The First 25 Years of the Bled eConference: Themes and Impacts

The Bled eConference is the longest-running themed conference associated with the Information Systems discipline. The focus throughout its first quarter-century has been the application of electronic tools, migrating progressively from Electronic Data Interchange (EDI) via Inter-Organisational Systems (IOS) and eCommerce to encompass all aspects of the use of networking facilities in industry and government, and more recently by individuals, groups and society as a whole. This paper reports on an examination of the conference titles and of the titles and abstracts of the 773 refereed papers published in the Proceedings since 1995. This identified a long and strong focus on categories of electronic business and corporate perspectives, which has broadened in recent years to encompass the democratic, the social and the personal. The conference\u27s extend well beyond the papers and their thousands of citations and tens of thousands of downloads. Other impacts have included innovative forms of support for the development of large numbers of graduate students, and the many international research collaborations that have been conceived and developed in a beautiful lake-side setting in Slovenia

I Did Not Accept That: Demonstrating Consent in Online Collection of Personal Data

Privacy in online collection of personal data is currently a much debated topic considering, amongst other reasons, the incidents with well known digital organisations, such as social networks and, in Europe, the recent EU/GDPR regulation. Among other required practices, explicit and simply worded consent from individuals must be obtained before collecting and using personal information. Further, individuals must also be given detailed information about what, how and what for data is collected. Consent is typically obtained at the collection point and, at a single point in time (ignoring updates), associated with Privacy Policies or End-User Agreements. At any moment, both the user and the organization should be able to produce evidence of this consent. This proof should not be disputable which leads us to strong cryptographic properties. The problem we discuss is how to robustly demonstrate such consent was given. We adapt fair-exchange protocols to this particular problem and, upon an exchange of personal data, we are able to produce a cryptographic receipt of acceptance that any party can use to prove consent and elicit non-repudiation. We discuss two broad strategies: a pure peerto-peer scheme and the use of a Trusted Third Party

Constrains associated to e-business evolution

Technological advance of the last decades created an atmosphere in which the organizations are forced to look actively for new options for the cost reduction, in addition to, simultaneously, seeking to compete more effectively in their markets. This context requires focused, swift, more flexible and more competitive organizations which are forced, many times, to implement radical changes in the way they conduct business, employ people and use technology. Despite the recognition and the attention given to electronic business (or e-business) over the last years, this type of business hasn’t yet achieved a desirable maturity stage. This problem, current and stated over the last years, demands research efforts so that a solution can be found to solve it. In this chapter, the authors explore a range of constraints which are suggested by the literature to influence e-business evolution, so that organizations could be better equipped in anticipating any difficulties while in progress through their e-business initiatives

Towards a framework to promote the development of secure and usable online information security applications

The proliferation of the internet and associated online activities exposes users to numerous information security (InfoSec) threats. Such online activities attract a variety of online users who include novice computer users with no basic InfoSec awareness knowledge. Information systems that collect and use sensitive and confidential personal information of users need to provide reliable protection mechanisms to safeguard this information. Given the constant user involvement in these systems and the notion of users being the weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability of online InfoSec systems can play an integral role in making sure that users use the applications effectively, thereby improving the overall security of the applications. The development of online InfoSec systems calls for addressing the InfoSec problem as a social problem, and such development must seek to find a balance between technical and social aspects. The research addressed the problem of usable security in online InfoSec applications by using an approach that enabled the consideration of both InfoSec and usability in viewing the system as a socio-technical system with technical and social sub-systems. Therefore, the research proposed a socio-technical framework that promotes the development of usable security for online information systems using online banking as a case study. Using a convergent mixed methods research (MMR) design, the research collected data from online banking users through a survey and obtained the views of online banking developers through unstructured interviews. The findings from the two research methods contributed to the selection of 12 usable security design principles proposed in the sociotechnical information security (STInfoSec) framework. The research contributed to online InfoSec systems theory by developing a validated STInfoSec framework that went through an evaluation process by seven field experts. Although intended for online banking, the framework can be applied to other similar online InfoSec applications, with minimum adaptation. The STInfoSec framework provides checklist items that allow for easy application during the development process. The checklist items can also be used to evaluate existing online banking websites to identify possible usable security problems.Computer ScienceD. Phil. (Computer Science

Policy driven security architectures for eBusiness

The dawning of the twenty-first century and genesis of a new millennium has been extremely kind to technological advance. Industries and society alike have reaped the extreme benefits of technology at its finest. Technological progress has also proven to be extraordinarily beneficial to businesses and their bottom lines when properly employed. The need for automated business logic and functionality has spawned numerous concepts and efforts to capitalize on advanced business requirements. Probably the most popular and revolutionary to date of all initiatives is the advent of eBusiness. A direct descendant of Electronic Data Interchange (EDI), eBusiness has and continues to evolve into more than a phenomenon, but rather a sound component of successful corporations and organizations. The evolution and acceptance of eBusiness has created a ripple effect throughout the technical and business worlds. The promise of this wonderful concept and its accompanying technology has forced companies to completely rethink strategic planning efforts, and to sit up and pay full attention to this ever-growing development. One area that has been extremely affected by the wide spread acceptance of eBusiness and its counterparts are the architectures and infrastructures now utilized to support these efforts. Enterprise architectures that had originally been designed to shield internal business activities from the public eye of the Internet and other domains have been either replaced, redesigned, or melded with new architectural designs that proclaim companies and their offerings to the world, all in a digital atmosphere. This proclamation can be exceptionally lucrative and damaging, all at the same time. The conception of the Internet has without a doubt been the single most important episode in the continuing fairytale and illumination of technological advance. What once was considered the Underground Railroad of information; limited to universities, research groups, and government organizations has become the Autobahn of electronic data, and continues to evolve and transcend barriers and boundaries. The ability to surpass traditional barriers such as geography and distance serves as a definite attraction for organizations to eBusiness, and a tremendous amount of companies are acting upon this attraction. However, the dark side of the Internet is a playground for adversaries such as, but not limited to hackers (crackers), lone criminals, malicious insiders (disgruntled employees), industrial spies, media representatives, organized crime, terrorists, national intelligence organizations, special interest groups, competitors, script kiddies, and infowarriors to name a few. All of these can and should be considered a potential danger while individuals and organizations alike interact via the Internet and private networks as well. Nowhere are the aforementioned dangers as prevalent as they are in the increasingly popular world of e. eBusiness, eCommerce, eMarketPlaces, eAuctions, eSupplyChains, etc., etc.; the list goes on and on. The digitization of data is big business, and organizations are realizing the infinite potential involved with participating in these markets, as well as utilizing it to streamline day-to-day business operations and management. Around the globe scores of innovative, thought-provoking systems are deployed daily to feed upon the e landscape and take advantage of this new and exciting world of prosperity. However, the same factions that make haste to establish an Internet or web-based presence and rush to take advantage of digital data and goods are often the very ones that almost always either forget, simply neglect, or place a low priority on an absolute vital necessity of all e-efforts. Security! Therefore, the intent of this thesis is to examine and introduce methodical approaches to designing and implementing security life cycles that are driven by policy for secure eBusiness architectures. In order to provide the necessary assurance and security needed for eBusiness architectures efficient well thought out life cycles must be employed for security practices. Security, like any other component of Information Technology (IT) is not a hit or miss scenario. It is a continuos and meticulous process that is all encompassing of all veins of an enterprise. In order to design a secure architecture a procedural approach must be taken, so that all threats, vulnerabilities, adversaries, holes, nooks, and crannies are covered. Even after all these things have been addressed there is no such thing as an impenetrable system or infrastructure, especially in a networked environment. Given enough time and resources the strongest of confines can be made as vulnerable as a home PC connected to the Net. This is especially true for those systems that operate over public networks such as the Internet. Therefore, processes and procedures must be introduced, refined and constantly managed to maintain a secure state of operation. This text will illustrate the process of assessing technical environments utilized for eBusiness initiatives and gathering requirements for secure operation. Then taking those requirements and developing a functional security policy to govern over the system. Next, the document will discuss extracting requirements from the actual security policy and using them to create a plan of implementation. Also, during the implementation phase exists several testing and assurance activities that should be addressed. After, the overall implementation is completed and deployed, streamlined processes must be applied and properly managed to ensure that the hardened solution continues to function, as it should. An adequate cycle is much more intensive than described above, and this thesis will provide the detail needed to thoroughly address the concepts described here

THE INVESTIGATION OF THE FACTORS ASSOCIATING CONSUMERS’ TRUST IN E-COMMERCE ADOPTION

The success of electronic commerce significantly depends on providing security and privacy for its consumers’ sensitive personal information. Consumers’ lack of acceptance in electronic commerce adoption today is not merely due to the concerns on security and privacy of their personal information, but also lack of trust and reliability of web vendors. Consumers’ trust in online transactions is crucial for the continuous growth and development of electronic commerce. Since Business to Consumer (B2C) e-commerce requires the consumers to engage the technologies, the consumers face a variety of security risks. This study addressed the role of security, privacy and risk perceptions of consumers to shop online in order to establish a consensus among them. The findings provided reliability, factors analysis for the research variables and for each of the study’s research constructs, correlations as well as regression analyses for both non-online purchasers’ and online purchasers’ perspectives, and structural equation modeling (SEM) for overall model fit. The overall model was tested by AMOS 18.0 and the hypothesis, assumptions for SEM and descriptive statistics were analyzed by SPSS 12.0. The empirical results of the first study indicated that there were poor correlations existed between consumers’ perceived security and consumers’ trust as well as between consumers’ perceived privacy and consumers’ trust regarding e-commerce transactions. However, the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. While trustworthiness of web vendors was a critical factor in explaining consumers’ trust to adopt ecommerce, it was important to pay attention to the consumers’ risk concerns on ecommerce transactions. It was found that economic incentives and institutional trust had no impact on consumers’ perceived risk. Findings from the second study indicated that perceived privacy was still to be the slight concern for consumers’ trust in e-commerce transactions, though poor vi i relationships or associations existed between perceived security and consumers’ trust, between trustworthiness of web vendors and consumers’ trust, and between perceived risk and consumers’ trust. The findings also showed that the construct of perceived privacy manifested itself primarily through perceived security and trustworthiness of web vendors. It was found that though economic incentives influenced a consumers’ perceived risk in online transactions, institutional trust had no impact on consumers’ perceived risk. Overall findings suggested that consumers’ perceived risk influenced their trust in e-commerce transactions, while the construct of perceived privacy manifested itself primarily through perceived security as well as trustworthiness of web vendors. In addition, though economic incentives had no impact on consumers’ perceived risk, institutional trust influenced a consumers’ perceived risk in online transactions. The findings also suggested that economic incentives and institutional trust had relationships or associations with consumers’ perceived privacy. The findings from this research showed that consumers’ perceived security and perceived privacy were not mainly concerned to their trust in e-commerce transactions though consumers’ perceived security and perceived privacy might slightly influence on the trustworthiness of web vendors in dealing with online store sites abroad. Furthermore, consumers’ perceptions on the trustworthiness of web vendors were also related to their perceived risks and the concern about privacy was also addressed to perceived risks. Index terms: Perceived security; perceived privacy; perceived risk; trust; consumers’ behaviour; SE

UTP Online Bookstore System

As the world's knowledge is increasingly being published or converted into an ecommerce form, one of the greatest challenges is designing systems that enable users to find what they need. Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Nowadays, people are getting busier and even busier and so they have limited time to go to the bookstore to find and buy the desired books. So, it will be much better to have an online bookstore in UTP to ease the users and to save time as well. Basically, Online Bookstore is purposely going to be developed because of some objectives which are to ease the users, to save time, to enable user to search the information of the books at anytime and anywhere they wish and also to make these materials more broadly, quickly and efficiently accessible Basically, to make things done, a lot of things need to be considered especially in integrating the system with the database. In order to do that, the system must be connected to the database. The methodology applied for this project is The Waterfall Development Methodology which involved 4 different steps which are Planning & Problem Definition, Information Gathering & Research, Design, Building Application, and last but not least is Testing. As a conclusion, in developing this system, a lot ofthings need to be done especially to understand the concepts of mobile application, how to connect to database and how to fix the error or any problems that occurred

Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville

Online shopping behavior in offline retail stores : strategic value for companies?

In a world where e-tailing and traditional in-store shopping live together and complement each other in several shopping activities (Chu, et. al, 2010), little is known about the possibility of an emerging reality in which online and offline shopping merge into one single phenomenon. The purpose of this dissertation is to explore whether consumers are willing to engage in a shopping behavior inside retail stores in a way that is similar to the one they have when shopping online. Additionally, it sheds light on the strategic value the online-offline shopping holds. To accomplish these objectives, a smartphone shopping scenario is designed to represent a situation that enables consumers to perform in-store shopping tasks in a digital manner, mixing and enhancing the features and benefits of e-tailing with traditional retail store experience. Moreover, a research model, that includes preliminary assumptions and eleven hypotheses to be tested, is designed to fundament the research methodology used. Based on this research model and the smartphone shopping scenario, a survey is conducted in order to collect empirical data on customer’s appraisal of the online-offline shopping process as well as their availability to permit recording their shopping data obtained after performing shopping tasks via smartphone. Furthermore, to access the strategic value of the online-offline shopping process, Resource-based View theory is used in order to identify the existence of possible sources of sustainable competitive advantage. The findings from the research show that respondents value the characteristics of the online-offline shopping process as well as they are willing to permit recording their own shopping data so that they are able to benefit from a contextual personalized shopping experience while shopping in traditional retail stores. The dissertation concludes that because customers value the characteristics of the online-offline shopping process they have a strong motivation to engage in an online-offline shopping behavior. Moreover, since they are willing to trade their shopping privacy for a contextual personalized shopping experience, it is plausible to admit that a strategy based on contextual personalization has potential to be strategic for retail companies. In fact, to generate such a strategy, the customer knowledge generated in the process is argued to be a firm resource that, combined with dynamic capabilities to leverage its utility in providing a contextual personalization experience, is considered to be a source of sustainable competitive advantage meaning the online-offline process has potential to be strategic to retail firms

Achieving Fair Exchange and Customer Anonymity for Online Products in Electronic Commerce

In the recent years, e-commerce has gained much importance. Traditional commerce (in which case the customer physically goes to the merchant’s shop, purchases goods and/or services and makes a payment) is slowly being replaced with e-commerce and more people tend to prefer doing their shopping online. One of the main reasons for this attraction is the convenience the e-commerce provides. Customers can choose from a lot of different merchants at the convenience of their homes or while travelling by avoiding the hassle and stress of traditional shopping. However, e-commerce has lots of challenges. One key challenge is trust as transactions take place across territories and there are various legal & regulatory issues that govern these transactions. Various protocols and underlying e-commerce technologies help in the provision of this trust. One way to establish trust is to ensure fair exchange. There is also a question about traceability of transactions and customers’ need for privacy. This is provided by anonymity – making sure that the transactions are untraceable and that the customers’ personal information is kept secret. Thus the aim of this research is to propose a protocol that provides fair exchange and anonymity to the transacting parties by making use of a Trusted Third Party. The research is also aimed at ensuring payment security and making use of a single payment token to enhance the efficiency of the protocol. The proposed protocol consists of pre-negotiation, negotiation, withdrawal, purchase and arbitration phases. The analysis of the protocol proves that throughout all the phases of the e-commerce transaction, it is able to provide fair exchange and complete anonymity to the transacting parties. Anonymity provides the privacy of customers’ data and ensures that all Personally Identifiable Information of the transacting parties are kept hidden to avoid misuse. The protocol proposed is model checked to ensure that it is able to show that the fair exchange feature is satisfied. It is implemented using Java to show that it is ready-to-use and not just a theoretical idea but something that can be used in the real-world scenario. The security features of the protocol is taken care of by making sure that appropriate cryptographic algorithms and protocols are used to ensure provision of confidentiality and integrity. This research explores those areas that have not been covered by other researchers with the idea that there is still a lot of scope for improvement in the current research. It identifies these v opportunities and the ‘research gaps’ and focuses on overcoming these gaps. The current e-commerce protocols do not cover all the desirable characteristics and it is important to address these characteristics as they are vital for the growth of e-commerce technologies. The novelty of the protocol lies in the fact that it provides anonymity as well as fair exchange using a Trusted Third Party that is entirely trustworthy unlike certain protocols where the trusted third party is semi-trusted. The proposed protocol makes use of symmetric key cryptography wherever possible to ensure that it is efficient and light weight. The number of messages is significantly reduced. This overcomes the drawback identified in various other protocols which are cumbersome due to the number of messages. Anonymity is based on blind signature method of Chaum. It has been identified that usage of other methods such as pseudo-identifiers have resulted in the inefficiency of the protocol due to the bottlenecks created by these identifiers. It also ensures anonymity can never be compromised unlike certain protocols whereby an eavesdropper can find out the customer’s identity as the customer is required to disclose his/her public key during transactions. Further to this, the protocol also provides immunity against message replay attacks. Finally, the protocol always assumes that one or more parties can always be dishonest which is unlike certain protocols that assume only one party can be dishonest at any point. This ensures that all scenarios are taken into consideration and two parties cannot conspire against the other thus compromising on the fairness of the protocol. Detailed analysis, implementation, verification and evaluation of the protocol is done to ensure that the research is able to prove that the protocol has been carefully designed and the key goals of fair exchange and anonymity. All scenarios are taken into consideration to prove that the protocol will indeed satisfy all criteria. The research thus expects that the protocol could be implemented in real-life scenarios and finds a great potential in the e-commerce field