipay in China 18

Secure Electronic Transaction Protocol https://en.wikipedia.org/wiki/secure_electronic_transaction SET was a communications protocol standard for securing credit card transactions over insecure networks, specifically, the Internet SET was not itself a payment system It was a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion It failed to gain attraction in the market VISA now promotes the 3-D Secure scheme 19

20

3-D Secure Protocol https://en.wikipedia.org/wiki/3-d_secure 3-D Secure is an XML-based protocol designed to be an additional security layer for online credit and debit card transactions It was developed by Arcot Systems and first deployed by Visa Provided to the users under the name Verified by Visa American Express added 3-D Secure on November 2010, as American Express SafeKey 21

3-D Secure https://en.wikipedia.org/wiki/3-d_secure The basic concept of the protocol is to tie the financial authorization process with an online authentication This authentication is based on a three-domain model (hence the 3-D in the name) The three domains are: Acquirer Domain (the merchant and the bank to which money is being paid) Issuer Domain (the bank which issued the card being used) Interoperability Domain (the infrastructure provided by the card scheme, credit, debit, prepaid or other type of finance card, to support the 3-D Secure protocol). Interoperability Domain includes the Internet, MPI, ACS and other software providers 22

How Does 3D Secure Work? MasterCard SecureCode and Verified By Visa (VBV) run from the merchant s or Payment Service provider s website and interacts with both the customer and their card issuer When your customer is confirming the payment for the transaction, a simple window appears asking them to enter a private code that has been registered with their bank It passes the authentication value in your normal authorisation request procedures and, if approved, receives an authorisation that binds that customer to that transaction This authentication value is transported using a Visa or MasterCard data field The customer s bank then validates that code and provides the merchant with a means of achieving a fully verified transaction 23

24

Merchant plug-in A Merchant plug-in (MPI) is a software module designed to facilitate 3D-Secure verifications to help prevent credit card fraud The MPI identifies the account number queries card issuer (Visa, MasterCard, or JCB International) servers to determine if it is enrolled in a 3D-Secure program returns the web site address of the issuer Access Control Server (ACS) if it is found Merchants are responsible for installing an SSL/TLS MPI at their servers Commercial MPI software is available from a number of vendors 25

Merchant plug-in Each card issuer is required to maintain an ACS used to support cardholder authentication A customer authenticates to this ACS by providing their username and password The ACS signs the result (success or failure) This signature is then passed through the customer's browser and to the MPI The plug-in verifies the ACS signature and decides if it wishes to proceed with the transaction 26

Κάποια επιπλέον Πρωτόκολλα Ασφαλείας στο Internet SSL(υποστηρίζεται από Netscape & Internet Explorer) : Secure Socket Layer : πάνω από TCP/IP και κάτω από HTTP, χρησιμοποιώντας ιδιωτικό κλειδί για την κρυπτογράφηση των δεδομένων πάνω από SSL connection. Τα URLs ζητούν συνδέσεις SSL που αρχίζουν με https αντί http S/HTTP : Secure/HyperΤext Transfer Protocol, το SSL δημιουργεί κανάλι ασφαλούς επικοινωνίας μεταξύ client server, πάνω από όπου μεταφέρονται τα δεδομένα με ασφάλεια HL7-Health Level Seven (http://www.hl7.org/about/index.cfm?ref=nav) : Πρωτόκολλο στο Internet για τη μεταφορά μηνυμάτων ιατρικού περιεχομένου (χρησιμοποιεί το EDI Πρότυπο για την περιγραφή των μηνυμάτων) 27

Η Κρυπτογραφία δίνει λύση στα εξής προβλήματα : Ασφαλή επικοινωνία Ταυτοποίηση και πιστοποίηση Κοινοποίηση μυστικής πληροφορίας Ηλεκτρονικό Εμπόριο Ψηφιακά πιστοποιητικά Ασφαλή πρόσβαση σε υπολογιστικά συστήματα 28

Είδη Κρυπτογραφίας Συμμετρική (Ιδιωτικού κλειδιού) Μη Συμμετρική (Δημόσιου κλειδιού) Περιλήψεις μηνυμάτων (Hash Functions) 29

Συμμετρική Κρυπτογραφία key Παραλήπτη Αποστολέας Enctrypt Encrypted data Internet Παραλήπτης Dectrypt Encrypted data key Παραλήπτη 30

Ασύμμετρη Κρυπτογραφία Αποστολέας Enctrypt Encrypted data Internet Παραλήπτης Dectrypt Encrypted data Private key Παραλήπτη 31

Ψηφιακές Υπογραφές (1) Ένα μήνυμα υπογράφεται ως εξής: Ο Αποστολέας περνά το μήνυμα από ένα Hash Function που δίνει αποτέλεσμα μια σειρά χαρακτήρων Α (message digest), που είναι πάντα ίδιου μήκους ασχέτως με το μήκος του μηνύματος. Η σειρά χαρακτήρων Α κρυπτογραφείται με το Ιδιωτικό κλειδί του Αποστολέα σε Α. Το Α (η Ψηφιακή Υπογραφή) στέλνεται μαζί με το μήνυμα (χωρίς το σώμα του μηνύματος να είναι αναγκαστικά κρυπτογραφημένο). 32

Ψηφιακές Υπογραφές (2) Ο Παραλήπτης παίρνει το μήνυμα μαζί με την Ψηφιακή υπογραφή Α. Περνά το μήνυμα από την ίδια Hash Function με αποτέλεσμα μια σειρά χαρακτήρων Β. Με το Δημόσιο κλειδί του Αποστολέα αποκρυπτογραφεί την Α σε Α. Αν τα Α και Β είναι τα ίδια το μήνυμα δεν έχει αλλοιωθεί. 33

Ψηφιακή Υπογραφή Enctrypt Dig. sign Αποστολέας Αλγόριθμος Hash Private key Dig. sign Internet Hash 1 Αλγόριθμος Παραλήπτης Public key Hash 2 Dectrypt Dig. sign 34

Χρήση Ψηφιακής Υπογραφής 2. Signing Public Key A Private Key A 3. Transmission 4. Decryption Private Key B Public Key B 1 3 Message 4 2 3 Digital Signature 35

PKI Οι οντότητες του PKI, όπως ορίζονται στο PKIX Working Group της IETF είναι : Αρχή Πιστοποίησης (CA Certification Authority) Αρχή Εγγραφής (RA Registration Authority) Οι πελάτες (Clients) Η αποθήκη πιστοποιητικών και λιστών ανάκλησης πιστοποιητικών (Repository/Certificate Revocation Lists). Παράδειγμα Αρχής Πιστοποίησης : http://www.symantec.com 36

Υπηρεσίες που προσφέρονται σε ένα σύστημα PKI Καταγραφή δημοσίου κλειδιού (Key Registration): έκδοση νέου πιστοποιητικού για ένα δημόσιο κλειδί. Ακύρωση Πιστοποιητικού (Certificate Revocation): ακύρωση εκδοθέντος πιστοποιητικού. Επιλογή κλειδιού (Key Selection): απόκτηση δημοσίου κλειδιού της άλλης οντότητας (χρήστης ή υπηρεσία). Εκτίμηση εμπιστοσύνης (Trust Evaluation): αποφασίζεται εάν ένα πιστοποιητικό είναι έγκυρο και τι υπηρεσίες επιτρέπει. 37

Ψηφιακά Πιστοποιητικά Από τι αποτελείται ένα ψηφιακό πιστοποιητικό: Πληροφοριακά στοιχεία για το χρήστη Το δημόσιο κλειδί του χρήστη Το όνομα μιας Αρχής Πιστοποίησης Την ψηφιακή υπογραφή της Αρχής Πιστοποίησης 38

Αρχές Πιστοποίησης Για την επιλογή της Αρχής Πιστοποίησης ελέγχετε : Το προϊόν, η τιμή, τα χαρακτηριστικά πιστοποιητικού, τα επίπεδα ικανοποίησης πελατών Αυτά μπορεί να διαπιστωθούν και στο: http://www.sslshopper.com/certificateauthority-reviews.html 39

Αρχές Πιστοποίησης Comodo DigiCert (Amazon uses it) Entrust GeoTrust GlobalSign GoDaddy Network Solutions SSL.com StartCom SwissSign Symantec Thawte Trustwave 40

Data Analytics and E-Commerce 41

How Big Data Analytics is changing the E-Commerce landscape two data categories: Structured Unstructured Structured data, they have been able to capture : Name Address Preferences Sex and Age Unstructured data refers to information that either does not have a pre-defined data model or is not organized in a pre-defined manner Unstructured information is typically text-heavy, but may contain data such as dates, numbers, and facts as well How to take the unstructured data and make it meaningful insights to increase conversions 42

How are companies using Big Data Analytics to stay on top in the game? http://www.venturesity.com/blog/what-is-big-data-analytics-and-its-applicationin-e-commerce Personalization Improving Customer Experience Pricing Predictive Analytics Managing Supply Chain using Data 43

Personalization Gilt Groupe, one of the leading e-commerce companies in flash sales has used personalization very effectively The company sends 3,000 highly targeted emails each day to its 3.5 million members Research shows that personalization can deliver five to eight times the Return on Investment (ROI) on marketing spend and lift sales 10% or more 44

Improving Customer Experience The competition is tough and most consumers have wide range of choices for the same product E-Commerce is using analytics to enhance customer experience Companies are closely analysing the buying path for each customer and improving customer experience making it a seamless process bloomreach, a startup is aiming to use Big Data to enhance the ecommerce customer experience Bloomreach: A platform that makes your content more discoverable, relevant and profitable, created by Ashutosh (Ashu) Garg (former Google Scientist) and Raj De Datta (successful Silicon Valley entrepreneur) wanted businesses to generate more benefits from their content by presenting the most relevant content to each visitor based on that visitor s unique intent 45

Pricing E-commerce companies need to have the ability to constantly change pricing on a daily basis based on competition, demand for products etc. 46

Predictive Analytics Amazon s third party marketplace is an example of how it is less to do with individuals retailer s marketing ability and more of Amazon s ability to use analytics to predict what the buyer is likely to purchase 47

Managing Supply Chain using Data E-Commerce companies are dealing with lot of moving parts vendors, logistics, warehousing, delivery, returns etc. E-Commerce companies are building efficient systems using analytics to manage the process Companies are using Internet of Things, to collect and communicate data on a wide range of conditions and redefining supply chain intelligence 48

Get Started with Google Analytics s E-commerce Integration https://blog.kissmetrics.com/intro-to-ecommerce-analytics/ http://www.google.com/analytics/ce/mws/?utm_expid=71218119-7.lbgmrto8r3uedwsxnxa_nw.1&utm_referrer=https%3a%2f%2fwww.google.gr% 2F Google Analytics has become a standard tool when it comes to web analytics because of its ease of use, informative reports, and the fact that it s free Google Analytics shows you the full customer picture across ads and videos, websites and social tools, tablets and smartphones. That makes it easier to serve your current customers and win new ones Google Analytics is a very powerful tool for e- commerce sites because Google allows you to send all your sales data to your Google Analytics account Once this integration is set up, all your sales will be tied to actual sessions, allowing you to connect sales to specific marketing channels 49

KISSmetrics for Online Store Owners https://blog.kissmetrics.com/intro-to-ecommerce-analytics/ http://support.kissmetrics.com/getting-started/overview.html Ιt provides you with a deeper layer of information in a wide range of areas of your business, which simply aren t available in Google Analytics Υou can find out the following about your visitors: How long after visiting your site for the first time does a visitor make a purchase The average order value per customer, segmented by marketing channel Which marketing channels bring you the highest ROI (critical for 80/20 analysis) Which blog posts drive the most sales How many blog posts does a visitor see before subscribing to your newsletter Which steps in your sales funnel are the most problematic The average path taken by visitors before they buy on your site Where visitors are on your site when they contact your support team 50

Web Analytics Review by Kissmetrics https://blog.kissmetrics.com/2011-web-analytics-review/?wide=1 Google Analytics tells you what Kissmetrics tells you who Kissmetrics provides Infographics https://blog.kissmetri cs.com/greatcustomer-serviceinfographic/ https://blog.kissmetri cs.com/saasoperating-metrics/ 51

Other Important Web Analytic Metrics and Where to Find Them https://blog.kissmetrics.com/intro-to-ecommerce-analytics/ Email Marketing Funnels The steps in all email marketing funnels are: Sent The number of emails sent Delivered The number of emails delivered to your campaign list Unique opens The percentage of individuals in your list that opened the email at least once Unique clicks The percentage of individuals in your list that clicked on any of the links in your email at least once Visits to your landing page The percentage of individuals from your list that arrived on your landing page Performed action The percentage of individuals from your list that performed a specific action (examples: subscribed to your newsletter, bought your product, etc.) 52

Social Media Analytics Facebook Analytics Below is a list of guides that cover how to use the information available in Facebook s Page Insights: A Definitive Guide for Using Facebook Insights for Your Business Getting Started and General Page Metrics (Facebook) 53

Social Media Analytics Twitter Analytics: Twitter doesn t provide analytics to regular users like Facebook does Twitter does offer analytics to advertisers and users that use Twitter Cards 54

Pay-Per-Click and Other Paid Marketing Activities PPC can be a very profitable channel for certain e- commerce sites A list of the common terminology in PPC analytics: CPM (Cost-per-mille or cost-per-thousand impressions) A pricing model that charges for every one thousand impressions (displays of an ad to a user) CPC (cost-per-click) A pricing model that charges for every click on an ad CPA (cost-per-action) A pricing model that charges every time a visitor completes a specific action CTR (click-through-rate) The number of times an ad was clicked divided by the number of times the ad appeared in a given time Average position This is the average position in which your ad appeared within the search results 55

A/B Testing and Other Optimization Tips https://www.optimizely.com/ab-testing/ Optimizely is the most popular A/B testing tool on the market A/B testing is a simple way to test changes to your page against the current design and determine which ones produce positive results Optimizely helps you create numerous versions of your web pages and provides in-depth analytics on how these different versions perform You can run numerous experiments within Optimizely, you can make massive gains in your conversion rate and average order value Testing takes the guesswork out of website optimization and enables data-backed decisions that shift business conversations from we think to we know 56

How it works 57

Use an Optimization Calendar Once you get into the optimization zone, you will be making a number of tests and changes to your marketing, website, and other aspects of your business In order to track everything properly, you can setting up a separate calendar in your Google Calendar (or any other calendar tool you are using) to track specific tests 58

Uses of Big Data Analytics http://www.practicalecommerce.com/articles/3945-4-ways-big-data-can-help- Ecommerce-Merchants- Big Data can help a merchant in the following four ways: Become more efficient by alerting you to merchandising efforts that are ineffective, and products that are not selling, such as an apparel product may be selling well only in two colours while your offer five Increase conversion rates by better identification of successful sales transactions Encourage more purchases by presenting existing customers with complementary items to what they ve purchased previously Enhance inventory management by eliminating slowmoving items and increasing the supply of fast-moving merchandise 59

Χρηματοδότηση Το παρόν εκπαιδευτικό υλικό έχει αναπτυχθεί στα πλαίσια του εκπαιδευτικού έργου του διδάσκοντα. Το έργο «Ανοικτά Ακαδημαϊκά Μαθήματα» του ΕΜΠ έχει χρηματοδοτήσει μόνο την αναδιαμόρφωση του υλικού. Το έργο υλοποιείται στο πλαίσιο του Επιχειρησιακού Προγράμματος «Εκπαίδευση και Δια Βίου Μάθηση» και συγχρηματοδοτείται από την Ευρωπαϊκή Ένωση (Ευρωπαϊκό Κοινωνικό Ταμείο) και από εθνικούς πόρους.