ecommerce final

self hosting
companies can do business online using their own servers and server software is used most often by large companies
commerce service providers
Internet service providers (ISPs) provide Internet access to companies and individuals. Virtually all of these companies offer Web-hosting services as well and sometimes called themselves
ok
These firms, which often offer Web server management and rent application software (such as databases, shopping carts, and content management programs) to businesses, sometimes call themselves (managed service providers)( application service providers)
Shared hosting
the client’s Web site is on a server that hosts other Web sites simultaneously and is operated by the service provider at its location.
dedicated hosting
the service provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider.
co-location
the service provider rents a physical space to the client to install its own sen er hardware. The client installs its own software and maintains the server. The service provider is responsible only for providing a reliable power supply and a connection to the Internet.
scalable
The best hosting services provide Web server hardware and software combinations that are_______, which means they can be adapted to meet changing requirements when their clients grow.
catalog
a listing of goods and services
static catalog
is a simple list written in HTML that appears on a Web page or a series of Web pages
dynamic catalog
stores the information about items in a database, usually on a separate computer that is accessible to the server that is running the Web site itself.
stateless system
HTTP messaging, which is the foundation of the Web, is a ___________(it does not retain information from one transmission or session to another),
PDG Software
is a company based in Tucker, Georgia, that .sells electronic commerce software to companies that operate small and midsize electronic commerce Web sites
Transaction processing
occurs when the shopper proceeds to the virtual checkout counter by clicking a checkout button.
database
a collection of information that is stored on a computer in a highly structured way.
database manager
is software that makes it easy for users to enter, edit, update, and retrieve information in the database.
distributed information systems
Large information systems that store the same data in many different physical locations are called ________and the databases within those systems are called distributed database systems.
MySQL
_______ which was developed and is maintained by a community of programmers on the Web. Similar to the Linux operating system ______is open-source software, even though it was developed by a Swedish company (______ AB), which is now owned by Oracle.
Middleware
_________is software that takes information about sales and inventory shipments from the electronic commerce software and transmits it to accounting and inventory management software in a form that these systems can read.
interoperability
Making a company’s information systems work together is called __________ and is an important goal of companies when they install middleware.
ok
A program that performs a specific function, such as creating invoices, calculating payroll, or processing payments received from customers, is called an application program, application software, or, more simply, an application.
application server
___________is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request messages.
Business logic
The actions that the application server software performs are determined by the rules used in the business. These rules are called _______________
application integration (enterprise application integration)
In many organizations, the business logic is distributed among many different applications that are used in different parts of the organization. In recent years, many IT departments have devoted significant resources to the creation of links among these scattered applications so that the organization’s business logic can be interconnected. The creation and management of these links is called _________
Page based
___________ application systems return pages generated by scripts that include the rules for presenting data on the Web page with the business logic.
component based
Because page-based systems combine presentation and business logic, they are hard to revise and update.
To avoid this problem, an increasing number of businesses use a _________ application system that separates the presentation logic from the business logic.
ERP (Enterprise resource planning)
______________________ software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions.
Web service
The W3C defines __________ as software systems that support interoperable machine-to-machine interaction over a network._________ is a set of software and technologies that allow computers to use the Web to interact with each other directly, without human operators directing the specific interactions.
(application program interface) API
A general name for the ways programs interconnect with each other is ____. When the interaction is done over the Web, the techniques are called Web ____.
(Simple Object Access Protocol) SOAP
Implementing The first widely used approach to Web services was ______________, which is a message-passing protocol that defines how to send marked-up data from one software application to another across a network.
ok
The other two specifications are the Web Services Description Language (WSDL), which is used to describe the logic unit characteristics of each Web service, and the Universal Description, Discovery, and Integration Specification (UDDI), which works as a sort of address book to identify the locations of Web services and their associated WSDL descriptions.
(Representational State Transfer) REST
In 2000, Roy Fielding outlined a principle called _________________, that describes the way the Web uses networking architecture to identify and locate Web pages and the elements (graphics, audio clips, and so on) that make up those Web pages. Some Web services designers who found SOAP to be overly complex for their applications turned to Fielding’s REST idea and used it to structure their work.
Mall style
__________ CSPs provide small businesses with a basic Web site, online store design tools, storefront templates, and an easy-to-use interface. These service providers charge a low monthly fee and may also charge one-time setup fees (similar to basic CSPs), however, others also charge a percentage of or fixed amount for each customer transaction. Amazon Services (through its “Professional Sellers” and “Individual Sellers” programs) and eBay Stores.
Content management software
______ ___________ _________ helps companies control the large amounts of text, graphics, and media files that have become crucial to doing business.
knowledge management
Thus, large companies are using systems that help them manage the knowledge itself, rather than the documentary representations of that knowledge. The software that has been developed to meet that goal is called ____________ software.
_______________ software helps companies do four main things: collect and organize knowledge, share the knowledge among users, enhance the ability of users to collaborate, and preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users.
Supply chain management
___________ software helps companies to coordinate planning and operations with their partners in the industry supply chains of which they are members. ____ software performs two general types of functions: planning and execution.
Customer relationship management
________________ software must obtain data from operations software that conducts activities such as sales automation, customer service center operations, and marketing campaigns. The software must also gather data about customer activities on the company’s Web site and any other points of contact the company has with its existing and potential customers.
cloud computing
The Salesforce.com practice of replacing a company’s investment in computing equipment by selling Internet-based access to its own computing hardware and software is called ____________, and it has become an important new force in the software industry. _____________ allows companies to gain the benefits of software without having to install computing hardware and maintain it.
Computer security
__________ is the protection of assets from unauthorized access, use, alteration, or destruction. There are two general types of security: physical and logical.
Physical security
_____________ includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings.
logical
Protection of assets using nonphysical means is called ________ security
ok
Any act or object that poses a danger to computer assets is known as a threat. A countermeasure is a procedure that recognizes, reduces, or eliminates a threat.
eavesdropper
An__________, in this context, is a person or device that can listen in on and copy Internet transmissions.
ok
Secrecy refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. Integrity refers to preventing unauthorized data modification. Necessity refers to preventing data delays or denials (removal). Integrity threats are reported less frequently and are less well known to the general public. An integrity violation occurs, for example, when an e-mail message is intercepted and its contents arc changed before it is forwarded to its original destination. That is, the integrity of the message has been violated. In this particular exploit, which is called a
(man-in-the-middle exploit), the contents of the e-mail are often altered in a way that changes the message’s original meaning.
ok
There are two ways of categorizing cookies: by time duration and by source. The two kinds of time-duration cookie categories include
(session cookies), which exist until the Web client ends the connection (or “session”), and
(persistent cookies), which remain on the client computer indefinitely.
ok
Another way to categorize cookies is by their source. Cookies can be placed on the client computer by the Web server site, in which case they are called
(first-party cookies), or they can be placed by a different Web site, in which case they are called
(third-party cookies). A third-party cookie originates on a Web site other than the site being visited. These third-party Web sites usually provide advertising or other content that appears on the Web site being viewed.
Web bug
_____is a tiny graphic that a third- party Web site places on another site’s Web page. When a site visitor loads the Web page, the _______ is delivered by the third-party site, which can then place a cookie on the visitor’s computer. A _________’s only purpose is to provide a way for a third-party Web site (the identity of which is unknown to the visitor) to place cookies from that third-party site on the visitor’s computer.
active content
These programs run when a client device loads the Web page and are called ______ _______. ____ ______ programs can display moving graphics, download and play audio, or implement Web-based spreadsheet programs.
scripting languages
JavaScript and VBScript are ______ ________; they provide scripts, or commands, that are executed on the client.
applet
An______ is a small application program. ______ typically run within the Web browser and are most often written in the Java programming language.
ActiveX
An_______ control is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks. Unlike Java or JavaScript code, _______ controls run only on computers with Windows operating systems.
ok
–>A Trojan horse is a program hidden inside another program or Web page that masks its true purpose. The Trojan horse could snoop around a client computer and send back private information to a cooperating Web server—a secrecy violation. The program could alter or erase information on a client computer—an integrity violation. Zombies are equally threatening.
–>A zombie is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers. The computers running the zombie are also sometimes called zombies. When a Trojan horse (or other type of virus) has taken over a large number of computers (and thus made them into zombies), the person who planted the virus can take control of all the computers and
–>form a botnet (short for robotic network, also called a zombie farm when the computers in the network are zombies) that can act as an attacking unit, sending spam or launching denial-of-service attacks against specific Web sites.
plugin
browser ___________, which are programs that enhance the capabilities of browsers, handle Web content that a browser cannot handle.______ can enable a browser to perform useful tasks, such as playing audio or video; however, ______ can also pose security threats to client computers by executing commands buried within the media being manipulated.
worm
A______ is a type of virus that replicates itself on the computers that it infects. ______ can spread quickly through the Internet.
digital certificate
A ______________ or digital ID is an attachment to an e-mail message or a program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be.
steganography
The term__________ describes the process of hiding information (a command, for example) within another piece of information. This information can he used for malicious purposes.
biometric security device
A _______ _________ ______ is one that uses an element of a person’s biological makeup to perform the identification. These devices include writing pads that detect the form and pressure of a person writing a signature, eye scanners that read the pattern of blood vessels in a person’s retina or the color levels in a person’s iris, and scanners that read the palm of a person’s hand (rather than just one fingerprint) or that read the pattern of veins on the back of a person’s hand.
remote wipe
Almost all mobile devices include software that allows the owner to initiate a ______________ if the device is stolen. A ____________ clears all of the personal data stored on the device, including e-mails, text messages, contact lists, photos, videos, and any type of document file. If a mobile device does not include ___________ software, it can be added as an app.
rogue apps
Apps that contain malware or that collect information from the mobile device and forward it to perpetrators are called _____ ______. To weed out _____ ______, the Apple App Store tests apps before they are authorized for sale. The Android Market does not screen for rogue apps as extensively as Apple;
sniffer programs
Software applications called _______ __________ provide the means to record information that passes through a computer or router that is handling Internet traffic. Using a ________ _________ is analogous to tapping a telephone line and recording a conversation. _____ _______ can read e-mail messages and unencrypted Web client- server message traffic, such as user logins, passwords, and credit card numbers.
backdoors
Periodically, security experts find electronic holes, called___________, in electronic commerce software. A _________ is an element of a program (or a separate program) that allows users to run the program without going through the normal authentication procedure for access to the program.
anonymous Web service
Several companies and organizations offer_______ ________ ____________ that hide personal information from sites visited. These services provide a measure of secrecy to Web surfers who use them by replacing the user’s IP address with the IP address of the anonymous Web service on the front end of any URLs that the user visits.
wiretapping
An integrity threat, also known as active_________, exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions, such as deposit amounts transmitted over the Internet, are subject to integrity violations.
Cybervandalism
_______________ is an example of an integrity violation. _____________ is the electronic defacing of an existing Web site’s page. The electronic equivalent of destroying property or placing graffiti on objects, ______________ occurs whenever someone replaces a Web site’s regular content with his or her own content.
ok
–>Masquerading or spoofing—pretending to be someone you are not, or representing a Web site as an original when it is a fake—is one means of disrupting Web sites.
–>Domain name servers (DNSs) are the computers on the Internet that maintain directories that link domain names to IP addresses.
phishing expeditions
These exploits, which capture confidential customer information, arc called________ __________. The most common victims of ________ _____ are users of online banking and payment system (such as PayPal) Web sites.
(distributed denial-of-scrvice) DDOS
Attackers can use the botnets you learned about earlier in this chapter to launch a simultaneous attack on a Web site (or a number of Web sites) from all of the computers in the botnet. This form of attack is called a ________ attack. The attack on U.S. and South Korean government and business Web sites you learned about at the beginning of this chapter was a _____ attack.
WEP (Wireless Encryption Protocol)
The security of the connection depends on the ________________, which is a set of rules for encrypting transmissions from the wireless devices to the WAPs.
OK
In some cities that have large concentrations of wireless networks, attackers drive around in cars using their wireless-equipped laptop computers to search for accessible networks. These attackers are called
–>wardrivers. When wardrivers find an open network (or a WAP that has a common default login and password), they sometimes place a chalk mark on the building so that other attackers will know that an easily entered wireless network is nearby.
–>This practice is called warchalking. Some warchalkers have created Web sites that include maps of wireless access locations in major cities around the world.
Encryption
________ is the coding of information by using a mathematically based program and a secret key to produce a string of characters that is unintelligible. The science that studies __________ is called cryptography
OK
A program that transforms normal text, called –>plain text, into cipher text (the unintelligible string of characters) is called an –>encryption program. The logic behind an encryption program that includes the mathematics used to do the transformation from plain text to cipher text is called an –>encryption algorithm.
Hash coding
____ _______ is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length. It is a fingerprint for the message because it is almost certain to be unique for each message.
Asymmetric encryption
__________ ________, or public-key encryption, encodes messages by using two mathematically related numeric keys. In 1977, MIT professors Ronald Rivest, Adi Shamir, and I^eonard Adleman invented the RSA Public Key Cryptosystem. In their system, one key of the pair, ealled a public key, is freely distributed to anyone interested in communicating securely with the holder of both keys. The public key is used to encrypt messages using one of several different encryption algorithms. The second key, called a private key, is kept by the key owner. The owner uses the private key to decrypt all messages received.

–>One of the most popular technologies used to implement public-key encryption today is called Pretty Good Privacy (PGP).

Symmetric encryption
__________ __________, also known as private-key encryption, encodes a message with an algorithm that uses a single numeric key, such as 456839420783, to encode and decode data.
session key
A ______ ______ is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
session negotiation
S-HTTP security is established during the initial session between a client and a server. Either the client or the server can specify that a particular security feature be required, optional, or refused. This process of proposing and accepting (or rejecting) various transmission conditions is called _________ __________.

sometimes called an envelope. This
–>(secure envelope) encapsulates and encrypts the message, which provides secrecy, integrity, and client/server authentication. S-HTTP is still used by some Web servers; however, SSL has largely replaced it.

message digest
To detect message alteration, a hash algorithm is applied to the message content to create a _____ _________, which is a number that summarizes the encrypted information.
digital signature
An encrypted message digest created using a private key is called a ________ _________.
buffer
A________ is an area of memory set aside to hold data read from a file or database. A ________ is necessary whenever any input or output operation takes place because a computer can process file information much faster than the information can be read from input devices or written to output devices.
mail bomb
one in which excessive data is sent to a server, can occur on mail servers. Called a _______ ______, the attack occurs when hundreds or even thousands of people each send a message to a particular address.
access control list (ACL)
An ______ ______ _______ is a list or database of files and other resources and the usernames of people who can access the files and other resources.
firewall
A_______ is software or a hardware-software combination that is installed in a network to control the packet traffic moving through it. Most organizations place a ________ at the Internet entry point of their networks.

–>Those networks inside the _______ are often called trusted, whereas networks outside the _______ are called untrusted.

OK
Firewalls are classified into the following categories: packet filter, gateway server, and proxy server.
–>Packet-filter firewalls examine all data flowing back and forth between the trusted network (within the firewall) and the Internet.
–>Gateway servers are firewalls that filter traffic based on the application requested. Gateway servers limit access to specific applications such as Telnet, FTP, and HTTP.
–>Proxy server firewalls are firewalls that communicate with the Internet on the private network’s behalf.
Intrusion detection systems
_______ _________ ________ are designed to monitor attempts to log into servers and analyze those attempts for patterns that might indicate a cracker’s attack is under way.
personal firewall
In addition to firewalls installed on organizations’ networks, it is possible to install software-only firewalls on individual client computers. These firewalls are often called _______ _________. The use of ________ _______ has become an important tool in the protection of expanded network perimeters for many companies.
micropayments
Internet payments for items costing from a few cents to approximately a dollar are called_______________

–> small payments is used to describe all payments of less than S10

interchange network
An ___________ _______ is a set of connections between banks that issue credit cards, the associations that own the credit cards (such as MasterCard or Visa), and merchants’ banks.
closed loop system
In some payment card systems, the card issuer pays the merchants that accept the card directly and does not use an intermediary, such as a hank or clearinghouse system. These types of arrangements are called ________ ______ __________ because no other institution is involved in the transaction.
open loop system
Whenever additional parties, such as the intermediaries in this example, are included in payment card transaction processing, the system is called an ________ _______ _________. Visa and MasterCard are two of the most widely known examples of ________ _______ _________. Many banks issue both of these cards.

Unlike American Express or Discover, neither Visa nor MasterCard issues cards directly to consumers. Visa and MasterCard are ((credit card associations)) that are operated by the banks who are members in the associations. These member banks, which are

acquiring bank
An __________ _______ is a bank that does business with sellers (both Internet and non- Internet) that want to accept payment cards.

To process payment cards for Internet transactions, a business must set up a ((merchant account)) with an _________ ________.

Money laundering
_________ __________ is a technique used by criminals to convert money that they have obtained illegally into cash that they can spend without having it identified as the proceeds of an illegal activity.
ok
Software-based digital wallets fall into two categories, depending on where they are stored. A ((server-side digital wallet)) stores a customer’s information on a remote server belonging to a particular merchant or wallet publisher.

Smartphones and tablets, as mobile devices, are candidates to become ((hardware-based digital)) wallets that can store a variety of identity credentials (such as a driver’s license, medical insurance card, store loyalty cards, and other identifying documents).

Near field communication (NFC) technology, which allows for contactless data transmission over short distances, can also be used if the smartphone is equipped with a chip similar to those that have been used on payment cards (such as MasterCard’s PayPass card) for a number of years.

smart card
A ________ _____ is a plastic card with an embedded microchip that can store information. _______ _____ is also called stored-value cards.

_______ _____ is safer than magnetic strip credit cards

spear phishing
When the e-mails used in a phishing expedition are carefully designed to target a particular person or organization, the exploit is called ________ _______. The _______ ________ perpetrator must do considerable research on the intended recipient, hut by obtaining detailed personal information and using it in the e-mail, the perpetrator can greatly increase the chances that the victim will open the e-mail and click the link to the phishing Web site.
ok
U.S. laws define ((organized crime)), also called ((racketeering)), as unlawful activities conducted by a highly organized, disciplined association for profit. The associations that engage in organized crime are often differentiated from less organized groups such as gangs and from organized groups that conduct unlawful activities for political purposes, such as terrorist organizations.

The Internet has opened new opportunities for organized crime in its traditional types of criminal activities and in new areas such as generating spam (which you learned about in earlier chapters), phishing, and identity theft. ((Identity theft)) is a criminal act in which the perpetrator gathers personal information about a victim and then uses that information to obtain credit.

ok
Businesses use tactics called ((downstream strategies)) to improve the value that the business provides to its customers. Alternatively, businesses can pursue ((upstream strategies)) that focus on reducing costs or generating value by working with suppliers or inbound shipping and freight service providers.
total cost of ownership
In addition to hardware and software costs, the project budget must include the costs of hiring, training, and paying the personnel who will design the Web site, write or customize the software, create the content, and operate and maintain the site. Many organizations now track costs by activity and calculate a total cost for each activity. These cost numbers, called ___________(TCO), include all costs related to the activity.
ok
A person would pitch an idea for an online business to a group of businesspersons who had money and enough business knowledge to evaluate the idea’s potential. These investors, often called ((angel investors))

((Venture capitalists)) are very wealthy individuals, groups of wealthy individuals, or investment firms that look for small companies that are about to grow rapidly. They invest large amounts of money (between a million and a few hundred million dollars) hoping that in a few years the company will be large enough to sell stock to the public in an event called an initial public offering (IPO). In the IPO, the venture capitalists take their profits and once again search for a new small company in which to invest.

ok
Most companies have procedures that call for an evaluation of any major expenditure of funds. These major investments in equipment, personnel, and other assets are called ((capital projects)) or ((capital investments)).

evaluation approaches are called ((return on investment)) (ROI) techniques because they measure the amount of income (return) that will be provided by a specific current expenditure (investment). ROI techniques provide a quantitative expression of whether the benefits of a particular investment exceed their costs (including opportunity costs).

ok
Companies today recognize the value of the accumulated mass of employees’ knowledge about the business and its processes. The value of an organization’s pool of this type of knowledge is called ((intellectual capital)).

the company outsources the initial site design and development to launch the project quickly. The outsourcing team then trains the company’s information systems professionals in the new technology before handing the operation of the site over to them. This approach is called ((early outsourcing)).

Once the company has gained all the competitive advantage provided by the system, the maintenance of the electronic commerce system can be outsourced so that the company’s information systems professionals can turn their attention and talents to developing new technologies that will provide further competitive advantage. This approach is called ((late outsourcing)).

In both the early outsourcing and late outsourcing approaches, a single group is responsible for the entire design, development, and operation of a project—either inside or outside the company. This typical outsourcing pattern works well for many information systems projects. However, electronic commerce initiatives can benefit from a partial outsourcing approach, too. In ((partial outsourcing)), which is also called ((component outsourcing)), the company identifies specific portions of the project that can be completely designed, developed, implemented, and operated by another firm that specializes in a particular function.

incubator
An__________ is a company that offers startup companies a physical location with offices, accounting and legal assistance, computers, and Internet connections at a very low monthly cost.
Project management
______ ___________ is a collection of formal techniques for planning and controlling the activities undertaken to achieve a specific goal.
Project portfolio management
A company’s top technology manager is its chief information officer (CIO).

_________ __________ __________ is a technique in which each project is monitored as if it were an investment in a financial portfolio. The CIO records the projects in a list (usually using spreadsheet or database management software) and updates the list regularly with current information about each project’s status. By managing each project as a portfolio element, project portfolio managers can make trade