The E-Business Handbook

The

E-Business Handbook

SL3054_frame_FM Page 2 Wednesday, November 21, 2001 10:31 AM

The

E-Business Handbook Edited by

Paul Benjamin Lowry J. Owen Cherrington Ronald R. Watson

ST. LUCIE PRES S A CRC Press Company Boca Raton London New York Washington, D.C.

SL3054_frame_FM Page 4 Wednesday, November 21, 2001 10:31 AM

Library of Congress Cataloging-in-Publication Data The e-business handbook / [edited by] Paul Benjamin Lowry, J. Owen Cherrington, Ronald R. Watson p. cm. Includes bibliographical references and index. ISBN 1-57444-305-4 (alk. paper) 1. Electronic commerce. 2. Business enterprises--Computer network resources. I. Title: Ebusiness handbook. II. Lowry, Paul Benjamin. III. Cherrington, J. Owen. IV. Watson, Ronald R. V. Title. HF5548,32 ,E1742001 658.8′4—dc21 2001048644 CIP

This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. All rights reserved. Authorization to photocopy items for internal or personal use, or the personal or internal use of specific clients, may be granted by CRC Press LLC, provided that $.50 per page photocopied is paid directly to Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923 USA. The fee code for users of the Transactional Reporting Service is ISBN 1-57444-3054/02/$0.00+$.50. The fee is subject to change without notice. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe.

Visit the CRC Press Web site at www.crcpress.com © 2002 by CRC Press LLC St. Lucie Press is an imprint of CRC Press LLC No claim to original U.S. Government works International Standard Book Number 1-57444-305-4 Library of Congress Card Number 2001048644 Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Printed on acid-free paper

SL3054_frame_FM Page 5 Wednesday, November 21, 2001 10:31 AM

Introduction Before embarking on this journey commonly called “e-business,” it is important to not get lost in the mind-boggling array of technologies, business strategies, and jargon. Unfortunately, since the IT industry has started appending “e-” to almost every word in Webster’s dictionary, a false illusion has been created that “new economic rules” exist. So, while e-business represents a significant shift in academic research and business strategy (especially for trendsetters and followers), it is important to remember that this so-called revolution has been in the making for at least 50 years. Arguably, the e-business revolution may have started with the advent of mainframe computing (i.e., UNIVAC I in 1951), which was soon followed by computers’ being built with transistors in 1958, and the introduction of procedural languages (e.g., COBOL in 1960 by Dr. Grace Hopper). The revolution picked up steam with the introduction of ARPANET in 1969 (providing the foundation for the Internet), followed by the production of large-scale integrated circuits (LSIs) in 1970, the creation of the microprocessor in 1971 by Dr. Ted Hoff of Intel, the release of the Altair home computer in 1975, and the introduction of the IBM PC in 1981. The revolution further gained momentum with the introduction of the Mosaic Browser by Marc Andreesen in 1993, the subsequent launch of Netscape and Linux in 1994, and the introduction of Java in 1995. In the 1990s, we witnessed the recombinant synergistic application of many existing technologies (i.e., cryptology, packetswitching networks, protocols, standards, scalable servers, and relational databases) that finally caught the notice of mass markets and made e-commerce and e-business household terms. But, given this history, can we really call e-business a radical revolution? — perhaps if you were sleeping through the last five decades. E-business is not so much a revolution as an acceleration of some of the underlying fundamentals of economics and technology. No economic rules have changed; instead, certain economic principles have been simplified or more strongly accentuated because of technological advances. Thus, the rules of the game remain the same: A firm must deliver quality products and services faster and cheaper than its competitors; likewise, it must post a reasonable profit, create tangible value, differentiate itself from competitors, provide excellent customer service, find ways to produce “lock in” and to take advantage of network externalities. Similarly, intellectual capital has always been important in strategic competition, but with ebusiness, it becomes increasingly crucial to strategic survival, as many firms no longer trade in physical goods, but in ideas and services in a global arena. In the same way, while standards have been pivotal to business success for many decades, they now have an increased importance. Early on, the potential utility of standards was brought to light when gun manufacturers learned to utilize replaceable parts in the manufacturing process. The importance of standards was further high-

SL3054_frame_FM Page 6 Wednesday, November 21, 2001 10:31 AM

lighted during the Industrial Revolution when standard widths were created for railroad tracks and replaceable parts were made for gasoline engines. Now standards can be used to interconnect suppliers and customers to shore up vertical supply chains and to create value-added intranets and extranets. Thus, a business focused on e-business products or services cannot survive without embracing or creating standards that facilitate access to a critical mass of target users. For example, a given e-mail system is virtually useless if it does not interconnect with hundreds of disparate e-mail systems. Suppliers and customers need to be able to rapidly exchange product and inventory data using preset exchange protocols. Ultimately, business is still about accurately delivering on transactions. Ebusiness now allows a much higher volume and more accurate quality to transfer between companies much faster than was previously possible. This nearly frenetic pace has increased the need for integrated supply chains, partners, trust, security, and verification. We call this electronic acceleration of internal and external business networks “e-business.” This book presents leading research on a wide range of e-business topics such as strategy, web development, net auctions, XML, emerging Internet-based technologies, virtual teams, international issues, intelligent agents, e-transactions, customer relationship management and security. Because of the multidimensional nature of its content, this book is an appropriate manual for a wide range of academic and advanced practitioner audiences. For example, this book can be used for upperdivision undergraduate courses in CS and MIS, for graduate courses in business and e-commerce, and as a professional primer. Paul Benjamin Lowry Editor

SL3054_frame_FM Page 7 Wednesday, November 21, 2001 10:31 AM

Acknowledgments I would like to personally thank the international body of authors and researchers who made this work possible. Their persistence and hard work, conducted in a short period of time, have enabled us all to benefit from the timely production and distribution of this knowledge on e-business. I would also like to thank my coeditors, Drs. Owen Cherrington and Ronald Watson, for their outstanding work, as well as Jessica Stant and Bethany Stevens for their administrative assistance. Moreover, I appreciate the support I have received from the Center for the Management of Information (CMI) at the University of Arizona, including from Dr. Queen Booker, Dr. James Lee, Dr. Judee Burgoon, and Betty Albert. Finally, I would like to thank Dr. Jay F. Nunamaker, Jr. for the vision that made CMI possible — for all of us, Jay is truly an international scholar, leader, friend, and visionary. Paul Benjamin Lowry Editor

SL3054_frame_FM Page 8 Wednesday, November 21, 2001 10:31 AM

SL3054_frame_FM Page 9 Wednesday, November 21, 2001 10:31 AM

Editors Paul Benjamin Lowry is a research associate at the distinguished international Center for the Management of Information (CMI) at the University of Arizona, under the direction of Dr. Jay Nunamaker, Jr., a Regents Professor of MIS and founder of Group Systems.com. CMI conducts leading research in collaboration, knowledge management, and e-business. Cumulative research over the years at CMI has produced hundreds of research articles and scores of books, and many international honors. Paul’s professional MIS and e-business experience comes from several Fortune 100 companies including Ernst & Young Management Consulting, Ameritech, Novell, Price Waterhouse Management Consulting, and IBM. His key clients have included organizations such as 3M, Imation, Dial Corporation, the United Nations, the Wyoming Transportation Department, InfoPak, Pacific Telesis, Vanstar, Computerland, and PG&E. Paul attended Brigham Young University, receiving a B.S. in Information Systems and later an MBA from the Marriott School of Management. He is scheduled to complete his Ph.D. in MIS from the University of Arizona in April 2002. At CMI, Paul conducts research emphasizing Internet-based collaboration (ecollaboration), e-business, GroupWare/GSS, technology-assisted virtual teams, autofacilitation, and distributed group work. His current research involves creating technologies and improved collaborative processes to enable distributed groups to effectively work together over the Internet. J. Owen Cherrington is the Mary & Ellis Distinguished Professor of Accounting and Information Systems at Brigham Young University. He is currently the director of the information systems faculty and programs in the Marriott School of Management, and the director of the Rollins Center for eBusiness. Dr. Cherrington earned MBA and Ph.D. degrees at the University of Minnesota with an emphasis in accounting and information systems. He is a CPA, a member of the AICPA and the UACPA, and is licensed to practice public accounting in Utah. He was a principal in the management consulting division of Arthur Young & Co. Dr. Cherrington has an extensive list of publications, including four major college textbooks in introductory accounting, cost and managerial accounting, information systems, and CPA review. He has published more than 50 articles and monographs in professional books and journals. In addition, he has written training materials or conducted training programs for IBM, AICPA, Utah Association of CPAs, Arthur Young, Ernst & Young, Alexander Grant & Co., Price Waterhouse, and BYU Conferences and Workshops. Dr. Cherrington’s awards and recognitions have been numerous. In 1997, he received the Marriott School Outstanding Professor Award. He has been recognized

SL3054_frame_FM Page 10 Wednesday, November 21, 2001 10:31 AM

by the Marriott School for his outstanding teaching and awarded the NAC Outstanding Faculty Award, Exxon Outstanding Teaching Award, William C. Brown Teaching Excellence Award, and the Outstanding Educator Award given by the Utah Association of CPAs. Ronald Ross Watson is a professor at the Arizona Prevention Center in the Division of Health Promotion Sciences, College of Public Health, as well as School of Medicine and College of Agriculture at the University of Arizona. His distinguished career has led to the production of 450 journal articles and reviews and has included many distinctions, awards, and grants. He has also edited 55 books. He received his Ph.D. in Biochemistry from Michigan State University and completed a postdoctoral fellowship at Harvard School of Public Health. He currently directs research funded by four National Institutes of Health grants. He is also president of the company developing natural products from plant extracts for sale via the Internet.

SL3054_frame_FM Page 11 Wednesday, November 21, 2001 10:31 AM

Contributors Conan C. Albrecht Marriott School of Management Brigham Young University Provo, Utah [email protected] W. Steve Albrecht Marriott School of Management Brigham Young University Provo, Utah [email protected] Lynda M. Applegate Harvard Business School Cambridge, Massachusetts [email protected] Ravi Bapna Operations & Information Management School of Business University of Connecticut Storrs, Connecticut [email protected] Rida A. Bazzi Department of Computer Science and Engineering Arizona State University Tempe, Arizona [email protected] Bonka Boneva Carnegie Mellon University Pittsburgh, Pennsylvania

Brian Carini Carnegie Mellon University Pittsburgh, Pennsylvania J. Owen Cherrington Marriott School of Management Brigham Young University Provo, Utah marriottschool.byu.edu/emp/joc/ [email protected] Karen Clay The Heinz School Carnegie Mellon University Pittsburgh, Pennsylvania [email protected] Anne Crawford Carnegie Mellon University Pittsburgh, Pennsylvania Jonathon Cummings Carnegie Mellon University Pittsburgh, Pennsylvania Dorothy E. Denning Georgetown Institute for Information Assurance Georgetown University Washington, D.C. [email protected] Suzanne W. Dietrich Department of Computer Science and Engineering Arizona State University Tempe, AZ dietrich}@asu.edu

SL3054_frame_FM Page 12 Wednesday, November 21, 2001 10:31 AM

Michael Doran United Nations Center for Trade Facilitation and Electronic Business, Business Process Analysis Working Group (UN/CEFACT/BPAWG) ETT Division, CERN, Geneva, Switzerland [email protected] Amitava Dutta School of Management George Mason University Fairfax, Virginia Yuan Gan Intelligent Systems Laboratory Industrial Engineering University of Iowa Iowa City, Iowa Nahum Goldmann CEO ADDSecure.Net Inc. Ottawa, Ontario [email protected] ADDSecure.Net Alok Gupta Information and Decision Sciences Department Carlson School of Management University of Minnesota Minneapolis, Minnesota [email protected] Vicki Helgeson Carnegie Mellon University Pittsburgh, Pennsylvania Gaby Herrmann Department of Information Systems University of Essen Essen, Germany [email protected]

Blake Ives Decision and Information Sciences C.T. Bauer College of Business University of Houston Houston, Texas [email protected] Sirkka L. Jarvenpaa Center for Business, Technology & Law McCombs School of Business University of Texas at Austin Austin, Texas [email protected] Angie Jensen Brigham Young University Provo, Utah Ying Jin Department of Computer Science and Engineering Arizona State University Tempe, Arizona [email protected] Sunitha Kambhampati Department of Computer Science and Engineering Arizona State University Tempe, Arizona [email protected] Feras Karablieh Computer Science and Engineering Department Arizona State University Tempe, Arizona [email protected] Robert J. Kauffman Carlson School of Management University of Minnesota Minneapolis, Minnesota [email protected]

SL3054_frame_FM Page 13 Wednesday, November 21, 2001 10:31 AM

Sara Kiesler Human Computer Interaction Institute Carnegie Mellon University Pittsburgh, Pennsylvania [email protected] Stefan Klein University of Muenster Muenster, Germany [email protected] Robert Kraut Carnegie Mellon University Pittsburgh, Pennsylvania http://www.hcii.cmu.edu/People/Facult y/RobertKraut.html [email protected] Ramayya Krishnan The Heinz School Carnegie Mellon University Pittsburgh, Pennsylvania [email protected] Andrew Kusiak Intelligent Systems Laboratory Industrial Engineering University of Iowa Iowa City, Iowa [email protected] http://www.icaen.uiowa.edu/~ankusiak Louise Lane Department of Mathematics and Computer Science Laurentian University Sudbury, Ontario [email protected] Jae Kyu Lee Graduate School of Management Korea Advanced Institute of Science and Technology Seoul, Korea

Ronald M. Lee Institute for Decision and Information Systems (EURIDIS) Erasmus University Rotterdam, The Netherlands [email protected] Paul Benjamin Lowry Center for the Management of Information (CMI) University of Arizona Tucson, Arizona [email protected] [email protected] Sanjay Kumar Madria Department of Computer Science University of Missouri-Rolla Rolla, MO [email protected] Mukesh Mohania Department of Computer Science Western Michigan University Kalamazoo, Michigan [email protected] Yinghui Na Department of Computer Science and Engineering Arizona State University Tempe, Arizona [email protected] Martin Nemzow Network Performance Institute Miami, Florida http://www.networkperf.com/ [email protected]

SL3054_frame_FM Page 14 Wednesday, November 21, 2001 10:31 AM

William T. Neumann Department of Management Information Systems Eller College of Business and Public Administration University of Arizona Tucson, Arizona http://www.bpa.arizona.edu/~mis/facult y/bneumann.shtml [email protected] Edward Orton ADDSecure.Net Inc. Ottawa, Ontario [email protected] http://www.ADDSecure.Net

Kai Riemer Institute of Information Systems University of Muenster Muenster, Germany [email protected] Steven E. Roberts Georgetown University Washington, D.C. [email protected] Alexander W. Röhm Department of Information Systems University of Essen Essen, Germany [email protected]

Kalpdrum Passi Department of Mathematics and Computer Science Laurentian University Sudbury, Ontario, Canada [email protected]

Ramesh Sambasivan Itradefair.Com, Inc. Stillwater, Oklahoma [email protected]

Günther Pernul Department of Information Systems University of Essen Essen, Germany [email protected]

Tarun K. Sen Pamplin College of Business Virginia Tech Falls Church, Virginia http://www.cob.vt.edu/accounting /faculty/tksen/tksen.htm [email protected]

G. Prem Premkumar Union Pacific Chair of Information Systems College of Business Iowa State University Ames, Iowa [email protected] Balasubramaniam Ramesh Robinson College of Business Georgia State University Atlanta, Georgia [email protected]

Ramesh Sharda College of Business Administration Oklahoma State University Stillwater, Oklahoma [email protected] Simeon J. Simoff Faculty of Information Technology University of Technology Sydney, Australia [email protected]

SL3054_frame_FM Page 15 Wednesday, November 21, 2001 10:31 AM

Michael Smith The Heinz School Carnegie Mellon University Pittsburgh, Pennsylvania [email protected] Fay Sudweeks School of Information Technology Murdoch University Perth, Australia [email protected] Amy Sundermier Department of Computer Science and Engineering Arizona State University Tempe, Arizona Emerson H. Tiller Department of Management Science and Information Systems University of Texas Austin, Texas [email protected] Amrit Tiwana Goizueta Business School Emory University Atlanta, Georgia [email protected] [email protected] Carsten Totz Institute of Information Systems University of Muenster Muenster, Germany [email protected] Efraim Turban California State University Long Beach, California

Susan D. Urban Department of Computer Science and Engineering Arizona State University Tempe, Arizona [email protected] Kenneth R. Walsh Information Systems and Decision Sciences (ISDS) Department Louisiana State University Baton Rouge, Louisiana http://www.kenwalsh.com [email protected] Bin Wang Carlson School of Management University of Minnesota, Minneapolis, Minnesota [email protected] Ronald R. Watson Arizona Prevention Center Tucson, Arizona Bradley C. Wheeler Kelley School of Business Indiana University Bloomington, Indiana [email protected] Yurong Yao Ourso College of Business Administration Louisiana State University Baton Rouge, Louisiana [email protected] Sai K. Yayavaram Department of Management McCombs School of Business University of Texas at Austin Austin, Texas [email protected]

SL3054_frame_FM Page 16 Wednesday, November 21, 2001 10:31 AM

Vladimir Zwass Computer Science and Management Information Systems Fairleigh Dickinson University Saddle River, New Jersey [email protected]

SL3054_frame_FM Page 17 Wednesday, November 21, 2001 10:31 AM

Contents Chapter 1

Building Information Age Businesses for the 21st Century ...............1

Lynda M. Applegate Appendix A E-Business Models .............................................................................19 Appendix B E-Business Revenue and Cost Models...............................................29 Chapter 2

The Embedding Stage of Electronic Commerce ...............................33

Vladimir Zwass Chapter 3

Web Evaluation ..................................................................................45

Carsten Totz, Kai Riemer and Stefan Klein Chapter 4

Supply Chain Management................................................................67

G. Prem Premkumar Chapter 5

Online Auctions: A Closer Look .......................................................85

Alok Gupta and Ravi Bapna Chapter 6

Bid Together, Buy Together: On the Efficacy of Group-Buying Business Models in Internet-Based Selling..........99

Robert J. Kauffman and Bin Wang Chapter 7

The Great Experiment: Pricing on the Internet...............................139

Karen Clay, Ramayya Krishnan, and Michael Smith Chapter 8

Virtual Trade Fairs: An Emerging Internet Application ..................153

Ramesh Sharda and Ramesh Sambasivan Chapter 9

Planning Business-to-Business E-Procurement Marketplaces ........167

Jae Kyu Lee and Efraim Turban

SL3054_frame_FM Page 18 Wednesday, November 21, 2001 10:31 AM

Chapter 10 Internet Evolution and Social Impact ..............................................189 Sara Kiesler, Robert Kraut, Jonathon Cummings, Bonka Boneva, Vicki Helgeson, and Anne Crawford Chapter 11 Designing a Curriculum for the Death of E-Business: Five Principles ..................................................................................203 Bradley C. Wheeler Chapter 12 Electronic Commerce Partnerships Between Business and Academia...................................................................................213 J. Owen Cherrington and Brian Carini Chapter 13 The Covered Bazaar on the Internet: Culturally Specific Alternatives to “Web-Marts”..............................................227 Fay Sudweeks and Simeon J. Simoff Chapter 14 Electronic Government ....................................................................243 Yurong Yao and Blake Ives Chapter 15 E-Business Goes Global: Institutional Environments and Governance of Global Internet Firms.......................................261 Sirkka L. Jarvenpaa and Sai K. Yayavaram Chapter 16 Paradigm for Financial Modernization in E-Commerce .................279 Martin Nemzow Chapter 17 Knowledge Management in E-Services: From Mass Customization to Service Individualization.................297 Amrit Tiwana and Balasubramaniam Ramesh Chapter 18 Preventing and Detecting Fraud in Electronic Commerce Systems ....................................................315 W. Steve Albrecht and Conan C. Albrecht Chapter 19 Protecting a Borderless World: Recognizing and Understanding Security Threats to E-Commerce.....................339 Steven E. Roberts and Dorothy E. Denning

SL3054_frame_FM Page 19 Wednesday, November 21, 2001 10:31 AM

Chapter 20 The Critical Role of Independent Security Audits ..........................353 Nahum Goldmann and Edward Orton Chapter 21 Trusted Electronic Market Transactions: A Macro- and Micro-Level View.....................................................365 Günther Pernul, Alexander W. Röhm and Gaby Herrmann Chapter 22 Development of Reliable E-Commerce Applications in Large Open Distributed Systems.................................................379 Rida A. Bazzi and Feras Karablieh Chapter 23 Distributed Software Component Integration: A Framework for a Rule-Based Approach......................................395 Susan D. Urban, Suzanne W. Dietrich, Amy Sundermier, Ying Jin, Sunitha Kambhampati, and Yinghui Na Chapter 24 Collaborative Architectures that Support Electronic Business ..........................................................................423 Conan C. Albrecht Chapter 25 A Business Component-Based Approach to E-Business Process Design .................................................................................443 Amitava Dutta and Tarun K. Sen Chapter 26 Reducing Distance in Electronic Commerce Using Virtual Reality ..................................................................................457 Kenneth R. Walsh Chapter 27 XML, A Collaborative Enabler of E-Business through the Mediation of Heterogeneous Data between Trading Partners ...............................................................................467 Paul Benjamin Lowry and William T. Neumann

SL3054_frame_FM Page 20 Wednesday, November 21, 2001 10:31 AM

SL3054_frame_C01 Page 1 Tuesday, November 20, 2001 8:47 AM

1

Building Information Age Businesses for the 21st Century* Lynda M. Applegate

CONTENTS 1.1 1.2 1.3 1.4

Introduction ......................................................................................................1 Business Models: Something Old and Something New .................................2 Emerging E-Business Models..........................................................................4 Crafting Value Webs.........................................................................................9 1.4.1 Intuit Crafts a Value Web Inside its Organization.............................10 1.4.2 Intuit’s Value Web Extends to its Business Community...................13 1.5 Putting the Ideas To Work .............................................................................16 1.5.1 A Step-by-Step Approach to Analyzing Emerging E-Business Models.............................................................................16 Appendix A: E-Business Models ............................................................................19 Appendix B: E-Business Revenue and Cost Models..............................................29 References................................................................................................................32

1.1 INTRODUCTION A fundamental shift in the economics of information is under way — a shift that is less about any specific new technology than about the fact that a new behavior is reaching critical mass. Millions of people at home and at work are communicating electronically using universal open standards. This explosion in connectivity is the latest — and, for business strategists, the most important — wave in the information revolution. A new economics of information will precipitate changes in the structure of entire industries and the ways that companies compete.1

Few would dispute that rapid technological advancements over the latter half of the 20th century spawned dramatic worldwide socioeconomic changes. By the mid-1980s, a new economic paradigm was emerging that many called the Information Age. Its promise caused large established firms to embark upon business transformation initiatives designed to shed static, rigid structures,

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

1

SL3054_frame_C01 Page 2 Tuesday, November 20, 2001 8:47 AM

2

The E-Business Handbook

processes, and business mindsets that remained as a legacy of the Industrial Age. Today, as we stand at the gateway to a new millennium, the Internet and associated technologies of the network era form the foundation upon which Information Age businesses are being built. Initially, entrepreneurs and executives in established firms approached the Internet in much the same way that fortune seekers of the 1800s prospected for gold. Although there are still frontiers to explore, the “gold rush” mentality has given way to a search for frameworks and analytics to guide us in building successful — and sustainable — Information Age businesses. Drawing on more than 6 years of work with hundreds of Internet pioneers, this chapter analyzes how emerging Information Age business models are revolutionizing the way business is conducted around the world. Portals, aggregators, exchanges, and marketplaces are but a few of the models examined.*

1.2 BUSINESS MODELS: SOMETHING OLD AND SOMETHING NEW If there is one lesson we can learn from the continuing evolution of work and competition in the new economy, it’s this: Change the question and you change the game. The old question was, “What business am I in?” The new question is: “What is my business model?”2

Why is a focus on business models so important today? If you think about it, we spent nearly a century building and perfecting the Industrial Age models that defined how companies conducted business throughout most of the 1900s. As a result, we knew what it meant if someone said, “I sell insurance” or “I sell cars.” We had developed a shorthand way of describing how a business was structured, what type of people were needed, and what roles they filled. That shorthand told us how our company interacted with others in the industry and, most importantly, how it made money and delivered value to customers, suppliers, partners, employees, and owners. It also told everyone who did business with us what they could expect. The Industrial Age business models became so familiar that they no longer required explanation. In contrast, the Internet enables us to create new business models and redefine existing ones. It provides a flexible channel for procuring and distributing products and services and the tools needed to create and package content in all of its many forms, including data, voice, and video. This highly interactive and engaging channel offers new opportunities and enables development of new capabilities that were difficult to achieve before the commercialization of the Internet. Figure 1.1 shows the building blocks of a business model. The categories of analysis and representative outcomes for each category. As you review the business model framework, it is important to recognize that the components and relationships depicted here are not new. Indeed, this * This chapter is adapted from papers and materials in Professor Applegate’s Building E-Businesses online course series (HB5 order #5238BN).

SL3054_frame_C01 Page 3 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

TABLE 1.1 Analyzing a Business Model What is it? An organization's business concept defines its: • Market opportunity • Product and services offered • Competitive dynamics • Strategy for capturing a dominant position • Strategic options for evolving the business

An organization's capabilities are built and delivered through its: • People and partners • Organization and culture • Operating model • Marketing/sales model • Management model • Business development model • Infrastructure model

Value is measured by: • Benefits returned to all stakeholders • Benefits returned to the firm • Market share and performance • Brand and reputation • Financial performance

How will we? • • • • • • • • • • • • • • • • • • • • • • •

Attract a large and loyal community? Deliver value to all community members? Price our product to achieve rapid adoption? Become #1 or #2? Erect barriers to entry? Evolve the business to "cash in on strategic options"? Generate multiple revenue streams? Manage risk and growth? Achieve best-in-class operating performance? Develop modular, scalable, and flexible infrastructure? Build and manage strong partnerships with employees and the community? Increase the lifetime value of all members of the community? Build, nurture, and exploit knowledge assets? Make informed decisions and take actions that increase value? Organize for action and agility? Deliver value to all stakeholders? Claim value from stakeholder relationships and transactions? Increase market share and drive new revenues off existing customers? Increase brand value and reputation? Generate confidence and trust? Ensure strong growth in earnings? Generate positive equity cash flow? Increase stock price and market value?

3

SL3054_frame_C01 Page 4 Tuesday, November 20, 2001 8:47 AM

4

The E-Business Handbook

FIGURE 1.2 The value chain.

basic approach has been used for decades to analyze a wide variety of industrial business models. What is new is the business rules and assumptions that form the mental models that, in turn, guide how we make decisions and take actions. As we define new models, we don’t immediately throw out the old. In fact, the best inventions leverage old paradigms, relaxing assumptions to define new models that are both familiar and decidedly superior to the old.3 Scott Cook, founder of Intuit, explained: Some of the best innovations involve a paradigm shift, a real mental change of assumptions and certainties. In fact, the process of innovating and entrepreneuring is much less about invention or new ideas. It’s much more about rethinking and questioning the assumptions people already make.… The ability to rethink fundamental assumptions and take what people accept as certain and question it is the central talent of being a great entrepreneur.4

1.3 EMERGING E-BUSINESS MODELS Consumers are looking for the ability to bundle the products they want in a fashion unique to each individual, and the Web will provide this capability.... We believe that vertical portals will do the best job of providing the consumer empowerment that the Internet makes possible.... Not only will vertical portals have a profound effect on traditional distribution networks, but because many vertical portals will have production capabilities, they may also pose a threat to specialty producers that choose to downplay the significance of the Internet channel.5.

For decades, executives have used the value chain framework (see Figure 1.2) to define the set of activities through which products and services are created and delivered to customers.6 Once activities are defined, it is then possible to analyze the economics at each step in the chain by identifying both costs incurred and value created. These activities can be located inside a firm or across firm boundaries. In the latter case, activities may involve customers, suppliers, partners, or other stakeholders. Accompanying the physical value chain is a related

SL3054_frame_C01 Page 5 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

5

FIGURE 1.3 Value chain roles.

information value chain through which involved parties coordinate and control activities. Participants within a business market assume one or more of four primary roles to carry out these value-creating activities (see Figure 1.3): 1. Suppliers create component products or provide services, raw materials or talent. 2. Producers design and build products, services, and, most importantly, solutions that meet a specific customer or market need. They might sell and maintain the product or share that role with others in an industry or with those outside traditional industry boundaries. 3. Distributors enable buyers and sellers to connect, communicate, and transact business. These distributors may connect suppliers to business customers, forming what is often called a supply chain, or they may connect producers to consumers, forming what can be called a buy chain. 4. Customers might be either individual consumers or businesses willing to pay for a product, service, or solution. When selling to business customers, individual consumers — the actual end users — are often located inside the customer firm. This can create a two-stage adoption cycle — first the business must decide to purchase a product or service and then individuals must decide to use it. The point within a value chain where maximum economies of scale and scope are created determines market power. Economies of scale are achieved when a market

SL3054_frame_C01 Page 6 Tuesday, November 20, 2001 8:47 AM

6

The E-Business Handbook

participant or network of participants is able to leverage capabilities and infrastructure to increase revenues and profitability within a single product line or market. Economies of scope are achieved when a market participant or network of participants is able to leverage capabilities and infrastructure to launch new product lines or businesses, or enter new markets. Industrial Age business innovations favored producers. The innovations included: • Physical or analog production and distribution technologies (machines, railroads, steam engines, telephones) • An operating model (the assembly line, marketing, sales, and after-sales service channels) • A management model (the hierarchy) • A social or regulatory system (specialized work, pay-for-performance incentives, worker education, unions, antitrust laws) As we enter the 21st century, Information Age pioneers such as AOL (now AOL Time Warner) are defining the business models that are reshaping the global business landscape and redefining power. Once again, emerging models exploit the power of technological, business, and social innovations within a regulatory and policy framework — the latter of which emerges over time. Information Age business innovations include: • Digital production and distribution technologies (broadband and wireless networks, sophisticated content creation, flexible knowledge management) • An operating model (integrated supply chains and buy chains) • A management model (teams, partnerships, consortia) • Social or regulatory systems (ownership incentives, freelancing, virtual work, distance learning, digital copyright laws) Although Industrial Age markets and power bases were built on proprietary infrastructure, participants within Information Age markets leverage a shared digital business infrastructure to enable new entrants and established firms to create and exploit network economies of scale and scope. Network economies of scale are achieved when a “community” of firms shares its infrastructure, capabilities, and customer base to produce and distribute products faster, better, and cheaper than competitors. Network economies of scope are achieved when the community uses its shared infrastructure to produce and distribute new products and services, enter new markets or launch new businesses more quickly, at less cost, and more successfully than competitors. The interorganizational IT systems of the 1980s and early 1990s (e.g., American Airlines’ Sabre reservation system and American Hospital Supply Corporation’s ASAP system) foreshadowed how network economics could create value. Because they were built using proprietary technologies, however, access, reach, and flexibility were limited. Table 1.2 compares Industrial Age and Information Age economics.

SL3054_frame_C01 Page 7 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

7

TABLE 1.2 Comparison of Industrial Age and Information Age Economics Characteristics

Industrial Age

Information Age

Criteria for Economic Success

Internal, proprietary and specialized economies of scale, and scope; Economies of scope are limited by the level of infrastructure specialization required

Core Technological Innovations

Production technologies

Core Operating Innovations

Standardization of work, job specialization, assembly line operations, value chain industry structure

Core Management Innovations

Hierarchical coordination structures and supervision, compliance-based control, pay-for-performance incentives, centralized planning and control Urban growth, mass transportation, social security and welfare, unions, federal regulations, domestic economy Decades

External, networked and shared economies of scale and scope; Economies of scale and scope are dramatically increased by the ability to build new businesses on the nonproprietary, flexible, shared and ubiquitous Internet infrastructure Distribution, communication and information technologies, and the ability to “assemble” component pieces Knowledge work, job expansion, work teams (face-to-face and virtual), extended enterprise, outsourcing and partnerships, value web industry and inter-industry structures Networked coordinating structures, ownership incentives, information-based (“learning”) models of control, distributed planning and control

Societal Innovations

Length of Time to Achieve Economies of Scale and Scope Dominant Industry Power

Producers

Work-at-home, self-employment, personal pension and savings programs, global economy

Uncertain

Solution assemblers and channel managers

The new e-business models emerging on the Internet can be classified within one or more of the generic market roles (see Figure 1.4). In addition, the models can be grouped into two categories. First, and most relevant for our discussion, are the digital businesses being built and launched on the Internet. The second major category of e-business model comprises businesses that provide the platform upon which digital businesses are built and operated. Appendix A describes the various emerging e-business models and Appendix B summarizes revenue, cost and asset models. It is recommended that the reader review these appendices before proceeding to the next section. The e-business model classification presented above suggests that there is a separation between companies that produce and sell technical infrastructure and

SL3054_frame_C01 Page 8 Tuesday, November 20, 2001 8:47 AM

8

The E-Business Handbook

FIGURE 1.4 Emerging e-business models.

businesses that use the technology to support business strategy and design. As we will see in this chapter, however, the distinction is blurring as adoption of Internetbased business models penetrates to the very core of how firms do business. IBM, AOL, Time Warner, Microsoft, and Intuit no longer just sell technology products; these companies are now content aggregators, portals, and media companies. At the same time, non-high-tech businesses, such as Charles Schwab, are becoming technology infrastructure providers. David Pottruck, co-CEO of Charles Schwab, explained: “[Charles Schwab] is a technology company that just happens to be in the brokerage business.… If we are going to be successful, technology is going to have to be built into our DNA.” Another interesting feature of emerging e-business models concerns relationships within an online market. Traditionally, market participants performed their roles sequentially. Each participant in a value chain received inputs from those downstream, added value, and delivered outputs to the next participant in the chain. As shown in the next section, in emerging Internet markets, this orderly sequence of value-creating activities, transactions, and relationships may no longer apply. Participants in an e-business marketplace may assume more than one role and often relate through a complex series of interdependent transactions and relationships that are best modeled as a value web. An excellent example of a value web in action can be found by analyzing the multiple e-business models and relationships adopted by Citigroup (see Figure 1.5). Initially, each business unit within the Citigroup family of companies (for example, Citicard, Citibank, Travelers Insurance, and Salomon Smith Barney) strengthened offline channels and integrated them with new online channels to market. Thus, each business unit adopted a focused distributor business model. By 2000, the company had combined these independent focused distributors within two vertical portals that provided customers with an integrated solution — one portal, myCiti, could be accessed directly on the Citigroup Web site and the other, AOL Citi Center, was available to individuals with accounts on America Online (AOL).

SL3054_frame_C01 Page 9 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

9

FIGURE 1.5 Citigroup value web.

1.4 CRAFTING VALUE WEBS The key to reconfiguring business models for the knowledge economy lies in understanding the new currencies of value. A value network or value web generates economic value through complex dynamic exchanges between one or more enterprises and its customers, suppliers, strategic partners, and the community. These networks engage in more than just transactions involving exchange of goods and services, they also exchange knowledge and intangible value, for example, community, brand recognition, and reputation.7

E-Businesses are built by artfully combining a variety of business models. These businesses are then linked with others across multiple value chain networks to create what Frank Getman, CEO and president of HoustonStreet Exchange, refers to as a “web for the Web.”8 By incorporating multiple business models that generate separate revenue streams from the same infrastructure, a network of businesses can more efficiently use resources, more effectively meet customer needs for integrated solutions, and drive additional value from the same level of investment. By linking the web of businesses inside a firm with a business network composed of a much larger web of businesses, an organization can leverage the resources of the community to

SL3054_frame_C01 Page 10 Tuesday, November 20, 2001 8:47 AM

10

The E-Business Handbook

further enhance value delivered to all members. The evolution of Quicken.com, Intuit’s vertical portal for consumers, is an excellent example of how value webs are crafted within organizations, industries, and markets.

1.4.1 INTUIT CRAFTS

A

VALUE WEB INSIDE

ITS

ORGANIZATION

In 1983, Intuit founders Scott Cook and Tom Proulx embarked on a quest to revolutionize the way individuals and small businesses managed their finances. A decade later, Intuit had emerged as the worldwide leader in the market for personal and small-business finance software. Its Quicken (personal finance), QuickBooks (small-business accounting), and TurboTax software accounted for 70% or more market share in their respective markets. Intuit executives were quick to recognize the potential opportunities and threats presented by the commercialization of the Internet, the World Wide Web (WWW), and user-friendly browser software. They believed these technologies could be used to deliver new products and services and to dramatically expand the company’s customer base and the range of products and services delivered. Although the market opportunity for Intuit’s traditional software business was estimated at $300 million in 2002, the market opportunity for its online businesses was estimated to exceed $202 billion.9 To exploit this opportunity, Intuit launched Quicken.com in 1996. Initially, Quicken.com operated as an information aggregator through which consumers could access financial services news and information from a number of different information providers. Quicken.com added value by synthesizing the content, categorizing it for easy search and retrieval, packaging it, and then distributing it over the Internet to a rapidly growing network of consumers. In an effort to expand its customer base, Quicken.com executives decided not to charge consumers a subscription fee for its service, but, instead, would generate revenues through advertising. The more consumers visited Quicken.com, the more the company learned about what those consumers wanted, and the more valuable the site became to advertisers. Between 1996 and 1998, six focused distributors were launched under the Quicken.com umbrella brand. By summer 2000, Quicken.com logged an impressive 6 million visitors per month with 20 million regular users during the year. The business models adopted by the six focused distributors within the Quicken.com vertical portal are described below. • QuickenInsurance, QuickenLoan, and Quicken Bill Manager were marketplaces where consumers could purchase insurance, apply for and receive loans, and pay bills online. Revenues were primarily from suppliers that were charged a commission on each transaction. Suppliers were also charged development, consulting, and maintenance fees for system integration. Advertising and referral fees provided additional revenues. • QuickenRetirement and QuickenInvestment were aggregators. Consumers could access information but could not invest online. Revenues were

SL3054_frame_C01 Page 11 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

11

generated primarily from sponsors that were charged advertising and referral fees. • QuickenShopping was a retailer. Consumers and small businesses could purchase Quicken’s packaged software products online and could immediately download the software and all documentation to their personal computer. Alternatively, a consumer could request that Intuit ship the software in its traditional packaging, which included printed documentation. • QuickenTurboTax enabled consumers to access information, tutorials and advice, prepare tax returns and file online. With the launch of QuickenTurboTax, Intuit evolved its traditional packaged software business model to become an application service provider (ASP).* But, Intuit did not eliminate its traditional packaged software when it adopted its online model. In early 2001, consumers could buy TurboTax packaged software for $39.95 and prepare their taxes on a personal computer. The tax forms could be printed out and submitted manually or they could be submitted online using QuickenTurboTax. Alternatively, consumers could bypass purchasing the software package and use QuickenTurboTax to prepare and submit their taxes online. Intuit saved money by shifting to the hosted online software model, and it passed the savings to the customer. There was no charge to prepare taxes online. A fee of $9.95 to $19.95 was charged to file online. Within 1 year of its launch in 1999, QuickenTurboTax for the Web had captured 80% market share for online tax preparation. Although not discussed in depth here, a second vertical portal, Quicken.com for Small Business was launched in the late 1990s. This vertical portal, or ASP, provided a wide range of online services (including payroll, bookkeeping, invoicing, and purchasing) to Intuit’s installed base of more than 2 million small-business users of its packaged software QuickBooks. By the summer of 2000, the ASP had more than 5 million users worldwide. Once again, Intuit found ways to link its packaged software to its online business and, as the number of Quicken for Small Business users grew, so too did the user base for QuickBooks packaged software, which increased to 3 million. During 2000, Intuit earned almost $300 million from its online businesses, and the majority of these businesses were profitable. Figure 1.6 provides an overview of Intuit’s consumer business models in summer 2000. Each Intuit online business leveraged a common infrastructure to generate multiple streams of revenues while also building knowledge assets and strengthening the brand — not just for Intuit but for all members of its value web (see Figure 1.7). Because the Internet and its associated technologies offered a common standardized * An application service provider, or ASP, provides online access to business software applications. Rather than buy a software package or build custom software that is then run on a personal computer or in a company’s data center, an organization pays a fee to access software that runs on computers that are managed by an independent service provider.

Focused Distributors

Aggregators

Producer

Software Firm

• E-commerce and software development know-how • New venture development and partnership know-how • Strong supplier/partner network • Over 25 million loyal customers

Retailers

12

Digital Business Infrastructure

FIGURE 1.6 Quicken.com business model

• Technical infrastructure and know-how • Obsession with customer service deeply embedded in business design • People with a passion for innovation and serving customers • Strong consumer and small business brand

Marketplaces

SL3054_frame_C01 Page 12 Tuesday, November 20, 2001 8:47 AM

The E-Business Handbook

SL3054_frame_C01 Page 13 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

13

FIGURE 1.7 Leveraging e-business infrastructure.

interface for linking value webs inside and outside the organization, Intuit’s Internetbased digital infrastructure provided a modular platform upon which individual businesses could be integrated and built. The marginal cost of adding a new business to the infrastructure was low, and the revenue potential increased dramatically. Over time, new businesses could be built, launched, and grown to scale in months, dramatically increasing the company’s agility and innovation potential while dramatically decreasing risk.

1.4.2 INTUIT’S VALUE WEB EXTENDS TO ITS BUSINESS COMMUNITY The Quicken.com and Quicken for Small Business value webs do not stop at the door of the organization. Instead, these two vertical portals and the individual online businesses within them unite a network of suppliers, partners, and customers. For example, in the fall of 2000, QuickenInsurance linked 50 insurance carrier suppliers to more than 500,000 visitors per month. Approximately 30% of its visitors came through Quicken.com, 20% through AOL, and 17% through its 55 other distribution partners.10 Indeed, America Online was a key member of the Quicken.com value web and, as such, AOL’s success increased the success of Quicken.com (see Figure 1.8). Founded in 1985 as Quantum Computer Services, the AOL.com online information service was launched in 1989 as a proprietary news, information, communication, and entertainment service. From the beginning, AOL also served as a network services provider, giving away its content and community services while charging per-minute network-access fees. In summer 1995, AOL had approximately 500,000 members in the United States, revenues of $344.3 million, and was losing money. Losses continued as AOL shifted from a proprietary to an Internet infrastructure, and as it shifted its revenue model to a flat monthly fee. During 1997, the company lost almost $500 million, and many doubted that it would survive its painful evolution to an Internet business model. But survive it did, and, by the summer of 2000, AOL had more than 23 million

SL3054_frame_C01 Page 14 Tuesday, November 20, 2001 8:47 AM

14

The E-Business Handbook

FIGURE 1.8 Linking value webs across boundaries

members worldwide (approximately 35% of total worldwide Internet users), revenues of almost $7 billion, profits of almost $2 billion, and over $1.5 billion in cash. The completion of the merger with Time Warner in January 2001 was expected to generate an additional $1 billion in equity cash flow to investors by the end of 2001.11 Even before the merger with Time Warner, AOL had evolved a complex business model. To most consumers, it was a horizontal portal that enabled free access to the Internet and its “World Wide Web” of businesses, information, and services anywhere and anytime. Revenues for this component of the business model were collected from advertisers and sponsors. For example, Intuit paid AOL $16.2 million in 1998 to become the exclusive provider of personal and small-business financial services within AOL’s Finance Web Center. It also paid a “click through” fee every time an AOL customer accessed its Quicken.com and Quicken for Small Business vertical portals through AOL. Finally, AOL received a percentage of every transaction conducted on Quicken.com by AOL customers. In early 2001, Quicken.com was one of 25 vertical portal web centers offered through AOL, and AOL commanded 20 to 25% of worldwide online advertising revenues.12 In addition to providing a gateway to content and services, AOL’s business model also reflected its roots as a proprietary network services provider. With the launch of its Internet service in the mid-1990s, it quickly became a leading Internet service provider (ISP). In this role, it developed and maintained the network infrastructure and services that enabled individuals to access the Internet across

Cable Networks

7,000 feature films 32,000 television titles 13,500 animated titles 1 million+ music copyrights

Entertainment

86 magazine titles 8 book publishers+e-book 39 worldwide news bureaus

22 additional Vertical Portals

Vertical Portals

Building Information Age Businesses for the 21st Century*

FIGURE 1.9 AOL Time Warner business model.

• Content, media and broadcasting know-how • New venture development and partnership know-how • #1 consumer online/offline brands touches consumers over 2.5 billion times/month

Aggregators/ Community

• Strong supplier and partner online/ offline network • AOL has over 28 million paid subscribers averaging over 70 min/day online • Together AOL Time Warner has over 130 million paid subscribers

Horizontal Portal ISP Broadband Network Services Provider

Software Firm

• Technical infrastructure and operating know-how

Producers

Digital Business Infrastructure

Distributors

Publishing and Entertainment Publishing

SL3054_frame_C01 Page 15 Tuesday, November 20, 2001 8:47 AM

15

SL3054_frame_C01 Page 16 Tuesday, November 20, 2001 8:47 AM

16

The E-Business Handbook

telephone (dial-up) or high-speed (broadband) networks. The completion of the merger of AOL and Time Warner in January, 2001 created the complex online/offline media conglomerate shown in Figure 1.9.13 Because it provides a common infrastructure for sharing information and coordinating business transactions, the Internet dramatically increases the ability to create value webs like those of Quicken.com and AOL Time Warner. And, like the spider webs upon which they were modeled, these networked value webs, although they may appear delicate on the surface, are surprisingly strong, “sticky,” flexible and resilient. But, as multiple new business webs are added, the complexity of managing these dense networks of relationships increases. It remains to be seen whether complex multimodel businesses such as AOL Time Warner will be able to achieve the synergies that appear so powerful on paper.

1.5 PUTTING THE IDEAS TO WORK It is just an incredible time to be in business and have the rules of business changing … . For many years, we operated under a pretty consistent set of rules. They evolved maybe … but now they’re morphing and that presents a situation that challenges entrepreneurs to figure out: Are these rules real, or are they temporary? Should we respond to them? Do we create new rules? How do we run a company in a world like this when we have 13,000 employees trying to figure out where we are going and what we should do?14

If you think about it, we spent most of the 20th century creating the business rules that were used to build and run a successful company in the Industrial Age. And, we spent the last two decades breaking those rules. Today, as we enter the 21st century, we’re searching for new business models that enable a company to achieve the efficiency, power, resources, and reach of being big, and the speed, agility, and responsiveness that comes from being small. As executives attempt to sort through the options available for building firms that can compete and succeed in the 21st century, they are finding that it is becoming less important to watch the actions of competitors and more important than ever to make decisions based on a deep understanding of the “business fundamentals” that define the structure and dynamics of markets, industries, and the organizations that compete within them. The business fundamentals that guide strategic decision making and action are discussed in this chapter. The following steps can be used to help guide business model analysis.

1.5.1 A STEP-BY-STEP APPROACH E-BUSINESS MODELS

TO

ANALYZING EMERGING

1. Evaluate the concept (opportunity): Assess market opportunity and dynamics, industry and competitive dynamics, business context and risk, product/service positioning, basis of differentiation, and evolutionary

SL3054_frame_C01 Page 17 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

2.

3.

4. 5.

potential (e.g., strategic options). The analysis of the concept provides the foundation for developing a pricing model and revenue forecast. Evaluate the capabilities and resources required to execute strategy: Assess the ability to attract, engage and retain key stakeholders; the appropriateness of operating and marketing plans; and the proposed infrastructure requirements. The analysis of the business design provides the foundation for developing cost forecasts. Evaluate the value proposition (returns to all stakeholders): Evaluate benefits to all stakeholders, revenue, cost, and asset models, profit model, cash flow projections, break-even timing, and financing needs. Check the consistency of assumptions used to build the financial model with the opportunity and resource analysis. Use the analysis as a benchmark to develop real-time performance monitoring systems. Revise the plan and performance measurement systems on an ongoing basis.

17

SL3054_frame_C01 Page 18 Tuesday, November 20, 2001 8:47 AM

SL3054_frame_C01 Page 19 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models A-1.1 FOCUSED DISTRIBUTORS Focused distributors provide products and services within a specific industry or market niche. For example, E-Loan is a marketplace that connects buyers and sellers in the financial services industry and landsend.com is an online retailer that sells clothing and accessories. The five types of focused distributor business models — retailers, marketplaces, aggregators, infomediaries, and exchanges — are differentiated from each other by the following characteristics. Differentiating Features • Does the business assume control of inventory? • Does the business sell online? • Is the price set outside the market or is online price negotiation and bidding permitted? • Is there a physical product or service that must be distributed? Focused Distributor E-Business Trends • Focused distributors that do not allow customers and the business community to transact business online are losing power. • Aggregators are evolving to marketplaces or vertical portals. • Multiple business models are required to ensure flexibility and sustainability. • Focused distributors must align closely with vertical and horizontal portals or evolve their model to become vertical portals.

A-1.2 PORTALS The American Heritage Dictionary of the English Language defines the term portal as “a doorway or gate—especially one that is large and imposing.”15 To many, this definition seems a fitting description of the portal business model that has emerged on the Web. Although the terminology is rather recent, the earliest online business portals (for example, American Hospital Supply’s ASAP and American Airlines’ Sabre) were launched in the late 1960s and 1970s.16 Online consumer portals (for example, America Online and CompuServe) emerged in the 1980s with the adoption of the personal computer. Built on proprietary technology, these pre-Internet portals 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

19

SL3054_frame_C01 Page 20 Tuesday, November 20, 2001 8:47 AM

20

The E-Business Handbook

provided limited access. In fact, in late 1993, AOL’s proprietary consumer portal had only 500,000 members. By early 2001, the number had grown to over 27 million.17 Differentiating Features • Does the business provide gateway access to a full range of Internet information and services, including search, calendar, e-mail, instant messaging, chat, and other community-building tools? • Does the business provide access to deep content, products, and services within a vertical industry (e.g., financial services) or related industries (e.g., travel)? • Does the business provide information and services for all types of users or are the information and services specific to a well-defined affiliation group (e.g., women, the elderly, lawyers, families)? Portal E-Business Trends • Horizontal and vertical portals are emerging as dominant sources of power within e-business markets. • Horizontal portals are joining forces with horizontal infrastructure portals to not just provide access to content and services, but also to network and hosting services. • Large media and entertainment portals that represent convergence of data, telephone, television, and radio networks are emerging in the consumer space. • B2B portals provide both horizontal access to business networks and vertical industry-wide solutions.

A-1.3 PRODUCERS Producers design and make, and may also directly market, sell, and distribute products and services. As mentioned earlier, producers often held the position of power within traditional business markets. During the late 1990s, many worried that new online entrants would dominate the Information Age. The demise of many once-powerful “dot-coms” shifted the balance of power in favor of established players. Differentiating Features • Does the business sell physical products or provide face-to-face services? • Does the business sell information-based products or services? • Does the business provide customized products/or services?

SL3054_frame_C01 Page 21 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

21

Producer E-Business Trends • Producers must be best-in-class – the #1 or #2 brand – to survive. • Some large full-service producers, such as American Express and Citigroup in the financial services industry, are acquiring a full range of products and services and then integrating them to provide vertical solutions required by customers. • Industry supplier coalitions are forming to enable business-to-business commerce within industry groups and with key business customers.

A-1.4 INFRASTRUCTURE DISTRIBUTORS Infrastructure distributors enable technology buyers and sellers to transact business. Four categories of focused distributor, key differentiating features and trends are shown below. Differentiating Features • Does the business assume control of inventory? • Does the business sell online? • Is the price set outside the market or is online price negotiation and bidding permitted? • Is there a physical product or service that must be distributed? Infrastructure Distributor E-Business Trends • The speed of obsolescence of the technology, coupled with the complexity of the solution and slim margins, has forced massive consolidation in network and computing technology channels. For many, service revenues are driving profitability. • Those distributors that take ownership of inventory are searching for inventory-less, just-in-time business models. • Distributors that have the capability for custom configuration of products and services are gaining power.

A-1.5 INFRASTRUCTURE PORTALS Infrastructure portals enable consumers and businesses to access online services and information. Five categories of infrastructure portal, key differentiating features and trends are shown below. Differentiating Features • Does the business enable users to connect to the Internet? • Does the business enable users to outsource the operation and maintenance of Web sites? • Does the business host applications and solutions?

SL3054_frame_C01 Page 22 Tuesday, November 20, 2001 8:47 AM

22

The E-Business Handbook

Infrastructure Portal E-Business Trends • Horizontal infrastructure portals (ISPs, Network Service Providers, and Web hosting providers) are merging or partnering with horizontal content portals to increase value created through intangible assets such as information, community and brand. • Horizontal content portals such as AOL are vertically integrating with horizontal infrastructure providers, such as Time Warner’s cable networks. (Note: Prior to the merger, AOL was an ISP.) • Convergence of voice, data, and video channels and global acceptance of a common set of standards are leading to global industry convergence. • Aggressive pursuit of the growing market for hosted application services is leading to confusion as players with markedly different business models converge on the common space. • Two competing vertical infrastructure portal (ASP) models are emerging: producer-ASPs (for example, Oracle, Siebel, SAP) provide online access to their brand-name software; distributor-ASPs (for example, US Internetworking) offer application hosting of many software brands.

A-1.5 INFRASTRUCTURE PRODUCERS Infrastructure producers design, build, market and sell technology hardware, software, solutions, and services. Producers may sell and provide after-sales service directly or they may share this responsibility with online or offline channel partners including retailers, distributors, and portals. Differentiating Features • Does the business manufacture computer or network components or equipment? • Does the business develop packaged software? • Does the business provide infrastructure services or consulting? Infrastructure Producer E-Business Trends • Many hardware and software producers were early adopters of online commerce, selling directly to Internet-savvy customers and through online distributors. For example, in 1999, over 80% of Cisco’s sales — most of which were through online distribution partners — were through online channels.

Yes

Possibly

No

Possibly

Marketplace

Aggregator/ Infomediary

Exchange

Own Inventory

Retailer

Model & Examples

Possibly

No

Yes

Yes

Sell Online

Yes

No

No

No

Price Set Online

Model Differentiators

TABLE A-1 Focused Distributor E-Business Models

Possibly

Possibly

No

Yes

Physical Product or Service

Depends on model

Referral fees; Advertising & marketing fees

Transaction fees; Service fees; Commissions

Sales

Likely Revenues

Advertising & marketing; staff support for auctions (especially B-2-B); inventory & logistics if inventory control; R&D; Technical infrastructure

Advertising & marketing; R&D; IT infrastructure

Advertising & marketing; physical facilities, inventory & customer svc.; R&D; IT infrastructure Advertising & marketing; R&D; IT infrastructure

Likely Costs

SL3054_frame_C01 Page 23 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models 23

Yes

Limited

Possibly

Vertical Portals

Affinity Portals

Gateway Access

Horizontal Portals

Model & Examples

TABLE A-2 Portal E-Business Models

Within affinity group

Through partnerships with vertical and affinity portals Yes

Deep Content & Solutions

Affinity Group Focus

Yes

Possibly; often through partnerships No

Model Differentiators

Referral fees; advertising, affiliation and slotting fees

Advertising, affiliation and slotting fees; possibly subscription or access fees Transaction fees; commissions; advertising, affiliation and slotting fees

Likely Revenues

Advertising, marketing and sales; content/info asset mgmt.; R&D; IT infrastructure Advertising, marketing and sales; content/info asset mgmt.; R&D; IT infrastructure; Legacy system integration to support transactions Advertising, marketing and sales; content/info asset mgmt.; R&D; IT infrastructure

Likely Costs

SL3054_frame_C01 Page 24 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models 24

Yes Yes Yes Yes

Yes

Manufacturers

Service Providers

Educators

Advisors

Information & News Services

Model & Examples

Sell/Serve Online

TABLE A-3 Producer E-Business Models

Possibly

Usually

Possibly

Possibly

Yes

Sell/Serve Offline

Moderate to High

Moderate to High

Moderate to High

Moderate to High

Low to Moderate

Level of Customization

Model Differentiators

Commission, service or transaction fees; Registration or event fee; subscription fee; hosting fee subscription fee; registration or event fee; membership fee; commission, transaction or service fee Subscription fee; commission, transaction or service fee

Product sales; service fees

Likely Revenues

Content/info asset mgmt.; advertising, marketing & sales; IT infrastructure

Advertising, marketing & sales; content/info asset mgmt.; R&D; IT infrastructure Advertising, marketing & sales; Content/info asset mgmt.; R&D; IT infrastructure Content/info asset mgmt.; R&D; IT infrastructure Content/info asset mgmt.; IT infrastructure

Likely Costs

SL3054_frame_C01 Page 25 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models 25

Yes Possibly

Usually Possibly

Infrastructure Marketplaces Infrastructure Exchanges

Yes

Sell Online

Yes

Control Inventory

Infrastructure Retailers

Models & Examples

Yes

Possibly

Usually

Price Set Online

Model Differentiators

TABLE A-4 Infrastructure Distributor E-Business Models

Yes

Yes

Yes

Physical Product or Service

Transaction fees; service fees; Commission Depends on model

Product sales; service fees

Likely Revenues

Advertising and marketing; physical facilities, inventory and customer svc.; R&D; IT infrastructure Advertising and marketing; R&D; IT infrastructure Advertising & marketing; staff support for auctions (especially B-2-B); inventory & logistics if inventory control; R&D; technical infrastructure

Likely Costs

SL3054_frame_C01 Page 26 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models 26

Horizontal Infrastructure Portals Includes: Internet Service Providers (ISPs), Network Service Providers, and Web Hosting. Vertical Infrastructure Portals Includes: Producer and Distributor Application Service Providers (ASPs)

Models & Examples Through partnerships with non-infrastructure portals and ASPs Yes

Yes

Often through partnerships with horizontal infrastructure portals

Hosted Applications and Solutions

Model Differentiators Internet/Network Access and Hosting

TABLE A-5 Infrastructure Portal E-Business Models

Access fees; commission, service or transaction fees; subscription fees; hosting fees Licensing fees; service & transaction fees; maintenance & update fees; hosting fees

Likely Revenues

Advertising, marketing & sales; content/info asset management; R&D; IT infrastructure

R&D; IT infrastructure; advertising, marketing and sales

Likely Costs

SL3054_frame_C01 Page 27 Tuesday, November 20, 2001 8:47 AM

Appendix A E-Business Models 27

Yes

Yes

No

Yes

Equipment/Component Manufacturers

Software Firms

Custom Software and Integration

Infrastructure Services Firms

Models and Examples

Sell/Serve Online

High

High

Moderate to High

Low to Moderate

Level of Customization

Commission, service or transaction fee; hosting fee

Commission, service or transaction fee

Product license or sales; installation and integration fees; maintenance, update and service fees

Product license or sales; installation and integration fees; maintenance, update and service fees

Likely Revenues

R&D; advertising, marketing and sales; production; physical facilities and infrastructure; specialized equipment, materials and supplies; IT infrastructure R&D; advertising, marketing and sales; production; physical facilities and infrastructure; specialized equipment, materials and supplies; IT infrastructure Access to specialized talent.; professional development and training; travel Content/info asset mgmt.; R&D; IT infrastructure

Likely Costs

28

Yes

Yes

Yes

Yes

Sell/Serve Offline

Model Differentiators

TABLE A-6 Infrastructure Producer E-Business Models

SL3054_frame_C01 Page 28 Tuesday, November 20, 2001 8:47 AM

The E-Business Handbook

SL3054_frame_C01 Page 29 Tuesday, November 20, 2001 8:47 AM

Appendix B E-Business Revenue and Cost Models TABLE B-1 Sample Revenue Options Revenue Category

Description

Product Sales Commission, Service or Transaction Fees

Commerce Revenues Sell or license physical or information-based products. Charge a fee for services provided; can be a set fee or a percentage of the cost of a product or service.

Subscription Fees Registration or Event Fees

Advertising, Slotting, Affiliate and Referral Fees Membership Fees

Software/Hardware Sales Installation and Integration Fees

Maintenance and Update Fees Hosting Fees Access Fees

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

Content Revenues Charge for receipt of updated information on a particular topic or a broad range of topics for a specified period of time (e.g., annual). Charge a fee for attendance at an online event, workshop or course.

Community Revenues Collect a fee for hosting a banner advertisement or special promotion. Collect a fee for an exclusive or nonexclusive partnership relationship. Collect a fee each time a visitor clicks through from your site to another company’s site. Charge a fee to belong to a private group or service. Infrastructure Revenues Sell or license a technology product. Charge either a set or variable fee for services provided; large-scale fixedprice projects are often broken into a series of discrete projects with well-defined timeframes and deliverables; variable fees are often based on time, materials and expenses incurred while working on a project. Charge a fee for software/hardware maintenance and updates. Charge a fee for hosting a software application, Web site, data center or network. Charge a fee for providing access to a network or to an Internet service.

29

SL3054_frame_C01 Page 30 Tuesday, November 20, 2001 8:47 AM

30

The E-Business Handbook

TABLE B-2 Sample Cost Categories Cost Category People and Partners Advertising, Marketing, Sales Business Development Materials & Supplies

Specialized Equipment (does not include IT) Research & Development Physical Facilities and Infrastructure Information Technology (IT) Infrastructure

Description Cost to acquire, develop and retain skills and expertise needed to execute strategy; includes employees and partnerships. Cost of offline and online advertising, marketing and sales. Cost of designing and launching new businesses, developing alliances and acquiring partners. Cost of physical materials used in production of products and delivery of services; includes general purpose and specialized supplies and components. Cost of equipment—especially capital equipment—used in design, production, delivery, and distribution. Cost of designing and developing digital business products and services; may overlap with IT infrastructure costs. Cost of corporate and regional headquarters, sales offices, factories, warehouses, distribution centers, retail stores, service centers etc. Cost of computers and equipment (e.g., printers, data storage devices). Cost to operate and maintain data centers. Cost to design, develop, implement and maintain software. Cost of voice, data and video network equipment (e.g., physical cables, routers). Cost to operate and maintain networks.

TABLE B-3 Sample Asset Categories Asset Category

Financial Assets Marketable Securities

Property, Plant and Equipment Inventory

Description Current Assets Accounts receivable. Cash and convertible notes. Investments made as part of a cash management program. Tangible Assets Physical facilities. Fixed assets required to produce goods and services. Assets held for resale.

SL3054_frame_C01 Page 31 Tuesday, November 20, 2001 8:47 AM

Building Information Age Businesses for the 21st Century

31

TABLE B-3 (CONTINUED) Sample Asset Categories Asset Category

Securities

Real Estate Relationships

Strength of Online & Offline Brand

Knowledge & Expertise

Agility & Responsiveness

Intellectual property Goodwill

Description Investments Stock held by one firm to enable joint control over shared business activities. Stock held by one firm in anticipation of a return at some time in the future. Investment in property in anticipation of a future return. Breadth and depth of relationships with customers and the business community. Loyalty and commitment of customers and business community members. Strong brand recognition among business and consumer communities (includes corporate brand, business unit brands, product brands and global brand). Ability to generate strong personal identification with brand. Ability to leverage “Internet” brand image. Reputation and image. Experience, skills and intellectual capabilities of employees and partners. Understanding of market and business dynamics. Scope and granularity of stored information. Flexibility and ease of accessing, customizing and distributing information. Information literacy. Understanding of technical and business evolution and ability to identify opportunities and threats. Ability to quickly recognize and act on new opportunities and threats. Ability to access and efficiently utilize resources required to execute strategy. Ability to capture the attention and mobilize the commitment of customers and members of the business community to implement new strategies. Patents, copyrights, etc. for which an objective measure of value can be assessed. Value of an acquired company over and above current and tangible assets. The value of an acquired company’s “franchise”—e.g., loyalty of its customers, the expertise of its employees—that can be objectively measured at the time of a sale or change of control.

SL3054_frame_C01 Page 32 Tuesday, November 20, 2001 8:47 AM

32

The E-Business Handbook

REFERENCES 1. Evans, P. and Wurster, T., Strategy and the economics of information, Harvard Business Review, Boston, 1997. 2. Slywotzky, A. and Morrison, D., Profit Patterns. N.Y. Times Business, 1999. 3. Kuhn, T., The Structure of Scientific Revolution, University of Chicago Press, 1970. 4. Cook,Scott, address to MBA students at Harvard Business School, September 1998. 5. U.S. Internet and Financial Services Equity Research Team, The Internet and Financial Services, Morgan Stanley Dean Witter, August 1999. 6. Porter, M., Competitive Advantage: Creating and Sustaining Superior Performance, New York, The Free Press, 1985. 7. Allee, V., Reconfiguring the value network, Journal of Business Strategy 21 (4): 3639, July/August 2000. 8. HoustonStreet Exchange weaves new round of investments and strategic partnerships into its “web for the Web, HoustonStreet press release, March 23, 2000. 9. Intuit Annual Report, 2000. 10. Applegate, L.M., QuickenInsurance: The Race to Click and Close (HBS order #800295). 11. AOL Time Warner Annual Report, 2000. 12. Applegate, L.M., QuickenInsurance: The Race to Click and Close, HBS No. 800-295. 13. Data on the AOL Time Warner business model are from The AOL Time Warner 2001 Fact Book. 14. Pottruck, David, address to executives at Harvard Business School, October 1999. 15. American Heritage Dictionary of the English Language, Boston, Houghton Mifflin, 1971. 16. Applegate, L.M., McFarlan, F.W. and McKenney, J.L., Electronic Commerce: Trends and Opportunities, Corporate Information Systems Management, New York, McGraw-Hill Irwin, 1999. 17. AOL company Web site (www.corp.aol.com/who_timeline.html), March 2, 2000.

SL3054_frame_C02 Page 33 Tuesday, November 20, 2001 8:49 AM

2

The Embedding Stage of Electronic Commerce Vladimir Zwass

CONTENTS 2.1 2.2 2.3 2.4

Introduction ....................................................................................................33 The Volume of E-Commerce Today and in the Future.................................34 The Scope and Structure of EC Enterprise ...................................................35 Embedding of Electronic Commerce ............................................................38 2.4.1 More Sophisticated Mix of Market vs. Hierarchy Approaches in Procurement and Supply-Chain Management...............................38 2.4.2 Multichannel Sales Encompassing the E-Channel............................40 2.4.3 Thick Connectivity Between the Physical and Virtual Worlds and the Ubiquitous Web .....................................................................41 2.5 Conclusions ....................................................................................................42 References................................................................................................................42

2.1 INTRODUCTION Electronic commerce (EC) is a broad frontier of business transformation deploying computer telecommunication networks and allied information technologies. Although EC as we understand it today was born in the early 1990s, with the Internet becoming its primary vehicle, we can see its precursor emerging decades earlier based on wide-area networks and electronic data interchange (EDI). Properly understood, EC encompasses inter- and intraorganizational segments, as well as businessto-consumer commerce. For a period of time, EC was seen by many as limited to the last segment, or, roughly, to selling consumer goods and services over the Internet. As will be seen in this chapter, this segment was always the most visible — if least weighty — part of EC, the tip of the iceberg. The main thrust of EC, which can best be seen in its totality as e-business, is in transforming intraorganizational processes and interorganizational collaboration and exchange by relying on the capabilities derived from the inexpensive universal connectivity of the Internet. Based on our new understanding of the field, the early notion of the autarkic development of EC into a “New Economy” has to be reconceptualized into that of the development of a more productive economy by embedding EC into it.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

33

SL3054_frame_C02 Page 34 Tuesday, November 20, 2001 8:49 AM

34

The E-Business Handbook

This chapter will first describe the scope of EC, proceed to analyze briefly the initial stage of its development, and go on to describe the ever more strongly emerging trend of embedding EC-based processes, methods, and technologies into the previously existing structures. We outline several promising areas of research engendered by this new stage of economic transformation.

2.2 THE VOLUME OF E-COMMERCE TODAY AND IN THE FUTURE EC has been defined as “the sharing of business information, maintaining business relationships, and conducting business transactions by means of telecommunications networks.”27 This definition places the long-term relationships and collaborative effects ahead of the more apparent and transient transactions.* The transaction phase is a consummation of more enduring relationships, enabled by more enduring infrastructures. All of these are within the domain of EC, which includes the business-to-business (B2B), business-to-consumer (B2C), and intraorganizational segments. Because, just as in the traditional enterprises and marketplaces, a B2C transaction is the result of multiple B2B ones, the B2B segment volume, both in actuality and in forecasting, has surpassed the B2C by many times. The volume of the intraorganizational segment is difficult to capture; however, the movement to intranets and other Internet-enabled information systems has been inexorable, displaying impressive return-on-investment results. The definition has proven robust to the evolution of EC. For those who saw the EC enterprise as selling goods over the Internet by green-field firms, the recent contraction in that subsegment heralded a fading of the EC promise. It is our purpose in this chapter to show that the contrary is true, and the EC enterprise is becoming embedded in the economies at large, at least in those regions and countries where it has developed sufficiently. The estimates of EC volume differ, owing to the relative immaturity of the field and vast differences in how it is encompassed. To cite those of highly respected Forrester Research, the total of B2B and B2C EC in 2000 globally was $657.0 billion, of which the lion’s share of $488.7 billion took place in the United States.10 This is forecast by the business-research firm to grow to $6,789.8 billion in the year 2004, to account for 8.6% of the total sales, of which $3,189.0 billion is to take place in the United States, accounting for 13.3% of the total sales in the country. 2 ** Two things are notable about the forecast. It predicts more than tenfold growth of the transactional component of EC over 4 years. It also forecasts a vastly more rapid growth in several regions other than the United States. While the U.S. transaction volume is to grow by a factor close to 6.5 between the years 2000 and 2004, in Asia Pacific, it is to grow by a factor close to 31, Western Europe by a factor of 17.5, and Latin America by a factor of 22.7. Such projections may strain credulity * In its scope, the definition resembles that of e-business, introduced some time later, notably by IBM. However, the EC definition goes back to an earlier usage of “commerce” to mean “dealings.” 22 ** We note that this estimate is in quite close agreement with the recently lowered estimate by Gartner Group of $6 trillion for the worldwide B2B commerce in 2004.8

SL3054_frame_C02 Page 35 Tuesday, November 20, 2001 8:49 AM

The Embedding Stage of Electronic Commerce

35

and their object is subject to the vicissitudes of the business cycles. Yet, the rate of growth has been undeniable. According to the findings of the Center for Research in Electronic Commerce at the University of Texas at Austin, the revenues of the U.S. Internet economy grew by 58% from 1999 to 2000.11 Thus, although the U.S. EC share will still amount to almost half of the global EC sales volume, this share will fall as compared with the present. Indeed, countries such as Australia, South Korea, and Taiwan are expected by Forrester Research to have a greater penetration of EC into sales (all at 16.4%) than the United States (at 13.3%), according to the data set cited above. In other words, we should expect the globalization of EC or, to be more precise, the international spread of EC into national economies. Although, at first glance, EC does appear to be an inherently global phenomenon, in practice, it is not so at the present. While certain countries, notably in Scandinavia and in the Asia Pacific region, have moved “virtually” closer to the center of the world than their geographic endowment affords, others, notably large parts of Africa, are not as yet at the virtual table. Also, the degree to which EC penetrates international trade and, as could have been expected, fosters it, remains to be established. The composition of the trade with respect to its sales to businesses vs. to consumers can be gauged by comparing the above data with the NRF/Forrester Online Research Index.21 In 2000, the total estimate of B2C online sales in North America (USA and Canada) amounted to $48.3 billion, which, when compared with the Forrester Research North American sales total for the year10 amounts to about 10%. When compared with results for previous years, the 1-to-9 relationship between B2C and B2B electronic commerce appears quite stable. The larger effects of EC penetration are to be seen in its business-oriented segments.

2.3 THE SCOPE AND STRUCTURE OF EC ENTERPRISE EC has emerged from the confluence of several business practices grounded in the telecommunications and computer technologies. The earliest of these, EDI, has a decades-long history as the means of computer-to-computer business communications. As an early form of so-called digital commerce, unmediated by human agency, it still has not come to full fruition. The contemporary EC was born when the Internet was opened to business uses, was rendered broadly useful by the development of the World Wide Web, and was opened to access by the invention of the browser. The Internet’s precursor, the ARPANet, was originated in 1969, became the Internet with the TCP/IP protocol suite introduced in 1982–83, and was opened to commercial pursuits by the U.S. government in 1991. The exponential growth of the number of hosts began that year. Perhaps the most decisive feature in the success of the overall Internet design is that it easily accommodates the organic growth as a network of networks. By the spring of 1993, the World Wide Web and the browser as its universal front end began the inexorable expansion of the Internet-based EC. A three-level hierarchical structure of EC has emerged as a result of exceptionally rapid activity seeking to exploit the new opportunities in the competitive context.27, 28 At its foundation lies the infrastructure of the wide-area networks,

SL3054_frame_C02 Page 36 Tuesday, November 20, 2001 8:49 AM

36

The E-Business Handbook

TABLE 2.1 The Hierarchical Framework of E-Commerce with Embedding Directions Metalevel Products and Structures

Services

Infrastructure

Level

Function

Examples

7

Electronic marketplaces and electronic hierarchies

Electronic exchanges Interorganizational supplychain management

6

Products and systems

5

Enabling services

4

Secure messaging

Remote consumer services (retailing, banking, stock brokerage) Infotainment-on-demand (content sites, educational offerings) On-line marketing Electronic benefit systems Intranet-based collaboration Extranet-based linkages E-portals and search/directory engines Electronic catalogs, smart agents E-money, smart-card systems Digital authentication services Digital libraries, copyrightprotection services Traffic auditing EDI, E-mail, EFT, instant messaging

3

Hypermedia/ multimedia object management Public and private communication utilities

2

1

Wide-area telecommunications infrastructure

World Wide Web with Java

Internet and value-added networks (VANs)

Guided- and wireless-media networks

Embedding Directions Exchange speciation Physical ownership to meet guarantees CPFR Mutlimodal marketplaces Brick-and-click services Multichannel sales Linked on- and offline media Multichannel marketing

Services for ubiquitous Web: device-oriented agents, authentication, payments

Messaging for devices/appliances /vehicles Ubiquitous Web, with flexible user/device interface Embedded servers, sensors, actuators E-tags for universal identification of physical objects Protocols for mobility and dynamic ad hoc connections

SL3054_frame_C02 Page 37 Tuesday, November 20, 2001 8:49 AM

The Embedding Stage of Electronic Commerce

37

many — but not all — of which are managed by Internet protocols, and the hypermedia object management of the World Wide Web and allied technologies. On this infrastructure, the service layer of secure messaging and enabling services is provided. The enabling services, such as electronic catalogs, search engines, digital authentication, copyright protection, and many others, have been an area of extensive entrepreneurial activity. Many of them, such as consumer certification or copyright protection, have not reached the tipping point leading to mass adoption as yet; others, such as e-money, have not met with any appreciable degree of success in the marketplace. At the top metalevel, the framework includes the levels of products and structures. The products that lie in the pure digital domain, such as remote consumer services, or information-based systems such as intranet- and extranet-based collaboration, lend themselves especially well to EC. The structures at the apex of the hierarchical framework are electronic marketplaces and interorganizational supply chains. The consumer-oriented marketplaces such as eBay, and B2B marketplaces such as e-Steel, of which a number are successful and more yet attract only marginal activity, act in the spot-buying domain. The Internet-based supply chain management serves long-term linkages between the enterprises. Between the two poles of market and hierarchy lie a variety of hybrid arrangements that are meant to combine the price discovery of the marketplace with the efficiency of the long-term quasihierarchic linkage. The hierarchical framework reflects a wide swath of economic activity. This structure is supported by burgeoning entrepreneurial and intrapreneurial activities in technology development and business deployment. E-marketplaces that furnish only a nexus for transactions have proven to be largely unattractive, particularly if provided by intermediaries or by buyers seen as squeezing suppliers. In general, private marketplaces, often run by corporate consortia, succeed far more frequently than the public ones. Much work is needed to discover how to leverage the value and increase the efficiency of the existing supply chains, while taking advantage of the price-discovery and competitive capabilities of marketplaces. The performance of many sites in the B2C domain has been poor, leading to a collapse of the firms beyond them. Many of these displayed what was called by McKinsey consultants “fatal attraction” — the more customers they attracted, the more money they lost.1 Few attracted visitors were converted into customers, and few of those who did convert became repeat clients. In the McKinsey survey of hundreds of dot-coms, fewer than 1% of visits to pure transactional (i.e., noncommunity) sites were made by people who became repeat customers. A noticeable pattern of heightened online competition, with declining customer value, was discerned toward the end of 2000. The click-through rates of banner-based online advertising fell below 1%. Indeed, during the initial stage of Internet-based EC, it was often perceived as a world apart, giving birth to the New Economy as the opposite of the Old Economy, which, in the eyes of many, e-commerce has come to bury. The perceived image of EC was that of a dot-com phenomenon, where the idea of business model was highly flexible, with the external equity owners targeted as the principal customers. Neither idea, however, is fundamental to EC.

SL3054_frame_C02 Page 38 Tuesday, November 20, 2001 8:49 AM

38

The E-Business Handbook

2.4 EMBEDDING OF ELECTRONIC COMMERCE It appears now that rather than become a replacement for the Old Economy, the emerging New Economy will be an amalgam of the old and the new, an economy transformed. The major directions of this transformation require a far more careful analysis than can be carried out here. What we can do, however, is look briefly at some of the developments that point to more evolved interconnections between the e-world — the world of pure EC and bits — and the p-world, the physical world of things that are not reducible to bit streams. We hope that further research will be stimulated by looking at these interconnections, at the embedding of EC in the existing structures. The hierarchical framework with some of the directions of EC embedding mapped onto it is shown in Table 2.1. As can be seen in the table, the embedding of EC in the physical world takes a number of directions. These can be generalized as three principal thrusts.

2.4.1 MORE SOPHISTICATED MIX OF MARKET VS. HIERARCHY APPROACHES IN PROCUREMENT AND SUPPLY-CHAIN MANAGEMENT The Web supports marketplaces of a great variety of ownership and design that can be used to seek out goods and services, as well as supply-chain management in longer-term buyer–supplier relationships. The discipline of exchange-based procurement can, in some cases, be applied to squeeze the inefficiencies out of the supply chain; it is, however, not a replacement for relationship-based regular supply streams, where the efficiencies are largely gained by cooperation, increasingly relying on collaborative planning, forecasting and replenishment (CPFR) systems to minimize inventories while ensuring reliable supplies. Physical products are manipulated by physical means, and operations and logistics consume a major part of production costs. However, a significant component of value in supply chains is informational in nature. The virtual value chain that mirrors the physical value chain can be created to move some of the activities onto the Internet.23 These activities can be further interfaced with the business processes of partner companies. The examples include procurement, electronic prototyping, extranet-based collaboration, marketing and sales, telemaintenance, and customer service, all of which are subject to the efficiencies of EC-based approaches. As the companies concentrate on their core competencies, business webs emerge, centering on the firms that provide and direct the overall structure, and generally concentrate on product development and marketing. Sun Microelectronics, a division of Sun Microsystems, has become a case in point. The division has 150 supply-web links around the world and maintains no inventory. The tiers of suppliers, partners, and customers are connected over the Web in ever tighter links as the firm implements CPFR.6 Traditional companies are realizing significant efficiencies, with EC becoming embedded in the intra- and interorganizational processes. Carrier, the world’s largest supplier of air conditioners, presently saves $100 million annually, or 1% of its revenues, by having moved part of its upstream supply chain (procurement) and of

SL3054_frame_C02 Page 39 Tuesday, November 20, 2001 8:49 AM

The Embedding Stage of Electronic Commerce

39

its downstream chain (sales) to the Web.12 In 1995, furniture maker Herman Miller opened its SQA (Simple, Quick, and Affordable) division, with a new factory, linked backward with the suppliers and forward with the customers over the Internet. The new method of supply chain management enables the company to deliver products within 2 weeks of the order, instead of 8 weeks previously. SQA has since been used as a template for the entire company, with its largest customers ordering over the Web and production and fulfillment ordered digitally.20 Furniture dealers can establish Web-based links with Herman Miller that enable them to get current information on configuration, availability, and pricing, and specify to their customers the delivery date within 2 hours of the order receipt. Aside from the newly emergent cybermediaries, traditional intermediaries can successfully deliver value-added by relying on the capabilities of the Web.7 Differentiation and speciation of B2B market makers is taking place. Most of the exchanges are going beyond pure price discovery in an auction regime and simple transaction processing to provide the value-added necessary for the specific industry.26 Ultimately, this leads to multimodal marketplaces. Called allin-one markets by Kambil et al.,13 they offer a single platform for multiple interorganizational commercial mechanisms, ranging from pure spot buying (with auctions where desired) to long-term supply-chain relationships. Several business-travel sites and maintenance-repair-and-operations (MRO) sites working on this principle are available, with a gradual move into direct goods as well. Two recently established exchanges aiming to serve as procurement vehicles for the retail industry, GlobalNetXchange (GNX) and WorldWide Retail Exchange (WWRE) aim to move beyond reverse auctions to provide CPFR facilities to the participating firms.25 In many cases, ownership of physical goods has been recognized as necessary to fulfilling the commitments made online. Thus, Enron is able to guarantee the delivery of some of the products the firm auctions by taking the ownership of paper mills and bandwidth. Against the previously touted advantages of almost purely virtual stock, Amazon.com now owns warehouses, where it stocks books and other goods. Extensive multidisciplinary research is required to establish the categories of goods and services that benefit from exchange-type acquisition vs. long-term contracting. The organization of marketplaces and the distribution of power and benefits that lead to stable marketplaces need to be investigated. The principles of operation of business webs, relatively durable alliances of companies that combine their business processes to serve a marketplace, are an important study field. At this time, most of the firms mentioned here are unable to quantify the benefits derived from the new approaches (or lack thereof). The idea of the specificity of Internet economics was buried some time ago, in particular in Shapiro and Varian.24 A thorough framework and analysis of the economics of EC is provided by Kauffman and Walden.15 Economic theory has to be complemented by the studies of market strategies. For example, the presumed buyer dominance on the Web can be eroded by a variety of supplier strategies.9 Mass customization can lead to mass profit erosion.5 Economic studies of alternative supply-chain structures are beginning to appear.18

SL3054_frame_C02 Page 40 Tuesday, November 20, 2001 8:49 AM

40

2.4.2 MULTICHANNEL SALES ENCOMPASSING

The E-Business Handbook THE

E-CHANNEL

The realization of the limitations of purely virtual selling leads to the click-andmortar organizational designs, which combine Web-site customer access with physical presence. This permits the combination of the capabilities of the e-channel with the time-tested advantages of the p-channel. Thus, the e-channel offers the opportunity of (quasi) one-to-one selling, such as customer selection, access convenience, interactivity, continuing customer service, value-added surrounds, and support for product retirement. The trust and the infrastructure for the handling of physical products (distribution network, handling of returns, etc.) are furnished by the physical channel. Partnerships with rapid-response delivery services, such as UrbanFetch, are being formed. Third-party return clearinghouses, such as Return Exchange and GENCO Distribution Systems, have been established. Mail Boxes Etc. is planning to pursue opportunities as a physical front end for a variety of virtual financial services and retail, for example, by accepting deposits from online bank customers or enabling buyers to inspect goods acquired in e-auctions. An emblematic example is the success of Gap, selling over the Web from gap.com since 1997. The firm garners, not simply incremental online sales, but meaningful synergies.2 The campaign conducted in the retail stores to collect the customers’ e-mail addresses has broadened the e-channel customer base. Gap customers who shop in both physical and electronic channels have been found to spend 50% more than single-channel customers; opportunities to cross-sell and up-sell are exploited. Many e-customers who use physical stores to return goods make additional purchases in the process.* Because of the needed speed of roll-out combined with capitalization, EC is, to a large degree, an art of alliances, also in the embedding pursuits. For example, Fodor’s, the company that puts out well-known paperback guidebooks in the field of travel, believes in the need of having strong presence on all online platforms,4 including the wireless. The firm sees wireless products as an adjunct to the guidebooks. Fodor’s has formed strategic alliances with the Finnish telecommunications provider Sonera Zed, with Avant Go, and with OmniSky. The platform providers need established content. Marketing research indicates that the Web facilitates, and often changes, the flows of information and of promotion, negotiation, and transactions, as well as the flows of digital products and services.14 New marketing opportunities emerge for the established firms from these changed flows. For example, Osram Sylvania researches its business customer behavior online and translates this customer knowledge into the marketing and product decisions. Firms such as Gateway, which have reengineered the flow of their physical products using the capabilities of the Web, continually modify the digital flows, substituting for or complementing the physical flows. Yet, Gateway finds it advantageous to maintain a network of physical outlets that serve as showrooms and help sell higher-margin services. * Anyone wishing to see how different this transformation is from the retailing revolution brought on by department stores at the turn of the 19th century can read Emile Zola’s Au Bonheur des Dames (translated into English as The Ladies Paradise).

SL3054_frame_C02 Page 41 Tuesday, November 20, 2001 8:49 AM

The Embedding Stage of Electronic Commerce

41

A great variety of research issues includes the optimization of the physical vs. virtual mix and minimization of costs, while providing the optimal customer service. Beyond that, competitive advantage can be sought and risks can be reduced by a multichannel approach to marketing and sales, but this area still awaits scholarly study.

2.4.3 THICK CONNECTIVITY BETWEEN THE PHYSICAL AND VIRTUAL WORLDS AND THE UBIQUITOUS WEB The means are being introduced to more deeply embed the Web in the physical world. Internet-enabled kiosks, acting as retail computer terminals, complement floor personnel. Far beyond that, bar codes and e-tags can be used as entry points from physical objects onto the Web. Several magazines print the GoCode bar codes, to be read in by handheld scanners. Although this may not necessarily have wide reader appeal yet, it could be a harbinger of important developments ahead. A corporate alliance that includes Motorola and Symbol Technologies has been formed to develop and host a directory of barcode to URL mappings. A highly ambitious project to tag all the physical objects with e-tags whose contents can be remotely examined is MIT’s auto-id.19 If realized, this would enable the objects to act as read-only e-nodes. Exploited to provide complete visibility of physical products in supply chains, the approach would lead to extensive savings. Business benefits, such as the reduction of safety stock in the supply chains, are envisaged. Beyond passive bar codes or tags, Web servers can be embedded in the components of the physical environment. Sensors and actuators embedded in a variety of appliances and devices and relying on such Java-based technologies as Jini for location by clients that need to access them, and on such technologies as Bluetooth for mobile applications, can be deployed in a variety of systems.3 Health monitoring, home automation, and intelligent warehousing are only some of these. A variety of enabling services can be envisaged that would combine the universal bar codes with mobile technology to inform or transact anytime, anywhere. Ubiquitous computing can spread the deployment of digital commerce — direct computer-to-computer information transfer and transacting. Digital commerce can be expected to free humans from the need to monitor relatively simple transactions, and to free those transactions from the delays and errors of human input. We can expect that the Internet-based EDI, when lent a degree of semantic interoperability by the standardization of the extensible markup language (XML), business scenarios of open-EDI and other technologies, will be exploited to standardize business practices, then broadly assimilated. Aside from vital technological issues, including verification and standardization of the business protocols, many research questions present themselves regarding the delineation of the scope of digital commerce and its interface with the physical space, redesign of organizational practices, and the definition of responsibility. The work on electronic trade scenarios17 and formal languages for business communication16 contributes to this domain.

SL3054_frame_C02 Page 42 Tuesday, November 20, 2001 8:49 AM

42

The E-Business Handbook

2.5 CONCLUSIONS At the core of EC are its B2B and intraorganizational segments. Economies are being changed as the EC approaches and technologies penetrate more deeply into the way companies operate and interact with their suppliers, customers and the evergreater numbers of business partners. What could be termed New Economy emerges from this transformation, with e-processes replacing a number of physical ones, supply chains being reconfigured into dynamic supply webs, and the ways of seeking competitive advantage changing as well. If we consider the new stage of EC to be the embedding of the virtual in the physical world, three major thrusts present themselves. Electronic marketplaces and electronic hierarchies are both supported by EC, and a continuum of approaches to procurement and supply chain management emerges. This is expected to lead to significant savings across industries. Fascination with pure virtual selling gives place to multichannel selling approaches, with greater capabilities to serve the multifaceted needs of the customer. As the Web becomes ubiquitous and, perhaps, the universal means of identification of physical objects are established, new opportunities for delivering services will emerge. A rich research agenda is generated by the embedding of EC.

REFERENCES 1. Agrawal, Vikas, Arjona, Luis D., and Lemmens, Ron, E-performance: the path to rational exuberance, McKinsey Q., 1, 2001, 31-49. http://mckinseyquarterly.com. 2. Anderson, Brett, Clicks and mortar: one channel is not enough, Knowledge Mgmnt, March 2001, e8-e10. 3. Borriello, Gaetano and Want, Roy, Embedded computation meets the World Wide Web, Comm. ACM, 43, 5, May 2000, 59-66. 4. Cohn, Michael, Places to go, people to see, Internet World, March 1, 2001, 48-51. 5. Dewan, Rajiv, Jing, Bing, and Seidmann, Abraham, Adoption of Internet-based product customization and pricing strategies, J. Mgmt. Info. Syst., 17, 2, Fall 2000, pp. 9-28. 6. Donahue, Sean, Supply traffic control, Business 2.0, February 2000, pp. 130-132. 7. El Sawy, Omar A., Malhotra, Arvind, Goasin, Sanjay, and Young, Kerry M., ITintensive value innovation in the electronic economy: insights from Marshall Industries, MIS Quarterly, 23, 3, September 1999, pp. 305-335. 8. Gartner Group, Press Release, March 13, 2001. 9. Grover, Varun and Ramanlal, Pradipkumar, Six myths of information and markets: information technology networks, electronic commerce, and the battle for consumer surplus, MIS Quarterly, 23, 4, December 1999, 465-495. 10. Internet Commerce, Forrester Research, http://www.forrester.com/ER/Press/FoorFind/0,1768,0.00.html, accessed on February 22, 2001. 11. The Internet Economy Indicators, http://www.internetindicators.com/keyfindings.html, accessed on February 22, 2001. 12. Judge, Paul C. How I saved $100 million on the Web, Fast Company, 174-181, February 2001, 174-181.

SL3054_frame_C02 Page 43 Tuesday, November 20, 2001 8:49 AM

The Embedding Stage of Electronic Commerce

43

13. Kambil, Ajit, Nunes, Paul F., and Wilson, Diane, Transforming the marketspace with all-in-one markets, Int .J. Electronic Comm., 3, 4, Summer 1999, 11-28. 14. Kannan, P.K. Introduction to the special issue on marketing in the e-channel, Int .J. Electronic Comm., 5, 3, Spring 2001, 3-6. 15. Kauffman, Robert J. and Walden, Eric A., Economics and electronic commerce, Int .J. Electronic Comm, 5, 4, Summer 2001, to appear. 16. Kimbrough, Steve O. Formal language for business communication: sketch of a basic theory,” Int. J. Electronic Comm., 3, 2 Winter 1998-99, pp.23-44. 17. Lee, Ronald M., Distributed electronic trade scenarios: representation, design, prototyping, Int. J. Electronic Comm., 3, 2 Winter 1998-99, pp. 105-136. 18. Netessine, Serguei and Rudi, Nils, Supply chain structures on the internet: marketingoperations coordination, Oct. 2000, http://ebusiness.net.edu/papers/ERF/ERF88.pdf 19. The networked physical world, MIT Auto-ID Center, Dec. 2000, http://autoid.mit.edu/ 20. Newsome, Melba, IS for efficiency, Context, April-May 2001, pp. 50-53. 21. NRF/Forrester Online Retail Index, http://www.forrester.com/NRF/1,2873,0,00.html, accessed on February 22, 2001. 22. Oxford English Dictionary, 2nd edition, CD-ROM, 1992. 23. Rayport, Jeffrey F. and Sviokla, John J., Exploiting the Virtual Value Chain, Harvard Business Review, Nov.-Dec. 1995, pp. 75-85. 24. Shapiro, Carl and Varian, Hal R. Information Rules: A Strategic Guide to the Network Economy, Boston: HBS Press, 1999. 25. Sliwa, Carol, Dueling exchanges make big plans, Computerworld, March 19, 2001, pp. 1, 16. 26. Wise, Richard, and Morrison, David, Beyond the exchange: the future of B2B, Har. Bus. Rev., Nov.-Dec. 2000, 86-96. 27. Zwass, Vladimir, Electronic commerce: structures and issues, Int .J. Electronic Comm., 1, 1, Fall 1996, 3-23. 28. Zwass, V. Structure and macro-level impacts of electronic commerce, in Emerging Information Technologies: Improving Decisions, Cooperation, and Infrastructure, K.E. Kendall, Ed., Thousand Oaks, CA, Sage, 1999, 289-315, http://www.mhhe.com /business/mis/zwass

SL3054_frame_C02 Page 44 Tuesday, November 20, 2001 8:49 AM

SL3054_frame_C03 Page 45 Tuesday, November 20, 2001 8:50 AM

3

Web Evaluation Carsten Totz, Kai Riemer and Stefan Klein

CONTENTS 3.1 3.2

Introduction ....................................................................................................45 Web Evaluation: an Overview .......................................................................46 3.2.1 The Many Facets of Web Evaluation ................................................47 3.2.2 Web Evaluation in the Web Development Management Process .....50 3.2.3 Contingencies of Web-based Interaction Quality..............................51 3.2.3.1 Company-Oriented Determinants .......................................51 3.2.3.2 Customer-Oriented Determinants .......................................52 3.3 Web Evaluation Methods ...............................................................................53 3.3.1 Objective Methods .............................................................................54 3.3.2 Subjective Attribute-Specific Methods ..............................................56 3.3.3 Subjective Event-Specific Methods ...................................................58 3.4 A Web Evaluation Project..............................................................................62 3.4.1 Planning Web Benchmarking 3.4.2 Preparation, Execution and Analysis .................................................63 3.5 Conclusions ....................................................................................................64 References................................................................................................................64

3.1 INTRODUCTION Electronic commerce (e-commerce) is widely acknowledged as the cause of fundamental changes in organizations, industries, market structures and entire economies — changes that increasingly affect almost every aspect of every kind of business. Forced by market pressure and the necessity to build or protect competitive advantages, companies have started to invest heavily in Internet-related technologies. As requisite expertise could not be established as rapidly as businesses began to invest, and as the complexity of Internet applications is also growing rapidly, many EC ventures must be qualified as real world experiments with mission-critical implications. Although a decreasing number of companies favor the idea of deploying the Internet as their exclusive or major sales channel, and combinations of online and offline channels as best-of-breed approaches are emerging, the importance of a Web site as a crucial interface and customer touch point is beyond dispute. Similar to contact situations in offline environments, Web-based interactions can be referred to as “moments of truth,” as any Web site-related measure must prove its appropri1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

45

SL3054_frame_C03 Page 46 Tuesday, November 20, 2001 8:50 AM

46

The E-Business Handbook

ateness to meet customer expectations and needs. Nevertheless, insights into Webspecific success factors, determinants of customer Web site acceptance and quality perception, as well as drivers of changing customer behavior and satisfaction, are still limited. Beyond simple usability tests, companies are confronted with the requirement of assessing the quality of their Web-based customer contact and the measurement of their e-commerce performance. This chapter develops a framework for the evaluation of Web-based customer touch points, while supporting the assessment of real-life Web experiments with appropriate methods and guidelines, the efficiency of organizational learning and the allocation of e-commerce investments to customer needs and value-creating applications. In addition to a detailed conceptualization of different Web evaluation methods and their modi operandi, a contingency model of Web-based business-to-customer (B2C) interactions is used to illustrate determinants of the customer’s quality perception. We distinguish between Web-specific approaches that have been developed from scratch, and approaches that are modifications or adaptations of proven methods deployed in other areas, e.g., research on marketing of services. The prime objective of the chapter is to establish a sound basis for the setup and realization of Web evaluation measures. It begins with a conceptual overview of Web evaluation and the outline of potentials for Web evaluation activities as a source for crucial information throughout typical e-commerce planning cycles. To illustrate the design, the tasks to be taken into consideration and the pursuit of Web evaluation projects, a model Web benchmarking project is presented in the last section of the chapter.

3.2 WEB EVALUATION: AN OVERVIEW Evaluating, in general, can be defined as, “to judge or determine the worth or quality of something,”1 and, furthermore, “evaluation is the process of examining a subject and rating it based on its important features,”2 or “evaluation is how we determine the quality of a product in the context of its intended use.”3 In this sense, Web evaluation might be defined as the methodical assessment and determination of the quality level of Web activities, specifically of a Web site, with regard to important features and contextual objectives. We can further refine this definition by asking: • • • • • • •

Why evaluate? What can be evaluated? Which criteria should be used to evaluate? Who are the assessors? How can evaluation data be collected? When should evaluations take place? What is an area of interest for an evaluation ?

Following are possible answers to these questions to show the broad variety of Web evaluation opportunities.

SL3054_frame_C03 Page 47 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

3.2.1 THE MANY FACETS

47 OF

WEB EVALUATION

The reasons and aims for carrying out a Web evaluation are many. First, Web evaluation projects typically are focused on performance assessment in relation to e-commerce goals. The overall goal of an e-commerce activity is economic success, which can be controlled by the business ratios turnover, profit, market shares or purchase rates. To achieve these economic goals, customer-oriented goals must be accomplished. According to Figure 3.1, quality aspects such as Web site usability, the company image, or overall customer satisfaction with e-commerce activities, can be assessed to identify potentials and needs for further quality improvements. This is the main application area of Web evaluation. Technical Web systems must guarantee a certain quality level regarding availability, security and responsiveness. Performance tests and ongoing monitoring activities help to ensure the achievement of technology-oriented goals. Because these measures have already found tremendous attention throughout a variety of e-commerce and information systems literature, we will barely touch on them and will not be subject to a detailed description (for a deeper insight into Web and IS testing compare Refs. 4 and 5). Several areas can be the object of an evaluation. These can be further subdivided into internal and external transactions. Internal refers to transactions that cannot be observed from outside the company, e.g., by customers or competitors. Therefore, they cannot be the objects of a comparative analysis. Internal operations are technical systems, internal processes, economic aspects and other areas such as advertising instruments. In contrast, external areas are referred to as market-oriented and visible from outside the company. They can be the Web site of competitors, the company’s own Web site, or the Web sites of a whole industry, e.g., to benchmark the industry’s Web practices. In addition to the distinction by areas and the questions mentioned above, methods can be distinguished by further dimensions: applied evaluation criteria, subjects of evaluation, the evaluation mode, the project horizon or the occasions when evaluation could be facilitated. Web evaluation criteria can be either objective or subjective. Objective is the verification of the existence of items and the measurement of time and cost (e.g., technical and economic measures), whereas quality assessment is highly subjective and dependent upon individual attitudes and previous experiences. The necessary evaluation data can be gathered in several ways. First, as discussed in most of the Web evaluation literature, an evaluation can be questionnaire based, surveying evaluation subjects such as customers, external experts, internal employees or other neutral people regarding the quality of Web site functionality. Alternatively, an evaluation can be carried out in a laboratory environment or by running automated technical systems. Figure 3.2 gives an outline of the discussed Web evaluation dimensions. Discussions on Web evaluation aspects with company representatives dealing with e-commerce initiatives have led to the impression that the initial development of an e-commerce strategy and the test of an Internet application in terms of usability during or after the technical implementation are primary triggers for gathering

avail -

respon -

quality

image

assessment

usability

t est, monitoring

siveness

IT performance

security satisfaction

customer

customer -oriented

profit

turnover/

controlling

share

market -

repur chase rate

management -oriented

48

FIGURE 3.1 Overview of Web evaluation approaches derived from e-commerce goals.

ability

technology -oriented

goals

SL3054_frame_C03 Page 48 Tuesday, November 20, 2001 8:50 AM

The E-Business Handbook

• efficiency: cost,

• financial para-

evaluation)

FIGURE 3.2 Dimensions of Web evaluation.

sector

• sites of a whole

quality

• effectiveness:

• own Website

• competitors’ sites

(automated

• technical systems

• partners

• employees

• experts

subjective:

• features/attributes

collection

technical data

evaluation:

• automated

• ongoing monitoring

before Web site start

• quality check

engineering

interviews

observations,

entrance • requirements

• lab experiments:

offline interview

e-mail q.,

before market

• market evaluation

• continuous, longterm (monitoring)

• strategic position

• once (project)

based: Web q.,

• questionnaire

• neutral persons

• customers

...occasions

...horizon

...mode

...subjects

external:

• processes

•technical systems

time

objective:

internal visibility:

meters, cash flow

...criteria

...objects

Web Evaluation...

SL3054_frame_C03 Page 49 Tuesday, November 20, 2001 8:50 AM

Web Evaluation 49

SL3054_frame_C03 Page 50 Tuesday, November 20, 2001 8:50 AM

50

The E-Business Handbook

information on Web site features and quality. Although these occasions are evident, we regard Web evaluation activities as a source of vital information throughout the entire e-commerce planning and development process.

3.2.2 WEB EVALUATION IN THE WEB DEVELOPMENT MANAGEMENT PROCESS Supplementing the above-mentioned types of Web evaluation shown in Figure 3.1, Web evaluation can be performed before setting up e-commerce activities during Web strategy development, as shown in Figure 3.3. In this sense, an analysis of competitive or inspiring Web sites can be carried out to determine the state-of-theart quality level or to decide on opportunities for market differentiation and the (strategic) positioning of Web applications. Customer surveys and further benchmarks can complement this information by explicitly identifying required or implemented features on relevant sites. In the second phase, customer surveys can be carried out to identify required Web features. Furthermore, benchmarking approaches can be used to supplement features by learning from competitors. During the design period, prototypes should be subjected to detailed usability tests to ensure frictionless operation and ease of use by customers after the rollout. Beyond any kind of customer-oriented test, back-end processes might be analyzed with simulations to check their interfaces for the integration with Web applications and to identify (the causes of) potential shortcomings. Collateral testing throughout the implementation period minimizes the risk of missing scheduled milestones as well as the risk of having to compromise on quality. The measurement of customer satisfaction regarding the Web interface and Web-based interactions, the monitoring of technical parameters and controlling of financial figures during operation enables the management to intervene in time and assure a continuous improvement of Web applications. Web Strategy

Web Concept

Web Design

Implementation

Aligning Web strategy with business strategy, positioning

Configure online marketing mix, identify features and contents

Conceptual design of site navigation, interface, processes ( e.g. fulfillment)

Technical implementation of Web software and hardware systems

Competitive intelligence; market research

survey of customer needs -(importance of site features); benchmarking approaches

prototype usability testing (interfaces); process simulations; error probability and effect analysis

testing: --performance; --bug/error; --site usability “Web checker”

(Strategic) positioning

Concept selection & prioritization

User centered design

Quality checks

Operation Doing business; Maintenance of systems

financial and technical controlling customer satisfaction analysis

Continuous improvement

FIGURE 3.3 Integration of Web evaluation into the Web development process.

SL3054_frame_C03 Page 51 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

51

The following paragraphs concentrate on the quality assessment of Web-based customer touch points from the customers’ point of view. The primary focus of our analysis, disregarding technical aspects such as security of transmission, system stability, responsiveness, etc., will be the Web site as a combination of aesthetics, services, content, features and Web site-mediated interaction processes between a company and its customers.

3.2.3 CONTINGENCIES

OF

WEB-BASED INTERACTION QUALITY

3.2.3.1 Company-Oriented Determinants To generate vital and valid information, a set of sector-specific contingencies, as well as company-specific determinants, influence business practices, strategies, organizational settings and the deployment of information technology. These contingencies affect a company’s capabilities, objectives and intentions regarding the design and operation of its Web-based customer touch points in terms of: • Contact and communication (aesthetics, atmosphere, experience, information provided, wording, etc.) • Products and services offered (Web site as a service, Web site features, transactions, sales process, online shop and Web catalog) • Software implemented or required to access a site (site structure, navigation, interface, technical performance, plug-ins, etc.) The Web site integrates these attributes into a single package representing the company’s input coefficients for Web-based interaction processes. Although most definitions of e-commerce emphasize the execution of transactions via electronic channels,6,7 nowadays almost any Internet-related initiative is referred to as electronic commerce. In fact, companies may deploy Internet applications for a broad range of purposes. Therefore, the function of a Web site will likely depend on a set of objectives. Prevalent functions of a Web site are: • A channel for selling, sales promotion and commerce (transaction based) • A medium for the information of different stakeholders: customers, employees, applicants, partners, shareholders and investors • A medium for communication and interaction with stakeholders • A tool for the delivery of Web-specific services (e.g., search functionality) • An entertainment platform The different functions are not mutually exclusive. They might coexist or even be interdependent. These different cases can be classified under the term “genre.” Genres can be defined as “typified communicative actions characterized by similar substance and form and taken in response to recurrent situations”8 (for genres on the World Wide Web see also Ref. 9). We will interpret a genre as a specific type of Web site regarding the type of business in a specific domain, the nature of information and interaction provided and the objectives of a Web site.

SL3054_frame_C03 Page 52 Tuesday, November 20, 2001 8:50 AM

52

The E-Business Handbook

However the objectives of a Web site are defined, the quality of a Web-based customer touch point has a bearing on customer satisfaction and the attitude of customers toward the touch point and its operator. Furthermore, it affects the image and identity of a product or service, customer relationships, brands or a company from the customer’s point of view. The genre of a Web site must be taken into account when trying to evaluate a company’s Web site. It must be considered in the selection of a Web evaluation method and the identification of appropriate evaluation criteria. Otherwise, the evaluation results lack relevance, and evaluated Web sites won’t be comparable among each other. Overall, we can distinguish between three major genres of Web sites: 1. Communication-related Web sites (advertising, image penetration and entertainment aspects) 2. Product- and service-related Web sites (sales, transaction aspects) 3. Web sites with software character (Web information systems, Web tools like search engines or online banking tools). 3.2.3.2 Customer-Oriented Determinants Customers are affected by their cultural background and social context. Relatives, friends or colleagues as model peer group members influence personal characteristics referred to as activating factors (emotions, needs, motivations, etc.), personality (skills, involvement, values, perceived risks) and cognitive traits (experiences, adoption processes, perception).10,11 Corresponding to different motivations or intentions to interact with a Web site operator, online behavior can be divided into browsing and searching activities.12 Whereas browsing bears primary emotional impact, searching entails stronger cognitive implications and constitutes a higher level of activation and involvement surfing the Web. These parameters affect the capabilities, motivation and involvement of customers dealing with Web interfaces in terms of medium, genre and company. A customer might be quite confident surfing the Internet (positive attitude toward the medium), but unmotivated or hesitant to carry out electronic transactions via the Web (negative attitude toward the Web as a transaction platform). In another case, a customer might favor shopping online (positive attitude toward one genre), but dislike any kind of Web advertising (negative attitude toward another genre) or might allocate online transactions to a small and stable set of vendors (positive or negative attitude toward different companies). The outlined determinants constitute customers’ prerequisites in Web-based interaction processes. The analysis and assessment of business–customer interactions and their quality has been subjected to research ever since marketing of services became a recognized research topic. Derived models have in common that they emphasize the interaction between service providers and customers as a crucial determinant regarding the perception of service quality from the customer’s perspective.13–17 Furthermore, service quality is not seen as the consistency of certain factors or parameters but as the customers’ perception of the service suitability to meet their needs. Therefore, the determination of interaction or service quality must be con-

SL3054_frame_C03 Page 53 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

53

ducted from the subjective customer’s perspective, comparing the expected with the perceived level of service. Customer satisfaction is likely in the case of a positive net quality, whereas a negative outcome might cause dissatisfaction. Because Web-based interaction processes can be interpreted as special instances of service processes (intangibility, constitutive cooperation of service provider and customer to render the service, etc.) we have developed the following contingency model of Web-based interaction quality from service-marketing literature. We have included the central evaluation process of interaction quality and customer- and company-oriented determinants.

3.3 WEB EVALUATION METHODS As mentioned before, Web evaluation methods can be divided into internal and external methods according to the evaluated objects (see Figure 3.418,19). Even though internal methods are concerned with the evaluation of technical systems and internal processes, etc., they can also have external relevance. The Web-usage mining concept for example, presented by Spiliopoulou,20 tries to improve Web site navigation by using data mining methods such as sequence analysis for analyzing the user’s navigation paths stored in Web log files.20 Although this method evaluates a certain part of the (externally visible) Web site, the relevant data has only an internal visibility. External evaluation methods can be divided into objective and subjective methods, according to the criteria used (see Figure 3.2). Beyond this, external subjective methods can be further divided into attribute-specific methods, which evaluate a set

Company focus: internal visibility

Market focus (customers, competitors): external visibility

objective

• Weblog analysis, Web usage mining • monitoring of technical systems (e.g. system responsiveness) • process cycle times (internal, back-end processes)

subjective

• FMEA: failure probability and effect analysis: e.g. integration of website with back -end processes • employee interviews: e.g., fit of Web site with corporate identity

objective

• check for the existence of features and attributes • measurement of efficiency and performances • error reports (broken links etc.) -> automated Web checker attribute specific

• ServQual • Web-specific methods: Web Assessment, WebQual, QEM, etc.

event specific

• lab experiments: observation, interviews, story telling • interaction blueprinting • critical incident method • problem-detecting method • frequency relevance analysis of problems

subjective (customer’s quality) perception)

FIGURE 3.4 Classification of Web evaluation methods.

SL3054_frame_C03 Page 54 Tuesday, November 20, 2001 8:50 AM

54

The E-Business Handbook

sector, domain culture company company strategy strategy

organization organization

technology technology

company regarding :: company capabilities, capabilities, goals, goals, intentions intentions regarding contact/ service/ service/ contact/ software software communication product product communication

service & company website interaction web interaction quality consumer

perceived perceived quality quality matching expected quality

quality quality assess assess -ment ment

-

-

+

+

consumer capabilities, motivation and involvement towards medium medium

activation activation

genre genre

personality personality

company company

cognition cognition

consumer consumer culture social context

FIGURE 3.5 Contingency model of Web-based interaction quality.

of single Web quality attributes, and event-specific methods, which perform an evaluation of entire Web interaction processes as shown in Figure 3.5. Selected external methods will be presented in the next paragraphs.

3.3.1 OBJECTIVE METHODS While quality depends on the subjective perception of the Web interaction outcome and is assessed according to individual attitudes,21 objective evaluation methods focus on intersubjective verifiable and nonambiguous attributes. They do not consider individual attitudes or perceptions and they lack measures for relevance. For example, the fact that a Web site offers a community functionality (which is stated as being a relevant e-commerce feature by some authors22) may have no relevance to the specific target group of this particular Web site, whereas it may be important for the customers of another site. Therefore, objective evaluation methods’ contribution to Web quality assessment is limited. But, with objective criteria such as performance measures, error checks, or the verification of the existence of attributes, objective methods can perform certain quality evaluations of a company’s capabil-

SL3054_frame_C03 Page 55 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

55

ities and Web site elements, as shown in Figure 3.5. The advantage of objective methods lies in the easy applicability and the objective nature of the criteria in the comparability of evaluation results of different Web sites for benchmarking purposes. Selected Methods — Objective Web evaluation methods can be divided into methods focused on the software and system quality of Web sites, and methods to survey the existence of certain attributes such as e-commerce concepts on a Web site, which allow a more customer-centric perspective on e-commerce activities than the Web-software-oriented methods do. The first group is concerned with the external assessment of Web sites’ software quality. These methods check broken links, performance or HTML quality and have been implemented into Webbased software tools called Web checkers (compare the example of a Web site checker in Refs. 23 and 24). As examples for the second group, we will look at the methods by Bauer and Scharl25 and Elliot et al.26 1. Bauer and Scharl developed a quantitative evaluation method for the classification of Web sites based on the type of content and the Web site’s document structure. This classification can be used to cluster a group of Web sites (e.g., of an industrial sector) concerning different genres and to classify a Web site into one specific cluster. Such classifications can be valuable when analyzing the kinds of predominating Web activities in a sector and when comparing sectors. Different genres are, for example, characterized by a different content structure (number and size of documents), interaction elements (forms, etc.) and navigation elements (frames, links, etc.). It becomes clear, for instance, that entertainment Web sites and Web sites for customer information may differ widely concerning the use of images and interactive elements. The evaluation can be automated and tool-based in a three-step approach. First, the Web sites are downloaded by a tool; second, the mentioned classification data is extracted by a tool called WebAnalyzer; and the classification is done in a third and final step. Here, Bauer and Scharl propose the application of neural networks for the classification and clustering. 2. Elliot et al. propose a method for the evaluation of commercial Web sites based on an e-commerce criteria framework, with 30 criteria in six categories regarding e-commerce activities and requirements (e.g., product information, transaction processing, ease of use, etc.). The method is questionnaire-based and analyzes the existence of attributes. For each criterion, the rating can be 0 or 1, depending on the existence of one or more attributes for each criterion (if more than one attribute is required, the criterion is rated 1, if a specific number of the attributes exists). The existence of attributes can be easily checked, so that it is not necessary to perform a representative sample of assessments for a Web site. The results for different Web sites can easily be compared, but their interpretation is difficult, as they do not reflect the varying relevance of attributes for different Web sites.

SL3054_frame_C03 Page 56 Tuesday, November 20, 2001 8:50 AM

56

The E-Business Handbook

3.3.2 SUBJECTIVE ATTRIBUTE-SPECIFIC METHODS Attribute-specific methods are based on the assumption that the overall quality of an object can be broken down into several single attributes whose quality can be evaluated separately.27 Attribute-specific evaluations typically consist of a multiattribute-criteria catalog, which can be evaluated using a questionnaire. Therefore, these methods are related to the evaluation of company capabilities as pointed out in Figure 3.5 — the quality of a Web site as a software tool, the quality of services and products and of information and communications. Evaluation Criteria — An increasing number of publications tend to identify relevant attributes that determine the quality and success of effective (e-commerce) Web sites and can therefore be used as a starting point for the identification of generic criteria for subjective attribute-specific evaluations. Although a valuable evaluation of a single Web site must be based on domain- and company-specific criteria, depending on the company’s strategy and implemented genre, comparative evaluations must be based on a generic criteria catalog. The following examples give evidence of the growing body of empirical and hypothesis-based research on Web site quality determinants: • A well-known examination is the Fortune 1000 Webmasters’ Evaluation by Liu et al., who carried out an empirical study among Webmasters to analyze the significance of consumer marketing as well as information system attributes on Web quality, including attributes such as information quality, playfulness, service and system quality, etc.28,29 The findings of the study offer a suggestion for the design of consumer-oriented Web sites and, therefore, a clue for relevant generic criteria. • Similar studies have been made by van der Heijden30 and Ho and Wu.31 Van der Heijden tries to identify attributes affecting the attraction of Web site traffic and influencing whether a customer will revisits the site, considering such attributes as usefulness, ease of navigation, attractiveness and interactivity.30 • Ho and Wu examine antecedents of customer satisfaction for online shopping stores.31 The examined hypotheses relate to logistical support, home page presentation, technological, information and product characteristics. Integration of Subjective Quality Perceptions into the Evaluation — Quality perceived by users depends on their capabilities and attitudes. To integrate subjective quality perceptions of evaluated attributes into the evaluation, two aspects must be considered: 1. Group of assessors can consist of various people with different attitudes, capabilities and experiences with the medium or genre. To evaluate ease of use of a Web interface, i.e., experienced as well as less-experienced persons may evaluate the interface. Thus, it can be checked whether the implemented interface is suitable, regardless of the user’s Web experience. 2. More important, not only the perceived quality of an attribute must be surveyed but also its perceived importance and relevance, which depend heavily on the assessor’s attitudes toward this specific attribute.

SL3054_frame_C03 Page 57 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

57

To survey the expected relevance of an attribute supplementary to the perceived quality, additional questions may be integrated into the questionnaire, as is done in ServQual, the well-known instrument for service quality assessment used in services marketing.32 For each quality attribute, two questions are formulated and presented as a double scale. The questions have the following nature: 1. A first-class Web site has an easy-to-use navigation interface. (Answers range on a scale from “totally disagree” to “totally agree.” 2. Web site X has an easy-to-use navigation interface. (Answers use same scale.) When applying such a design, the answers of the two questions can be compared by weighing the quality assessment of the second question with the surveyed relevance of the first to obtain a valuable and varied judgment. ServQual approaches this, for instance, by subtracting the second scale value from the first one. The higher the remaining number, the higher the perceived quality. Such a two-stage questionnaire design surveys not only the perceived quality, but also a certain degree of influence on the overall quality perception for each single assessor. Selected Web Evaluation Methods — Having discussed identification of multiattribute evaluation criteria and considered integration of subjective customer perceptions and expectations into Web evaluation, we will introduce selected methods specifically developed for the evaluation of e-commerce Web site quality: • Selz and Schubert have developed one of the first Web evaluation approaches, called Web assessment.33 They implemented a Web-based questionnaire with which Internet users assess commercial Web sites to get an interbusiness comparison of sites as a kind of benchmarking. The evaluated attributes have been derived from a two-dimensional framework that consists of a Web performance system with several service layers34 and the four phases of an extended market transaction. So, four phases (information, agreement, settlement and community) with five performance elements exist in which detailed attributes have been identified. The layer model considers not only core services and emotional customer experiences, but also external bundling of specific and generic services from partner companies. Although the criteria model is very extensive, it must be criticized for some lack of external criteria visibility, especially of bundled services that must be assessed by users (customers), but often cannot be identified as bundled from external partners. Nevertheless, the method has been used in several surveys22 and has significantly contributed to Web evaluation research. • Barnes and Vidgen have developed a method called WebQual, which was first developed using the quality function deployment (QFD) method35 and later enhanced by the integration of findings from the ServQual method for the measurement of services. Thus, not only the two-stage questions (importance and quality survey) but also ServQual criteria have been integrated into WebQual to emphasize the Internet’s interaction nature within the WebQual criteria.36 Therefore, Web-specific criteria corresponding to the five servicequality categories of ServQual (tangibles, reliability, responsiveness,

SL3054_frame_C03 Page 58 Tuesday, November 20, 2001 8:50 AM

58

The E-Business Handbook

assurance and empathy) have been identified and further consolidated to get a set of 10 subcategories (two for each ServQual category) with, overall, 24 questions. The method also includes a procedure to calculate a “WebQualIndex” for each subcategory of the questioning results for comparison of Web sites. This has been shown by the authors for the Online-Bookstore genre.36 • Yet another method is the QEM (Quality Evaluation Method) by Olsina,37– 39 based on a detailed generic criteria catalog for evaluation of software quality offered by the International Standard Organization (ISO). Its four-steps are: 1. A domain- or genre-specific set of criteria (attributes requirements tree) is derived from the generic catalog. 2. An “elementary evaluation” is used to assess the perceived quality of single attributes (some criteria are also objective and prove the existence of attributes) regarding subjective perceptions of different user types. For this, scales and ranges for each attribute must be identified and criteria functions for their normalization must be defined. 3. To obtain a global quality indicator for each Web site, the evaluator defines the aggregation process and implements it (third step: global evaluation). For this, the logic scoring of preferences (LSP) model or a simpler additive scoring model can be used to weigh the attributes and identify their relevance to overall quality. 4. The last phase carries out the analysis and comparison of results and the identification of improvement needs and potentials for each Web site. Applications of the method have been done, for instance, for online bookstore,39 academic,38 and museum Web sites.37 The three models (see Table 3.1), represent the questionnaire-based evaluation of Web sites from a customer perspective, considering the subjective nature of quality. They differ in the used criteria catalogs and methods for the aggregation of resulting data to global quality indices.

3.3.3 SUBJECTIVE EVENT-SPECIFIC METHODS The event-specific quality assessment of Internet applications is based on the consideration that Web-based interactions consist of a number of sub-processes or events that drive or bias customers’ quality perception. Therefore, event-specific evaluation methods seem to be appropriate to supplement attribute-oriented methods facilitating an integrated view on the condition and quality of companies’ Web interfaces. The identification and analysis of these events provides management information on how to allocate resources to the development or improvement of crucial features and events. Different event-specific evaluation methods might be integrated in a three-step approach: (1) analysis of common navigation and interaction processes regarding the disclosure of process determinants, (2) identification of critical incidents that might occur throughout the interaction process and (3) the rating of identified shortcomings in relation to resource allocation for development and enhancement efforts (see Figure 3.6). Step 1: Disclosure of Interaction Process Determinants To examine the interaction process from the customers’ point of view and to identify relevant process determinants, a set of appropriate approaches can be applied:

SL3054_frame_C03 Page 59 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

59

TABLE 3.1 Overview of Objective and Subjective Attribute Specific Web Evaluation Methods Method name Elliot et al. (2000)26

Bauer and Scharl (2000)25

Selz and Schubert (1997, 1998)22,33

Barnes and Vidgen (2000): WebQual35,36

Olsina (1999): QEM37–39

Short Description Questionnaire-based evaluation for the comparison of commercial Web sites. Objective method surveying the existence of attributes.

Criteria

6 Categories, each with 5 attributes: • Company information and functions • Product/ service information • Transaction processing • Customer service • Ease of use • Degree of innovation Automated approach for the 3 categories for the classification of classification of Web sites into genres genres: using neural networks. Allows • Content: number, size of documents insights into e-commerce adoption of etc. sectors. • Interactivity: forms, usage of programming languages for interactive elements etc. • Navigation: links, frames etc. Web questionnaire-based subjective Criteria in two dimensions: 1) phases evaluation for the comparison of of transaction process; 2) layers of commercial Web sites. Web performance system. Sector-specific adjustment of criteria necessary. Web questionnaire-based subjective 24 attributes in 10 subcategories: evaluation for the comparison of • Aesthetics commercial Web sites with detailed • Navigation method for data aggregation to • Reliability calculate global quality indices. • Competence • Responsiveness • Access • Credibility • Security • Communication • Understanding the individual Stepwise method for the Criteria: domain specific quality questionnaire-based subjective requirements trees based on a generic evaluation and comparison of criteria catalog by the ISO. Main commercial Web sites with detailed categories: method for data aggregation to • Usability calculate global quality indices • Functionality (using LSP). • Site Reliability • Efficiency

SL3054_frame_C03 Page 60 Tuesday, November 20, 2001 8:50 AM

60

The E-Business Handbook

First, blueprints of observed Web-based interactions must be developed. The preparation of such interactive blueprints can be supported by the analysis of clickstream data or the monitoring of browsing behavior in a laboratory environment, e.g., with Lotus ScreenCams or video cameras (documenting on-screen behavior and expressions of test subjects; for typical usability testing approaches using video cameras in a laboratory environment.40 Adding qualitative information on page features and content to click-stream data is essential as facts taken into account are otherwise very fragmentary. However, click-stream analysis always provides very limited insight into interaction processes, as information on contingencies of surfing activities are not captured in the user navigation record. (Click-stream analysis is an internal or company-oriented Web-evaluation method.) The developed interaction blueprints serve as a framework for the interview and guide the interviewer’s enquiries. With regard to the identified interaction process or subprocess (e.g., searching of product or service information, enter personal information, download software, online orders conducted, etc.), the test persons are encouraged to express their perception of the navigation flow, their impressions and particular evaluations. The interviews validate the appropriateness of the interaction blueprints and relevant process determinants. Compared with internal or expertdriven supervision, the outlined approach proves favorable, as interaction processes and determinants are evaluated from the subjective customer point of view. Step 2: Identification of Critical Incidents Due to the assumption that interaction processes imply a certain number of events determining the overall quality perception — positively or negatively — Step 2 of the integrated evaluation approach concentrates on the identification of such critical incidents (compare Critical Incident Method in Ref. 41). The identification of critical incidents can be achieved by the analysis of phrased customer perceptions and impressions of Step 1, the analysis of clickstream data indicating breakups, the breakdown of complaints or the direct inquiry via questionnaire in customer interviews. Appropriate questions in a questionnaire might be the following: • • • • •

Was any incident during your Web surfing troublesome? Please describe what happened. Did you expect this incident to occur? Do you have an explanation why this incident might have occurred? What did you do after the incident occurred? Were you able to bypass the interference or did you break up the interaction? • Did you expect any help from the Web site or its operator to solve the problem or to prevent it from cropping up?

The result of this evaluation step provides strong evidence on subjective relevant processes and events. Expected process design and quality levels are explicitly described, as well as the expression of expected responsiveness (interaction feedback, complaint handling, etc.). The propositions are unambiguous, as customers can focus on their significant experiences and are not called upon to

SL3054_frame_C03 Page 61 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

Disclosure of interaction process determinants

Development of interaction blueprints

61

Identification of critical Incidents

Mapping of critical incidents

Monitoring online behavior by

Analysis of

¥ personal observation,

¥ voiced customer im-

¥ clickstream analysis, ¥ ScreenCams etc.

Rating of critical Incidents

Problem assessment :: frequency and importance

Analysis of voiced deficits regarding frequency of

pressions and

occurrence and effects

¥ complaints/feedback,

of critical incidents on

¥ clickstreams

Importance

customer behavior

ii22 ii11

ii33

ii55

ii66 ii44

frequency

FIGURE 3.6 Three-step approach of event-specific Web evaluation.

rate a number of predetermined and abstractly phrased quality attributes.42 The understanding of attribute implications on personal interaction and quality requires a level of imagination, which only experienced users will show. As customers can use their own words to phrase their impressions, users of any experience level can provide vital information. The flip side of these methods for blueprinting the Web interaction process and identifying critical incidents is the high degree of effort they require. Surveys and assessment executed in a laboratory environment, as well as one-to-one or focus group interviews, require considerable resources for manual supervision and can hardly be automated. The same is true for the supplementary assessment of complaints, whereas a limited significance must be considered as they consist mostly of partial descriptions. As mentioned before, click-stream analyses are limited due to the lack of information on Web-surfing contingencies and should not be deployed as the primary tool to analyze critical incidents during Web interactions. Step 3: Rating of Shortcomings and Potential Objects of Refinement After identifying critical incidents as shortcomings of Web-based interaction processes, priorities must be set for the improvement of crucial features and further development. The problem-detecting method tries to assess the importance of shortcomings by ranking the voiced deficits. The approach is based on the assumption that problems that occur more frequently and are perceived as particularly significant are more urgent and therefore demand a higher degree of management attention. Shortcomings must be distinguished by frequency of occurrence and by their importance in the quality perception of the customer.27 Whereas the frequency can be

SL3054_frame_C03 Page 62 Tuesday, November 20, 2001 8:50 AM

62

The E-Business Handbook

calculated easily, importance must be estimated by the use of substitutes, e.g., expected or observed customer reaction, level of satisfaction, etc. Furthermore, derived values can be transferred into a matrix to illustrate the nature of identified shortcomings. To summarize the outlined approach: Event-specific methods explicitly evaluate customers’ Web interaction process and provide vital management information. This advantage is partly offset by the fact that incident-oriented methods are extremely resource intensive. Tests in laboratory environments, for instance, require the presence of test subjects and the manual execution and analysis of interviews, as it proves crucial to break down the expressed quality perception into attributes for improvement. In contrast, multi-attribute methods can be carried out online (e.g., with Web questionnaires, etc.) and can be automated to a significantly higher extent. The choice of appropriate methods should be determined by the central objective of the Web evaluation project and resources disposable. Whereas attributeoriented approaches facilitate the deployment of (online) questionnaires and therefore enable representative samples, event-specific approaches provide deeper insight into the customer quality perception of a company’s Web interface and interactions taking place.

3.4 A WEB EVALUATION PROJECT Based on the discussion of Web evaluation methods, we will now discuss the process of a Web evaluation project. Given the complexity of Web evaluation methods and approaches, a Web evaluation project must be carefully planned and structured. It can be divided into classical project phases (Figure 3.7).

3.4.1 PLANNING WEB BENCHMARKING The planning phase is a core phase in which the evaluation goals must be identified and suitable evaluation methods selected. If using a company-specific set of criteria, they must be recalibrated. As an example of a Web evaluation project, we have selected a benchmarking case for a competitive Web site evaluation.43,44 The goals are to identify improvement areas and potentials for further Web activities regarding the customer’s needs. Therefore, a customer-oriented benchmarking with the use of subjective attributespecific methods can be applied and company-specific criteria identified. In a further step, reference Web sites must be identified. For this purpose, two main types of customer-oriented benchmarking approaches can be distinguished:45,46 Planning Evaluation goals Method selection

Preparation Criteria selection Scales and weights Selection of assessors

Evaluation Interview and questionnaire design Carrying out evaluation

FIGURE 3.7 Web evaluation process.

Analysis Consolidation and aggregation of results Interpretation, identification and prioritization of improvements

Implementation Re-implementation, improvement of website & services Implementation of new features

SL3054_frame_C03 Page 63 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

63

1.Competitive benchmarking compares one’s own Web activities with those of direct competitors to identify performance gaps for improvements. 2. Functional benchmarking compares single Web site functions or activities (attributes) with those of companies in other sectors to identify new ideas for the improvement and enlargement of the company’s own Web activities. The benchmarking company first must decide which type of benchmarking to apply and then must identify suitable benchmarking partners.

3.4.2 PREPARATION, EXECUTION

AND

ANALYSIS

In the next step, questionnaires must be prepared. Questions, scales, weights, etc., and a method for the aggregation of data and the calculation of quality indices must be selected or designed. Furthermore, addressees for the questioning must be selected and modalities must be identified. Several possibilities exist: • Web questioning of customers (critical if carried out on the company’s Web site, because of the evaluation of competitors’ sites) • Offline interviews with customers (expensive) • Interviews with neutral experts or internal employees who try to evaluate the sites from a customer’s point of view (problem of relevance, no real customer perspective regarding motivations and attitudes) After evaluation and data collection, data must be aggregated and analyzed. With the resulting quality indices, different types of analysis can be carried out, e.g., a prioritization of attributes for improvement. A comparison of perceived performance and surveyed importance of each single attribute leads to a classification of attributes (see Figure 3.8). Furthermore, a performance gap analysis can be Performance gap analysis

Priority setting

company information

performance

+

interactivity overkill

product information

well done!

performance gap logistics

o

-

must be improved

unimportant

o

1

2

3

4

5

6

speed

+

importance

FIGURE 3.8 Analysis of benchmarking results.

security

ease-of-use

reliability Own website Benchmarking partner A Benchmarking partner B

SL3054_frame_C03 Page 64 Tuesday, November 20, 2001 8:50 AM

64

The E-Business Handbook

done to compare the perceived quality of each attribute for each Web site (see Figure 3.8). An attribute’s performance gap indicates a potential for improvement. Measure must be selected based on the prioritization of attributes.

3.5 CONCLUSIONS The Web has emerged as an innovative communication channel that: • • • •

Facilitates new ways to address and interact with customers Requires and offers new roles and extended functions for customers Yields unprecedented opportunities to collect detailed data Is a platform for Web-based services that have been designed as an integral part of companies’ offerings, e.g., Web-based customer self service and configuration options in the telecommunications industry

Consequently, companies require new ways to evaluate and control the quality of their Web-based activities. While Web evaluation is sometimes seen as just a method to test the quality and performance of Web applications, or a prerequisite of benchmarking and continuous improvement, this chapter discusses a comprehensive framework to structure objects, subjects, events and methods of evaluation, and classify possible approaches. The wealth and complexity of possible evaluation options raises the question of design. We suggest a goal-driven approach that takes contingency into account; the process of selecting, prioritizing and combining possible approaches should reflect the strategic intent and operational goals of companies’ Web applications. The timing of evaluations is another fundamental design option: evaluation approaches can be used in early phases of Web-application development, in a later stage to assess effects, and throughout the development, implementation and deployment process to facilitate feedback loops and accelerate learning processes. A careful assessment design reflects the attempt to capture dynamics and innovation of Web applications.

REFERENCES 1. Webster’s New World Dictionary. 2. Colorado State University: http://writing.colostate.edu/references/processes/evaluate/ 3. Morris, Ed: Toward a Process Framework for COTS Evaluation, Carnegie Mellon University, http://www.sei.cmu.edu/cbs/cbs_slides/98symposium/framework/tsld004.htm. 4. Splaine, Steven, Jaskiel, Stefan P. and Savoia, Alberto (2001): The Web Testing Handbook; Software Quality Engineering Pub., 2001. 5. Nguyen, Hung Quoc (2000): Testing Applications on the Web: Test Planning for Internet-Based Systems, New York 2000. 6. Meffert, Heribert (2001): Marketing – Grundlagen marktorientierter Unternehmensführung, 9. Auflage, Wiesbaden 2000.

SL3054_frame_C03 Page 65 Tuesday, November 20, 2001 8:50 AM

Web Evaluation

65

7. Hermanns, Arnold and Sauter, Michael (1999) : Electronic Commerce – Grundlagen, Potentiale, Marktteilnehmer und Transaktionen, in: Hermanns, Arnold and Sauter, Michael (Eds.): Management-Handbuch Electronic Commerce, München 1999, p.1330. 8. Yates, JoAnne and Orlikowski, Wanda J. (1992): Genres of organizational Communication: A structural approach to studying communications and media, in: Academy of Management Review, Volume 17, 2 (1992), p. 299-326. 9. Crowston, Kevin and Williams, Marie (2000): Reproduced and emergent genres of communication on the World Wide Web, in: The Information Society, Volume 16, 3 (2000), p. 201-215. 10. Kroeber-Riel, Werner and Weinberg, Peter (1999): Konsumentenverhalten, 7. Auflage, München 1999. 11. Trommsdorf, Volker (1998): Konsumentenverhalten, 3. Auflage, Stuttgart et al. 1998. 12. Esch, Franz-Rudolf, Hardiman, Marco and Langner, Tobias (2000): Wirksame Gestaltung von Markenauftritten im Internet, in: Thexis, 3 (2000), p. 10-16. 13. Donabedian, Anthony (1980): The Definition of Quality and Approaches to its Assessment and Monitoring, Volume 1, Ann Arbor 1980. 14. Parasuraman, A., Zeithaml, Valerie A. and Berry, Leonard L. (1985): A conceptual model of service quality and its implications for future research, in: Journal of Marketing, Volume 49, 1 (1985), S. 4-50. 15. Meyer, Anton/Mattmüller, Roland (1987): Qualität von Dienstleistungen; Entwurf eines praxisorientierten Qualitätsmodells, in: Marketing – Zeitschrift für Forschung und Praxis, Volume 9, 3 (1987), p. 187-195. 16. Corsten, Hans (1990): Betriebswirtschaftslehre der Dienstleistungsunternehmen, 2. Auflage, München 1990. 17. Corsten, Hans (1997): Dienstleistungsmanagement, 3. Auflage, München 1997. 18. Meffert, Heribert and Bruhn, Manfred (2000): Dienstleistungsmarketing, 3. Auflage, Wiesbaden 2000. 19. Hofmaier, Katja and Walczuch, Rita M. (1999): Measuring Customer Satisfaction on the Internet, Research Symposion on emerging Electronic Markets (RSEEM), Münster, Germany, 1999. 20. Spiliopoulou, Myra (2000): Web usage mining for Web site evaluation, in: Communications of the ACM, Volume 43, 8 (2000), p. 127-135. 21. Hentschel, Bert (2000): Multiattributive Messung von Dienstleistungsqualität, in: Bruhn, Manfred and Stauss, Bernd (Eds.), Dienstleistungsqualität, S. 289-320, Wiesbaden 2000. 22. Selz, Dorian and Schubert, Petra (1997): Web Assessment — A model for the evaluation and the assessment of successful electronic commerce applications, in: Int. J. Electronic Mkts., 9, S. 46-48. 23. http://www.4allsites.com/linkchecker.html 24. http://www.hh-forum.de/Webchecker.htm 25. Bauer, Christian and Scharl, Arno (2000): Quantitive evaluation of Web site content and structure, Internet Res. J., Vol. 10, 1 (2000), p. 31-43. 26. Elliot, Stephen Ross, Schreiner Morup-Petersen, Anders and Bjorn-Andersen, Niels (2000): Toward a framework for evaluation of commercial Web sites, in: Klein, Stefan; et. al. (Eds.), Proc. 13th BLED Electronic Commerce Conference, S. 69-86, Bled: Slovenia, 2000. 27. Stauss, Bernd and Hentschel, Bert (1991): Dienstleistungsqualität, in: Wirtschaftswissenschaftliches Studium (WiSt), Volume 20, 5 (1991), S. 238-244.

SL3054_frame_C03 Page 66 Tuesday, November 20, 2001 8:50 AM

66

The E-Business Handbook 28. Liu, Chang, Arnett, Kirk P. and Litecky, Chuck (2000): Design Quality of Web sites for Electronic Commerce: Fortune 1000 Webmasters’ Evaluations, in: Int. J. Electronic Mkts., Vol. 10, 2 (2000), p. 121-129. 29. Liu, Chang and Arnett, Kirk P. (2000): Exploring the factors accociated with Web site success in the Content of electronic commerce, Information & Management, (38) 2000, p. 23-33. 30. van der Heijden, Hans (2000): The Impact of perceived Web site Characteristics on Web site Traffic, in: Klein, Stefan; et al. (eds.), Proc. 13th BLED Electronic Commerce Conference, p. 414-425, Bled: Slovnia, 2000. 31. Ho, Chin-Fu and Wu, Wen-Hsiung (1999): Antecedents of customer satisfaction on the Internet: an empirical study of online shopping, in: Proc. 32nd Ann. Hawaii Int. Conf. System Sciences, Hawaii: IEEE Computer Society, 1999. 32. Parasuraman, A., Zeithaml, Valerie A. and Berry, Leonard L. (1988): SERVQUAL. A multi-item scale for measuring consumer perceptions of service quality, in: J. Retailing. 33. Selz, Dorian and Schubert, Petra (1998): Web Assessment — A Model for the Evaluation and Assessment of successful Electronic Commerce Applications, in: Proc. 32nd Ann. Hawaii Int. Conf. System Sciences, Hawaii, Internet and the Digital Economy Track, Vol. IV, 1998, p. 222-231. 34. Belz, Christian, et al. (1991): Erfolgreiche Leistungssysteme, Stuttgart 1991. 35. Barnes, Stuart J. and Vidgen, Richard (2000): WebQual: An Exploration of Web-Site Quality, in: Hansen, Hans Robert; et al. (Eds.), Proc. 8th Eur. Conf. Information Systems (ECIS), p. 298-306, Vienna: Austria, 2000. 36. Barnes, Stuart J. and Vidgen, Richard (2000): Information and interaction quality: evaluating Internet bookshop Web sites with WebQual, in: Klein, Stefan, et. al. (Eds.), Proc. 13th BLED Electronic Comm. Conf., p. 426-444, Bled: Slovenia, 2000. 37. Olsina, Luis (1999): Web-Site Quality Evaluation Method: a Case Study on Museums, ICSE 99 — 2nd Workshop on Software Engineering over the Internet, http://sern.ucalgary.ca/~maurer/ICSE99WS/Submissions/Santos/Santos.pdf. 38. Olsina, Luis, Gogoy, Daniela and Lafuente, Guillermo (1999): Assessing the Quality of Academic Web sites: a Case Study, in: New Review of Hypermedia and Multimedia (NRHM) Journal, http://www.euitio.uniovi.es/Actividades/cursos_verano_9900/Olsina_NRHM.pdf. 39. Olsina, Luis, Lafuente, Guillermo and Rossi, Gustavo (2000): E-commerce Site Evaluation: a Case Study, http://www.euitio.uniovi.es/Actividades/cursos_verano_9900/ Olsina_ECWeb2000_formatted.pdf. 40. Harms, Ilse and Schweibenz, Werner (2000): Testing Web Usability, in: Information Management & Consulting, Volume 15, 3 (2000), p. 61-66. 41. Bitner, M.J., Booms, B.H. and Tetreault, M.S. (1990): The Service Encounter. Diagnosing Favorable and Unfavorable Incidents, J. Mktg., Volume 54, 1 (1990), p. 71-84. 42. Bruhn, M. and Hennig, K. (1993): Selektion und Strukturierung von Qualitätsmerkmalen. Auf dem Weg zu einem umfassenden Qualitätsmanagement für Kreditinstitute, Teil 1 und 2, in: Jahrbuch der Absatz- und Verbraucherforschung, Volume 3. 43. Lederbogen, Kai (1998): Entwicklung eines Benchmarks für Business-to-Customer Electronic Commerce Applikationen; Masters Thesis, University of Muenster, 1998. 44. Misic, Mark M. and Johnson, Kelsey L. (1999): Benchmarking: a tool for Web site evaluation and improvement, Internet Res. J., Vol. 9, 5 (1999), p. 383-392. 45. Zairi, Mohamed and Leonard, Paul (1994): Practical Benchmarking: The Complete Guide, London, 1994. Chapman and Hall. 46. Camp, Robert C. (1995): Business Process Benchmarking, Milwaukee, 1995. ASQ Quality Press.

SL3054_frame_C04 Page 67 Tuesday, November 20, 2001 8:54 AM

4

Role of Information Technology in Supply Chain Management G. Prem Premkumar

CONTENTS 4.1 Introduction ....................................................................................................67 4.2 Value Chain ....................................................................................................68 4.3 Analysis of Information and Product Flow in the Supply Chain .................70 4.4 Responsiveness and Efficiency — Push and Pull Chain ..............................71 4.5 Strategies for Improvement............................................................................73 4.6 Supply Chain Management — Evolution of Information Technologies ......75 4.7 Implementation of Supply Chain Management ............................................78 References................................................................................................................83

4.1 INTRODUCTION Supply Chain Management (SCM) has received considerable attention in the past few years as an area where information technology-enabled e-commerce initiatives can bring significant cost reduction and efficiency improvement. AMR, a leading research firm in this area, forecasts that Internet-based business-to-business (B2B) commerce will reach $5.7 trillion by 2004.1 Industries are predicted to move 60%–100% of their procurement transactions to the Internet by then. New technologies — XML, trading exchanges, enterprise application integration (EAI), application service providers (ASP), etc. — are anticipated to transform B2B interactions. Industries such as electronics, industrial and transportation equipment, wholesale trade, and financial services are expected to find great value in these new technologies and lead in the transformation of B2B commerce. Supply chain management has become important ever since electronic communication technologies first enabled sharing of information electronically among trading partners. The competitive marketplace has put significant pressure on improving the bottom line, and, given that direct costs account for 50%–70% of total expenses in most firms, there is a fertile ground for technology-enabled cost reductions in procurement and management of direct and indirect materials. While, in the past, firms have primarily focused on EDI as the enabling technology, the growth in B2B electronic marketplaces and supply chain software such as enterprise resource planning (ERP), advanced planning and scheduling (APS), and customer relationship management (CRM) systems have

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

67

SL3054_frame_C04 Page 68 Tuesday, November 20, 2001 8:54 AM

68

The E-Business Handbook

opened up new opportunities for collaboration. Although some of the technologies have not lived up to the past year’s hype, the problems cannot be completely attributed to the technologies themselves. Successful implementation requires a change in the philosophy for B2B interaction, shifting from an adversarial relationship to a more collaborative relationship, and a reengineering of the supply chain business processes. This is a difficult exercise, because the change has to pervade the entire industry chain, which comprises multiple business entities with conflicting business objectives and intermediaries whose existence may be threatened by new initiatives. In the long run, firms must collaborate to survive in the competitive marketplace. AMR claims, “Collaboration will become increasingly important for users to handle demand–supply constraints and long run collaboration will evolve into a fundamental capability… .”1 This chapter will provide a framework to understand supply chain management, the problems and opportunities in the area, the evolution of technologies in the last two decades, and some guidelines for implementation.

4.2 VALUE CHAIN Porter and Millar2 developed the concept of the value chain to understand the various activities in an organization that create value, the cost drivers, and the role of IT in enabling the creation of value and, thereby, competitive advantage for the organization. Figure 4.1 shows the various activities that form the core of the value chain. Inbound Logistics

Operations

Outbound Logistics

Sales & Marketing

Service

Customer

FIGURE 4.1 Value chain.

Raw material is received and stored in inbound logistics, converted to a finished product in operations, shipped and distributed through outbound logistics to customers who are identified by the sales and marketing function, and serviced through after-sales service. The primary support activities are assisted by procurement, product design and R&D, human resources, and corporate services such as accounting, legal and other administrative services. Value is created at each stage as the material is converted from a simple raw material to a complex product with a brand image. Costs are incurred at each stage in the value creation process. Value can be defined as the customer’s perception of the worth or price for the end product. The difference in the product value as assessed by the market and the cost incurred in the creation of the product is the profit for the firm. Every firm is focused on two objectives — creation of value and minimization of cost. The value creation could occur through new features in the product, creation of brand image, or excellent customer service. Cost reduction could occur at every stage through increased automation, cheaper sourcing for materials, reduced inventory, etc. IT plays a critical role in achieving both these objectives. In the late ’80s to early ’90s, most firms focused on innovative IT solutions that enhanced value and created competitive advantage for firms.2 In the early-

SL3054_frame_C04 Page 69 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

69

to mid-’90s, firms focused on cost reduction and efficiency improvement as they went through extensive reengineering exercises to create new business processes that leveraged the potential capabilities of the IT infrastructure. Business process reengineering ensured information visibility to various procedures across the entire organization through extensive information sharing and breaking down information silos into different functional areas. In many firms, it changed the existing notions of information and power by breaking power structures created by information silos. In the late ’90s, the focus of process reengineering moved to interorganizational interfaces where significant opportunities existed for leveraging IT to improve efficiency, reduce costs, and enhance value. The Internet, providing network connectivity to all trading partners, led to the development to new technologies such as B2B e-marketplaces, SCM systems and e-procurement systems. The value chain concept can be expanded from an organizational context to an industry analysis. An industry value chain can be considered as a series of value chains of various participants interlinked.3 Figure 4.2 shows the various participants in an industry value chain. While the organization’s value chain is focused on the immediate customer, the industry value chain is focused on adding value at minimum cost to the ultimate end consumer. It takes a “global” rather than a “local” view of optimization. Sometimes, using a local optimum strategy may not be beneficial in obtaining a global optimum. This situation is no different from the view of an organization 20–30 years ago, where individual functional areas or divisions were independent cost or profit centers concerned more about their local optimum at the risk of a global optimum that would be beneficial to the entire firm. As the marketplace becomes increasingly competitive, the competition has shifted from individual firms to whole-industry value chains, one competing with another. In such an environment,it becomes important to take an industry level perspective and foster greater collaboration among the participants.

Financial Institutions Logistics Supplier

Manufacturer

Distributor

Information

Physical Goods Payment

FIGURE 4.2 Supply chain.

Retailer

Customer

SL3054_frame_C04 Page 70 Tuesday, November 20, 2001 8:54 AM

70

The E-Business Handbook

Implementation of new processes and IT innovations at organizational level is relatively easy because top management can enforce certain strategies and guidelines. Implementation at the industry level is a more difficult exercise, because the participants are independent business entities with different business objectives, and sometimes could be competitors or competitors’ suppliers. The realization that all participants will lose business if the value chain is not competitive is perhaps the greatest motivator for collaboration. Power and dependence relationships, and equity in sharing of the benefits become important factors for successful implementation. Also, there are challenges from a technology and optimization perspective. Because most participants are members of multiple SCM, optimization across multiple networks becomes a nontrivial task. As shown in Figure 4.2, there are basically three flows in the industry value chain: 1. Product flow from supplier to customer through various intermediaries 2. Payment flow in the opposite direction 3. Information flow in both directions The flow of information and payment can occur electronically, while product flow, unless it is a digital product, is a physical flow. Logistics providers facilitate the physical flow of the product and financial institutions facilitate the flow of payments. The upstream is sometimes considered the supply chain and downstream the demand chain. The supply and demand chain changes depending on the member in the chain. A demand chain for one could become the supply chain for another. In practice, most people consider the entire industry value chain as a supply chain, and the same view will be used in this chapter.

4.3 ANALYSIS OF INFORMATION AND PRODUCT FLOW IN THE SUPPLY CHAIN The information flow in the value chain is dependent on the characteristics of the information such as its availability and the possibility of sharing it, and the speed of information flow among the different participants. The availability of electronic communication channels among the participants considerably increases the speed of information flow. For example, a 5- to 6-day paper-based mail system can be reduced to a few seconds in an electronic mail system. However, the characteristics of the information influence what flows freely and what does not, regardless of the communications technology. Lack of information flow creates uncertainty. Organizations attempt to reduce their environmental uncertainty both upstream (supplier) and downstream (customer). However, uncertainty also creates power, due to information asymmetry, that can be leveraged in negotiations and in interorganizational relationships. Hence, information flow is dependent on the willingness of members to share information, resultant loss of power, and equitable incentives for sharing information. The trigger for information flow is the order (or order forecast) from the customer. The uncertainty in customer needs creates a ripple effect along the entire value chain. The uncertainty could be caused by the customer’s not being aware of future needs,

SL3054_frame_C04 Page 71 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

71

or not willing to share that information due to commitment costs. However, most customers expect the firm to fulfill the order quickly. According to Christopher,4 “Most organizations face a fundamental problem: the time it takes to procure, make and deliver a finished product to a customer is longer than the time the customer is prepared to wait for it.” The lead-time gap varies from industry to industry. Organizations address the problem of lead-time gap by carrying inventory to meet the needs of the customer as shown in Figure 4.3. Inventory is carried at each stage in the supply chain because the demand uncertainty is transmitted right through the chain, sometimes with a magnifying effect. A small change in a customer order could cause a “bullwhip” effect of major changes at the other end of the chain, as most participants overreact to changes in their demand chain by making a greater change in their supply chain, greatly exaggerating the actual change in demand for the ultimate consumer (Hau, Padmanabhan, and Whang, 1997). Firms enjoy two benefits from carrying inventory: • •

Provides the customer with instantaneous or quick delivery of product. Also buffers the firm’s internal operations from external uncertainty.

The amount of inventory is dependent on the order cycle time. If shorter than the customer’s acceptable waiting time, then there is no need to carry any inventory.

Supplier

I n v

Manufactrer

I n v

Supply

I

Distributor n

Retailer

v

I n v

Customer

Demand Chain

FIGURE 4.3 Supply and demand chain.

4.4 RESPONSIVENESS AND EFFICIENCY — PUSH AND PULL CHAIN Inventory, while providing improved customer service, is an extra cost. The value of instantaneous or quick delivery must be matched with the cost of providing it. Most firms strive to balance responsiveness with cost and efficiency.5 Improved responsiveness is always at the expense of cost. The market determines the appropriate value for responsiveness and, therefore, different industries have different tradeoffs. While customers to a convenience or grocery store place a significant value on responsiveness, customers for large capital goods may be willing to wait longer. Some goods must be made to order because of product complexity or other factors. The production process could also influence the tradeoff, because some goods are most efficiently manufactured in large volume due to high setup costs, which may change the tradeoff between responsiveness and efficiency. A commodity

SL3054_frame_C04 Page 72 Tuesday, November 20, 2001 8:54 AM

72

The E-Business Handbook

Supplier

I n v

Manufacturer

Push

Supplier

I n v

Manufacturer

Distributor

Retailer

Customer

Pull

I n v

Push

Distributor

I n v

Retailer

I n v

Customer

Pull

FIGURE 4.4 Push–pull chain.

product with a certain demand (e.g., steel pipes) is better produced by an efficient production process. A firm has to examine its product characteristics, production processes, and market demands, and determine a strategic fit among demand uncertainty, responsiveness, and cost.5 Once a firm has determined its strategic fit, all its functional strategies should mesh with it. For example, a firm focused on efficiency uses a business strategy of low manufacturing cost, high volume, and low margin, while a firm focused on responsiveness would use flexible manufacturing and high margin to offset the cost of responsiveness. The industry and firm characteristics determine the level of responsiveness and location of the inventory in the supply chain. Because inventory can be partially substituted with information, IT influences the location and volume of inventory stored at each of the interorganizational interfaces. The two types of supply chains — push and pull — are based on information flow and how the order is filled. Typically, most supply chains use a combination of both. Figure 4.4 shows the difference between the two chains. In the “push” chain, inventory is pushed through the chain in anticipation of customer orders. All actions are based on forecasts. This can be considered a responsive supply chain because inventory is located in every interface to swiftly meet customer demands. However, the chain also runs the occasional risk of obsolete inventory and of products in the chain that do not exactly match a customer’s specifications. In the “pull” chain, the customer’s order triggers the information flow and associated activities to fulfill the order. While this reduces the inventory in the chain, it is less responsive and puts pressure on reducing the manufacturing cycle time. In most practical cases, it is difficult to have a chain with no inventory in any of the stages. Typically, you will encounter some items where the lead-time gap is too large to slow down the supply chain. Natural raw materials and foreign outsourced parts that have long delivery times are typically stored as inventory. While industries such as consumables, consumer durables, and groceries are more likely to be push chains, commercial aircraft, ship building, large capital goods, etc. are invariably pull.

SL3054_frame_C04 Page 73 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

73

4.5 STRATEGIES FOR IMPROVEMENT An organization can use two strategies to reduce the inventory — (1) reduce demand uncertainty by improving the forecast or (2) reduce the order cycle time. While the first reduces obsolescence and unwanted inventory, the second makes it possible to carry smaller inventory. Forecasting is prone to errors and firms tend to be conservative, carrying more inventory than necessary. A whole field of optimization has developed models and methods to improve forecasting accuracy. Newer technologies such as customer relationship management (CRM), data mining methods, and decision support systems are attempting to better assess customer needs and reduce forecasting errors in estimating product volume and options, characteristics, and order timing. Developing close relationships with a few suppliers and providing realtime information visibility on customer demands to them will enable substituting inventory with information. Supply Chain

Supply Time

Firm

Manufacturing Time

Demand Chain

Delivery Time

FIGURE 4.5 Time

The second strategy is to reduce the order cycle time and thereby the lead-time gap. If the lead-time gap can be reduced or eliminated, the firm does not need to carry any inventory. As shown in Figure 4.5, order-cycle time has three components: demand chain, manufacturing, and supply chain. Hence, any strategic exercise in reducing the lead-time gap must examine time reduction strategies in each of the three areas and potential costs for each strategy. In the demand chain, various strategies are employed to address the lead-time gap.6 Figure 4.6 shows some of the options. A firm could use a “ship-to-order” strategy by maintaining finished goods inventory to service the order immediately and thereby reduce the lead-time gap. Another strategy is the “pack-to-order” strategy, where the final assembly is postponed and is packed or assembled from a inventory of modules after the order is received. It reduces the need to carry all the different option combinations in finished goods and thereby reduces total inventory. This requires a product design strategy of modularization of the product assembly. Because this approach requires packing or assembly, the packing time should not be greater than the customer’s acceptable wait time. Additional capacity for packing may also be required. The third strategy is the “make-to-order” approach, where an order triggers the manufacturing of the product. This, however, requires a manufacturing system that is very responsive to changing customer orders. The firm should manage customers’ expectations based on their needs and acceptable wait time. The

SL3054_frame_C04 Page 74 Tuesday, November 20, 2001 8:54 AM

74

The E-Business Handbook

Manufacture

I n v

Pack

I n v

Distribute

Ship to Order Pack to Order Make to Order

Consume

I n v

Plan

I n v

Procure

Buyer - Purchase Order Automatic Replenishment - CRP End user - E-Procurement

FIGURE 4.6 Order strategies.

firm also needs to reduce its order cycle time through improved manufacturing and delivery logistics. In the manufacturing stage, a common strategy to reduce time is to have surplus manufacturing capacity to meet variations in demand. Some firms move away from assembly line manufacturing to make their systems more responsive, which could be at the cost of efficiency. A firm could modify the product design to reduce the number of product options so that variance in product orders can be reduced, facilitating more efficient manufacturing and reducing the manufacturing time. Efficient manufacturing processes that reduce the delays between stations reduce the total manufacturing time. In the supply chain, a firm could reduce the supply time by requiring its major suppliers to maintain inventory in its premises. Vendor-managed inventory (VMI) was a popular approach that used this method. However, this is a local optimum solution, essentially moving inventory from one location to another, and it does not benefit the whole chain. Modern innovative approaches attempt to reduce the supply chain time by moving the ordering point earlier into the procurement life cycle. A procurement cycle can be considered to consist of three stages: 1. End users or manufacturing processes consuming inventory 2. Planners requesting replenishment of inventory 3. Buyers evaluating suppliers and placing purchase orders Typically, the purchase order is triggered at the last stage by the buyer. If suppliers are allowed to monitor the inventory and capture the order information at the planning stage, they can be more responsive, because they can save the time spent on purchase-order processing. An additional improvement would be to access consumption information of end-users and capture the order directly from them. This would save the time spent on planning and purchase order processing. An eprocurement system that is integrated into a firm’s intranet to directly receive orders

SL3054_frame_C04 Page 75 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

75

from end-users is an example of such an approach. Dell has partnership with a few customers where it allows end-users in these firms to order directly from customized Web pages, thereby saving internal planning and purchase-order processing time. A firm may have to use different procurement strategies, depending on the product characteristics, vendors, and procurement practices. Some indirect materials and office supplies can be directly ordered by the end-users, while other items may require more formal planning and ordering by the purchasing department. Firms have been trying to reduce the order cycle time as well as changing customers’ expectations on acceptable wait time. For instance, in the PC industry, online purchase of computers has become very common. For the customer, this involves moving from the traditional approach of going to a retail store and picking up a computer (order cycle time of 0) to ordering and waiting for 5–10 days to receive the product. By carefully modifying the needs of the customer, the industry was able to make a change in the procurement practice for a majority of customers. In other industries, such as grocery supply, where instantaneous delivery is normally a requirement, firms along the value chain are tightly integrating their operations through efficient consumer response (ECR) systems and other new initiatives to reduce the order cycle time and inventory in the chain. Although it is a push process right through, the industry has significantly reduced the inventory at each stage. New entrants in the grocery industry, such as Webvan, have tried, to some extent, to modify the behavior of the customer, thereby reducing uncertainty. For example, they monitor the purchases of individual customers and suggest a list of items that they will need at least a week in advance. This way, they have reduced the order cycle time by a week, and, to that extent, have converted some parts of the chain to a pull cycle or reduced the inventory storage at each stage. If the order cycle time for a product in the chain is less than a week, they have eliminated inventory for the product in the chain.

4.6 SUPPLY CHAIN MANAGEMENT — EVOLUTION OF INFORMATION TECHNOLOGIES Organizational interactions have gone through significant changes in the last 50 years. In the ’50s and ’60s, manufacturing firms were highly vertically integrated, where many of the first-tier suppliers were either divisions or subsidiaries of the firms. A classic example of such an organization was General Motors, whose philosophy dictated that all the critical parts of an automobile be engineered and made by the company. Other large manufacturing firms during that period had similar philosophies. Supply chain coordination was much easier, because all the parts belonged to the same company. In the ’70s and ’80s, lack of economies of scale, labor issues, globalization, etc., forced firms to focus on their core competency and outsource manufacturing of some of their products to low-cost subcontractors, both inside and outside the country. The availability of cheap labor in developing countries led to globalization and greater outsourcing, which significantly increased the coordination problems caused by distance, time zone variations, cultural differences, lack of communication-technology infrastructure, and other factors. It also brought in significant competition from foreign firms that had a different cost structure. In the

SL3054_frame_C04 Page 76 Tuesday, November 20, 2001 8:54 AM

76

The E-Business Handbook

Synchronization

Collaboration Level of Integration

Coordination

Communication

Time

FIGURE 4.7 Evolution of IOS Technology.

’90s, growth of the Internet and developments in communication technologies have brought significant changes to SCM practices. Hence, there has been significant pressure in the SCM area to reengineer business processes, reduce inefficiencies and costs, and improve SCM performance. IT has played a key role in the evolution of SCM. The availability of cheap electronic communications has considerably reduced coordination cost and enabled organizations to move from vertically integrated firms to horizontally networked organizations. Figure 4.7 shows the various phases in the evolution of SCM with time in the x-axis and level of integration in the y-axis. As is evident from the figure, the level of coordination in the past 20 years has continued to increase. We can identify four broad phases in the evolution of communications technology: 1. 2. 3. 4.

Communication Coordination Collaboration Synchronization

The first phase of evolution can be termed the “communication phase,” where IT essentially enabled faster communication of transaction information between trading partners. A paper-based purchase order mailed to a supplier took 3 to 6 days to arrive. The use of IT reduced it to a few hours. Electronic Data Interchange (EDI) was extensively used for communication. It provided a structured format for transmitting different types of transaction information. The information was transmitted through either direct dial-in connections or through third party value-added networks (VAN). Early pioneers in the retail industry such as Wal-Mart, Sears, K-Mart, etc. used proprietary standards and formats for communication. Suppliers had multiple

SL3054_frame_C04 Page 77 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

77

systems to interact with each of their major customers. In most cases, it was a batchoriented process where the trading partner would check its mailbox with the VAN two or three times a day to download or upload its EDI transactions. Typically, the information went through multiple media changes. A purchase order created by an information system or filled out on a paper form was transcribed into EDI format and then electronically transmitted to the other end, where it was either printed out and used as the basis for triggering internal processing, or reentered into an appropriate information system. There was very little integration with the internal system. In this phase, technology essentially made the transmission of information faster, replacing the paper-based mail system. While large firms benefited from directly feeding the electronic transaction information to their internal information systems, the value proposition was very limited for many firms, especially those that used FAX extensively for communication. The next phase in the evolution was the “coordination” phase. This involved the expansion of communication to a wide variety of transactions and greater integration with the systems that generate or consume the EDI information. Many firms used a middleware to interface EDI with existing legacy systems for purchase order, sales invoices, accounting, etc. The movement from proprietary formats to standard formats and the strong push for standardization to ANSI X.12 or EDIFACT helped to alleviate the problems in communicating with multiple partners. VANs also provided translation software and middleware to convert flat file information from legacy systems to approved EDI formats. The expansion in the range of transactions brought in both internal and external challenges. The difficulty in coordinating with multiple functional areas, interfacing with multiple internal information systems, and reluctance to share information both internally and externally slowed implementation in many firms. While there was little resistance to transmitting traditional transaction information such as purchase orders, sales invoices, bills of lading, etc., there was significant reluctance to share other information such as demand forecast, warehouse inventory, and other information that firms perceived could impact their competitive advantage. Integration with internal systems brought significant improvement to efficiency and cost reduction. Prior to introduction of IT, an average purchase order cost $50–$100 for creation and transmission. The cost has been reduced by 50%–75% through savings in labor and coordination cost. The third phase in evolution is the “collaboration phase,” where a firm moves from simplistic information sharing to true collaboration. Technologies for collaboration include group support systems, teleconferencing, e-mail, discussion forums, and other communication technologies that reduce the constraints of space and time and enable global collaboration. Two trading partners could collaborate at different levels between multiple functional areas. Collaboration ideally starts at the strategic level and works its way to the tactical and operational level. For example, a firm could collaborate on new product development, sharing information on market research, product designs, customer preferences, and process technologies. This would enable the firm to design better products in a competitive manner. Collaboration can occur in the operations stage in the value chain. Visibility of information on demand, inventory, production schedules, etc., greatly improves the efficiency by reducing the information uncertainty and associated bullwhip effect.

SL3054_frame_C04 Page 78 Tuesday, November 20, 2001 8:54 AM

78

The E-Business Handbook

Coordinated production, with changes being communicated instantaneously, can bring stability to the chain. The potential for collaboration in the logistics stage is highlighted by the SCM practices in the electronics and PC industries. Dell shares its order and customer information with its monitor supplier (Sony) and logistics provider so that monitors can be shipped to customers directly without having to be transported to Dell’s warehouse, stored, and then shipped to customers with the rest of their computer orders. While collaboration eliminates double handling, it requires extensive coordination and working closely with a trading partner. It is based on trust in the capabilities of the trading partner. Micron technology goes one step further in a collaborative relationship. It collaborates with UPS to enable the package-delivery service to assemble all the packages in a computer order that it maintains in its warehouse. Collaboration in the marketing stage of the value chain could involve joint programs for product promotion with the retailer, market research on customer preferences, sharing retail sales data for better promotion and pricing, and joint demand forecasting leading to reduced inventory in the demand chain. In the after-sales service area, firms could outsource to third-party providers, but could provide integration through IT. For example, although Dell outsources its after-sales service, customers and outsourcers use Dell’s information systems for troubleshooting and reporting problems. Hence, the extensive expertise of Dell is provided to the outsourcer to provide high quality service. Dell also benefits from direct receipt of information on problems, which enables the company to improve its products. The last phase can be termed the “synchronization” phase, where collaboration between trading partners is taken to the next level, moving from a dyadic collaboration to synchronization and collaboration across the entire supply chain. The entire chain functions as a single unit, with all partners striving for a common business goal. It requires information visibility across the entire chain and close collaboration with at least two levels of trading partner. New initiatives such as collaboration planning, forecasting, and replenishment (CPFR), are influenced by the availability of technology for sharing real-time information and facilitating collaborative demand planning, what-if analysis, and various other collaborative activities. Synchronization could involve redesigning the entire supply chain so that the firms, through strategic partnerships, evaluate supply chain flows and redesign business processes, identify storage and distribution points, determine benchmarks for performance measurement, recognize the risks and rewards, and develop equitable methods for sharing the benefits among the partners.

4.7 IMPLEMENTATION OF SUPPLY CHAIN MANAGEMENT SCM implementation is a difficult task that requires the cooperation of all the participating firms. Because an organization deals with multiple suppliers and has different procurement needs for different products, it is necessary to develop a comprehensive plan for SCM. Major strategies and policies should flow from the top to ensure commitment among the internal units. SCM planning should address the strategic, tactical, and operational level issues. It is important that

SL3054_frame_C04 Page 79 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

79

the coordination between the two firms happen at all the three levels. One without the other is always a recipe for failure. For example, top management at the strategic level may agree on a partnership, but if it is not followed through at the tactical or operational level, or if there is significant resistance at the lower level, then SCM will exist only as an idea. Similarly, if people at the operational level see the tremendous opportunities for collaboration based on their experience with EDI, but it is not in alignment with the firm’s strategic vision, or the supplier is not a strategic trading partner, then they will hit a roadblock in implementation. Ideally, SCM is implemented as a top-to-bottom approach, with strategy driving execution. Sufficient communication and buy-in by the planning and execution team is required in both firms, because SCM may involve a change in culture, job redesign, and restructuring of some functions. A brief analysis of the issues at the three levels is discussed below. Strategic Analysis — Strategic planning for SCM is critical to allow the organization to ensure that SCM initiatives are in alignment with corporate business strategies and goals, as well as with the strategies and plans of individual units. It is not only important for the planners to evaluate the strategies within the organization, but also to work with planners in the participating firms. It is very critical for an organization to realize that SCM implementation, unlike other initiatives, is an interorganizational exercise that requires strategic commitment from the participating units. Top management involvement sends a strong signal of commitment to the trading partners (see Figure 4.8).

Strategic Alignment of Business & SCM strategies Identification of strategic business partners Partnership Agreements

Tactical Supply chain planning Technology planning Change management Benchmarking

Operational Supply chain execution Technology Facilitation Performance Monitoring Relationship facilitation

FIGURE 4.8 Supply chanin management implementation .

SL3054_frame_C04 Page 80 Tuesday, November 20, 2001 8:54 AM

80

The E-Business Handbook

Some of the activities to focus on at the strategic level are: • Evaluation of business strategies and development of SCM strategies • Identification of strategic partners for SCM • Development of strategic partnership agreements An important exercise at the strategic level is to evaluate business plans and strategies and develop an SCM strategy that is in alignment with them. Lack of alignment in functional strategies can lead to problems. For example, difficulties could arise if marketing promises a variety of product options and quick delivery while SCM is developing a low-cost strategy, trading responsiveness for cost and efficiency. This happened recently with many online firms, where their SCM strategies did not match their marketing commitments on the Web, leaving many customers dissatisfied. As discussed in the earlier section, a firm must determine the strategic fit between responsiveness and efficiency, and then align functional strategies to match that fit. For example, a firm focused on cost and efficiency would use a pricing strategy of low cost, high volume and low margin, while a firm focused on responsiveness would use a high-margin strategy to offset the cost of responsiveness. The manufacturing strategy must focus on efficient utilization for firms with cost-efficiency strategy and on flexibility and surplus capacity for firms with responsiveness strategy. Similarly, in product design, while cost-efficient firms would focus on designs for low-cost manufacturing, responsive firms would focus on creating modular designs that allow postponement of assembly and product differentiation. Identification of strategic partners is key to initial success in implementation. As it is not possible for a firm to have a close relationship with every trading partner, an important strategic exercise is to determine which segments of trading partners are most critical for business, and the potential opportunities and benefits from forming a supply chain partnership with them. Various factors that could influence the decision include: • • • • •

Criticality to business — strategic fit and competitive advantage Potential opportunities and benefits from SCM collaboration Flexibility — responsiveness vs. efficiency Willingness of the partner Strategic dependence and power structure

Strategic partnership agreement is required to signal commitment to partnership and provide direction for lower-level plans and actions. The agreement could identify the broad areas for collaboration, ranging from a narrow focus such as logistics to a very broad focus including joint product development, manufacturing process design, product promotion, collaborative demand forecasting and planning, etc. Leadership is critical for successful implementation. At the strategic level, top management needs to identify the task force in charge of execution. Various mechanisms for conflict resolution and legal issues can also be addressed in the partnership agreement.

SL3054_frame_C04 Page 81 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

81

Tactical Analysis — At the tactical level, the focus is on planning. Some of the major areas to address at this level are: • • • •

Supply chain planning Technology planning Change management Benchmarking

Supply chain planning provides detailed plans for collaboration between two firms. It identifies the areas and levels of collaboration in different functional areas, SCM initiatives with different partners, information that will be shared and timing of information flow, and cross-functional teams in charge of planning and execution of SCM in the two firms. Supply chain collaboration, although predominantly focused on logistics and procurement, could involve all the functional areas. Joint planning sessions with strategic partners will identify the functional areas for collaboration, and then explore the various initiatives that need to be launched in each area. For example, two firms may decide to move to continuous replenishment planning (CRP). This would require more detailed planning on how it will be implemented, the items that will use CRP, the policies for replenishment, location of inventory, and technology interfaces between the systems of the two teams. Technology planning is a critical activity because it provides the basic infrastructure for SCM implementation. However, firms must discard the faulty notion that once technology is in place, SCM implementation is complete. Technology is merely a facilitator and an infrastructure over which business processes must be implemented. Technology architecture provides a broad framework for interfacing with multiple suppliers with possibly incompatible systems. It typically includes the communications and applications architecture. SCM plans and strategies from the strategic exercise and information from tactical supply chain planning will influence the architecture. The communications architecture develops guidelines for the transmission method, protocols, security requirements, and alternate communication channels. A firm could use multiple transmission methods for information flow, including Internet, direct dial-in, value-added networks (VAN) providing EDI service, and virtual private networks (VPN). Firms are moving away from proprietary formats and protocols toward open standards for easy connectivity across multiple partners. Network security is a major concern, especially if the data is being transmitted on a public network. The architecture must provide guidelines and standards for secure communication, digital certificates for authentication, and procedures for security audit. Alternate communication channels such as e-mail, discussion forums, Web conferencing, virtual meetings, etc., are very useful to enhance the communication among firms. The applications architecture identifies the various information flows among firms, the applications that generate or consume the information, the interfaces of these applications to the communication channel, the access mode, and applications level security. The information flow could be an arm’s-length relationship between systems as in EDI, or could be as tightly integrated as in two ERP systems that are directly interfaced to share data. New SCM applications provide Web-based interface

SL3054_frame_C04 Page 82 Tuesday, November 20, 2001 8:54 AM

82

The E-Business Handbook

to a partner’s information systems and databases, and provide ability to download data into standard desktop applications. The systems could communicate in a batch mode, in an exception-based message mode, or in real time. One of the biggest bottlenecks in sharing data is the lack of standardization of data. Definition of data items varies from organization to organization. For example, the unit of measure for the same item could be different among firms, or lead time could include delivery time in one firm but not in another. An important exercise prior to sharing information is developing uniform definitions for commonly used data. Change management is critical for successful implementation because any new initiative is bound to encounter resistance. The cross-functional project teams need to become champions for the new initiative and actively market it within their functional areas. They must be trained to address the issues that arise from implementation, including staff relocation, replacement, job redesign, and various other personnel issues. In interorganizational initiatives such as SCM, relationship building and trust development between firms is very important (Kumar, 1996). Sometimes, firms enter into these relationships wary of each other’s motives. Firms could develop trust by ensuring that all actions are taken in the best interest of both firms, and that all issues are openly discussed and resolved. Game playing can rapidly destroy the relationship and lead to failure in implementation. Firms with a procurement philosophy based on distrust and pitting one supplier against another may have to undergo cultural change to operate in the new environment. Benchmarking helps a firm identify the important goals to be achieved and the performance measures to strive for, and to evaluate its performance as well as its partners’ progress. Partners in SCM relationships expect equitable sharing of benefits resulting from collaboration. Performance measurement based on wellestablished metrics and associated rewards systems help to create a performanceoriented culture. Operational Analysis — At the operational level, the focus is on execution and measurement. Some of the activities at this level are: • • • •

Execution Technology facilitation Relationship facilitation and monitoring Performance monitoring

Supply chain execution of coordinating day-to-day transactions is perhaps the most difficult task. The relentless quest for cost reduction and efficiency improvement has, in many cases, created a supply chain with very little slack. Any small problem in the supply chain can create major ripple effects across the chain. Hence, task forces need to be always on the alert to solve problems before they become very big. Technology support at the operational level facilitates small suppliers that may not have the expertise to integrate complex communication and application systems. The dependence on IT in SCM has reached a level where a small outage could shut down the entire supply chain. Hence, close coordination between IT staffs in the two firms is critical.

SL3054_frame_C04 Page 83 Tuesday, November 20, 2001 8:54 AM

Role of Information Technology in Supply Chain Management

83

The relationship between partners must be continuously evaluated and improved, as it is key to SCM success. The SCM task force must meet regularly to sort out any major problems with relationships. New areas to collaborate must be identified to foster the growth of the relationship. Performance monitoring helps to provide critical feedback for the partners. Areas for improvement can be identified and strategies for improvement planned. Firms that do not meet performance measures can be evaluated for continuance in the SCM program.

REFERENCES 1. AMR. 2000. B2B E-Commerce Report — 1999-2000. 2. Porter, M.E., and Millar, V.E. 1985. How information gives you competitive advantage, Harvard Business Review, 63(4), 149-161. 3. Premkumar, G. 2000. Interorganizational systems and supply chain management — an information processing perspective, Information Systems Management, 17(3), 5669. 4. Christopher, M. 2000. Creating the Agile Supply Chain, www.ascet.com/ascet/wp/ wpchristopher.html. 5. Chopra, S. and Meindl, P. 2000. Supply Chain Management — Strategy, Planning, and Operation. Prentice Hall, Upper Saddle River, NJ. 6. Holmstrom, J., Hoover, W.E., Louhiluoto, P., Vasara, A. 2000. The other end of supply chain, Mckinsey Quarterly, No. 1, 63-71.

SEE

ALSO:

Anderson, D.L. and Lee, H. 2000. Synchronized Supply Chains: The New Frontier, www.ascet.com/ascet/wp/wpanderson.html. Fisher, M.L. 1997. What is the right supply chain for your product?, Harvard Business Review, March-April, 105-116.

SL3054_frame_C04 Page 84 Tuesday, November 20, 2001 8:54 AM

SL3054_frame_C05 Page 85 Tuesday, November 20, 2001 8:55 AM

5

Online Auctions: A Closer Look Alok Gupta and Ravi Bapna

CONTENTS 5.1 5.2

Introduction to Online Auctions ....................................................................85 A Review of Major Online Auction Mechanisms.........................................87 5.2.1 Single-Item Auctions..........................................................................87 5.2.2 Multi-Unit Auctions ...........................................................................89 5.2.3 Combinational Auctions.....................................................................91 5.2.4 Multidimensional Auctions, Reverse Auctions..................................92 5.3 Consumer Bidding Strategies ........................................................................92 5.4 Opportunism and Trust in Online Auctions ..................................................93 5.5 Simultaneous Substitutable Mechanisms: Auctions vs. Posted Price...........95 5.6 Conclusions and Future Trends .....................................................................96 References................................................................................................................97

5.1 INTRODUCTION TO ONLINE AUCTIONS Online auctions represent a model for the way the Internet is shaping the new economy. In the absence of spatial, temporal and geographic constraints, these mechanisms provide many benefits to both buyers and sellers. They are now an important component of the portfolio of mercantile processes that are transforming the economy from traditionally hierarchical to market-oriented structures (see Ref. 16 for an exhaustive review). A broad and deep body of economics literature exists that investigates the theoretical properties of traditional auctions. However, significant differences in the cost structures, to both buyers and sellers participating in online auctions, have resulted in a need to revisit much of the existing theory. This chapter provides a broad context, derived from an overview of the current research and practice in this field, and provides insights into this interesting sphere of economic activity. Online auctions fall under the ambit of Web-based dynamic pricing mechanisms. In these mechanisms, consumers become involved in the price-setting process. Consumers can now experience the thrill of “winning” a product, potentially at a bargain, as opposed to the typically relatively tedious notion of “buying” it. For sellers, these mechanisms are likely to bring access to newer markets, help 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

85

SL3054_frame_C05 Page 86 Tuesday, November 20, 2001 8:55 AM

86

The E-Business Handbook

clear aging or perishable inventory, and provide experiential and, at times, vital marketing capabilities. Nowhere are these trends so visible as in the hugely popular online auction site eBay. Among other things, eBay has resulted in dramatically improving the efficiency of secondary markets that were typically associated with garage sales and flea markets. EBay’s legion of 10 million monthly visitors provides the necessary critical mass of buyers and sellers to set market prices for their goods. The more bids that come in, the more competition there is, and, chances are, the higher the price. In retrospect, eBay had, and continues to have, both the positive network externality effect of a growing user base as well as the first mover advantage, necessary conditions for success in today’s economy.35 The impact is even more dramatic in business-to-business (B2B) markets, where Forrester Research predicts an increase in sales from $19.3 billion last year to $52.6 billion by 2002. A full suite of dynamic pricing mechanisms is in use in B2B markets, including standard auctions where there is a single seller and multiple buyers, reverse auctions where a single buyer receives bids from multiple sellers and multiple buyers, and multiple seller exchanges that resemble the bid–ask markets for stocks and commodities. Ref. 25 presents an overview of the top-performing B2B auctions. Beginning with the dot-com euphoria of 1999, one can observe the emergence of a myriad of price-setting processes, such as traditional first-price auctions for single items (e.g., eBay.com), multi-item auctions selling multiple identical units (e.g., Onsale.com and eBay’s Dutch auction), reverse auctions for goods and services (e.g., eLance.com and FreeAgent.com), name-your-price mechanisms (e.g., Priceline.com), quantity discounters (e.g., Mercata.com), and methods that used derivative-based pricing for consumer goods (e.g., Iderive.com). Not surprisingly, some continue to flourish (e.g., eBay and Onsale) while others have floundered (Mercata and Iderive). Despite the originality of these pricing approaches and the initial dotcom buzz surrounding them, little attention has been paid to their effectiveness. Instead, directionless entrepreneurship, at times fueled by overzealous venture capitalists, replaced scientific enquiry and rigor when it came to examining the efficacy and viability of candidate mechanisms. We contend that significant research is still needed in designing new and better mechanisms, as well as in examining the efficacy of existing ones in the contexts of the markets they serve. In this chapter, we touch upon issues of mechanism design, secondary market creation, bidding costs and strategies, incentive compatibility, bid-taker cheating (shilling), simultaneous substitutability, and associated research methodologies. Interestingly, the advent of auctions over open protocol-based networks such as the Internet has also facilitated the pursuance of a richer set of empirically derived methodologies by today’s researchers. Most pre-Internet-based auction research was either purely theoretical in nature22–24 or it involved laboratory experimentation.14 Empirical research was rare due to the lack of meaningful data sets, which in turn could be attributed to the lack of mainstream appeal of auctions. Lucking-Reiley18 refers to the difficulty in obtaining field data for testing long-standing hypotheses, such as the supposed revenue equivalence between the basic auction formats. The best data set available prior to the arrival of Web-based auctions covered U.S. Forest

SL3054_frame_C05 Page 87 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

87

Service sales of contracts for harvesting timber in the Pacific Northwest during 1977.12 The earlier lack of empirical or realistic experimental test environments is increasingly disappearing with the technological advancements in online auction technology. The widespread popularity of online auctions, coupled with the open computing paradigm upon which Internet applications are built, together present a golden opportunity for researchers to revisit the various branches of auction theory in a setting that is more realistic and has higher inductive value. In the remainder of this chapter, we share the insights of these recent research developments in online auctions.

5.2 A REVIEW OF MAJOR ONLINE AUCTION MECHANISMS A key factor that makes electronic markets such as online auctions interesting is the potential for achieving higher efficiency. On the surface, e-markets such as eBay, with millions of registered users, would appear to be a close approximation to an economist’s idealization of a frictionless, efficient market. One thing for certain is that using information technology has brought this sphere of economic activity out of the domain of specialists to that of the average person. The success of eBay notwithstanding, we contend that the frictionless efficient market is still an ideal to strive for. We review the popular types of online auctions, with the caution that this is by no means an exhaustive list of current online auctions. Our objective here is to isolate mechanisms that are interesting, are being currently researched, and are those in which the online environment influences the strategic spaces of the participants. We begin with the classic single-item, open, ascending, English auction.

5.2.1 SINGLE-ITEM AUCTIONS This asset-exchange mechanism has been extensively studied theoretically, beginning with the seminal article by Nobel laureate William Vickrey.36 More-recent coverage can be found in Ref. 29. Researchers studying this auction commonly make use of assumptions, such as the independent private values (IPV) assumption to derive its equilibrium characterization. Such an assumption implies that a single indivisible object is to be sold to one of several bidders. Each bidder is risk-neutral and knows the value of the object to himself, but does not know the value of the object to other bidders. It also implies that there is a finite population of bidders, each of whom draws valuation independently from some given continuous distribution.23 Consider the applicability of this assumption to common single-item online auctions such as those conducted on eBay (eBay’s multi-item Dutch auctions are discussed in the next subsection). For most goods being auctioned, the IPV assumption is robust. However, for collectibles, a popular category on eBay, it is reasonable to assume that an individual’s valuation will be dependent on the valuations of fellow bidders. Presumably, a collector will have the objective of at least recovering the cost of the item purchased and thus will implicitly base valuation on that of other bidders.

SL3054_frame_C05 Page 88 Tuesday, November 20, 2001 8:55 AM

88

The E-Business Handbook

The presence of “winner’s curse” in auctions, namely that bidders win items only because they pay too much, has long been of interest to researchers. In an empirical study of eBay auctions.,2 it was found that a bidder’s surplus falls by 3.2% when the expected number of bidders increases by one. In Section 5.6, we describe two recent studies that have compared online auctions with posted price mechanisms selling the same goods (using matching SKUs). The evidence of winner’s curse from those two studies is mixed. A common assumption related to IPV, especially popular in experimental studies in the lab, is that the number of bidders in an auction is exogenously determined. That is, somehow this population is known a priori and the design of the auction itself does not influence the number of participants. Several recent empirical studies challenge this notion and point to interesting issues regarding the choice of a reserve price by the seller. On eBay, the seller can set an open minimum bid that serves as the starting price for the auction. Additionally, sellers also have the option of setting a hidden reserve price below which they are not obligated to sell. Once the bidding level exceeds the reserve, an indication of “reserve met” is displayed to the bidders. The questions are: • Should the seller use the hidden reserve at all? • Does setting a low minimum bid attract bidders to the auction, thereby increasing competition? • Is there an optimal mixed strategy that can be employed by sellers with respect to these two parameters? In Ref. 2, it was found that items with higher book value tend to be sold using a secret, as opposed to a posted, reserve price with a low minimum bid. These researchers also found that the minimum bid is the most significant determinant of whether a bidder enters an auction. Lucking-Reiley20 describes controlled experiments conducted on the Internet to verify a variety of theoretical properties of electronic auctions by manipulating the reserve prices in these auctions as an experimental treatment variable. This researcher’s findings indicate that bidders consider their bid submission to be costly and that bidder participation is indeed a subjective decision. Additionally, the data shows that a zero reserve price provides higher expected profits than a reserve price greater than or equal to the auctioneer’s salvage value for the goods. In contrast, Riley and Samuelson28 show that, for an optimal highest-clearing-price English auction, the reserve price is a function of the seller’s valuation of the product. Perhaps the most cited property of single item auctions is the Theorem of Revenue Equivalence.9,24,36 The idea is that, under a set of restrictive assumptions (IPV and risk-neutral bidders), the expected revenue from a variety of auction types — English, Dutch, first-price and second-price sealed bid auctions — is equivalent. Revenue equivalence results are known not to be robust with respect to the slightest deviation from the restrictive assumptions of the independent private values model24 or bidder risk preferences,21 which are notoriously difficult to observe. LuckingReiley18 tests revenue equivalence through field experiments auctioning magic game cards. It was found that the Dutch auction produces 30% higher revenues than the

SL3054_frame_C05 Page 89 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

89

first-price auction format, a contradiction to the theoretical prediction and a reversal of previous laboratory results that the English and second-price formats produce roughly equivalent revenues. It will be interesting to see whether similar trends are observable in online auctions of a more general nature. Future research in this area promises to bring interesting new insights into these age-old topics of interest.

5.2.2 MULTI-UNIT AUCTIONS The online environment has spawned a variety of auctions that sell multiple identical units of the same item. These range from auctions of consumer goods, mostly aging hardware and electronics through sites such as Onsale.com and Ubid.com, to auctions of fixed-income and equity securities by Muniauction.com, to OpenIPO.com — which allows individual and institutional investors to bid online for shares of an IPO — giving both types of investors a level playing field in the IPO market for the first time in history. A cursory examination of the above mentioned sites reveals that what was historically a sealed-bid-dominated market, as in the auction of Treasury bonds, now supports a wide range of auction mechanisms, namely ascending English, descending Dutch, and eBay’s so-called “Dutch” — which is really an ascending open uniform-price auction. Rothkopf and Harstad29 point out that single-item results do not carry over into multiple-item settings and that this has been a vastly neglected area of auction theory research. Of late, there is evidence of research spawning in multi-item auctions. Lucking-Reiley and List19 examine the case when consumers are allowed to bid for more than one item under two different types of two-unit, two-person sealed-bid auctions. When consumers are allowed to bid for more than one item in an m-item auction, Vickrey’s original proposition — full demand revelation occurs in a sealedbid auction — does not hold. Instead, the rule has to be modified such that for an m-item Vickrey auction bidders can submit as many individual unit bids as they like. Further, the top m bids are declared winners and, for the jth unit won by a bidder, she pays an amount equal to the jth highest of the rejected bids submitted by others. Hence, this revised mechanism offers discriminating prices in contrast to the original mechanism’s uniform pricing. Importantly, this mechanism is incentive compatible. Bidders gain nothing by not revealing their true valuations, as they never have to pay what they bid. In the two-item case, Reiley and List19 indicate that there is evidence of demand reduction, i.e., lowering of the second bid below the true valuation, when the uniform pricing rule is applied. This is a cause for concern and leads to lower allocative efficiency. In the case of real-world B2C online multi-item auctions, consumers are allowed to bid for more than one item, but these bids cannot be discriminating, i.e., they all must be of the same amount. For instance, a given individual can bid for three items at $100 each, but cannot bid for two items at $110 and one item for $80. Whether this constraint is designed to prevent demand reduction in auctions that sell multiple (far more than two units) is an open and interesting research question. Bapna et al.4,5 present an analytical modeling approach that analyzes multi-item progressive English auctions, also known as Yankee auctions, such as those con-

SL3054_frame_C05 Page 90 Tuesday, November 20, 2001 8:55 AM

90

The E-Business Handbook

ducted by Onsale.com. The analytical modeling is subsequently validated by empirical investigation using data collected by automated agents that track real-world Web auctions, adding a new methodological dimension to auction theory research. These researchers focus on the hitherto undescribed discrete and sequential nature of the revenue realization process of such auctions, caused by the presence of the bid increment. In such auctions, say, of ten Palm V PDAs, the ten highest bidders win and the price they pay is equivalent to their highest bids, technically making this a discriminatory auction. Usually, a very low opening bid such as $1 is set by the auctioneer as a way to attract Web traffic. In addition, all auctions have a bid increment that defines the minimum step size for bidders. Bids that fall in between bid increments are automatically rounded down to the nearest step. This discretization of the process challenges the common auction theory assumption that individuals’ valuations can be drawn from a known, continuous distribution. The bid increment also helps determine the minimum required bid at any time during the auction. This is equal to the lowest winning bid plus the bid increment. The list of current winning bidders, the bid increment, the minimum required bid, and the auction closing time are all continuously updated on the Web. Auction durations typically range from 1-hour express auctions to day-long regular auctions. Bids are ranked by amount and by time within amount. Unlike traditional single-item English auctions, a new bidder’s high bid does not automatically displace the existing winner from the winner’s list. In fact, if the current number of bidders is less than the lot size, then the new high bid does not affect any of the existing winners. An interesting observation revealed by the data collection process of Refs.4 and 5 is that online auctioneers experiment with the design parameters they can control for such auctions. For instance, they sell the same goods using a $20 bid increment one day, followed by using a $15 bid increment on another day. There exists a great opportunity for researchers in determining how to optimally set the control factors such as the bid increment, lot size and the opening bid that influence the efficiency of such auctions. There have been other attempts to compare the efficiency of different auction mechanisms both theoretically and empirically. The focus has been on comparing single-item sealed-bid competitive auctions with sealed-bid discriminatory auctions. In the former, the highest bidder wins, but the price paid is the secondhighest bid; whereas, in the latter, the highest bidder wins with the price being the highest bid. Competitive auctions were first suggested in the seminal article in Ref. 36; the special property of this mechanism is that all bidders have incentive to bid their true valuation. Given the growing theoretical and empirical interest in multi-item auctions, it will be interesting to see work that examines the relative efficacy of mechanisms that are available to consumers today. Does eBay’s so called “Dutch” mechanism, which has little theoretical basis and unexplored incentive characteristics, lead to higher clearing prices than, say, an equivalent Yankee auction? The extension of the single-item results, such as revenue equivalence, to the online setting of multi-item auctions is an interesting area of research. This will help us understand which mechanism should be adopted under what circumstances. For instance, if there is a

SL3054_frame_C05 Page 91 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

91

predominance of risk-averse bidders who prefer a certain outcome to an uncertain one, than would a descending Dutch auction yield higher expected revenue? Of course, this analysis is not trivial even with the most simplistic of assumptions regarding the consumer type.

5.2.3 COMBINATIONAL AUCTIONS If we allow multiple units of nonidentical goods to be sold through online auctions, then we get into the realm of combinational auctions. Such auctioning schemes are desirable to sell complementary goods that can be “bundled” together. A good example is the FCC spectrum auction for different regional licenses, where the value of having, say, Boston increases if the bidder can also acquire neighboring New York. These auctions present many interesting challenges to practitioners, both sellers and bidders, as well as theoreticians. In general, the auctioneer’s problem of determining an optimal set of bids in a combinational auction is an NP-Complete problem, problems that are tough to solve in a reasonable amount of time.30 Additional issues are the (1) exposure problem: an unsuccessful attempt to acquire a collection of assets, when combinational bidding is not allowed, may lead to paying more for some individual assets than they are worth, and (2) threshold problem: a bidder on item A and a bidder on item B may not be able to coordinate to displace a bid on package AB in the presence of unequal economies of scale. Several interesting approaches are being proposed to overcome some of the above-mentioned computational and mechanism-design difficulties in combinatorial auctions. One such approach is the iBundle mechanism.26 The basic idea of the iBundle mechanism is to use software to calculate the maximal allocation of products among various users who can bid on bundles. Each bidder can bid for any number of bundles, so can offer $10 for A, $20 for A and B. The iBundle software then calculates the combination of bundles that maximize total transaction value and notifies the bidders of the provisional winners. The bidders are then able to make higher bids, and the process repeats until bidders are satisfied. The contribution of iBundle is to use IT to quickly solve an optimal allocation problem that would become computationally infeasible for human agents in real time. Another interesting combinational auction mechanism being developed13 accepts incompletely specified bids that provide a framework to guide, rather than dictate, the choice of goods that satisfy bidder needs. Its incompletely specified combinational auction mechanism is designed to facilitate large, complex problems commonly relegated to negotiated sales, where the allocation of goods requires solving a complex combinational problem. A representative example is the complex multidimensional process of media buying, specifically, the sale of television-advertising airtime. Allowing a bid in the form of high-level rules relieves the buyer from the burden of enumerating all possible acceptable bundles. Further research is needed to harness the enormous computational power available to us to make combinational auctions mainstream for corporations keen to optimize their complex logistical decisions, such as determining optimal freight patterns for moving goods from manufacturing sites to wholesale sites and on to retail sites.

SL3054_frame_C05 Page 92 Tuesday, November 20, 2001 8:55 AM

92

The E-Business Handbook

5.2.4 MULTIDIMENSIONAL AUCTIONS, REVERSE AUCTIONS In certain cases, for example, in many procurement situations, it is not sufficient to conduct auctions where only the price dimension matters. Often, price and quality go hand in hand and jointly determine the winning bid — not necessarily the lowest. Most of the literature on auction theory has focused on the analysis of auctions of a well-defined object or contract so that the price to be paid is the unique strategic dimension with the exception of Refs.7, 10 and 33. For example, in the auction for a department of defense contract, say for the construction of an aircraft, the specification of its characteristics is as important as the price. In such multidimensional auctions bidders submit bids with relevant characteristics of the project, price being just one such characteristic, and the procurement agency uses a scoring mechanism to select among the bids. Branco,7 and, to some extent, Theil,33 recommend a two-stage auction mechanism where, in the first stage, the procurer selects one firm and, in the second stage, bargains to readjust the level of the quality to be provided. Multiple dimensions also exist in the reverse auctioning of service contracts, such as those conducted by Elance.com and Freeagent.com, where price is not the only differentiating factor. For instance, a client who posts a requirement for a Web design project could receive bids from all over the world, ranging from Bangalore, India to Yugoslavia to the U.S., with hourly rates of $24, $10 and $50 respectively, as we casually observed on Freeagent.com. It would be naive to think that the client would necessarily go with the lowest bid in this case, as service quality may be widely varying, and perhaps even difficult to assess. Ref. 32 studies Internet-based spot markets for service contracts. Its analysis confirms the fact that the transaction costs of posting a project, bidding on it, and evaluating bids are all significant.

5.3 CONSUMER BIDDING STRATEGIES The global scope and reach of the online environment makes it feasible for “armchair” bidders16 to be active players in auction markets. While much of the theoretical development assumes buyers and sellers to be rational, profit-maximizing individuals —a tenuous assumption to begin with —the reality of the online-markets landscape indicates a wide disparity in user experience and information levels. Researchers have been quick to capitalize on the availability of real auction data, obtained through field experiments and automated agent-based real-time tracking of online auctions respectively, for examining consumer bidding strategies on the Internet.4,5,19 Among other things, they test the behavior of uninformed bidders, who exhibit behavior that is different from what theory predicts. Lucking-Reiley and List19 auctioned four types of trading cards ranging from $3 to $70. They examined whether dealers of such cards would bid more rationally than nondealer, less experienced, individual card collectors. Their findings suggest that dealers exhibit more of the predicted strategic behavior than do non-dealers, for both lower- and higher-priced cards. Additionally, predicted strategic behavior is considerably greater when the auctioned sports cards have higher values, confirming

SL3054_frame_C05 Page 93 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

93

TABLE 5.1 Bidder Classification Evaluators

Participators

Opportunists

Early one-time-high bidders who have a clear idea of their valuation Bids are, usually, significantly greater than the minimum required bid at that time. Rare in traditional auction settings — high fixed cost of making a single bid. Violates the assumption of rational participatory behavior described earlier. Derive some utility (incur a time cost) from the process of participating in the auction itself. Make a low initial bid equal to the minimum required bid. Progressively monitor the progress of the auction and make ascending bids, never bidding higher than minimum required. Bargain hunters. Place minimum required bids just before the auction closes.

prior theories31 that suggest that rationality is more likely to be exhibited when the stakes are higher. Additional support for the notion that rationality becomes more evident as the expected payoff is higher is found in Refs. 4 and 5. The empirical investigation of 90 such auctions identified three distinct types of bidders. They are summarized in Table 5.1.3 To compare the performance of these strategies, Bapna et al.4,5 introduced a metric based on loss of surplus. This is the difference between an individual’s winning bid and the minimum winning bid. Loss of surplus evaluates the performance of an individual or a group with respect to the bidder who had the minimum winning bid in a given auction. The relative performance of these three groups, with respect to loss of surplus, indicates that the evaluators as a group fared worst, the participators were best off, and the opportunists lay in between.4 Much like Lucking-Reiley and List,19 Bapna et al.4 also finds evidence for the fact that, as the stakes get higher, a larger percentage of the population behaves strategically. This is evident in Figure 5.1, where the percentage of rational, nonevaluator-type bidders is plotted against the dollar values of the auctions tracked. It is easy to see an increasing trend in the percentage of bidders who behave in a nonevaluator mode as the auction stakes get higher. Evaluators, as we know, were found to be the worst-off of the three bidder categories.

5.4 OPPORTUNISM AND TRUST IN ONLINE AUCTIONS Typically, ignorance of what price to post is a reason for negotiating or holding an auction. Pavlou and Ba29 provide a behavioral reason for holding auctions. They assert that one of the critical reasons for the use of bidding is that the formality of the auction process provides legitimacy in a way that other economic means cannot.

SL3054_frame_C05 Page 94 Tuesday, November 20, 2001 8:55 AM

94

The E-Business Handbook

% Rational Bidders 120% 100% 80% 60% 40% 20% 0% -20%

0

500

1000

1500

2000

$ Value of Auction

FIGURE 5.1 Rationality increases with the dollar value of the auctions.

Contradicting this belief from academia is the practical notion that the lnternet makes the likelihood of fraud detection and punishment low. Thus, it is not surprising that opportunistic behavior in online auctions, by both sellers and buyers, is constantly reported in the media. According to Internet Fraud Watch, online auction fraud has become the number-one type of Internet fraud over the last 2 years. Brandabur and Saunders-Watson8 discuss this issue in depth. For instance, they talk about an auction for a painting that was claimed to by the late Bay Area painter Richard Diebenkorn. The auction soared to $135,805, with the winning bid coming from Holland. However, the painting turned out to be a fake. The seller gave the appearance of being a novice, never actually mentioning the artist by name. In reality, it turned out this seller, along with two accomplices, often used more than 20 eBay screen names for the purpose of shilling — a strategy of placing phony bids to run up the closing prices of auctions. Recently, researchers have begun to attempt to model important aspects of trust and reputation in online auctions. Much of this stream relies on analytical modeling backed up by empirical investigation using automated agents to capture data from real-world auctions. This is an important area of research, as it addresses many of the issues raised by the critics of online auctions and helps formalize the concept and measurement of trust and reputation of sellers. There is increasing concrete evidence of shilling by bid-takers in online auctions. Kauffman and Wood15 present an analytical model and provide empirical evidence of “questionable bidding behavior (QBB)” by sellers on eBay. They define QBB as bidding on an item when the same or a lower bid could have been made on the exact same item in a concurrent auction ending before the bid-upon auction. QBB can be considered irrational, because buyers have a greater level of utility if they were to bid on another item for the same or lower cost. The research highlights the difficulties associated with identifying opportunistic sellers using QBB in online environments, when many auctions are going on in parallel:

SL3054_frame_C05 Page 95 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

95

1. Nonreputable sellers try to remain anonymous. Because they are attempting to hide their identity, it is difficult to identify them. 2. It is difficult to track multiple Internet auction identities and tie them together. 3. QBB needs to be reviewed over time in multiple auctions. For instance, if a bidder (using the same name) consistently rates a particular seller higher and exhibits active bidding behavior (for shilling purposes) while never winning many of the items, it would be easy to identify suspicious behavior; however, in practice, finding such behavior is difficult. Using intelligent data-gathering agents, Kauffman and Wood15 track a number of eBay auctions of coins, and the initial findings suggest that, indeed, a significant amount of QBB is evident. Opportunism can also be exhibited by the bidders in the form of collusion through fictitious identities. Wang et al.37 bring out the importance of appropriate mechanism design to counter such undesirable behavior. They focus on sealed-bid auctions and propose an alternative mechanism to the Generalized Vickrey Auction (GVA), called the Sealed-bid Multi-Round Auction Protocol (S-MAP), and give instances when the GVA is no longer incentive compatible. This group’s examples show that, in GVA under collusion, truth-telling is no longer a dominant strategy, and illustrate how bidders can reduce their payment by submitting bids under false names. This limitation is overcome in S-MAP, but the mechanism itself induces a higher cognitive load on the players and it remains to be seen whether it can become mainstream. Pavlou and Ba27 recognize that trust is an essential component of online auctions, and that buyers pay a price premium to transact with reputable sellers, particularly for expensive products. Their results show a significant correlation between trust and price premiums for all products. Moreover, this correlation becomes increasingly more significant for more expensive products. Another interesting empirical study11 examines the economic value of trust in electronic markets, based on a comparison of prices across generalist (eBay) and specialty sites (Michael Rogers, Inc.) in the arena of person-to-person online auctions. Generally, the two types of sites have very different mechanisms for providing trust in the marketplace — whereas generalist sites do not inspect the merchandise and rely instead on a reputation-reporting system, specialty sites typically take possession of auction items and provide a variety of value-added services directed at reducing information asymmetry and other sources of transaction risk. The study’s empirical findings appear to confirm that observed price differences between eBay and the specialist are driven primarily by the relative effectiveness of trust mechanisms in the two markets.

5.5 SIMULTANEOUS SUBSTITUTABLE MECHANISMS: AUCTIONS VS. POSTED PRICE Another promising stream of IS research in the area of dynamic pricing deals with comparing auctions with posted price mechanisms for the sale of identical goods.

SL3054_frame_C05 Page 96 Tuesday, November 20, 2001 8:55 AM

96

The E-Business Handbook

Vakrat and Seidmann34 compare online catalog prices with online auction prices. They obtained data from 473 online auctions, such as SurplusAuction (www.surplusauction.com) and OnSale.Com (www.onsale.com), and compared prices received in these auctions with prices from Internet catalog sellers such as Egghead (www.egghead.com) and PriceScan.Com (www.pricescan.com). The study’s data analysis revealed that consumers expect greater discounts for more expensive items. These researchers employed Internet agents as a data collection tool. Using a similar methodological approach, Lee and Mehta17 investigated the existence of winner’s curse using theoretical modeling and empirical validation. Their preliminary results confirm the existence of winner’s curse in electronic auctions. The amount overbid is especially pronounced for items where potential information asymmetries exist as a result of the nature of the product, and it is further augmented in cases where the product is relatively new, and not much information regarding it exists in the retail channels. Interesting current research in this area is being carried out both from the buyers’ and the sellers’ perspectives. One study6 is examining under what conditions buyers should use auctions in contrast to posted price mechanism. Aron et al.1 investigates when auctions should be used by sellers instead of posted prices. Their study is focused on developing a theoretical model of markets with uncertain demand, in an attempt to understand what types of demand uncertainty make it worthwhile for a seller to consider investing in an auction mechanism to gain more price flexibility.

5.6 CONCLUSIONS AND FUTURE TRENDS The above review indicates that interesting developments are happening in both the practice and research of online auctions. The current dot-com shakeout notwithstanding, dynamic pricing mechanisms such as online auctions will continue to be an important component in the portfolio of mercantile processes that deployed by businesses to transact with their customers and suppliers, and for consumers to transact with other consumers. We call for greater interaction between practitioners and researchers in this area. In many cases. practitioners, fueled by overzealous venture capitalists, would do well to resist carrying out costly field experiments in the name of innovation. They can enlist the research community to examine the design of the dynamic pricing mechanisms they propose to adopt in a given market. Is the mechanism suitable for the targeted market? Would an alternative mechanism fit the bill? Will it achieve the desired liquidity to sustain itself, and will it achieve higher allocative efficiency than its current counterparts? The large numbers of failed real-life experiments in dynamic pricing (mercata.com, priceline.com for groceries) and the associated loss of social capital could have been avoided if interactions between practitioners and researchers were de rigueur. We look forward to more research that examines the relevant issues in online auctions without the baggage of the traditional assumptions made in earlier auction theory. In the absence of the physical constraints of traditional auctions, the behavior of the different economic agents in auctions is heavily influenced by the (online) context in which they take place. For instance, the presence of simultaneous substitutable online auctions — which allows an individual shopping for, say, a computer, to simultaneously

SL3054_frame_C05 Page 97 Tuesday, November 20, 2001 8:55 AM

Online Auctions: A Closer Look

97

bid at Onsale.com or Yahoo.com — impacts the efficiency of not just the isolated auction under consideration, but also the external market in which it takes place. Auction portals such as www.biddersedge.com are specifically designed to make tracking such simultaneous substitutable online auctions easy for the consumer. We firmly believe that the emerging practice and research in this area has high inductive value and will lead to a significant enhancement of the body of knowledge dealing with dynamic pricing and auctions.

ACKNOWLEDGMENTS Dr. Gupta’s research is supported by NSF CAREER grant #IIS-00 92780, but does not necessarily reflect the views of the NSF. This research was supported in part by TECI —the Treibich Electronic ccommerce Initiative, OPIM/SBA, University of Connecticut.

REFERENCES 1. Aron, R., Croson, D. and Lucking-Reiley, D., Auctions Versus Posted Prices, Workshop on Information Systems and Economics, Brisbane, 2000. 2. Bajari, P. and Hortascu, A., Winner’s Curse, Reserve Prices and Endogenous Entry: Empirical Insights from eBay Auctions, Working Paper, 2000, Department of Economics, Stanford University, CA. 3. Bapna, R., Economic and Experimental Analysis and Design of Auction Based Online Mercantile Processes, Ph.D. Dissertation 1999, Department of Operations and Information Management, University of Connecticut, Storrs. 4. Bapna, R., Goes, P. and Gupta, A., A theoretical and empirical investigation of multiitem on-line auctions, Information Technology and Management, Jan 2000, 1(1), 1-23. 5. Bapna, R., Goes, P. and Gupta, A., Online Auctions, (in press) Communications of the ACM, 2001. 6. Barua, A. and Tomak, K., Workshop on Information Systems and Economics, Brisbane, 2000. 7. Branco, F., The design of multidimensional auctions, RAND J. Econ., 28, 1, Spring 1997, 63-81. 8. Brandabur S. and Saunders-Watson C., Fraud online and off, AuctionWatch.com article, May 2001 9. Bulow, J. and Roberts, J., The simple economics of optimal auctions, J.Political Econ., 1989, 7, 5, 1060-1090. 10. Che, Y-K, Design competition through multidimensional auctions, RAND J. Econ., 24, 4, Winter 1993, 668-680. 11. Dewan, S. and Hsu, V., Trust in Electronic Markets: Price Discovery in Generalist Versus Specialty Online Auctions, Working paper – University of Washington, Seattle, 2001. 12. Hansen, R.G., Empirical testing of auction theory, Am. Econ. Rev. 75( 2), May 1985, 156-159 . 13. Jones. J.L. and Koehler, G.J., Incompletely Specified Combinatorial Auctions, University of Michigan working paper, 2001.

SL3054_frame_C05 Page 98 Tuesday, November 20, 2001 8:55 AM

98

The E-Business Handbook 14. Kagel, J.H. and Roth, A.E., The Handbook of Experimental Economics, Princeton University Press, Fall 1997. 15. Kauffman, R. and Wood, C., Running Up the Bid: Modeling Seller Opportunism in Internet Auctions, Proc. AMCIS 2000 Conf., Long Beach, CA. 16. Kauffman, R. and Walden, E., Economics and electronic commerce: survey and research directions, submitted to Int. J. Electron. Comm., 2001. 17. Lee, B. and Mehta, K., Efficiency Comparison in Electronic Market Mechanisms: Posted Price Versus Auction Market, WISE Conference 1999, Charlotte, NC. 18. Lucking-Reiley, D., Using field experiments to test equivalence between auction formats: magic on the Internet, 1999, Am. Econ. Rev. December 1999a, vol. 89, no. 5, 1063-1080 19. Lucking-Reiley, D. and List, J.A., Bidding Behavior and Decision Costs in Field Experiments, Working Paper – Vanderbilt University, revised: March 2000. 20. Lucking-Reiley, D., Experimental Evidence on the Endogenous Entry of Bidders in Internet Auctions. Working Paper – Vanderbilt University, revised: May 1999b. 21. Maskin, E. and Riley, J. Optimal auctions with risk averse buyers. Econometrica, November 1984, 52 (6), 1473-1518. 22. McAfee, R.P. and McMillan, J., Auctions and bidding J. Econ. Lit., 25 (1987), 699738. 23. Milgrom, P., Auctions and bidding: a priori, J. Econ. Perspect., 3 (1989), 3-22. 24. Myerson, R.B., Optimal auction design, Math. Operations Res. 6, (1981), 58-73. 25. Mollman, S., 2000, http://www.zdnet.com/pccomp/stories/all/0,6605,2431978,00.html. 26. Parkes, D.C. iBundle: An Efficient Ascending Price Bundle Auction. Proc. 1999 ACM Conference on Electronic Commerce (EC-99), Denver, CO, ACM Press, New York, NY. 27. Pavlou, P.A. and Ba, S., Does Online Reputation Matter? – An Empirical Investigation of Reputation and Trust in Online Auction Markets, Proc. AMCIS 2000 Conf., Long Beach CA. 28. Riley, J. and Samuelson, W.F., Optimal Auctions, Am. Econ. Rev., Vol. 71, No. 3, 1981, 381 - 392. 29. Rothkopf, M.H. and Harstad, R.M., Modeling competitive bidding: a critical essay, Mgmnt. Sci., 40 (3), 1994, 364-384. 30. Rothkopf M.H., Aleksandar P. and Harstad, R.M. Computationally manageable combinatorial auctions, Mgmnt. Sci.. 44, 8, 1131 –1147. 31. Smith, V.L. and Walker J M., Monetary rewards and decision cost in experimental economics, Econ, Inq., 1993, 31, 245-261. 32. Snir E.M, (2000) Designing Internet Spot Markets for IT Services, Working PaperWharton School, U Penn. 33. Theil, S.E., Multidimensional auctions, Econ. Lett., 28, 1998, 37-40. 34. Vakrat, Y. and Seidmann, A. Can Online Auctions Beat Online Catalogs?, In, P. DeGross and J. DeGross (Eds.), Proc. 20th Int. Conf. Info. Syst. (ICI ’99), Charlotte, NC, December, 1999. 35. Varian, H., Miles and miles of flexible track, Forbes ASAP, 10/02/2000, http://www.forbes.com/asap/2000/1002/071.html 36. Vickrey, W., Counter-speculation, auctions, and competitive sealed tenders, J. Fin. 41, 1961, 8-37. 37. Wang W., Hidvegi Z. and Whinston, A.B., Economic mechanism design for securing online auctions, In Proc. 21th Int. Conf. Info. Sys. (ICI ’00), Brisbane, Australia, December, 2000.

SL3054_frame_C06 Page 99 Tuesday, November 20, 2001 8:57 AM

6

Bid Together, Buy Together: On the Efficacy of Group-Buying Business Models in Internet-Based Selling Robert J. Kauffman and Bin Wang

CONTENTS 6.1 6.2

Introduction ..................................................................................................100 The Basics of Group-Buying Models in E-Commerce...............................102 6.2.1 The Market Mechanisms .................................................................103 6.2.2 The Value Proposition for Group Buying on the Internet...............103 6.3 Buyer Behavior and Market Competition in Group Buying ......................104 6.3.1 Buyer Behavior under the Group-Buying Market Microstructure..104 6.3.2 Competition in the Group-Buying Market ......................................105 6.4 A Framework for Comparing Group-Buying Web Sites ............................106 6.4.1 Mercata.com .....................................................................................108 6.4.2 MobShop.com ..................................................................................111 6.4.3 LetsBuyIt.com ..................................................................................116 6.4.4 Other Group-Buying Web Sites.......................................................121 6.5 Analyzing Group-Buying Business Models ................................................126 6.5.1 Some Dimensions for Comparing Group-Buying Business Models ..............................................................................126 6.5.2 How Do Prices on Group-Buying Web Sites Compare with Other Firms’ Prices? ................................................................128 6.5.3 Comparing Rivals: Mercata and MobShop .....................................129 6.5.4 Discussion ........................................................................................130 6.6 Conclusion....................................................................................................132 Acknowledgements................................................................................................133 References..............................................................................................................134

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

99

SL3054_frame_C06 Page 100 Tuesday, November 20, 2001 8:57 AM

100

The E-Business Handbook

6.1 INTRODUCTION As a channel that is characterized by convenience, wide product selection, and easy comparison shopping, the Web has enjoyed tremendous growth in consumer spending in recent years. Despite the ongoing market shakeout and yet-to-come profits on the retailer side, Forrester Research, a Cambridge, Massachusetts-based marketing research firm, predicts that U.S. consumer online spending will be on the rise to $74 billion in 2001, a 64% increase from the $45 billion of 2000.5 Paralleling the proliferation of online consumer spending is the emergence of many innovative business models, including dynamic pricing mechanisms. According to San Francisco-based Vernon Keenan, a consultant and publisher of an industry newsletter called The Keenan Vision (available at www.keenanvision.com), in 2004 some $561 billion worth of transactions will be conducted online via dynamic pricing mechanisms, accounting for approximately 40% of all online transactions.6 Such market mechanisms are what Spulber7,8 and O’Hara9 refer to as market microstructure, a term that is often associated with the operational mechanics of the financial markets.* Andrews11 identifies three kinds of mechanisms, including group-buying models, price-reduction models and traditional auction models. We add to Andrews’ list the nontraditional auction models, including such recent phenomena as reverse auctions and other “name-your-own-price” mechanisms. (See Table 6.1). The online auctions by eBay (www.ebay.com) and Amazon.com (www.amazon.com), and the “name-your-own-price” mechanism by Priceline.com (www.priceline.com), are among the most well-recognized of the dynamic price mechanism brand names. In addition, other less-known players have appeared that have used variations on a “seek-out-a-seller” mechanism. These include, for example, the Colorado-based TravelBids (www.travelbids.com) and the Canadian Mortgage Centre (www.mortgagecentre.com). Still others, such as First Auction (www.firstauction.com), have found ways to cut the time-to-transaction for timeconscious bidders, by developing instant auctions and flash auction call markets of very short 30-minute duration for consumer goods. At these Web sites, buyers are no longer passive recipients of the sellers’ asking prices. Instead, they can actively engage in price discovery along with the sellers. Mimicking the general approach of traditional “discount shopping clubs,” group-buying discounts represent a dynamic pricing mechanism that allows consumers to aggregate their purchasing power and to obtain lower prices than they otherwise would be able to get individually. Introduced in 1999, group-buying business models have been employed by quite a few companies to date, not all of which have been very successful. They include Mercata.com, Accompany.com (now MobShop.com, www.MobShop.com), actBIG.com (now Etrana.com, www.etrana.com), CoShopper.com (www.coshopper.com), C-Tribe.com, DemandLine.com (www.demandline.com), Let’s Buy It (www.letsbuyit.com), * More recently, Weber 10 has referred to market microstructure in the context of Internet-based electronic marketplaces as market technostructure, implying the range of new possibilities that the Internet opens up for innovative market mechanism designs.

SL3054_frame_C06 Page 101 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

101

TABLE 6.1 Four Types of Dynamic Pricing Models for Internet Marketplaces Model Types Traditional auctions

Nontraditional auctions

Price-reduction models

Group-buying models

Key Concept Apply long-standing concepts associated with real-world auctions. These include: the single-item open-outcry ascending-price English auction; the single-item open-outcry descending-price Dutch auctions; the single-item first-price sealed-bid auction; the single-item second-price sealed-bid Vickrey auction;* the multiple-item, open-outcry call market; and the open- and closed-bid double auctions, in which both buyers and sellers simultaneously update their bids and offers. Apply variations on the auction approaches mentioned above. Examples include: reverse auctions, in which buyers either state an interest in purchasing a sale item or a bundle of items and sellers indicate their offers; 3-D auctions, in which price-quantity is supplemented by utility reflecting willingness to trade; among others. Enabls buyers to obtain lower prices, but based only on a pre-announced time schedule for price drops from a higher starting price. Operate without consideration given to the number of participants in the marketplace. Similar to Dutch auction. Enable buyers to obtain lower prices, as more people indicate a willingness to buy from the Internet-based seller’s Web site. There are two varieties, involving group-buying with a fixed time period to completion of an auction, and group-buying with a fixed price that is achieved only when enough buyers participate

Note: For a description and comparison of the first four types of traditional auctions, see McAfee and McMillan.12

OnlineChoice.com, PointSpeed.com, SHOP2gether (www.shop2gether.com), VolumeBuy.com (www.volumebuy.com), and Zwirl.com (www.zwirl.com). All the firms are based in the United States, except CoShopper and Let’s Buy It, which were founded in Norway and Sweden, respectively, and have operated in multiple European countries. Among the group-buying Web sites, Mercata and MobShop have been widely recognized as the international market leaders.13–16* O’Brien2 characterizes Internet-based group buying as one of a number of means of “cooperative commerce.” Viewed this way, consumers benefit from additional buyers who join a buying group and, thus, will have an incentive to recruit additional buyers. As a result, one can predict that group-buying business models may lower customer acquisition costs for retailers. They can also simultaneously help manu* The going has been tough among group-buying firms since the third quarter of 2000, as we observe from their announcements of closure, reorganization and revisions to their strategy. For example, C-Tribe and Mercata failed, MobShop and SHOP2gether reoriented themselves from a B2C to a B2B emphasis, Let’s Buy It is reorganizing after bankruptcy, and several of the others (including MobShop) have reoriented themselves toward the licensing and sale of demand aggregation and group-buying software solutions, in lieu of operating an electronic marketplace. OnlineChoice.com also recently shut its doors.

SL3054_frame_C06 Page 102 Tuesday, November 20, 2001 8:57 AM

102

The E-Business Handbook

facturers to offload excess inventories. In addition, they can deliver lower price benefits to consumers.17 However, with the recent closing of Mercata and the change in strategic direction at MobShop, the future of group-buying discount business models in Internet-based selling is no longer clear.3,4,18 We will discuss these at greater length later in this chapter. The challenges faced by group-buying Web sites come from consumers, competitors, and suppliers. As group buying is still a new concept to many consumers, retailers have to develop a critical mass presence in the marketplace to realize a savings and be able to pass them on to consumers. In a discussion on the recent closure of Mercata, Cook4 points out that the group-buying business model is too difficult for the general consumer to understand. The author also argues that the mechanics of group buying on the Internet also prevent impulse buying, due to the lengthy periods consumers have to wait until the end of the auction cycles that characterize group-buying market mechanisms. More importantly, he argues that the transaction volume on group-buying sites is much smaller than those of the traditional discount stores, which makes it difficult for group-buying sites to compete with retail giants such as Wal-Mart and Target. This smaller volume also makes it unlikely for group-buying sites to secure better wholesale prices with their suppliers because of the latter’s risk of losing bigger clients.19 As a result, with the low prices and nearly instant gratification offered by discount offline and online retailers, consumers may not wait to see how the final prices turn out on the group-buying sites.* As a promising business model that has many obstacles to overcome, how, in retrospect, should we understand the efficacy of group-buying discounts on the Internet? With this overall concern in mind, we address the following four questions: 1. What are the innovations associated with group-buying business models in Internet-based selling? 2. How can we characterize the operational aspects of dynamic pricing mechanisms for group buying? To what extent do different firms illustrate the various approaches? 3. What is the overall quality of these firms’ business models relative to other new business models for Internet-based selling? 4. What conclusions can we draw about their competitive sustainability in light of competitive forces that exist in the marketplace?

6.2 THE BASICS OF GROUP-BUYING MODELS IN E-COMMERCE We next discuss group-buying models in Internet-based selling in greater detail. We first describe the market mechanisms, and then consider the core value proposition they offer to their participants. * For a perceptive and prescient discussion of the likely shakeout in the group-buying marketplace, the interested reader should see the occasional columns by the staff writers at Gomez Advisors, including Margaret Juergens,20 Mark Gambale,13,21,22 and Martin DeBono.23

SL3054_frame_C06 Page 103 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

103

6.2.1 THE MARKET MECHANISMS Pricing to match buyers and sellers is an important function of a market.7 In the bricks-and-mortar world, posted pricing mechanisms, where retailers display the prices they ask for the merchandise and consumers decide whether they would accept the prices, have been the dominant pricing strategies. Under dynamic pricing mechanisms, however, buyers are no longer left with this take-it-or-leaveit decision. They can actively negotiate with the sellers to reach a satisfactory price. For example, buyers in online auctions, such as we have seen at eBay, place their bids and the final transaction price is the highest price offered at the end of the auction. At Priceline, consumers can name their own price for airline tickets and hotel rooms. Based on the demand from consumers and their assessment of their own supply of perishable assets, sellers then can decide whether they will accept the prices. What makes dynamic pricing different from posted pricing strategies is that, with the wide network connection and lower operation costs enabled by technology, consumers become more active in the price discovery process, resulting in a greater likelihood for transactions to occur and for higher market efficiency and effectiveness. As a special instance of dynamic pricing mechanisms, group-buying discounts allow buyers to aggregately determine transaction prices and take advantage of the savings that a seller can offer in the presence of many buyers of the same product. This is how it usually works on group-buying Web sites. A product is put on sale on the company’s Web site with a specified starting and ending time for what they typically call an auction cycle. As more buyers join the group to purchase this product, the price drops from the starting price according to a predetermined price change trajectory. Some Web sites reveal this price change trajectory and some do not. The auction cycle can also end before the specified ending time if a maximum number of units have been sold. At the end, everyone who participated in the cycle will be charged the same final low price, even if some of them indicated a willingness to buy earlier at a higher price.

6.2.2 THE VALUE PROPOSITION ON THE INTERNET

FOR

GROUP BUYING

The primary value proposition of group-buying business models to consumers is the lower prices they can provide, due to the buyers’ collective bargaining power. By accumulating a large number of orders in a short time, group-buying Web sites claim they can negotiate low prices with manufacturers and suppliers and then pass these savings on to their customers. On these Web sites, the starting prices are typically higher than the prices charged by discount posted-price merchants, reflecting their lack of purchasing power with suppliers in the face of small order quantities. However, prices drop as more people buy. When enough people join an auction cycle, it is possible that the final price will be lower than the lowest price charged elsewhere. In fact, just as the name “group-buying” tells us, if purchasing does not reach a critical mass, the preconditions for the success of this kind of business model will not be in place.

SL3054_frame_C06 Page 104 Tuesday, November 20, 2001 8:57 AM

104

The E-Business Handbook

6.3 BUYER BEHAVIOR AND MARKET COMPETITION IN GROUP BUYING We now turn to a discussion of how buyer behavior works in group-buying marketplaces, and the extent of the competition observed among firms that apply the various kinds of business models that characterize this kind of buyer services on the Internet.

6.3.1 BUYER BEHAVIOR UNDER THE GROUP-BUYING MARKET MICROSTRUCTURE Group-buying business models are representative of innovation in the context of Internet-based selling. But they also give rise to the following five interesting aspects of consumer behavior: anticipation of falling prices, a group-buying mentality, the potential presence of a price threshold effect, a reservation price effect, and wordof-mouth-induced behavior. The Anticipation of a Price Drop. The starting prices on group-buying sites are usually higher than the prices of online discount stores, such as Buy.com (www.buy.com). However, we need to ask why people still place orders at these higher prices. Is this behavior irrational? Or is it the result of asymmetric information, indicating that the consumer is at some kind of informational disadvantage, despite the power of the new technologies for search support that have become ? Or what else? We believe that potential buyers anticipate that prices for a given product offered during a Mercata or MobShop auction cycle will drop in the near future. And it is this anticipation of a price drop that motivates them to make their purchase so as to facilitate the process in which prices drop from discount price tier to discount price tier. The Group-Buying Mentality. The second aspect of consumer behavior is the group-buying mentality. Research on network externalities indicates that the utility a technology adopter obtains tends to increase as the number of network adopters increases.24–27 This higher utility, in turn, shifts the demand curve for a technologybased product, resulting in the adopter’s (or buyer’s) higher willingness-to-pay.28 This phenomenon is called a demand-side network externality. Due to the size of a group of buyers and the price-demand relationship inherent in this market microstructure, buyers will indirectly benefit from other people’s participation in the market, another indication of the presence of a beneficial externality. Previous research has used current installed base or expected installed base to quantify the impact of network externalities on a potential adopter’s decision to adopt.29,30 As a result, in the presence of group-buying market microstructure, ceteris paribus, potential buyers will be more likely to place their orders as the size of the buying group increases. The Price Threshold Effect. A third aspect of consumer behavior is what we call the price threshold effect, an expectation on the part of potential buyers that we observed in our empirical research on MobShop’s market microstructure and performance.31 At MobShop, the current price was displayed along with a price drop scheme that was determined by current order quantity. We expect more orders to be placed right before and after each price drop, as shown in Figure 6.1.

SL3054_frame_C06 Page 105 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

105

Oi Price Threshold

# New Orders

Oi

Oi+1 Price Threshold

Oi+1

Time

FIGURE 6.1 Price threshold effect. Note: Oi and Oi+1 are the starting and ending total order quantities for discount price-tier i. We expect more new orders right before and after price changes at Oi and Oi+1 and fewer new orders to arrive in between, as shown in the figure. (Adapted from Kauffman and Wang, 2001.)

We explain this phenomenon as follows. When the number of orders needed to reach the next price tier is smaller than some threshold number of bids, potential shoppers will form the expectation that price will decrease in the near future. At this time, if these consumers’ reserve price is no less than the next lower price and they are not risk-averse, they would simply place their orders to facilitate the price drop process. On the other hand, if these consumers are risk averse, they may wish to wait — unless the price actually changes — to place their orders. Using a timeseries of data collected from auction cycles on an Olympus digital camera at MobShop during the second quarter of 2000, we found a significant before-price-drop effect, but no significant after-price-drop effect.31 The “Save-a-Spot” feature at MobShop allowed shoppers to place conditional bids at lower price tiers if they were dissatisfied with the current price. This created a win-win situation for both the firm and its customers. By placing conditional bids, consumers would be added to the group only when the price actually dropped to their specified reserve prices. Thus, they did not incur the risk of buying at prices higher than they were willing to pay. However, with conditional bids at the next lower price tier, the number of orders needed to reach the next price drop decreased. This way, if there were a sufficient number of conditional bids arriving, this would also have the effect of driving the price down — even if no new orders were placed at the current price level. This tended to create a basis for higher market efficiency and effectiveness. And so we see that, under the group-buying market microstructure, consumers have the opportunity to collaborate with each other to get lower prices, instead of simply bidding against each other in auctions. Hence, consumers have the incentive to recruit other shoppers.

6.3.2 COMPETITION

IN THE

GROUP-BUYING MARKET

To realize the low price value proposition to their customers, group-buying firms face challenges from four different quadrants: suppliers, competitors, consumers and the marketplace for e-commerce investment opportunities. To provide shoppers with low prices, group-buying sites first need to negotiate low prices with manu-

SL3054_frame_C06 Page 106 Tuesday, November 20, 2001 8:57 AM

106

The E-Business Handbook

facturers and distributors, or retailers. As Gottlieb32 points out, because of the low transaction volume on these sites compared with bricks-and-mortar retail chains, it is unlikely that they can get lower wholesale prices than other low-price-all-thetime sellers off the Internet. He argues that group-buying sites such as Mercata and MobShop were able to offer lower prices because of their lower overhead costs by operating only on the Web and by piggybacking on the manufacturers’ strategy to use these sites to price discriminate. However, the lower overhead for online merchants is not an exclusive advantage to group-buying sites. Web sites such as Amazon.com and Buy.com also have lower operational costs than bricksand-mortar stores, and they represent significant competition, albeit with different selling strategies on the Internet in mind. Moreover, buying at these Web sites involves no extensive waiting time, providing consumers an additional advantage in terms of immediate purchase.22,23 With these considerations in mind, then how should group-buying sites compete with offline and online retailers? MobShop’s answer to this question was to play the role of a pure intermediary and ask its suppliers to fulfill customers’ orders. It made money by taking a certain percentage cut of each sale. However, even with their innovative and attractive business models for Internet-based selling, group-buying sites still face the problem of obtaining market attention. In the competition with other online merchants for market participation, group-buying sites need not only a critical mass of consumer patronage and interest, but also a significant amount of transaction volume so as to be able to profitably deliver on their low price guarantee. If they cannot reach a critical mass of users and sales volume, then it will be difficult for the group-buying business model to bring the customers of the firms that adopt it the savings they expect.

6.4 A FRAMEWORK FOR COMPARING GROUP-BUYING WEB SITES In this section, we examine a number of companies that have implemented groupbuying business models on the Internet. They are actBIG.com, CoShopper, C-Tribe, DemandLine, Let’sBuyIt.com, Mercata, MobShop, OnlineChoice.com, PointSpeed.com, SHOP2gether.com, VolumeBuy.com, and Zwirl.com. Rugullies17 compared Mercata, MobShop, actBIG, and Zwirl using two different criteria: the auction cycle initiator, and the demand aggregation mechanism. We add an additional dimension for customers targeted and compare the group-buying Web sites in Table 6.2. Based on our survey of the group-buying Web sites listed above, we identified two primary kinds of customer-targeting strategies: business-to-consumer (B2C) and business-to-business (B2B). The B2B category is actually somewhat broader than how we have defined it, as the table shows, because, in addition to including small to medium-sized businesses, it also includes education and government procurement (e.g., SHOP2gether and MobShop). We also distinguish whether a buyer or a seller initiates the auction cycle. For seller-driven sites such as Mercata and VolumeBuy, suppliers maintained full discretion to decide on the products that were offered for

SL3054_frame_C06 Page 107 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

107

TABLE 6.2 A Comparison of Group-Buying Web Sites Customers Targeted Group-Buying Site Name ActBIG.com

B2C Emphasis ■ (past)

CoShopper

■

C-Tribe.com DemandLine.com LetsBuyIt.com Mercata.com

■

MobShop

Online Choice

Small business, software Small to midsize business, software

SellerDriven

■ ■

■ (past)

■

SHOP2gether ■ ■ (past)

BuyerDriven

■

Destination Site

■

■

■ ■

■ ■

■

■

■

■

Distributed Service ■

■

■

Small to midsize business, gov’t Small to midsize business, gov’t (present) Small to midsize business Small to midsize business Education, gov’t Software Software (present)

Aggregation Method

■

Small to midsize business

PointSpeed

Volume Buy Zwirl

B2B Emphasis

Auction Cycle Initiation

■ ■

■

■

■

■

■

■

■

■ ■ ■

■

■

Note: Mercata launched its Mercata Marketplace in November 2000, permitting sellers to initiate their own PowerBuys by listing their own merchandise for resale. Although one may think otherwise, we still categorize this firm as being seller-driven, because the Mercata Marketplace existed for only a couple of months, and never really had a chance to gain critical mass. In addition, Online Choice entered into an operating alliance with Mercata during September 2000, to share group-buying members across their distinct product bases.33

sale. At buyer-driven sites such as actBIG and Zwirl, however, consumers could propose the products they wanted but that were not available. Suppliers then decided whether they wished to provide the merchandise. Still other sites were or are now hybrids, in some cases, permitting sellers, and in other cases, buyers to initiate auction cycles and select what is to be bid upon (e.g., OnlineChoice, SHOP2gether and PointSpeed).

SL3054_frame_C06 Page 108 Tuesday, November 20, 2001 8:57 AM

108

The E-Business Handbook

Finally, we note that the demand aggregation approach can be determined by whether the Web site is a destination site or a site with a distributed-service model. Destination sites are able to attract business and users by themselves, without having to be embedded in other Web sites to ensure that a sufficient number of users materialize. For sites such as MobShop and actBIG that used a distributedservice model, they offer group-buying services on their partners’ Web sites and their own. Using a distributed-service model, group-buying sites can increase their exposure to traffic on partner Web sites, obtaining higher transaction volume. The simpler of the two approaches is simply to list and transact in the context of a single Web site. We recognize these variations among the group-buying firms that we examined as well. We now turn to a more in-depth discussion of several firms, to provide answers to some of the research questions that we laid out at the outset in this chapter.

6.4.1 MERCATA.COM Mercata, a Bellevue, Washington-based group-buying company was 54.7% owned by Microsoft co-founder Paul Allen’s Vulcan Ventures. It was started up in September 1998, and its Web site went live in May 1999. Along with MobShop, Mercata was among the first Web sites to provide the innovative and new groupbuying service to Internet users. At the height of its success, the company offered consumer electronics, computers, home appliances and household goods, jewelry and other merchandise using both fixed and dynamic prices. Business Model. Using the slogan “the more people who buy, the lower the price,” Mercata allowed its buyers to aggregate their purchase volumes and to obtain lower prices using a mechanism they trademarked as a “PowerBuy” auction cycle. For products listed in PowerBuy auction cycles, prices dropped in small decrements as more orders were placed. Figure 6.2 shows a PowerBuy auction cycle for a Nikon digital camera on Mercata. The only product information that we found on the page was the brand name, model and pixel resolution of the camera, along with a picture. In the PowerBuy Summary box, three prices were listed: the list price (usually the MSRP), the starting price and the current price. The difference between the list and the current prices gives a potential buyer an idea of what savings, below list price, are available. In addition to the price information, visitors to the page also could view the starting and ending time for the current auction cycle. If buyers were not satisfied with the current price, they could also use the feature “make an offer” to specify their reserve price. This way, they would be added to the buying group only when the price actually dropped to their reservation price. The product-offering page on Mercata was lean in terms of the information it provided. Potential buyers were unable to get detailed product features, specifications and warranty information from the Web site, and were required to go elsewhere for this. The company also appeared to have designed the price change process as a “black box” for buyers. As a result, people visiting the site would not be able to tell how the price was going to change according to the number of units sold and how low the final price would be. Products not listed in a PowerBuy auction cycle could be purchased only at their posted prices.

SL3054_frame_C06 Page 109 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

109

FIGURE 6.2 A PowerBuy Web page at Mercata.com. Mercata endows the buyer with relatively little information. Its Web page provides only information about the starting price for an auction cycle, and what the savings level is for the current price tier that has been reached. The potential buyer obtains no information about the number of price tiers, and the lowest possible price that may be reached. The starting price for the auction, in this case, is clearly shown to be less than the list price. Whether the real savings level is $95.03 is debatable, because many other Internet-based sellers probably offered the same product for less than list price during the same time frame. The reader should also note that the end of the auction occurs either at the posted date and time “or when the supply runs out.”

Mercata’s group-buying business model caused quite a stir in the business community, because it offered a new way of freeing up the long-standard reliance on posted prices for consumer purchases of commodity products. Pricing in Internetbased selling would never be the same after Mercata. The company’s business model was featured in magazines such as Forbes.34 Newsweek,19 and BusinessWeek,35 and the popular business press for the most part applauded the group-buying site as innovative and promising.* Mercata pursued a multimillion dollar advertising campaign to turn its group buying into a well-known brand identity. It also employed a slogan, “Down is Good,” in an ad campaign that won the firm two “Telly Awards.”37 This helped educate consumers on the collective bargaining power of Internet users. By aggregating their purchase power, according to Mercata, consumers could obtain the volume discounts that were traditionally the privilege of bulk buyers.* Mercata experienced considerable growth in 1999 and early 2000. Randy Nargi, the company’s vice president of marketing, reported more than 10,000 participants in some of their largest buying groups.38 By eliminating suppliers and dealing with manufacturers directly, Mercata was also able to negotiate lower prices and pass these savings on to the consumers. The market perceived the company to be per* To get a sense of what the counter arguments were regarding the success of the group-buying Web sites, the interested reader should see Mullaney36 in BusinessWeek and Patsuris34 in Forbes.com. For example, Patsuris comments: “Experts predict that when group buying does catch on it won’t be on a destination site. They expect the group shopping process to be adopted by portals and other sites that are already up and running, spreading the same way that auctions did.”

SL3054_frame_C06 Page 110 Tuesday, November 20, 2001 8:57 AM

110

The E-Business Handbook

forming well during its first year of operation on the Internet, enabling Mercata to file for an initial public offering of stock totaling $100 million in March 2000.15 By the late third and early fourth quarters of 2000, however, there were rumors of increasing difficulties at Mercata. Chief among the difficulties reported was the “burn rate” of the firm’s capital. During the year, the firm managed to go through about $89 million in capital, largely to support its advertising and operating infrastructure investment and to pay its growing workforce.39 Analysis. Although Mercata would subsequently fail, as we reported earlier in this chapter, and a lack of additional funding was cited by the firm’s senior management as an important reason for the failure,3 closer examination of the groupbuying business model implemented by Mercata reveals problems that needed to be recognized sooner. 1. Group buying, as Mercata learned, is a complex buying mechanism from a consumer perspective, and, as a result, it takes group-buying Web sites time, effort and financial resources to educate their customers and develop a large following. Because the formation of a large group — what economists often call an installed base of users or critical mass in the network — is essential to the success of this business model, customer acceptance and participation in the market become even more important. 2. Mercata also faced the dilemma of choosing between emphasizing the development of a wide product selection and the formation of large group sizes. Unlike posted-price online merchants such as Buy.com (www.buy.com), where consumers can find just about any product they are hoping to purchase in the popular categories, Mercata tended to offer only limited product selection within each category. Right from the start, this constrained its capability to cater to the diverse preferences of consumers. On the other hand, broader selection of products also meant a smattering of orders across the various products in the same category. This would have the impact of diminishing the number of buyers attracted to any given sale item, resulting in smaller buying group sizes and less savings for consumers. Mercata’s challenge, then, was to achieve an appropriate balance, not an easy task. 3. It was difficult for a potential buyer to make a purchase decision based only on the limited product information that was available on Mercata’s Web site. To get information such as product features and specifications, and to do a good job of comparison shopping, a consumer was forced to either visit the manufacturer’s Web site or go to another online merchant. If the other online retailer offered the same or better products at reasonably competitive prices, Mercata bore the risk of losing sales. 5. Mercata’s marketing strategy also created a significant financial burden. The firm purchased full-page advertisements in the Wall Street Journal and New York Times, and issued $100 in shopping vouchers for purchases on Mercata to attract new customers. Both proved to be very costly for the firm.

SL3054_frame_C06 Page 111 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

111

FIGURE 6.3 Mercata’s shutdown announcement, January 2001.

Looking for ways to succeed, Mercata launched the Mercata Marketplace in November 2000. The intent was to allow sellers to initiate their own group-buying auction cycles by offering their own products to Mercata’s installed base of users. The end came in January 2001, when Mercata posted a message on its Web site, indicating that, in spite of its prior status as a high-flying DotCom company, it was unable to raise additional capital or reorganize itself in a way that gave investors sufficient confidence to take it forward. (See Figure 6.3.) The former market leader in group buying on the Internet was suddenly a player no more.

6.4.2 MOBSHOP.COM MobShop is a San Francisco-based, group-buying service provider. The firm was founded in October 1998 as Accompany.com, and launched its initial group-buying Web site in March 1999. In March 2000, the firm changed its name to MobShop.com.14 Business Model. When it initially positioned itself as a B2C group-buying Web site, MobShop offered computers, PDAs, consumer electronics, software, movies and computer games using an approach for group buying that was called “buying cycles.” A buying cycle essentially operated as a call market, with a fixed time period for buyers to make bids and some flexibility as to how many units of a specific sale item would be sold. The bulk of the sale items was the typical commodity products that one might associate with the core of Internet-based selling activities over the past several years (with the exception of books). Similar to Mercata, prices at MobShop dropped as more people bought. However, the difference, as we pointed out earlier, lay in the buyer’s information endowment. MobShop offered more information on its buying cycle pages for the products it sold, assisting buyers to make more informed purchase decisions. Figure 6.4 shows an auction cycle page for a Kodak digital camera. Along with the product name and model number, a brief description about the product features was also available. The most interesting aspect of the MobShop version of group buying was its price drop trajectory histogram. With four price

112

FIGURE 6.4 A group-buying auction cycle at MobShop. MobShop’s Web page endows the buyer with more information. It shows MSRP, the starting price, the price levels for the different discount price tiers, the number of buyer bids that must be received at a price level to drop down a price tier, the number of buyers in cycle, the current price in the auction and the savings so far. Notice that a MobShop auction cycle also may close before the listed time if the maximum number of buyers has been reached. Finally, we also see the typical “four-step-to-maximum-discount” approach that MobShop used.

SL3054_frame_C06 Page 112 Tuesday, November 20, 2001 8:57 AM

The E-Business Handbook

SL3054_frame_C06 Page 113 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

113

tiers below MSRP, the histogram told buyers how the price was going to change according to the number of units sold. In the case of the Kodak DC290 digital camera depicted above, the initial listing was $899. However, the bidding started at $689.95, and not the MSRP. The price remained the same until the number of orders reached 26, which, in turn, drove the price down by another $10 to $679.95. Thereafter, the price would be $679.95 for 26 to 200 orders, $659.95 for 201 to 500 orders, and $649.95 for 501 to 1001 orders. Combining this price change histogram and the number of orders placed, potential buyers were able to gauge the progress of the auction cycle. Even though MobShop specified the starting and ending time for its product offerings, it still was possible that an auction cycle might actually end earlier if the maximum number of orders was reached. In addition to this kind of basic product and auction cycle information, MobShop also offered features such as “save-a-spot,” “buyer flash” and “click-and-tell.” (See Figure 6.5.) If consumers were not satisfied with the current price, they could save a spot at any of the lower price tiers. This conditional bid guaranteed that the consumer would not be added to the buyer group unless the price reached their reserve price. The “Buyer Flash” service provided consumers with an e-mail reminder when the price

FIGURE 6.5 MobShop Marketplace’s “save-a-spot” and “click-and-tell” features. When a potential buyer clicked on the “click-and-tell” feature button, it provided access to a screen with blanks for the e-mail addresses of people known to the potential buyer who could be contacted by MobShop via e-mail to notify them of the opportunity to buy a given product during the current auction cycle. The “save-a-spot” feature provided the potential buyer with a mechanism to represent a reserve price for the sale item.

SL3054_frame_C06 Page 114 Tuesday, November 20, 2001 8:57 AM

114

The E-Business Handbook

reached a specified level, or when a certain amount of time was left in the cycle. Because of the opportunity to leverage the “word-of-mouth” effect with its groupbuying business model, MobShop also provided a “click-and-tell” facility, so that visitors could easily send e-mail to their friends. Because of its innovative group-buying business model, MobShop was named as a finalist for the MIT Sloan School of Management’s E-Business Award in March 2000.40 In the same month, the firm also was nominated for having the best e-commerce Web site at the Webby Awards.41 Then, in July 2000, MobShop was ranked fourth among the top 50 private e-commerce companies by a WIT SoundView corporate study.42 In addition to the attention MobShop received from the business community, consumers also showed a tremendous interest in MobShop’s group-buying service. For example, in the 3-month period from January to April 2000, the number of registered users at MobShop increased from 37,000 to 132,000. When the company started accepting orders, there were just about 20 to 25 orders for a product. But by March 2000, they were accumulating 1000 orders for Palm V PDAs in just 36 hours. The average buying-group size for their top selling products also increased from less than 100 to several hundred, a clear sign of growing critical mass. Analysis. MobShop’s early success can be attributed to its careful design of its business model. 1. By illustrating the relationship between order quantity and price using the price trajectory, MobShop gave potential buyers more information about how their orders would facilitate the price drop, creating the impetus for additional orders. 2. Due to the demand externalities in the group-buying setting, a large group size shown on the product cycle page indicates high market interest and possibly more savings by the end of the auction cycle. This tends to motivate potential buyers to place their orders. Additional orders placed would further attract new shoppers, resulting in a positive feedback loop.27 3. The “save-a-spot” feature allowed buyers to place conditional bids without incurring any risk, which increased the perceived effectiveness of the market. After a buyer saved an additional spot at the next lower price tier, the number of orders needed for the next price drop decreased by one even though the group size did not change. This way, if enough spots were saved, it could drive the price down even if no additional orders were placed. 4. The “click-and-tell” feature on the MobShop Web site leveraged the wordof-mouth effect and let potential buyers recruit new customers for the company. Mark Melville, MobShop’s Senior Director of Corporate Development, indicated that, unlike some of its competitors, MobShop did not spend large sums of money on advertising. The “click-and-tell” feature worked well for the company in terms of acquiring new customers. 5. MobShop saved money by not maintaining a physical warehouse to fulfill the orders. The company took a 3 to 10% cut of each sale and did not

SL3054_frame_C06 Page 115 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

115

need to maintain a warehouse. Instead, MobShop prenegotiated prices at volume discounts with its suppliers and passed the orders on to its suppliers for fulfillment. This way, the firm carved much of its supply chain out of its own business process. But, beginning in the summer of 2000 and paralleling the expectations of industry analysts and e-commerce journalists, MobShop started to lose steam. Participation in its auction cycles was down. For example, group sizes for popular products dropped from several hundred back to fewer than 100. The firm’s product variety available to buyers also decreased. We believe the following three factors were a force: 1. Even though the strategy of not having a warehouse saved money for MobShop, it also posed constraints on what the company had to offer its customers. Melville referred to this as a “chicken and egg” problem: “Suppliers aren’t willing to give aggressive pricing until you can show there is the demand there. Buyers won’t come until they see there’s a good pricing scheme, a value proposition for them.”* When MobShop was growing rapidly, the positive feedback loop between volume and price gave the company greater leverage for success. But, once new demand was no longer there, a negative feedback loop began to occur. This eventually left the MobShop’s Web site with just a handful of orders and much less evidence for potential buyers that any critical mass remained. Moreover, requesting retailers and distributors for order fulfillment prevented MobShop from having full control in product deliveries. As a result, they were more prone to delayed and damaged shipments. Things became even worse when it came to returns and exchanges of products purchased, because MobShop also outsourced its 1-800 customer support. The consumer complaints about MobShop at Gomez.com evidenced the frustrations consumers had in their dealings with MobShop.43 In a market that had fierce competition and high customer acquisition cost, MobShop apparently was at a disadvantage when it came to transforming first-time buyers into repeat customers. Just how did MobShop go from being in “high gear” to running “out of gas”? This is primarily explained by a second factor: competition coming from other online merchants. As Melville pointed out when we interviewed him, price competition on the Internet has become fierce and many companies have used setting low prices as a customer acquisition strategy. As a result, MobShop was no longer able to attract shoppers using prices that permitted it to earn an acceptable margin. 2. An outdated product selection at MobShop also appeared to play a role in the diminished interest from the market. According to our observations of new order arrivals at MobShop’s Web site, the most popular items were products that were in the prime of their growth in the market, including * From a telephone interview by the authors with Mark Melville, February 1, 2001.

SL3054_frame_C06 Page 116 Tuesday, November 20, 2001 8:57 AM

116

The E-Business Handbook

PDAs, MP3 players, digital cameras, DVD players, and newly released DVD movies and video games. After a new product in these categories was put on MobShop’s Web site, we saw a surge in the buying-group size. However, manufacturers continually introduced new models of the same basic product, so that a once-popular item might garner less and less interest over time. Based on what we observed, it is clear that a requirement for growing consumer interest in group buying is to be selling the right products. Ultimately, it became increasingly hard for MobShop’s senior management to grow the business on the B2C side, due to all the other competitors in the marketplace and the growing recognition among consumers of the frustrations associated with transacting in group-buying electronic markets. Along the way, MobShop did try out a few innovations on the B2C side, as it developed its new strategies for software licensing and the B2B side of group buying. For example, in spring 2000, MobShop sold ten new Toyota Camrys for two California automobile dealerships using the group-buying approach.44 But this was not enough. Finally, faced with higher costs and declining chances for success, in January 2001, the company ceased its B2C operations, and fully repositioned itself as a group-buying software licensing firm.3,4,18

6.4.3 LETSBUYIT.COM One of the two European firms among those we examined in the group-buying sector on the Internet is LetsBuyIt.com, which was founded in Sweden in January 1999. Its Web site went live in Sweden in April that year and, by August, became available in Denmark, Finland and Norway. In October, the LetsBuyIt.com network expanded to Germany and the United Kingdom, and then, in the first half of 2000, to Austria, Netherlands, Spain, Belgium, Italy and Switzerland. As of the end of late 2000, 14 national Web sites had been established (although only four of them are now active due to a restructuring of the firm to achieve profitability), and there are almost 1.2 million registered users. LetsBuyIt.com acts as a vendor of 150 internationally known brands, including Pentax, Pioneer, Nikon, Logitech, Aiwa, and LG, among others. The firm’s product diversity is greater than what we saw with MobShop and Mercata, including some 50,000 products and services, and the emphasis is on the sale of high-quality and medium- to high-priced goods having known brands. Business Model. LetsBuyIt.com calls its group-buying model the “co-buying” approach, and it is very similar to what we have seen with the other firms whose dynamic pricing models we have already reviewed. Figure 6.6, which shows a cobuying auction cycle for a Universal Full Suspension Stinger Mountain Bike, illustrates the basics of how it works. The co-buy auction cycle Web page shows a range of useful information. For this mountain bike, the lowest price tier is £115, which requires no fewer than five buyers. The posted comparison is to an average retail price of £140, and there are three steps to the deepest discount. The cycle has almost 1 week left to run, and delivery is indicated to occur within 10 days of when the transaction is finalized. Of special

SL3054_frame_C06 Page 117 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

117

interest to us is the presence of two choices for the terms that buyers set for their purchase. The marked choice is, “I want to buy at the best price only,” in other words, the lowest price reached in the final price tier. Checking this box makes the bid act as a limit order or conditional bid, because it will only be filled if five or more people join the co-buy group. The second choice, “I will buy at the price reached when the co-buy closes,” indicates that the buyer will choose to transact no matter how low the price goes, and that the price at which the bid occurred is an acceptable one. The LetsBuyIt.com co-buy facility also includes a “Click-and-Tell” feature that is similar to the one used by MobShop. Note the words in the figure above: “Tip your friends and lower the price.” It turns out that this enables the potential buyer to provide information about ten friends who may be interested in the co-buy opportunity, creating some positive likelihood that the co-buy price will decline to the next price tier. Figure 6.7 shows the “Tip-Your-Friends” tool in LetsBuyIt.com that is obtained in the context of an auction cycle for a Canon MV3000 Camcorder. Another interesting aspect of the capabilities that LetsBuyIt.com offers is its “Suggest-a-product” feature. (See Figure 6.8.) This feature emphasizes the approach that the firm has taken to balancing buyer and seller initiation for the transaction of sale items. “Suggest-a-product” enables potential buyers of an unlisted product to initially search to determine whether the product they had in mind to suggest has been suggested by other shoppers via the “Search suggestions” box. If the product is already listed as a suggestion, similar to what is shown in the “Top suggestions” box that accompanies the product suggestion screen, the next step is to click on the item (in this case, we demonstrate with the Canon Ixus II APS Camera) and cast a vote. (See Figure 6.9.) Based on what we saw with respect to MobShop and Mercata, this group-buying Web site appears to offer both enhanced functionality and better balance and responsiveness to buyer interests, as opposed to a primary emphasis on the sellers’ interests only. Next, we analyze how well this firm did in the marketplace, with the experiences and analysis we conducted of other American firms in mind. Analysis. In comparison with the American firms we have discussed, LetsBuyIt.com was in a relatively enviable position. It ranked among the top ten Internetbased sellers in Europe during 2000, and grew a very large installed base of cobuying participants through the first half of the year. (See Table 6.3 and Figure 6.10.) In addition, LetsBuyIt.com was able to increase the value of the average co-buy purchase on its Web site from EUR 64.00 to EUR 167.00 from January to June in 2000. (See Figure 6.11.) But, similar to some of the other firms we have discussed, the company also ran into trouble in the third quarter as the novelty of its service began to wear off, and consumers became more knowledgeable about how to efficiently shop on the Internet. The costs LetsBuyIt.com was incurring to migrate its operations to 14 European countries grew rapidly. The growth in installed base of users required the costly localization of software for a number of languages (e.g., English, German, Spanish, French, Swedish, Norwegian, Danish, etc.) The firm had some difficulties doing an initial public offering of stock at an attractive price. When it finally did issue stock, it turned out that the EUR 62.3 million in capital that it netted in the marketplace was insufficient to see it through to the end of the year.46 In December 2000, LetsBuyIt.com notified its investors and customers that it was halting operations,

SL3054_frame_C06 Page 118 Tuesday, November 20, 2001 8:57 AM

The E-Business Handbook

FIGURE 6.6 The co-buying mechanism at LetsBuyIt.com.

118

SL3054_frame_C06 Page 119 Tuesday, November 20, 2001 8:57 AM

119

FIGURE 6.7 The “Tip-your-friends” feature for co-buying at LetsBuyIt.com.

Bid Together, Buy Together

SL3054_frame_C06 Page 120 Tuesday, November 20, 2001 8:57 AM

The E-Business Handbook

FIGURE 6.8 LetsBuyIt.com’s “Suggest a product” feature.

120

SL3054_frame_C06 Page 121 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

121

FIGURE 6. 9 The LetsBuyIt “Top Suggestions” box and “Suggestion Vote” Web page. The screen that permits the user to cast a vote for having LetsBuyIt.com offer the product also provides a response box that enables the company to sample how long a potential buyer is willing to wait (e.g., 2 weeks, 1 or 2 months) for the product to be sourced and offered as a co-buy. This provides a useful source of information to enable the firm to be responsive to its customers. The implication is that LetsBuyIt.com would source the most demanded products with the shortest willingness to wait on the part of the potential buyers.

pending bankruptcy reorganization.47 The company’s restructuring plan enabled it to bring in an additional EUR 53 million however, the new board required that the firm’s operations be scaled back significantly.48

6.4.4 OTHER GROUP-BUYING WEB SITES In addition to those discussed above, a number of other group-buying Web sites are worthy of discussion. They include actBIG.com, DemandLine.com, OnlineChoice.com, PointSpeed.com, SHOP2gether.com, VolumeBuy.com and Zwirl.com, which once provided or are still providing group-buying services on the B2B and B2C sides. As we show below, the products and services offered by these group-buying Web sites differed considerably, and not all of them have fared well in the marketplace.

SL3054_frame_C06 Page 122 Tuesday, November 20, 2001 8:57 AM

122

The E-Business Handbook

TABLE 6.3 The Top Ten Internet-Based Sellers in Europe, August 2000 Rank 1 2 3 4 5 6 7 8 9 10 -----

Firm Name Amazon.de Amazon.com Amazon.co.uk Jungle.com Bol.de FNAC.com LetsBuyIt.com Handy.de ShopSmart.com Quell.de All WWW Sites All retail sites

Unique Visitors 1,253,000 1,213,000 1,086,000 495,000 475,000 419,000 404,000 380,000 347,000 326,000 23,497,000 10,400,000

Source: www.LetsBuyIt.com, March 2001.

FIGURE 6.10 Number of LetsBuyIt.com Co-Buy purchasing members (000s). (Source: www.letsbuyit.com, March 2001.)

ActBIG.com (Etrana Inc.) New York City-based actBIG.com was founded in 1999 to provide group-buying and reverse auction services in many product categories, including airfare, hospitality services and vacation packages. Compared with MobShop and Mercata, actBIG.com was more buyer-driven and allowed buyerinitiated group-buying cycles. If shoppers were not able to find the products they wanted, they could submit a proposal to the suppliers with the prices they were willing to pay. The merchants would then decide to either offer the products or make

SL3054_frame_C06 Page 123 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

123

FIGURE 6.11 Average transaction value at LetsBuyIt.com (first half of 2000, in Euros).

a counter offer. Even though actBIG had a wide variety of product categories, there were few sales in many of the categories.16 Unable to sustain its B2C business model, actBIG changed its name to Entrana.com (www.entrana.com) and is now providing franchise systems services and group-buying technologies to businesses. CoShopper.com. Norway-based CoShopper.com (www.coshopper.com) is LetBuyIt’s competitor in the European group-buying B2C market. Founded in 1999, CoShopper now maintains a presence in six European countries (United Kingdom, Norway, Spain, Germany, Sweden and Portugal), two South American countries (Brazil and Chile), three Asian countries (Singapore, Japan and Malaysia), as well as Australia. By participating in “CoShop cycles” that usually last for 1 to 2 weeks, buyers at the site can obtain collective savings in product categories such as consumer electronics, computer hardware, home and garden, and sports and leisure. Maintaining a similar information structure to LetsBuyIt, CoShopper displays the price drop trajectory and the total number of orders placed. Shoppers can also place conditional bids at lower prices if they are not satisfied with the current offering. A feature called “Ti -Friends” allows consumers to send e-mails to friends informing them about CoShop cycles going on at the site. Employing a zero inventory policy, CoShopper outsources its order fulfillment through two European logistics firms, iForce and Parcel Force, and charges shoppers a fixed delivery fee. Expanding into the B2B market, CoShopper now offers group-buying services in France, Sweden and Norway in the business procurement sector. However, it has been unable to maintain its B2C operations in Singapore, Malaysia and Chile, so CoShopper now provides only e-commerce solutions in these three countries. C-Tribe.com. Founded in 1998, San Francisco-based C-Tribe.com focused solely on the group buying of offline retail gift certificates, making it unique among all the group-buying firms we examined. C-Tribe illustrates the case that group-buying sites may not always be in competition with offline retailers.49 Based on the same concept, “The more people who buy, the lower the price,” C-Tribe promoted bricks-andmortar retail stores, such as Barnes and Noble, Blockbuster, KB Toys, Foot Locker and Darden Restaurants, by offering their gift certificates at volume discounts. It enticed shoppers back to the physical shopping experience.50,51 Following a redesign

SL3054_frame_C06 Page 124 Tuesday, November 20, 2001 8:57 AM

124

The E-Business Handbook

of its Web site in June 2000, C-Tribe provided its customers with access to its services through multiple channels via the Internet, telephone, and hand-held wireless devices.50 In addition, the company’s newsletter, The C-Scribes, gave shoppers up-to-date information on product offerings at the site. Similar to a loyalty program, customers could also earn cash-back rewards by purchasing gift certificates of CTribe’s partner retail stores. Unable to maintain a critical mass of shoppers, C-Tribe appears to have folded in late 2000. DemandLine.com. Targeted at small businesses, San Bruno, California-based DemandLine.com (www.demandline.com) provides group-buying opportunities and reverse auction services on telecommunications, Internet, software support, credit card processing, and human resources services.52 By aggregating the buying power of small businesses, DemandLine helps companies obtain the low prices that are available to large companies.53 However, the mechanism the firm uses does not report prices in real time. Instead, the mechanism is more like a reverse auction in that a potential buyer submits a request for a price and DemandLine acts as an intermediary in the presentation of attractive prices on applicable services. The potential buyer then can decide to arrange for the purchase of the service online, or pursue further discussions with the vendor directly. OnlineChoice.com. Founded in Pittsburgh as ElectricityChoice.com, OnlineChoice was the nation’s first Internet-based buying pool for electricity.54 As the Web site expanded its services, it focused primarily on demand aggregation for services, such as local and long distance phone service, and pure commodity essentials, such as natural gas, electricity and gasoline.55 Participants could join “buying pools,” and, in lieu of observing the operation of an electronic market, OnlineChoice.com periodically approached suppliers to negotiate deals to obtain discounts on behalf of buyers. Although consumers joined a pool, they were not required to purchase the services or products that were offered at a negotiated price. If a deal went through, OnlineChoice.com earned a referral fee by acting as the matchmaker. The range of services offered for group buying and the installed base of consumer and corporate participants shown in Table 6.4. OnlineChoice.com’s positioning from the beginning was in an area that the major brand name competitors, MobShop and Mercata, did not target. However, there have been other companies, especially those that utilized a reverse auction model, that appeared to have been competing in the categories that OnlineChoice.com selected for its emphasis. However, OnlineChoice was unable to build toward profitability in its business, and closed its doors in late April 2001. PointSpeed.com. PointSpeed.com (www.pointspeed.com) was a San Mateo, California-based group-buying purchasing center for small businesses. Functioning as a back-end service provider, PointSpeed differed from the other group-buying Web sites we examined in that its service was available only through its partners. They included such firms as Bizography.com (www.bizography.com) and Wells Fargo (biz.wellsfargo.com). Through its partners’ Web sites, PointSpeed also provided small businesses access to more than 30 retailers and manufacturers such as AT&T, Barnes and Noble, NECX, and Prudential.56 Similar to MobShop, PointSpeed’s profits came from fees charged to suppliers based on transaction volume. However, a lack of market interest caused PointSpeed to discontinue its service in March 2001.

SL3054_frame_C06 Page 125 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

125

TABLE 6.4 Participants in the Services Group-Buying Pools at OnlineChoice.com Category of Service

Number of Consumer Buyers

Number of Corporate Buyers

Electricity Gasoline Health Insurance Home Security Internet Local Phone Long Distance Natural Gas Term Life Insurance Wireless

90,006 106,165 9,759 12,827 12,216 22,327 105,269 39,654 2,563 45,996

242 177 304 — — — 198 179 — 250

Source: OnlineChoice.com. The data for buying-group participation are as of March 20, 2001. This company branded its consumer-side services as OnlineChoice, and its business side services as BusinessChoice. Overall, it reported that it had over 460,000 unique customers.

SHOP2gether.com. Founded in early 1999, San Jose, California-based SHOP2gether (www.shop2gether.com) was among the first to provide group-buying services to small businesses by catering to their needs for office furniture and equipment, travel, employee benefits and corporate gifts. Similar to actBIG, SHOP2gether also functioned as an intermediary to facilitate the product request flow from buyers to sellers. However, different from MobShop’s take-a-sales-cutfrom-the-supplier approach, SHOP2gether assessed a fixed fee from buyers whenever a transaction was made. To seize opportunities in the education procurement market, SHOP2gether introduced the first education-focused group-buying platform in April 2000, partnering with more than 400 vendors with a total sale of $74 billion in the estimated $618 billion education market.57 Now, with a focus on educational institutions and local government, SHOP2gether supports collective purchasing in product categories such as furniture, education technology, office equipment and supplies, and transportation. VolumeBuy.com. Encino, California-based VolumeBuy.com (www.volumebuy.com) is a software company that licenses its group-buying technologies to small and medium-sized businesses. In addition, the company provides group-buying services to consumers on its Web site using three types of buying pools. When they participate in a “Time Power Pool,” consumers are guaranteed a low price based on the amount of time they are willing to wait to make a purchase. The company’s “Flex Power Pool” works like Mercata’s and MobShop’s group-buying business models, in which prices decrease as more people join the pool. Finally, the “Group Power Pool” does not close until a prespecified buying group size has been reached. Then, everyone in the pool will receive the same low group price. The product selection at VolumeBuy

SL3054_frame_C06 Page 126 Tuesday, November 20, 2001 8:57 AM

126

The E-Business Handbook

includes computers and office products, consumer electronics, communication products and services, and vacation packages. Although VolumeBuy’s various types of buying pools offer consumers the flexibility in choosing the group in which they want to participate, Figure 6.12 illustrates the additional effort on the consumer side that is required to understand the differences among the pool types. Zwirl.com. Zwirl.com (www.zwirl.com) is a New York-based e-commerce startup that was founded in July 1999. The company provided group-buying services in product categories such as computing equipment and software, office supplies, baby and household goods, and sporting goods. At Zwirl, shoppers also could initiate auction cycles if the products they wanted were not in cycles. Moreover, Zwirl also provided a “wish list” service to shoppers similar to LetsBuyIt.com that would let the company know what products consumers wanted at what prices. Zwirl.com was designed as a destination site, but later partnered with other Web sites to provide group-buying e-commerce solutions. In 2000, Zwirl ceased its own B2C operation and is now focusing on group-buying technology provision.

6.5 ANALYZING GROUP-BUYING BUSINESS MODELS We now turn to a comparison and analysis of these business models, building upon our discussion of the individual group-buying sites, and taking advantage of other assessments.

6.5.1 SOME DIMENSIONS BUSINESS MODELS

FOR

COMPARING GROUP-BUYING

Two industry studies offer useful input on how to compare group-buying firm effectiveness. 1. In 2000, Gomez Advisors (www.gomez.com), a well-known e-business consultancy, compared three group-buying Web sites: Mercata, MobShop, and VolumeBuy, together with descending-price Web site OutletZoo.com (www.outletzoo.com). (See Figure 6.13). Using criteria such as ease of use, customer confidence, on-site resources, relationship services, and overall cost, Gomez ranked Mercata the top site among the four firms, followed by MobShop. Mercata had advantages over the other firms in customer confidence, on-site resources, relationship services, and overall cost. MobShop featured high ease of use, but was deemed to be weaker in on-site resources and relationship services. 2. Rugullies17 compares four group-buying sites — Mercata, MobShop, actBIG, and Zwirl — based on site features and usability, business model, corporate infrastructure, and Web site foundations. Because Mercata dealt with manufacturers directly, Rugullies argues it could achieve higher margins than the other three firms, resulting in the strongest business model. Consistent with Gomez, MobShop received the highest score in site features and usability. Mercata also was rated higher than the other three firms in terms of corporate infrastructure and Web site foundations.

SL3054_frame_C06 Page 127 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

127

❑

Time Power Pool: Length of time to the close of the pool determines the price.

❑

Group Power Pool : Low prices are achieved if group size meets a pre-specified level.

❑

Flex Power Pool: Prices fall over a fixed time, but do not reach a pre-specified level.

FIGURE 6.12 VolumeBuy.com’s three types of pools. (Source: www.volumebuy.com, March 20, 2001.)

SL3054_frame_C06 Page 128 Tuesday, November 20, 2001 8:57 AM

128

The E-Business Handbook

FIGURE 6.13 Gomez Advisors’ comparison of four group-buying Web sites.58 Outlet Zoo, apparently included incorrectly in this assessment, is a descending-price auction site, where product prices drop as time progresses until all the units have been sold. MobShop ceased its B2C operations on January 13, 2001. Mercata ceased its entire operations on January 31, 2001.

6.5.2 HOW DO PRICES ON GROUP-BUYING WEB SITES COMPARE WITH OTHER FIRMS’ PRICES? Because e-commerce industry observers have considered group-buying Web sites to be an innovative use of the Internet, such sites also have drawn a lot of scrutiny related to their performance. Many comparisons have been made between the final prices charged by group-buying Web sites and posted-pricing retailers. Is it the case that the group-buying Web sites truly are cheaper for consumers? Or is the opposite true? Overall, the results we have examined seem to be mixed. Consider the following anecdotal evidence on variable cost savings that has been documented by industry observers: Palm Pilots. Dodge59 compared the prices charged for a Palm V by groupbu y i n g s i t e M o b S h o p a n d t wo p o s t e d - p r i c e s i t e s , Pa l m G e a r. c o m (www.palmgear.com) and eCost.com (www.ecost.com). MobShop’s final price was $224.95. At PalmGear the same product was priced at $309.95. At the same time, eCost, a site ranked “number one” on overall cost for computer purchase among a set of the top 20 Web sites, based on a Gomez Advisors (www.gomez.com) ranking, was asking $255.99. In addition, Gambale13 reported that eTown (www.etown.com) listed a Palm V $319.91 on two successive days in early April 2000, while Outpost.com (www.outpost.com) listed it for $274.95. Both days, the product was unavailable at both MobShop and Mercata. DVDs and DVD Players. Jidoun60 also noticed the considerable savings offered by MobShop. She noted, for example, that one cycle on The Matrix DVD accumu-

SL3054_frame_C06 Page 129 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

129

lated 400 orders and resulted in a final price of $9.95. This was 60% off the list price and $5 less than the lowest price that two shopping bots could find on the Web. However, Jidoun also cautioned against buying expensive items on groupbuying Web sites. For example, she found that MobShop charged $650 or more for a Hewlett-Packard notebook computer, when it could be bought elsewhere on the Internet for about $600. Gambale13 offers additional indications of the mixed results in this product area. Again, on successive days in April 2000, he found that eTown charged the fixed price of $291.35 for a Toshiba 3109 DVD Player that Outpost.com and MobShop did not list. However, the prices listed on Mercata each of those days were $289.40 and $293.29, respectively, indicating that Mercata had the low price edge. However, for a Toshiba SD1200 DVD Player, the story was different. ETown and Outpost.com listed this item at $245.60 and $249.99, respectively, while MobShop did not list it. On the first of the two days, Mercata’s price was $159.95, but on the second day (the beginning of an auction cycle, we guess) it was $249.99, just matching Outpost.com’s price. VCRs. The final evidence that we have seen is again from Gambale,13 this time for VCRs. He reports mixed pricing between the fixed-price and group-buying sellers. For example, a JVC HRVP770 VCR priced at $163.17 by eTown, and unavailable at Mercata and Outpost.com was priced at $175.95 at MobShop both days in early April 2000, giving eTown the low price lead. Just the opposite was true with a Toshiba M685 VCR. eTown listed this second VCR at $152.64 both days, while MobShop and Outpost.com did not offer it. However, Mercata’s prices were better by more than $25 both days, at $128.84 and $124.69. Clearly, the evidence we have pulled together suggests that the value proposition with respect to retail group-buying discounts still requires the buyer to beware.

6.5.3 COMPARING RIVALS: MERCATA

AND

MOBSHOP

Based on our mini-case analyses of the various group-buying Web sites, as well as the comparisons made by Gomez Advisors58 and Rugullies,17 we identify the following five overall aspects that differentiate the two former market leaders, Mercata and MobShop, in group-buying services: pricing strategy, information endowment, site features, product emphasis, and pretrade and posttrade logistics. 1. Pricing Strategy. The two firms used different pricing strategies. Mercata offered both fixed and dynamic pricing. For products involved in a Mercata PowerBuy auction cycle, the prices changed frequently but in small decrements. In contrast, MobShop generally took a four-tier approach to price changes, and their prices changed less frequently. 2. Information Endowment. The information endowment for buyers that is available on the two sites clearly was different. Consumers were unaware of the price-quantity relationship at Mercata. They observed only the dropping prices resulting from increasing order volume, but not the driving force: the buying group. At MobShop, consumers knew the internal mechanisms that drove price changes. Potential buyers were not able to locate detailed product features and specifications at Mercata. MobShop provided brief product

SL3054_frame_C06 Page 130 Tuesday, November 20, 2001 8:57 AM

130

The E-Business Handbook

specifications. But compared with Web sites such as Amazon, the details of product descriptions about products at both sites were modest at best. 3. Site Features. The many additional features such as “buyer flash” and “click-and-tell” provided by MobShop gave it advantages over Mercata in ease of use. 4. Product Emphasis. The two firms had different product emphases. Compared with MobShop, Mercata had a wider product selection and focused on consumer electronics and household goods. In contrast, MobShop offered high-tech commodities that were relatively new to the market. 5. Pretrade and Posttrade Logistics. The logistics before and after sales were made were also different. Mercata dealt with manufacturers directly for procurement, enabling it to achieve higher margins. MobShop dealt with retailers and distributors, however, making its margins slimmer. MobShop also eliminated inventory costs by acting as an intermediary that did not physically fulfill its own orders. Mercata, on the other hand, bought from manufacturers and had to maintain a warehouse and fulfill the orders itself. Table 6.5 summarizes these key differences between Mercata and MobShop.

6.5.4 DISCUSSION Although they are still in their infancy, group-buying business models on the Internet face the challenges of accumulating critical mass and establishing themselves in

TABLE 6.5 A Comparison of Mercata and MobShop Comparison Dimension Pricing strategy

Information available on Web site

Site features, Ease of use Product focus

Logistics

Mercata Both fixed and dynamic pricing Frequent price change, small decrements Internal pricing mechanism unavailable No product features and specifications No Wider product selection Consumer electronics and household goods Dealt directly with manufacturers Provided fulfillment of orders

MobShop Dynamic pricing only Four-tier pricing Price drop trajectory and group size info available Brief product specifications Buyer flash Click and tell Fewer products offering High-tech products that were relatively new to market Dealt with retailers and distributors Pure intermediary, did not engage in fulfillment of orders

SL3054_frame_C06 Page 131 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

131

competition with posted-pricing discount Web sites. Now that we have examined the bases of the initial successes enjoyed by these firms and the subsequent shakeout of the group-buying sites in the marketplace, we offer the following questions and preliminary answers: In which market does the group-buying business model work best, B2C or B2B? Compared with offline and online discount merchants, group-buying Web sites are at disadvantage in the B2C market because of the small transaction volume they can aggregate, which makes it difficult for them to realize their low price proposition to their customers. The recent closure of several B2C group-buying service providers suggests the nature of the obstacles that exist in the consumer market. On the other hand, because of the large number of small businesses and government agencies, as well as the high transaction amount, the B2B market provides companies with group-buying business models ample opportunities for making their mark in the marketplace. How should firms focusing on the B2C market compete with other business models for limited customer resources? The last 2 years of experience of the group-buying Web sites that we examined suggest the use of a distributed-service model instead of being a destination site. The high customer acquisition cost and limited traffic to group-buying sites make it difficult for a destination site to obtain the critical mass it needs to become truly effective. By partnering with other sites that enjoy higher traffic, group-buying sites can provide their services on portal sites and aggregate orders across sites, increasing their chances of marketplace viability. What do we learn about the composition of effective product offerings at groupbuying Web sites? As we illustrated in the case of Mercata, group-buying firms face the dilemma of selecting between developing a wide product selection and a large buying-group size. A variety of goods in each category can satisfy consumers’ diverse preferences. However, too many products in each category make it difficult to achieve large buying-group sizes because of the scattered orders across different products. As a result, group-buying Web sites need to maintain a balance between product variety and order volume for each product. In the selection of each product, it is also important to consider its potential of market interest. From MobShop, we observed that the top sellers were either high-tech big-ticket items, such as PDAs, digital cameras, DVD players, MP3 players, or small items, such as DVD movies and video games. A characteristic shared by all the big-ticket items is that they are still in the growth stage of their product life cycle, and demand for them in the marketplace is still increasing. At this stage, buyers tend to be early adopters with higher income and education levels. This seems to match the profile of online shoppers. Hence, these products are best positioned for group buying. In our observation of order arrivals at MobShop,31 there was often a surge of orders after the introduction of a new model of a particular product in the product categories that we discussed. But, some time later, market interest tended to decline, signifying the importance of maintaining fresh and interesting product offerings. After it has been on sale for a while, even a previously hot seller may become relatively unattractive, with the result that it will fail to capture the interest of a sufficient number of buyers to create a basis for critical mass usage. The reasons

SL3054_frame_C06 Page 132 Tuesday, November 20, 2001 8:57 AM

132

The E-Business Handbook

are simply that repeated visitors who want the product will have purchased it and that the number of newly acquired customers will not be large enough to result in a large buying-group size. To what extent are group-buying Web sites at a disadvantage when it comes to the use of shopbots for comparison shopping? The Web as a shopping channel has been characterized by low search cost. Shopbots on the Internet (e.g., www.dealtime.com or www.mysimon.com) make it even easier to do comparison shopping. Using these services, a savvy shopper can easily locate the best deal among a large number of online merchants. This puts group-buying sites at disadvantage for two reasons. First, many group-buying sites are still not well recognized by shopping bots. Thus, it is impossible for the group-buying Web site to leverage these shopping bots in some way to acquire new customers. Second, even if they were listed by a shopbot, the dynamic nature of the prices also makes it less likely that the information that is captured represents the best prices the sites have to offer. For example, when buyers conduct a search at the beginning of an auction cycle, they will observe only the high starting price, which is not likely to be the final one. The information clearly will be misleading. Group buying poses both opportunities and challenges for Web sites employing this business model. With the estimated $2.4 trillion worth of transactions projected to materialize by 2004,61 the B2B market gives group-buying companies potential opportunities for success. To enhance their viability, group-buying firms focusing on the B2C market can take advantage of the high traffic on portal sites to increase shoppers’ exposure to this relatively new buying concept. In addition, DealTime’s effort to add group-buying merchants to its search capabilities illustrates that as the group-buying business model matures, the merchants will get recognition from shopping bots to overcome the disadvantage they have when it comes to comparison shopping.62

6.6 CONCLUSION In this chapter, we examined group-buying business models in Internet-based selling. Based on a series of mini-case studies and related analysis, we illustrated the innovative use of technologies by group-buying sites in providing their customers with volume discounts that had traditionally been privileges of bulk buyers. However, even though group buying on the Web represents an interesting business model, this alone is not sufficient to justify its viability. Group buying still is a new concept to many shoppers, and so group-buying firms face the challenges of educating the consumers and achieving critical mass. Moreover, the competition coming from posted-price merchants, especially offline and online discount retailers, makes it difficult for group-buying sites to deliver low prices base on their limited transaction volumes. In consideration of the successes and the failures of group-buying business models in the past couple of years, we believe group-buying firms oriented toward the B2B market are better positioned for future growth. In addition, for sites that focus on the B2C market, a distributed-service model has advantages over a destination site. Furthermore, it is also crucial to maintain a balance between a wide product offering and large group sizes.

SL3054_frame_C06 Page 133 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

133

In this chapter, we also intended to make a contribution to senior management thinking about group buying on the World Wide Web. First, our research highlights the unique features presented on many group-buying Web sites that facilitate the collective purchasing process. Companies interested in site redesign and improvement can add functionalities, such as the “save a spot” feature at MobShop and the “Email Friends” function supported by many sites, that will improve market efficiency and effectiveness. Second, following an analysis of the competition coming from posted-price discount retailers and the small transaction volume on groupbuying sites, we identified strategies taken by group-buying companies to obtain competitive cost savings. Examples include dealing directly with manufacturers and maintaining zero inventory. At the same time, we also noted the problems resulting from these strategies, such as delayed shipments and difficult product returns and exchanges. By illustrating the pros and cons of group-buying companies, we provide a more holistic view of the problem space that relates to corporate strategy in the presence of this variety of Internet technology. Third, our framework for comparing group-buying business models and our analysis of the opportunities and challenges in the market can help interested parties to critically evaluate the most promising market approaches and business models. For researchers in IS and e-commerce, our research offers other contributions. First, by cross-examining several group-buying Web sites, we identified the key aspects of consumer behavior under the group-buying market microstructure. This will provide the motivation for future research to more thoroughly understand and test the efficacy of these group-buying models in the presence of different kinds of consumer behavior. Second, group-buying business models are relatively new, and our research is the first to critically examine the efficacy of this type of business model. Third, with the ongoing market shakeout in e-commerce, our research illustrates how the academic world can go about helping the business community learn from its successes and failures. With the new opportunities that are becoming available in the B2B market, we believe that group-buying business models actually can help small businesses obtain volume discounts. Future research can examine the efficacy of group-buying business models in the B2B market. Moreover, buyer behavior in the B2C market, such as the anticipation of falling prices, the group-buying mentality, the price threshold effect, the reserve price effect, and word-of-mouth behavior might also be mapped to the B2B market and examined more closely. Finally, comparisons can also be made on the efficacy of group-buying business models for different product types in different stages of their life cycles.

ACKNOWLEDGEMENTS We acknowledge the special input offered on group-buying on the Internet by Becky Porter, director of public relations, and Mark Melville, senior manager of corporate development, at MobShop, Inc., in San Francisco. The authors wish to thank Eric Clemons, Rajiv Dewan, Baba Prasad and Andrew Whinston for useful input on research that is related to what we discuss in this chapter. We also appreciate related

SL3054_frame_C06 Page 134 Tuesday, November 20, 2001 8:57 AM

134

The E-Business Handbook

comments and suggestions from the participants in our presentations at the 2001 Hawaii International Conference on Systems Science, and the Information and Decision Sciences Workshop and the Executive Development Center at the Carlson School of Management of the University of Minnesota. Any errors are the responsibility of the authors.

REFERENCES 1. Kane, M., Web startup pushes volume shopping, ZDNews, Internet, March 3, 1999. www.zdnet.com/zdnn/stories/news/0,4586,2219279,00.html. 2. O’Brien, J., Cooperative commerce: Group-buying engines promise consumers strength in numbers, Computer Shopper, 78, May 2000. Also dated April 10, 2000, www.zdnet.com/computershopper/stories/reviews/0,7171,2487711,00.html. 3. Sandoval, G. and Kawamoto, D., Group-buying site Mercata to shut its doors, CNet News.com, January 4, 2001. news.cnet.com/news/0-1007-200-4372403.html. 4. Cook, J., Venture capital: Where Mercata led, consumers were unwilling to follow, Seattle Post-Intelligencer, January 12, 2001. seattlep-i.nwsource.com/business/ vc122.shtml. 5. Scheraga, D., 2001: A sales odyssey, Chain Store Age, 77, 96, January 2001. 6. Andrews, W., The new laws of dynamic pricing, Internet World, 5, 27, December 15, 1999. www.internetworld.com/121599/12.15commerce.jsp. 7. Spulber, D.F., Market microstructure and intermediation, J. Economic Perspectives, 10, 135, 1996. 8. Spulber, D. F., Market Microstructure: Intermediaries and the Theory of the Firm, Cambridge University Press, Cambridge, UK, 1999. 9. O’Hara, M., Market Microstructure Theory, Blackwell, Malden, MA, 1997. 10. Weber, B., Elements of market structure for online commerce, in Future Markets: How Information Technology Shapes Competition, Kemerer, C. F., Ed., Kluwer Academic, New York, 15, 1998. 11. Andrews, W., Dynamic pricing 101, Internet World, 6, 42, May 15, 2000. www.internetworld.com/051500/5.15ebusiness2.jsp. 12. McAfee, R.P. and McMillan, J., Auctions and bidding, J. Econ. Lit., 25, 699, 1987. 13. Gambale, M., Group buying space needs more than name changes to demonstrate consumer value, Gomez Wire, News Analysis, April 7, 2000. www.gomez.com/ features/article.asp?id=4996&col=79&topcat_id=0. 14. Olsen, S., A company changes its name, CNET News.com, March 27, 2000. news.cnet.com/news/0-1007-200-1591013.html. 15. Van Horn, T., Mercata files for $100 million IPO, CNet News.com, March 9, 2000. news.cnet.com/news/0-1007-200-1568987.html. 16. Wimpsett, K., The buy brigade: CNet’s ultimate guide to group buying on the Internet, CNET Internet, July 20, 2000. cnet.com/internet/0-3821-7-2259973.html. 17. Rugullies, E., Power to the buyer with group buying sites, e-Business Advisor, 10, 10, February 2000. www.advisor.com/articles.nsf/aid/rugue05. 18. Clark, D., MobShop, a pioneer in group buying on the Web, discontinues consumer service, Wall St. J., January 15, 2001. www.MobShop.com/ar011501d. 19. Tanaka, J., The never-ending search for the lowest price, Newsweek, June 7, 1999. www.newsweek.com/nw-srv/focus/ty/foty0223_1.htm.

SL3054_frame_C06 Page 135 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

135

20. Juergens, M., Making sense of buying services, Gomez Wire, Shopping Tips, August 16, 2000. www.gomez.com/features/article.asp?id=6003&col=70 &topcat_id=0. 21. Gambale, M., Tips for getting the most from Internet buying services, Gomez Wire, Auction Tips, March 3, 2000. www.gomez.com/features/article.asp?id=4702 &col=69&topcat_id=0. 22. Gambale, M., Dynamic pricing: A beast in prince’s clothes, Gomez Wire, News Analysis, February24, 2000. www.gomez.com/features/article.asp? id=4627&col=67 &topcat_id=0. 23. DeBono, M., Playing the price is right: The Internet edition, Gomez Wire, Shopping Tips, January 17, 2000. www.gomez.com/features/article.asp? id=4113&col=70&topcat_id=0. 24. Katz, M.L. and Shapiro, C., Network externalities, competition, and compatibility, Am. Econ. Rev., 75, 422, 1985. 25. Katz, M.L. and Shapiro, C., Technology adoption in the presence of network externalities, J. Political Economy, 94, 822, 1986. 26. Katz, M.L. and Shapiro, C., Systems competition and network effects, J.Economic Perspectives, 8, 93, 1994. 27. Shapiro, C. and Varian, H.R., Information Rules: A Strategic Guide to the Network Economy, Harvard Business School Press, Cambridge, 1999. 28. Economides, N., The economics of networks, Int. J. Indust. Org. 14, 673, 1996. 29. Dybvig, P.H. and Spatt, C., Adoption externalities as public goods, J. Public Economics, 20, 231, 1983. 30. Kauffman, R.J., McAndrews, J., and Wang, Y.M., Opening the “black box” of network externalities in network adoption, Info. Sys. Res. 11, 61, 2000. 31. Kauffman, R.J. and Wang, B., New buyers’ arrival under dynamic pricing market microstructure: The case of group-buying discounts on the Internet, J. Mgmt. Info. Syst., 15, 157, 2001. 32. Gottlieb, B., Does group shopping work? The economics of Mercata and MobShop, Slate Mag., July 25, 2000. slate.msn.com/Features/groupshop/groupshop.asp. 33. Guzzo, M., OnlineChoice.com, Mercata creates buying pool, Pittsburgh Business Times, September 6, 2000. pittsburgh.bcentral.com/pittsburgh/stories/ 2000/09/04/daily11.html. 34. Patsuris, P., Group-buying boom, Forbes.com, March 3, 2000. www.forbes.com/2000 /03/29/mu1.html. 35. Browder, S., Paul Allen’s e-commerce play: Bring the buying club to the net, BusinessWeek Online, May 13, 1999. www.businessweek.com/bwdaily/dnflash/may1999/ nf90513c.htm. 36. Mullaney, T., Online shopping: Bargaining power, BusinessWeek Online, December 13, 1999. www.businessweek.com/1999/99_50/b3659033.htm. 37. Business Wire, Mercata’s television commercials honored in 21st Annual Telly Awards; Group-buying e-commerce company takes home silver and bronze awards for outstanding creative achievements, April 11, 2000. www.findarticles.com/m0EIN/ 2000_April_11/61423048/p1/article.jhtml. 38. Mara, J., Good buys, Adweek, 41, 58, March 6, 2000. 39. Sullivan, B., Paul Allen’s Mercata.com to close, MSNBC, January 4, 2001. www.zdnet.com/zdnn/stories/news/0,4586,2670749,00.html?chkpt=zdhpnews01. 40. Business Wire, MIT Sloan School of Management announces finalists for the 2nd Annual MIT Sloan eBusiness Awards; Monster.com, Ebay, iCanBuy, Freeserve and Red Hat among finalists, March 9, 2000. www.findarticles.com/cf_0/m0EIN/2000_ March_9/60017608/p1 /article.jhtml.

SL3054_frame_C06 Page 136 Tuesday, November 20, 2001 8:57 AM

136

The E-Business Handbook

41. WebbyAwards.com, 2000 nominees and winners, The Webby Awards, May 11, 2000. www.webbyawards.com/nominees/2000/commerce_win.html. 42. PR Newswire, MobShop named fourth among top 50 private e-commerce companies, July 7, 2000. www.findarticles.com/m4PRN/2000_July_7/63190578/ p1/article.jhtml. 43. Gomez Advisors, Reviews of MobShop, Inc. (ceased operations), March 18, 2001. www.gomez.com/reviews/index.asp?topcat_id=65&firm_id=2431&x=14&y=7. 44. Eldridge, E., Web sites offer group car buying: Plans to use old-economy way of lowering prices, USA Today, Auto Track, June 22, 2000. www.usatoday.com/life/cyber /tech/cti135.htm. 45. Stelin, S., Going abroad, ZDNet InteractiveWeek, November 27, 2000. www.zdnet.com/intweek/stories/news/0,4164,2659144,00.html. 46. LetsBuyIt.com, Offer price set at EUR 3.50, Corporate press release, June 2, 2000. investor.letsbuyit.com/investor/en/news/press/00176/. 47. LetsBuyIt.com, LetsBuyIt.com applies for moratorium, Corporate press release, December 28, 2000. investor.letsbuyit.com/investor/en/news/press/00156/. 48. LetsBuyIt.com, LetsBuyIt.com back in control. Corporate press release, February 21, 2001. investor.letsbuyit.com/investor/en/news/press/00180/. 49. Apparel Industry Magazine, Web to help, not hurt traditional sales, 61, 14, 2000. 50. Business Wire, C-Tribe, Inc. unveils the next generation of its Web venture, CTribe.com, offering the complete clicks and mortar solution, June 1, 2000. www.findarticles.com /cf_0/m0EIN/2000_June_1/62414978/p1/article.jhtml. 51. PR Newswire, Prandium announces alliance with C-Tribe.com; Koo Koo Roo and El Torito Gift Certificates to be marketed in cyberspace, January 11, 2000. www.findarticles.com/cf_0/m4PRN/2000_Jan_11/58520838/p1/article.jhtml. 52. DeCeglie, P., It’s negotiable: How to negotiate discounts on products and services, Business Startups Magazine, July 2000. www.entrepreneur.com/Your_Business /YB_SegArticle/0,1314,276126,00.html. 53. King, C., Small businesses get online help, InternetNews.com, August 11, 2000. www.internetnews.com/ec-news/article/0,,4_436061,00.html. 54. United States Department of Energy, In Pennsylvania, ElectricityChoice.com becomes first in the nation to form Internet buying pools for electricity, Weekly Update, December 3, 1999. 55. Belsie, A., A power shift on energy prices, Christian Science Monitor Electronic Edition, September 25, 2000. 56. Business Wire, PointSpeed launches online purchasing centers for small business; Announces key partnerships with Concentric Network, Bizography.com, May 23, 2000. www.findarticles.com/cf_0/m0EIN/2000_May_23/62257715/p1/article.jhtml. 57. PR Newswire, SHOP2gether.com kicks off nationwide program to pool local vendors to serve education market, April 18, 2000. www.findarticles.com/cf_0/m4PRN /2000_April_18/61721849/p1/article.jhtml. 58. Gomez Advisors. Buying Services: Group Buyer, December 6, 2000. . www.gomez.com/scorecards/index.asp?topcat_id=65&item_id=312&itemclass=SCORECARDPROFILE. 59. Dodge, J., Strength in numbers? A look at what group-buying sites have to offer consumers in search of computer gear, Inc. Magazine, 3, 135, September 15, 2000. www.inc.com/articles/details/0,3532,CID20262_REG14,00.html. 60. Jidoun, G., Online shopping: When teaming up to buy pays off, Money, 29, 180, June 2000. www.money.com/money/depts/websmart/webwatch/archive/ 000524.html.

SL3054_frame_C06 Page 137 Tuesday, November 20, 2001 8:57 AM

Bid Together, Buy Together

137

61. Kafka, S.J et al., EMarketplaces boost B2B trade, Forrester Research, February 2000. Excerpt www.forrester.com /ER/Research/Report/Excerpt/0,1338,8919,00.html. 62. Business Wire, DealTime.com expands with new shopping categories and buying groups, October 14, 1999. www.findarticles.com/cf_0/m0EIN/1999_Oct_14/56283870/p1 /article.jhtml.

SL3054_frame_C06 Page 138 Tuesday, November 20, 2001 8:57 AM

SL3054_frame_C07 Page 139 Tuesday, November 20, 2001 9:03 AM

7

The Great Experiment: Pricing on the Internet Karen Clay, Ramayya Krishnan, and Michael Smith

CONTENTS 7.1 7.2

Introduction ..................................................................................................139 Market Efficiency.........................................................................................140 7.2.1 Price Levels ......................................................................................140 7.2.2 Price Elasticity .................................................................................141 7.2.3 Price Dispersion ...............................................................................141 7.2.4 Menu Costs ......................................................................................142 7.2.5 Future Research................................................................................143 7.3 Retailer Behavior .........................................................................................143 7.3.1 Books................................................................................................143 7.3.2 Other Products..................................................................................145 7.3.3 Future Research................................................................................146 7.4 Consumer Behavior......................................................................................146 7.4.1 Retailer Data ....................................................................................146 7.4.2 Shopbot Data....................................................................................147 7.4.3 Aggregation ......................................................................................148 7.4.4 Experiments......................................................................................148 7.4.5 Future Research................................................................................149 7.5 Conclusions ..................................................................................................149 References..............................................................................................................150

7.1 INTRODUCTION The rise of business-to-consumer (B2C) electronic commerce represents one of the greatest economics experiments in history. In its initial conception, anyone could start a B2C firm. By shipping goods directly from wholesalers, firms would run extremely efficient operations. They would spend only on the Web site and earn money from sales, possibly from advertising, and from interest earned because goods were sold before suppliers had to be paid. Customers would use comparisonshopping engines to choose the lowest cost suppliers for relatively standardized goods. Thus, prices for these goods would fall to cost and price dispersion would fall to zero, because no firm could charge a price above market. 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

139

SL3054_frame_C07 Page 140 Tuesday, November 20, 2001 9:03 AM

140

The E-Business Handbook

The reality, as of 2001, is that B2C electronic commerce firms look a lot like physical retailers and many operate in both channels. Most customers do not use comparison-shopping engines, although usage is slowly increasing. Those who comparison shop often do not choose the lowest-priced vendor. Thus, price has not fallen — and almost certainly never will fall — to cost. Further, price dispersion is significant, online as well as offline. The fact that the evolution of business-toconsumer electronic commerce did not conform to the initial rather far-fetched plan should not obscure the fact that the rise of business-to-consumer electronic commerce still represents a significant economic achievement. Despite the importance of the experiment, we know remarkably little about how the rise of electronic commerce has affected retail prices both online and offline. In this chapter, we survey the academic empirical literature as of mid-2001 on the impact of the Internet on retail prices. The survey examines three issues: market efficiency, retailer behavior, and consumer behavior. The market efficiency section examines four aggregate measures that are related to efficiency: price, elasticity of demand, price dispersion, and menu costs (the costs of changing prices). The next two sections examine more disaggregate measures of pricing on the Internet: how firms set prices and how consumers respond to prices. Each of the three sections ends with suggestions for future research.

7.2 MARKET EFFICIENCY Market efficiency occurs when all welfare-enhancing trades are executed. In a perfectly competitive market for homogenous goods, efficiency implies that price will fall to marginal cost, the price elasticity of demand that any one firm faces will be infinite, price dispersion will be zero, and prices will change instantaneously as supply and demand conditions change. Conventional wisdom suggests that, by increasing competition, lowering menu costs, and lowering search costs for prices and product information, Internet markets should be more efficient than comparable physical world markets. What happens in practice is potentially quite another matter. In this section we review the empirical literature regarding the level of efficiency in Internet markets.

7.2.1 PRICE LEVELS Bailey2,3 conducted the seminal research to compare price levels in physical markets with price levels in Internet markets. In 1996 and 1997, Bailey compared prices for a matched set of books, CDs, software titles collected from the Internet and physical stores. For this period, he found higher prices on the Internet than in physical stores. He hypothesized that this finding could be due to a lack of competition in Internet markets during this period of time. There were few well-known retailers in the market and thus customer search intensity across retailers may have been low. This hypothesis is supported by Bailey’s observation of Barnesandnoble.com’s entry into the Internet market in March 1997. Bailey observes that Barnesandnoble.com entered by undercutting Amazon.com’s prices by 10% and that Amazon quickly matched these lower prices during the following months.

SL3054_frame_C07 Page 141 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

141

In a later study, Brynjolfsson and Smith8 examined prices for books and CDs gathered from Internet and physical retailers in 1998 and 1999. In contrast to Bailey, their study found that prices were lower on the Internet than in physical stores: 16% lower when just considering the item prices and 6–10% lower when taxes and shipping and handling charges were included. As noted above, a possible source for the differences between Bailey’s and Brynjolfsson and Smith’s results was increasing competition among retailers during this time period. Both of the previous studies raise questions about the nature of competition over time. Using data collected between August 1999 and January 2000 covering 399 books and 32 online bookstores, Clay, Krishnan, and Wolff10 found that prices were stable or rising over the sample period. Separate regressions that controlled for the number of bookstores selling a particular book indicated that prices were effectively stable and that prices were lower for books sold by larger numbers of stores. A related question concerns how prices change with changes in Internet penetration when retailers set a single price for both physical and Internet markets. Brown and Goolsbee7 examined how the proportion of individuals using the Internet affects online prices for life insurance. Their data included regional Internet usage figures for customers in the United States and microdata on individual life insurance prices. They found that a 10% increase in the proportion of individuals using the Internet in a particular geographic area is associated with a 5% reduction in average insurance prices in those areas. Researchers have also used Internet and physical retailer price comparisons to examine indirect characteristics of market efficiency. Png, Lee, and Yan,37 for example, collected prices for books and CDs from physical and Internet retailers to examine the degree of competitiveness in the two markets. They found that their data is consistent with lower buyer search costs in Internet markets.

7.2.2 PRICE ELASTICITY Increased price elasticity is a signal of increased customers search intensity in markets for homogeneous goods. Two recent studies analyzed firm-level elasticity in the context of Internet markets. Ellison and Ellison17 analyze price elasticity for three computer hardware products at a retailer that gains most of its sales through shopbot referrals. Their data exhibited extremely high price elasticity for motherboards and low-quality memory modules. However, they also found negative crossprice elasticity between low- and medium-quality memory modules, suggesting that the retailer was using a price obfuscation strategy to soften price competition. Similarly, Smith and Brynjolfsson45 found that shopbot customers for books were very sensitive to the ordinal position of offers in a comparison table sorted by price.

7.2.3 PRICE DISPERSION In contrast to the results for price levels above, the empirical results for price dispersion are nearly unanimous. Almost all studies show a high degree of price dispersion in Internet markets for seemingly homogeneous physical goods. For data collected in 1996 and 1997, Bailey2,3 found more dispersion in Internet markets for

SL3054_frame_C07 Page 142 Tuesday, November 20, 2001 9:03 AM

142

The E-Business Handbook

books, CDs, and software than for these same products sold in physical markets. For data collected in 1998 and 1999, Brynjolfsson and Smith8 also found that dispersion is higher for books and CDs on the Internet than in physical stores. These high levels of dispersion have been confirmed in more-recent studies for the Internet book markets10,44 and DVD markets.48 Recent work on the international online textbook market indicates that cross-country dispersion is also very large.11 Other researchers have studied dispersion in Internet markets for differentiated goods by using hedonic techniques to control for observable differences in products. Clemons, Hann, and Hitt12 analyzed markets for airline tickets sold by online travel agencies. They controlled for observable difference in the tickets (times, layovers, connections, airlines) and found that prices differed by as much as 20% across the online travel agents they surveyed. Bakos et al.5 also found significant dispersion in trading costs for online retailer brokerage services. A variety of possible explanations can be suggested for these findings. One possibility is that there are other unobservable sources of product differentiation that were not accounted for in the price analyses. For example, it may be that, while consumers have good information about prices across retailers, they have poor information about service quality across retailers. Because the Internet imposes a spatial and temporal separation between consumers, retailers, and products, it may increase the importance of service quality and decrease service quality cues available to customers.43 It is also interesting to analyze the change in dispersion over time as markets change. Brown and Goolsbee7 found that the initial introduction of shopbots for life insurance initially increased the dispersion in life insurance prices. However, price dispersion fell as the share of customers using these shopbots increased further. Clay, Krishnan, and Wolff10 found dispersion did not change between August 1999 and January 2000 in the online book market.

7.2.4 MENU COSTS Although menu costs are an important aspect of market efficiency, they are difficult to measure directly. In physical stores, studies typically quantify menu costs by documenting the exact process retailers go through to change prices and assigning costs to each step.27 Absent such information, another approach is to look for indirect signals of the size of menu costs. In this regard, Bailey2,3 found the Internet retailers undertake more price changes than physical stores for the same books in the same time period. Brynjolfsson and Smith8 observed that, over the course of their 15-month study, Internet retailers regularly made price changes between $0.01 and 0.05, physical retailers never made price changes smaller than $0.35 and rarely made price changes smaller than $1.00. Since these are indirect measures, they are not conclusive. It is possible that smaller price changes are more common on the Internet because of higher price elasticity, and it is possible that more price changes are caused by strategic pricing behavior on the part of Internet retailers. However, taken together, these findings seem to confirm the conventional wisdom that Internet retailers should have lower costs to change prices in response to shifts in market supply and demand.

SL3054_frame_C07 Page 143 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

143

7.2.5 FUTURE RESEARCH A variety of ways extend the empirical results mentioned in this section. Most of the studies to date have focused on low-priced consumer products such as books, CDs, and software. Markets for more expensive products may have different search intensities and therefore different efficiency characteristics.* Also of interest are services that have “perishable” capacity such as logistics services and products such as airline seats and telecommunications bandwidth. Consider the case of airline tickets. To fill seats that would otherwise be empty, airlines developed yield management techniques. Using these techniques, airlines track inventory and iteratively modify the set of seats allocated to different price structures as flight time approaches.6,46 As yield management techniques migrate to other domains and begin to incorporate new distribution channels such as online auctions, empirical research is needed to understand pricing in this important domain. Price levels and price dispersion may also change over time as markets mature. It would be interesting to document how changes in markets over time affect measures of efficiency. Markets with price discrimination and auction markets may have different efficiency metrics from the consumer markets discussed above. It would be interesting to quantify and analyze appropriate efficiency metrics in these markets and compare them with the efficiency characteristics discussed above. Finally, it would be interesting to analyze price elasticity among customers who do not use shopbots, both as a point of reference and to increase the ability of current studies to be generalized.

7.3 RETAILER BEHAVIOR Predictions about retailer behavior have ranged from perfect competition to some form of tacit collusion to differentiation. As of this writing, empirical evidence to test these hypotheses is limited to a very small number of categories — books, travel, perfume, DVD players, and computer components. With the exception of the study of computer components, all of the retailers are selling branded commodity products, so it is easy to compare prices across vendors. The discussion that follows summarizes some stylized facts from the empirical literature and then outlines areas for future research.

7.3.1 BOOKS The online book industry has received the most intense scrutiny from academics and nonacademics, so we know the most about retailer behavior in this segment. Internet retailers post significantly different prices for the same books. One comprehensive study is that of Clay, Krishnan, and Wolff.10 Their data cover the weekly minimum prices of 399 books at 32 online bookstores for the period August 1999 to January 2000. The books include a mix of New York Times * However, Smith44 observes that, for books priced from $1 to several thousand dollars, there is an increase in dispersion as price increases.

SL3054_frame_C07 Page 144 Tuesday, November 20, 2001 9:03 AM

144

The E-Business Handbook

bestsellers, Amazon bestsellers, and random books selected from Books in Print. The lowest-priced store in the sample is Buy.com, which had the lowest price 35% of the time. No other store had the lowest price more than 5% of the time. The “big three” offered very similar prices. Across all books and stores, the average difference between Amazon and the lowest-price store ranged from a low of 10% for current New York Times bestsellers to a high of 25% for books that had moved off the list. Another comprehensive study is by Smith.44 His data cover prices for 23,000 unique titles and 33 retailers for the period August 25, 1999 to November 1, 1999. In each case, the prices were returned in response to searches for books initiated by customers visiting Dealtime.com, a prominent shopbot for books. An advantage of his data set relative to Clay, Krishnan, Wolff10 is the much broader range of titles included. A disadvantage is that prices are usually observed only on a single day. His data set, which does not include Buy.com, found that Kingbooks and A1Books returned the lowest price on 15.1% and 12.5% of the products respectively. One question of interest is whether observed differences in prices reflect strategic decisions, cost differentials, or both. Buy.com’s financial documents make it clear that its price leadership in this category is a strategic decision. Other retailers’ marginal undercutting of Amazon, presumably to get better placement on shopbots, suggests that strategic decisions are important. Discussions with industry sources, case studies, and media reports suggest that — with the exception of the big three — all bookstores face the same wholesale costs for books. The big three appear to receive additional discounts of about 5%–7% of publishers’ recommended prices in return for co-op advertising, warehousing books, and, in some cases, waiving the right to returns. According to recent financial documents, Amazon’s fulfillment costs, including all fixed and marginal costs associated with distribution and call centers, is roughly 15% of net sales, and the costs for Barnesandnoble.com appear to be quite similar. According to industry sources, differences in fulfillment costs across online vendors are not large. Thus, observed price differences seem to be primarily a result of strategic differences. Another question of interest is how multichannel vendors price across the two channels. Ten of the 32 vendors in the Clay, Krishnan and Wolff sample were multichannel. Seven of the ten were on-line branches of independent bookstores or small chains, and the remaining three were on-line branches of large chains. The large chains — Barnes and Noble, Borders, and Books-aMillion — offered lower prices in the Internet channel than in their physical stores, whereas the remaining stores appear to have offered the same prices in the two channels. Finally, the issue of collusion has arisen because of the similarity in prices among the big three and possible leader-follower behavior, with Amazon acting as an industry leader. Smith44 and Clay, and Krishnan and Wolff10 document the similarity in prices among the big three and note that several other stores post prices that are very similar to Amazon’s. Kaufmann and Wood25 explicitly examine the issue of leader-follower behavior using a dataset comprising bestsell-

SL3054_frame_C07 Page 145 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

145

ing books and compact disks. Unfortunately, the nature of their dataset does not allow them to differentiate between exogenous changes associated with items going off the bestseller list and endogenous changes associated with leader-follower behavior.

7.3.2 OTHER PRODUCTS Clemons, Hitt, and Hann12 compared the prices of 939 unique tickets for 436 unique combinations of departure and return cities of eight online travel agents on 4 days in 1998.* Although the price of an identical ticket did not differ across the eight online travel agents, differences in the way they processed search queries led to different return sets. These differences arose because different search algorithms had different implicit weights on price, match to specified departure and return times, and connecting vs. direct flights. Even accounting for differences in the quality of the tickets, Clemons, Hitt, and Hann still found substantial variation in the lowest-price ticket offered by an online travel agent that met specific criteria. Of particular concern was that online travel agents offered tickets that were strictly dominated by tickets offered by other online travel agents from 3% to 28% of the time. Their evidence suggests that online travel agents were differentiated both in the quality of the tickets returned and in the quality of interface and search algorithms they offered. Carleton and Chevalier9 examined the prices of 1106 unique fragrances and 201 DVD players sold online and in physical stores in June 2000. Although their primary focus was on manufacturers’ decisions about distribution, they provided some evidence on individual retailer behavior. Seventy-six percent of the fragrances in their sample could be purchased from an Internet retailer. Prices for fragrances at Internet stores varied systematically across stores, with online branches of department stores and some high-end beauty sites charging the manufacturer’s suggested price, and perfume sites and drugstores charging substantially lower prices on average. All of the DVD players in their sample could be purchased from an Internet retailer. Prices for DVD players were higher at retailers that also had physical stores, retailers that were authorized resellers, and manufacturer’s Web sites. This fits with evidence from online books that there is significant price variation across retailers and that multichannel stores tend to charge the same price in both channels. One interesting difference between perfumes and DVD players, and books and travel was that not all manufacturers of perfumes and DVDs chose to sell all products through all sites. Ellison and Ellison17 examine the prices of two types of computer memory upgrades and one type of computer motherboard as reported by Pricewatch.com from May 2000 to January 2001. Unlike books, where the variation in prices, even within the first page of a comparison shopping engine, can be 30%, they find that the difference between the first- and the tenth-lowest price was just 4%. This suggests that competition in prices across unbranded items of apparently similar quality may * The online travel agents were not identified by name. The eight were generated by studying four online travel sites and one proproprietary site. Three of the five sites allowed individuals to specify whether they were more interested in price or quality of match, generating the equivalent of three additional sites for a total of eight.

SL3054_frame_C07 Page 146 Tuesday, November 20, 2001 9:03 AM

146

The E-Business Handbook

be intense. One of the reasons, however, to offer low prices is to attract customers and then “upsell” them to a higher quality. This hypothesis is supported by evidence on the cross elasticities of demand, which were large and negative. The fact that retailers engage in such loss-leader behavior is, in part, a reflection of the difficulty of using comparison-shopping engines to search for unbranded goods.

7.3.3 FUTURE RESEARCH The studies cited above are an important start in understanding retailer pricing in online markets. Collectively, however, they cover relatively few markets and fairly short time periods, suggesting that much more work is needed to understand how Internet retailer behavior varies within and across markets and over time. Specifically, future work should address questions of whether certain stores are systematically cheaper or more expensive; whether price differences reflect cost advantages or strategic decisions; the extent of differentiation; the relationship among price, differentiation and sales; and whether the behavior of multichannel retailers differs from Internet-only retailers. It should also address dynamic issues such as how individual retailers’ prices and nonprice attributes are changing over time and whether observed changes are driven by exogenous changes in cost or demand, or factors internal to the market.

7.4 CONSUMER BEHAVIOR The Internet raises many interesting questions about consumer behavior: • How will consumer behavior change in electronically mediated markets from what is observed in physical markets? • How does Web page design impact consumer choices? • How do consumers respond to asymmetric information regarding retailer quality? We survey selected empirical research on these questions. Discussion is organized based on the source of the data: retailer data, shopbot data, aggregator data, and experimental data. In each case, we discuss the advantages and disadvantages of the particular type of data. The section closes with a discussion of areas for future research.

7.4.1 RETAILER DATA While it is easy to gather price and other product data directly from retailers, data on consumer behavior is typically harder to come by. In most cases, data on customer choice must be gathered with the cooperation of the retailer in question. For example, Degeratu, Rangaswamy, and Wu15 used data obtained from Peapod to compare the behavior of online grocery shoppers with physical-world shoppers. They found that price sensitivity can be lower and brand sensitivity can be higher among online customers. Fader and Hardie18 and Moe and Fader33 used data provided by CDNOW to model customer purchase and visit behavior over time. Fader and Hardie found

SL3054_frame_C07 Page 147 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

147

that standard marketing models can do a surprisingly good job of predicting trial and repeat purchases. Moe and Fader found that retailers should take into account changes in customer behavior over time — not just total number of visits — when forecasting which customers are most likely to buy. Other studies correlate offline survey data with online customer behavior. ScottMorton, Zettelmeyer, and Risso41 correlated data from car referrals made through Autobytel to physical sales reports obtained through J.D. Powers and Associates. They found that Autobytel customers typically pay 2% less for their cars than typical physical world customers. Shankar, Rangaswamy, and Pusateri42 used customer survey data to show that Internet customers who had prior positive experience with a hotel brand were not as price sensitive as other Internet customers. Finally, a number of studies use bid data collected directly from Internet auction sites to analyze customer bidding behavior. Resnick and Zeckhauser38 found that reputation ratings have a positive effect on prices in eBay auctions. Wilcox51 found that more-experienced bidders tend to bid more rationally than less-experienced bidders in eBay auctions. Data gathered directly from retailers typically excels in both richness and accuracy. However, this does come at a cost. Gathering such data typically involves the cooperation of the retailer. This is true even in some cases where consumer data are available directly from Web pages, such as the eBay bidding data mentioned above. EBay carefully monitors its site to block automated data-gathering spiders. Obtaining cooperation from retailers may come at a cost, either in terms of the time to negotiate with the retailer for access or in the form of limitations placed on publication of results.

7.4.2 SHOPBOT DATA Data from Internet shopbots allow researchers to analyze the response of customers comparing products offered by different retailers. Shopbots are Internet tools that allow customers to search for prices from numerous Internet retailers with just a few clicks. The prices are typically presented to the customer in an easy-to-read comparison table that lists price, delivery time, and other salient characteristics of the available products. Studies in this category include Brynjolfsson and Smith8 and Smith and Brynjolfsson,45 who used a multinomial logit model to analyze the choice behavior among customers to DealTime.com. These authors found that shopbot customers, while price sensitive, were also very sensitive to retailer brand name and to retailers they had visited before. In a hybrid study, Ellison and Ellison17 combined shopbot price data with data on customer behavior at one of the retailers listed at the shopbot. They used this data to infer price elasticity among the retailer’s customers. They found extraordinary high price elasticities, but also evidence of obfuscation strategies practiced by the retailer. The advantage of shopbot data is that it documents the competing prices available to the user at the time of their decision and thus can provide an accurate picture into their evaluation of different offers. Disadvantages of this data include the need to obtain an agreement from the site to observe customer choices, the difficulty of

SL3054_frame_C07 Page 148 Tuesday, November 20, 2001 9:03 AM

148

The E-Business Handbook

associating customer clicks with purchases, and the fact that shopbot customers are likely to be systematically different from the typical Internet customer.

7.4.3 AGGREGATION Customer behavior can also be obtained from aggregation data, which can come from html request logs maintained by Internet backbone companies, through consumer panels from companies such as Media Metrix, or private studies such as Carnegie Mellon University’s HomeNet study. In the category of html request logs, Adamic and Huberman1 used logs obtained from AOL tracking customer html requests. They found the number of Web-page hits was highly concentrated among a few sites: the top 1% of sites capture more than half of the total number of customer visits. In Internet consumer panel data, a representative set of customers have their surfing behavior tracked over time.28,33 These data typically include the self-reported demographic data of the household, the family member making the visits, the sites visited, and the timing of the visits. Montgomery34 used data provided by Media Metrix to forecast the future behavior of customers from past behavior. Johnson et al.23 used Media Metrix data to show that the depth of customer search was surprisingly low in Internet markets. Johnson, Bellman, and Lohse22 used this data to analyze how learning to use a retailer’s site can create “cognitive lock-in” among customers. Goldfarb19 used data gathered from Plurimus to study the portal choice among Internet households. Similar data is available through private studies such as HomeNet at Carnegie Mellon University.26 HomeNet collected data from new users of residential Internet service in the Pittsburgh area starting in 1995. In addition to information comparable to the Media Metrix data documented above, the project collected newsgroup messages, logs of help requests, and data from customers through home interviews and periodic questionnaires. Christ et al.13 and Christ14 used this data to study the depth of customer search behavior over time, and found that customers appeared to visit fewer sites as they gained more experience with the Internet. Aggregation data combines many of the advantages of retailer and shopbot data. Like retailer data, it provides a very rich picture of customer behavior. Like shopbot data, it provides measures of customer behavior across multiple sites. Aggregation data, in many cases, also provides additional demographic data that can be associated with individual customers.

7.4.4 EXPERIMENTS Experiments offer researchers the opportunity to control and manipulate the shopping environments and observe subsequent customer response. Such experiments have been used in the context of Internet markets to analyze how customers respond to different aspects of a site design,31,32 Web site response time,16 and product information.30,49 Other experiments simulate the results of auctions over an electronic channel.29 In each case, the primary advantage of the experimental approach is that researchers can control the shopping environment in ways that would not be possible

SL3054_frame_C07 Page 149 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

149

in most “working” markets. The art of this technique is designing experiments that produce the same outcomes as would be observed in the working markets.24

7.4.5 FUTURE RESEARCH Much work remains to both understand customer behavior in current Internet markets and how this behavior is likely to change over time. It would be interesting to see more studies partnering with Internet sites to conduct online experiments using actual Web site customers. Such experiments would combine the control possible in experimental research with the authenticity of retailer data. In the category of shopbot data, it would be interesting to analyze customer response to different shopbot interface designs to explore how shopbots can use customer preferences to improve their customer interface (see Montgomery et al.)36 In the context of aggregation data, it would be interesting for researchers to make more use of the timing and sequencing of Web requests to predict customer characteristics.

7.5 CONCLUSIONS We do not yet have definitive answers to the questions of whether Internet markets are more efficient than their physical counterparts or whether Internet markets are themselves becoming more efficient over time. The primary barrier to addressing these questions is obtaining data that covers a wide range of products sold in both Internet and physical stores over a reasonably long time span. Early studies suggest that prices are lower on average online. At least for some products, lower online prices appear to put pressure on offline prices, narrowing differences between the two channels. Estimates of elasticity indicate that individuals who use shopbots are extremely price sensitive. We know almost nothing about elasticity for other customers either offline or online. Price dispersion appears to be substantial, both on- and offline. More specific inferences are limited by the fact that virtually no online measures of dispersion are weighted by actual sales and by the fact that it is extremely difficult to get appropriate comparison data for physical stores. Finally, vendors do seem to take advantage of the lower cost of changing prices online to make smaller, more frequent changes. Retailers continue to experiment with pricing on the Web. One of the highestprofile experiments was Amazon’s experiment with DVD prices. More broadly, vendors continue to adjust prices, offer coupons or individual specific discounts, and provide free shipping to attract new customers and retain existing ones. Four patterns emerge from investigations of retailer behavior. First, highly branded retailers are generally more expensive than less well-known retailers. One puzzle is the vendors that do not seem to fit into either of these categories, particularly those that charge higher prices than highly branded retailers. Second, multichannel retailers are typically more expensive than Internet-only retailers. Higher prices may be a reflection of channel conflict, and customers’ ability to return goods to a physical store. Third, manufacturers, if they sell online at all, almost always sell at full price to minimize conflict with their retailers. Fourth, less-well-known vendors dynamically adjust their prices to ensure that they appear in the first few entries of a shopbot. More

SL3054_frame_C07 Page 150 Tuesday, November 20, 2001 9:03 AM

150

The E-Business Handbook

generally, patterns of prices over time suggest that firms monitor one another carefully and that they may be engaging in leader-follower behavior. Consumers appear to be both more and less price sensitive on the Internet relative to physical channels. Customers who are already price sensitive can more easily search for low prices online than offline, leading to extremely high elasticities. At the same time, customers who are already price insensitive because of high income or limited time may appear extremely price insensitive. Part of their apparent insensitivity may be the limited information available to them in the Internet context. For instance, customers who shop for groceries online may be less able to evaluate quality than if they were actually in the store. Thus, they may rely more on brand, appearing to be extremely price insensitive. A similar effect shows up in eBay auctions, where buyers pay higher prices for identical goods sold by sellers with better reputations (effectively more highly branded sellers). Overall, we have only begun to learn about the effects of the great experiment that the rise of Internet sales represents. Much more work remains to be done.

REFERENCES 1. Adamic, Lada A. andBernardo A. Huberman. 1999. The nature of markets in the World Wide Web. Quart. J. Electron. Comm.1(1) 5-12. 2. Bailey, Joseph P. 1998a. Intermediation and electronic markets: Aggregation and pricing in Internet commerce. Ph.D thesis., Technology, Management and Policy, Massachusetts Institute of Technology, Cambridge, MA. 3. Bailey, Joseph P. 1998b. Electronic commerce: Prices and consumer issues for three products: books, compact discs, and software, Org. Econ. Co-op. Devel., OCDE/GD 98(4). 4. Bakos, J. Yannis. 1997. Reducing buyer search costs: Implications for electronic marketplaces. Mgmnt. Sci. 43(12) 1613-1630. 5. Bakos, J. Yannis et al. 2000. The Impact of Electronic Commerce on the Retail Brokerage Industry. Working Paper, Stern School of Business, New York University, New York, NY. July. 6. Belobaba, Peter P. 1987, Airline yield management: An overview of seat inventory control, Trans. Sci., Vol. 21, No. 2 (May), pp. 63-73. 7. Brown, Jeffrey R. and Austan Goolsbee. 2000. Does the Internet Make Markets More Competitive? Evidence from the life insurance industry. National Bureau of Economic Research Working Paper #7996, October. 8. Brynjolfsson, Erik, Michael Smith. 2000. Frictionless commerce? A comparison of Internet and conventional retailers. Mgmnt. Sci. 46(4) 563-585. 9. Carleton,D.W. and J.A. Chevalier. 2001. Free Riding and Sales Strategies for the Internet. National Bureau of Economic Research Working Paper #8067, January. 10. Christ, Mario et al. 2000. Developmental Trajectories of Individual WWW usage: Implications for Electronic Commerce. Working Paper, Carnegie Mellon University, Pittsburgh, PA. 11. Christ, Mario. 2001. On Web Site Loyalty and Web Site Stickiness in the World Wide Web. Working Paper, Carnegie Mellon University, Pittsburgh, PA.

SL3054_frame_C07 Page 151 Tuesday, November 20, 2001 9:03 AM

The Great Experiment: Pricing on the Internet

151

12. Clay, K., R. Krishnan, and E. Wolff. 2001. Prices and Price Dispersion on the Web: Evidence from the Online Book Industry. National Bureau of Economic Research Working Paper #8271, May. 13. Clay, K. and C.H. Tay. 2001. Cross-Country Price Differentials in the Online Textbook Market. Working Paper, Carnegie Mellon University, May. 14. Clemons, Eric K., Il-Horn Hann, Lorin M. Hitt. 1998. The nature of Competition in Electronic Markets: an Empirical Investigation of Online Travel Agent Offerings. Working Paper, The Wharton School of the University of Pennsylvania, Philadelphia, PA. 15. Degeratu, Alexandru, Arvind Rangaswamy and Jeremy Wu. 2000. Consumer choice behavior in online and traditional supermarkets: The effects of brand name, price, and other search attributes. Int. J. Res. Mktg. 17(1) 55-78. 16. Dellaert, Benedict G.C. and Barbara E. Kahn, 1999. How Tolerable is Delay? Consumers’ Evaluations of Internet Web Sites after Waiting. Working Paper, The Wharton School, University of Pennsylvania, Philadelphia, PA. 17. Ellison, Glen and Sara Fisher Ellison. 2001. Search, Obfuscation, and Price Elasticities on the Internet. Working Paper, MIT, Cambridge, MA, January. 18. Fader, Peter S.G. Bruce and S. Hardie. 1999. Forecasting Repeat Sales at CDNOW: A Case Study. Wharton Marketing Department Working Paper #99-023, Philadelphia, PA. 19. Goldfarb, Avi. 2001. Analyzing Website choice using click-stream data. Working Paper, Northwestern University, Evanston, IL. 20. Goolsbee, Austan. 2000a. In a world without borders: The impact of taxes on Internet commerce. Quart. J. Electron. Comm. 115(2) 561-576. 21. Goolsbee, Austan. 2000b. Competition in the Computer Industry: Online versus Retail. Working paper, University of Chicago. 22. Johnson, Eric J., Steven Bellman and Gerald L. Lohse. 2000. What makes a Web Site “Sticky”? Cognitive Lockin and the Power Law of Practice. Working Paper, Columbia School of Business, Columbia University, New York. 23. Johnson, Eric J. et al. 2000. On the Depth and Dynamics of Online Search Behavior. Wharton Marketing Department Working Paper #00-019, Philadelphia, PA. 24. Kagel, John H. and Alvin E. Roth, Eds. 1995. The Handbook of Experimental Economics. Princeton University Press, Princeton, NJ. 25. Kauffman, Robert J. and Charles A. Wood. 2000. Follow the Leader? Strategic Pricing in E-Commerce. Proc. Int. Conf. Info. Syst. 2000, Brisbane, Australia. 26. Kraut, Robert E.et al. 1996 HomeNet: A field trial of residential Internet services. Communications of the ACM 39(12) 55-63. 27. Levy, Daniel et al. 1997. The magnitude of menu costs: Direct evidence from large U.S. supermarket chains. Quart. J. Electron. Comm.112(3) 791-825. 28. Lohse, Gerald L., Steven Bellma and Eric Johnson. 2000. Consumer buying behavior on the Internet: findings from panel data. J. Interactive Mktg. 14(1) 15-29. 29. Lucking-Reiley, David. 1999. Using field experiments to test equivalence between auction formats: magic on the Internet. Am. Econ. Rev. 89(5) 1063-1080. 30. Lynch, John G., Jr. and Dan Ariely. 2000. Wine online: Search cost and competition on price, quality, and distribution. Mktg. Sci. 19(1) 83-103. 31. Mandel, Naomi and Eric Johnson. 1998. Constructing Preferences Online: Can Web Pages Change What You Want? Working Paper, University of Pennsylvania, Philadelphia. 32. Menon, Satya; Kahn, Barbara E. 2000. Cross-Category Effects of Stimulation on the Shopping Experience: An Application to Internet Shopping. Working Paper, The Wharton School, University of Pennsylvania, Philadelphia, PA.

SL3054_frame_C07 Page 152 Tuesday, November 20, 2001 9:03 AM

152

The E-Business Handbook

33. Moe, Wendy, Peter S. Fader. 2000. Capturing Evolving Visit Behavior in Clickstream Data. Wharton Marketing Department Working Paper #00-003, Philadelphia, PA. 34. Montgomery, Alan L. 1999. Using clickstream data to predict WWW usage. Working Paper, Graduate School of Industrial Administration, Carnegie Mellon University, Pittsburgh, PA. 35. Montgomery, Alan L. 2001. Applying quantitative marketing techniques to the Internet. Interfaces. 31(2) 90-108. 36. Montgomery, Alan L.et al. 2001. Designing a better shopbot. Working Paper, Carnegie Mellon University, Pittsburgh, PA. 37. Png, Ivan et al. 2000. The Competitiveness of On-line vis-à-vis Conventional Retailing. Working Paper, National University of Singapore, Singapore. 38. Resnick, Paul, Richard Zeckhauser. 2001. Trust among Strangers in Internet Transactions: Empirical Analysis of eBay’s Reputation System. Working paper, University of Michigan School of Information, Ann Arbor, Michigan. 39. Salop, S., J.E. Stiglitz. 1982. The theory of sales: A simple model of equilibrium price dispersion with identical agents. The American Economic Review 72(5) 11211130. 40. Schmalensee, Richard. 1981. Output and welfare implications of monopolistic thirddegree price discrimination. The American Economic Review 71(1) 242-247. 41. Scott-Morton, Fiona, Florian Zettelmeyer, Jorge Silva Risso. 2001. Internet car retailing. Working Paper, Yale University, New Haven, CT. 42. Shankar, Venkatesh, Arvind Rangaswamy, Michael Pusateri. 1998. The impact of Internet marketing on price sensitivity and price competition. Marketing Science and the Internet, INFORM College on Marketing Mini-Conference. Cambridge, MA. 43. Smith, Michael, Joseph Bailey, Erik Brynjolfsson. 2000. Understanding digital markets. E. Brynjolfsson, B. Kahin, eds. Understanding the Digital Economy MIT Press, Cambridge, MA. 44. Smith, Michael. 2001. The Law of One Price? Price Dispersion and Parallel Pricing in Internet Markets. Working Paper, Carnegie Mellon University, Pittsburgh, PA. 45. Smith, Michael and Erik Brynjolfsson. 2001. Customer Decision-Making at an Internet Shopbot. Working Paper, Carnegie Mellon University, Pittsburgh, PA. 46. Smith, Barry et al. (2001), “e-Commerce and Operations Research in Airline Planning, Marketing, and Distribution”, Interfaces, ,” Interfaces, Vol. 30, No. 2 (MarchApril). 47. Stigler, George. 1961. The economics of information. Journal of Political Economy. 69(3) 213-225. 48. Tang, Fang-Fang and Xiaolin Xing. 2000. An Empirical Study on Pricing Differences between Dot Coms and Hybrids in the Online Video Market. Working paper, Nanyang Business School, Singapore. 49. Urban, Glen L., Fareena Sultan, William Qualls. 1998. Trust-Based Marketing on the Internet. Working Paper #4035-98, MIT Sloan School of Management, Cambridge, MA. 50. Varian, Hal R. 1980. A model of sales. The American Economic Review. 70(4) 651659. 51. Wilcox, Ronald T. 2000. Experts and amateurs: The Role of Experience in Internet Auctions. Working Paper, Carnegie Mellon University, Pittsburgh, Pennsylvania.

SL3054_frame_C08 Page 153 Tuesday, November 20, 2001 9:03 AM

8

Virtual Trade Fairs: An Emerging Internet Application Ramesh Sharda and Ramesh Sambasivan

CONTENTS 8.1 8.2

Introduction ..................................................................................................153 Virtual Trade Fairs: Definition and Purpose................................................154 8.2.1 Virtual Trade Fair Spectrum ............................................................156 8.2.2 Working Effectively with Virtual Trade Fairs .................................157 8.3 Developing a Virtual Trade Fair ..................................................................158 8.3.1 Process View ....................................................................................158 8.3.1.1 Content Creation...............................................................158 8.3.1.2 Showtime ..........................................................................159 8.3.1.3 Reporting...........................................................................159 8.3.2 Technology Overview ......................................................................160 8.3.2.1 Booth Builder System ......................................................160 8.3.2.2 Attendee Personalization System .....................................160 8.3.2.3 Virtual Show Run-Time System.......................................160 8.3.2.4 Online Reporting System .................................................161 8.4 Virtual Trade Fair Technology Providers ....................................................161 8.5 Case Studies in Virtual Trade Fairs .............................................................162 8.6 Conclusions ..................................................................................................164 References..............................................................................................................164

8.1 INTRODUCTION What the Internet brings us is convenience at our fingertips at negligible costs. It is clear that the power and global reach of the Internet are transforming many aspects of commerce. Several applications have been developed to support and Web-enable activities in the business value chains: advertising, marketing, transactions, supply chain management, customer relationship management including technical support, etc. Technologies available today, and being developed for tomorrow, will result in creating even further efficiencies in connecting buyers and sellers, and extending

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

153

SL3054_frame_C08 Page 154 Tuesday, November 20, 2001 9:03 AM

154

The E-Business Handbook

their reach. This chapter describes a new class of such applications, namely virtual trade shows. All organizations must address the problem of finding qualified leads that can be converted into customers or clients. Many traditional approaches are available to reach the potential audience: advertising in various media, sponsorships, giveaways, participation in trade shows, etc. Trade shows represent a major segment of advertising and marketing expenses for the industry. According to the research conducted by the Center for Exhibition Industry Research,1 exhibition at trade shows has jumped to third place as the major marketing focus. According to CEIR research, 88% of the exhibitors reach new leads at a tradeshow. More than 12,000 exhibitions are held each year with more than 1.5 million exhibiting companies and in excess of 75 million attendees.2 However, this industry has not been studied as extensively as its size would suggest.3 The Internet has created additional opportunities for reaching the audience through Web sites, Web-based advertising, participation in vertical portals for a specific vertical industry segment, and so on. The existence of a Web site alone is not enough to generate an audience, hence the need for vertical communities. With each of these facing the uphill task of creating and sustaining audience interest, the need for constant reinventing of a vertical community becomes critical. An online interactive event venue is neither like a static Web site nor a vertical portal. As the numbers of corporate Web sites keep growing, businesses are faced with two challenges: to achieve a Web presence that will be dynamic, not just an online catalog; and to attract the attention of a desired audience and draw its members to the Web site. The drawing power of an event and the global reach of the Internet can be combined into an online event or a virtual trade fair to create value for the Website visitors (trade show attendees), Website owners (trade show exhibitors), and the event organizers (community builders). An online event avoids the pitfalls of a degenerative vertical portal. The Internet, by its inherent nature, facilitates the meeting of people and exchange of information. This power can be used to offer attendees and exhibitors the convenience of flexibility, low cost, and ease of use — a combination that only the Internet can make possible. Tradeshow producers can lease virtual trade fair space just as they lease space at a convention center. The next section further defines a virtual trade fair.

8.2 VIRTUAL TRADE FAIRS: DEFINITION AND PURPOSE Mellinger4 provides a sound overview of the virtual tradeshow application. He defines a virtual trade show as “a collection of exhibitor-related information on products and services for a specific show.” From our perspective, a truly virtual trade show encompasses significantly more than the above description implies. We define a virtual trade fair as an event that replicates (and enhances) many of the information exchange, communication, and community gathering aspects of a physical event. A virtual trade fair thus has an event orientation and includes the capabilities of supporting information exchange among various exhibitors and numerous attendees, including live interaction.

SL3054_frame_C08 Page 155 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

155

Event producers can use a unique interactive online venue to create trade shows online. It is akin to a convention center with exhibition facilities, except that the virtual event venue is located on the Internet. The virtual event venue is open online and staffed for a specific period of time or season, marketed to the appropriate audience, and, after a short peak of traffic and attention, this temporary venue is disbanded. A virtual trade fair is made possible by the two-way-communication capabilities (interactive features) of the Internet. By being able to congregate vendors and customers of particular industries at a set virtual location at a given time, virtual trade fairs create temporary event-based portals. During such an event, exhibitors have booth staffers available online, and the portal provides special resources to enable attendees and exhibitors to have real-time interaction, chat online, exchange business cards, work with special discounts, and receive giveaways and online documents or catalogs from the exhibitors. After the duration of the event, it can be archived in digital form to be reconvened at the next best marketplace or in the next best season. Thus, a virtual trade fair is a perfect example of a vibrant event-based portal that reinvents itself as necessary. The online booths can be adapted to suit the changing audience preferences even as an event is in progress. Physical trade shows present enormous monetary challenges for smaller enterprises that cannot afford the huge costs involved in publicizing and marketing them. If marketed through a virtual trade fair, the Internet presence of a business is greatly enhanced by attracting a universal audience at minimal costs. In comparison with the time, expense, and human effort required to participate in a physical, in-person trade fair, virtual trade fairs are more effective and inexpensive, generating about 80% of the benefits of physical trade fairs at 20% of the costs. Thus, the return on investment (ROI) for trade-show-based marketing can increase substantially An online trade fair provides a great advantage by delivering the trade shows to participants right at their personal computers. Virtual trade fairs also allow dynamic feedback of booth traffic that helps vendors assess the effectiveness of their participation. Using this feedback, exhibitors can reconfigure their booths during the event to optimize booth traffic, which is generally not possible in brick-and-mortar trade fairs once the event has commenced. Overall, virtual trade fairs create a win-win situation for exhibitors, attendees and trade show producers alike. Industries that can benefit from virtual trade fairs include: • Industries in which knowledge obsolescence is high, such as information technology (IT) • Industries with seasonal products, such as the fashion industry • Industries with a Web-savvy audience • Businesses that market products through catalogs or television shopping guide networks • Industries that manufacture heavy machinery that presents transportation challenges or those such as real estate that deal with immovables • International companies that have the U.S. as a target market • Industry trade associations with limited market reach

SL3054_frame_C08 Page 156 Tuesday, November 20, 2001 9:03 AM

156

The E-Business Handbook

• Industries dealing with products that possess universal appeal • Industries dealing with small products that can be handled in bulk such as spices, coffee, and auto parts, whose samples can be shipped easily • Specialty stores or industries that face a need to clear inventory quickly • Industries handling products targeted at niche audiences, such as manufacturers of fitness equipment reaching out to the readers of a fitness magazine

8.2.1 VIRTUAL TRADE FAIR SPECTRUM Virtual trade fairs or trade shows have taken many forms. Table 8.1 lists the many observed forms of virtual trade shows and an example in each category. It is clear that the definition of a virtual trade show varies by provider. Many event producers provide only a link to the Web sites of exhibitors. Others provide some additional product or corporate contact information as well as physical booth location. Yet others include attractive booth images or pictures of a physical booth (panoramic, virtual reality-oriented images) in a virtual exhibit hall. Online presentation providers such as WebEx, MyWebcast, and Placeware allow a single company to make presentations with audio (and sometimes video) included. However, this service is usually centered on the presenter company. The purpose of a trade show is not only to broadcast the exhibitor information, but also to provide a mechanism for attendees and exhibitors to come together and exchange information. In a physical trade show, this happens at the same time and place. In a virtual trade show, this should be possible from different places. Thus, a virtual trade show should permit numerous exhibitors to interact with many attendees and exchange information live from several different places. This level of interactivity is possible using today’s technologies.

TABLE 8.1 Virtual Trade Fair Examples VTF Style

Examples

Only links to exhibitors’ Web sites

www.farmmechshow.com/links.htm

A Web page that gives exhibitor contact information and booth location information at the physical show

www.pentonevents.com/spring2001 or

A Web page that contains a booth image, but little interactivity (graphical or picture)

www.railroadcastnetwork.com/worldrailexpo/wr e/virtualexhibithall.htm

Single company presentations

www.webex.com, www.placeware.com, or www.mywebcast.com

An interactive trade show

www.itradefair.com

www.techxny.com/pc-expo/virtualframeset.html

SL3054_frame_C08 Page 157 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

8.2.2 WORKING EFFECTIVELY

WITH

157

VIRTUAL TRADE FAIRS

Virtual trade fairs cannot replace the need for humans to interact face to face. The experience of interpreting body language, gathering competitive intelligence through overhearing conversation at a trade show, the rush of being in crowded exhibition halls, and touching products on display cannot be replaced by the Internet. However, Internet trade fairs add value in a unique way as described below. “Add-on” virtual trade fairs are virtual events run in conjunction with a legacy physical trade event. Combining virtual and legacy trade fair events maximizes profitability when they are used to complement each other. Figure 8.1 illustrates some proposed combinations of physical and virtual trade fairs. The momentum created in the legacy event can be sustained and enhanced through follow-up add-on events. Subsequently, stand-alone virtual trade fairs can extend existing brand recognition by providing increased exposure of vendors to the target audience. It is easier to create repeat events as well as upgrade events on the Internet without facing logistical nightmares, and it can be done for an incremental cost. For instance, the gaming industry has traditionally hosted a physical event twice a year in the months of January and July. A virtual complement for this event can be added using the Internet in two ways: first, an add-on event can be run in tandem with the regular events; second, two stand-alone virtual events can be organized in April and October. These standalone events can help sustain the momentum generated by the physical events. A stand-alone virtual complement enables industry representatives to share ideas and keep abreast of developments without having to wait 6 months for the next event to occur. Thus, the virtual event becomes a powerful source of information for the industry for constituents anywhere in the world. Optimal combinations of legacy and virtual trade fair events can provide increased reach to a now universal audience. The frequency and timing of these combinations would depend upon the rate of change of information in the specific industry and the need for localization. In the IT area, trade shows are held frequently. There are also traveling trade shows that hold localized versions of a trade show (e.g., www.itec.com or www.dmashows.com). Virtual trade shows can be the ultimate in localization of a trade show.

JAN

FEB MAR

APR

MAY

JUN

JUL

Present

Legacy Event

Legacy Event

Proposed

Legacy Event Add-on Virtual

Legacy Event Add-on Virtual

Proposed

Legacy Event

AUG SEP

Legacy Event Stand-alone Virtual

Proposed

Legacy Event Add-on Virtual

OCT

Stand-alone Virtual

Stand-alone Virtual Legacy Event Add-on Virtual

FIGURE 8.1 Combinations of physical and virtual trade fairs.

Stand-alone Virtual

NOV

DEC

SL3054_frame_C08 Page 158 Tuesday, November 20, 2001 9:03 AM

158

The E-Business Handbook

8.3 DEVELOPING A VIRTUAL TRADE FAIR 8.3.1 PROCESS VIEW Typically, a virtual trade show organizer requests a VTF technology provider to furnish the technology for a virtual show. The event producer must promote the virtual show in the same way as a physical show. This promotion would involve print, mail, or e-mail advertising to build attendee traffic and convince exhibitors to buy virtual booth space. A virtual event should also include keynote speeches and other presentations. These may be archived from a physical meeting or produced specifically for a virtual event. These Web-casts may be live or streamed from an archive. 8.3.1.1 Content Creation Virtual trade fair booths can be created online when the exhibitors select booth specifications within those stipulated by the show’s producers. Figure 8.2 illustrates the complete process of a virtual trade show. The exhibitor visits a Web site location assigned by the trade fair producer and fills out an online form of specifications required to build a booth. An exhibitor can choose from booth image templates that are made available for this purpose. The booth is then

Producer

VTF

Promote show

Technology and Service Provider

Request virtual trade show

Create keynote events

2

1

Create virtual booth online

· Provides all

Exhibitor

3

technical and customer service support to event producer, exhibitors, and attendees

Receive leads in real time Remotely operate booth

1

3

2

· Provides show

promotion support

to producers and exhibitors

Visit booths mingle with attendees/ exhibitors

Register and receive digital ID

· Provides reports

to producers and exhibitors Attendee

1

Attend keynote events 3

FIGURE 8.2 Process overview of VTF generation.

2

Collect materials and/or gifts 4

SL3054_frame_C08 Page 159 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

159

created digitally, using the document files, image files, and video clips of the exhibitor’s choice. Additionally, trade fair producers can have virtual booths customized in accordance with the preferences of the exhibitor over and above available standard templates. 8.3.1.2 Showtime Attendees log on to the Internet through a personal computer, sign up to create an online badge, and participate in the trade fair directly from the comfort of their own home, office, laptop or handheld computer. They can choose the booths to attend, click on various buttons or icons on the screen to exchange business cards (this transmits the leads to the exhibitor’s database in real time), download promotional literature and catalogs of the exhibitor, or have such information mailed to them. Attendees can also click on different icons to visit the exhibitor’s Web site, watch an exhibitor’s video, chat online with the exhibitor’s booth staffers, or request the virtual booth to automatically dial and create an instant phone connection. They can also click on other buttons or icons to qualify for prizes and giveaways. Attendees will also be able to view messages posted by other participants on the online bulletin board, leave comments for others to read, and chat with others in the common online lounge. Several other technologies to create a realistic interactive experience for booth staffers and attendees are under development and can be incorporated as bandwidth makes it practical. Figure 8.3 displays a sample virtual booth offering icons for the functionality described above. 8.3.1.3 Reporting Lead-generation reports delivered to the exhibitors allow them to tune their booth offerings and display services as close to real time as possible. It also allows them

FIGURE 8.3 A sample virtual booth.

SL3054_frame_C08 Page 160 Tuesday, November 20, 2001 9:03 AM

160

The E-Business Handbook

to follow up with qualified leads immediately. These reports, which provide the exhibitor considerable information about the attendees, can be far more extensive than what is gathered at the physical show.

8.3.2 TECHNOLOGY OVERVIEW The software platform should consist of at least the following four components. 8.3.2.1 Booth Builder System The booth builder system allows companies to dynamically create and update the contents of their online exhibits. A booth builder system is a necessary, critical element to allow many booths to be developed simultaneously and in scale. Otherwise, hoards of HTML and graphics programmers would be needed to produce each virtual show. For example, one provider of VTFs, iTradeFair.com, has developed its Booth Builder System, which puts control of the booth’s contents in the exhibitor’s hands in real time. Through a very user-friendly browser-based interface, the exhibitor can create, edit, and delete all the booth’s contents. Even during the event, they can change the welcome messages on the booth, something not easy to do at a physical show. Several of the features are automatically configured and require no setup from the exhibitor. Many others are configured via menu selections. Even the exhibit’s “booth skin” (graphic image) is selected from a menu. The exhibitor does not require knowledge of HTML or any other programming language. It is a truly self-administered booth for the exhibitor. 8.3.2.2 Attendee Personalization System The attendee personalization system collects attendee name and address information, and any other custom demographic information that the producer has requested to deliver meaningful leads, while making for relevant personalized visits each time the attendee returns to the online event. 8.3.2.3 Virtual Show Run-Time System This system mimics a physical trade show with coffee rooms, media rooms, exhibit halls, and booths that offer all the services that attendees expect at a physical show. Attendees find booths offering lucky draws, online chats, gifts, and fax-back services, along with other information presented in multimedia format. This system must include the functionality to enable all the features that mimic the physical show experience. These functions must appear in a seamless, easy-to-understand interface. Further, as is the case in a physical show, a digital badge should allow access to various booths and interaction capabilities with those booths without requiring filling another form. Technologies that enable these features include chat, Web callback, FAX server, e-mail (SMTP), and the usual database and Web application programming languages.

SL3054_frame_C08 Page 161 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

161

8.3.2.4 Online Reporting System This system allows the exhibitors to view and download their lead information in real time. A generic attendee report, similar to traditional show attendee lists, is available to all exhibitors through the event producer. Each exhibitor can access detailed traffic reports outlining all registered attendees who visit the virtual booth. For easy customer database administration, all reports are available for electronic download in .csv format. No special software is required. For obvious security purposes, all reports are maintained under controlled access through the exhibitor’s booth identification and password.

8.4 VIRTUAL TRADE FAIR TECHNOLOGY PROVIDERS As described in a previous section, many vendors offer technology services that are sold as virtual trade shows. Almost any Web site developer can design a Web page for a show, provide links to the exhibitor Web sites, and call it a virtual trade show. Other providers offer specific technologies to develop virtual trade shows. A Web site at tsnn.com includes a list of virtual trade show providers. Table 8.2 offers a list of virtual trade fair technology providers and a brief

TABLE 8.2 Representative VTF Technology Providers Category

Companies

Show site developers that include A2Z Inc. links to exhibitor Web sites or Bluedot.com exhibitor information page Cyber Centre Excel-Online, Inc. ExpoExchange EXPOVenture iConvention.com Momentix.com PNBC.net Show Experience, Inc. Vertical portal sites that use a Globalbizshows.com booth metaphor for displaying IndustryShows.com vendor information, but no iVTS.com event orientation WebXpos 3-D booth navigation providers Expocentric.com Expomaker.com RMR plc Presentation conference Centra providers Placeware WebEx Live interaction trade show event iTradeFair.com providers UnisFair, Inc.

Web sites www.a2zshow.com www.bluedot.com www.cyber-centre.com www.excel-online.com www.ExpoExchance.com www.expoventure.com www.iConvention.com www.momentix.com www.pnbc.net www.showexperience.com www.globalbizshows.com www.industryshows.com www.ivts.com www.Webxpos.com www.showcase.expocentric.com www.expomaker.com www.rmrplc.com www.centra.com www.placeware.com www.Webex.com www.itradefair.com www.unisfair.com

SL3054_frame_C08 Page 162 Tuesday, November 20, 2001 9:03 AM

162

The E-Business Handbook

description. This list is incomplete at best, but no single source other than the Web site mentioned above and our efforts have compiled this information. As seen in Table 8.2, virtual trade shows come in many flavors. The true same-time, different-place gathering of several exhibitors and many attendees is currently offered by three providers: Expocentric, Unisfair, and iTradeFair. Expocentric offers a 3-D VRML-based virtual reality booth, but the bandwidth limitations could hamper its acceptance. Unisfair offers Flash-based booths, providing nice visuals but limiting the number of attendees who can experience the virtual trade fair. Neither of these integrates the phone callback to allow exhibitors and attendees to talk to each other through traditional phone lines. iTradeFair’s system, on the other hand, is designed with the focus on same-time, different-place gathering. This allows for a more complete experience of the booth metaphor including “pick up goodies,” “enter door prize drawing,” “instant callback,” etc. The modular design of the system can easily integrate other features such as VRML or 3-D video tours, product demonstrations, PowerPoint presentations, etc. This list of providers is representative. Other vendors offer features that can be marketed as virtual trade fairs. The technology to enable higher interactivity among Web visitors is developing, so the booth metaphor will continue to grow to present live interaction among exhibitors and attendees.

8.5 CASE STUDIES IN VIRTUAL TRADE FAIRS This section describes some virtual events that have taken place using iTradefair.com’s technology. These events range from pure virtual shows to complementary online events. OKLAHOMA INVESTMENT FORUM’S SOUTHWEST CAPITAL CONFERENCE 2000 (TULSA AND ONLINE) Established in 1989, the Oklahoma Investment Forum (OIF) is a broad-based, statewide, not-for-profit organization formed to educate, encourage, and promote entrepreneurship and small-business development. Membership consists of business professionals with a direct interest in small business, economic development, entrepreneurship, venture and angel capital, and technology commercialization. For the past 11 years, OIF (www.ok-investmentforum.org) has organized the Southwest Capital Conference. The presenters are startup companies that, by invitation, present their businesses to the attendees (private investors, VCs and related service industries, along with a series of speakers). As an adjunct to the October 2000 event, OIF ran an online site called Southwest Capital Conference Online 2000 that showcased all the presenting companies via virtual booths. The actual conference with presenters and exhibitors was in late September 2000, and, after a 3-week break, the online event was held for 4 hours. Each virtual booth contained static information such as product and corporate specifics, business cards, press releases, etc. Various virtual booths also included multimedia presentations, documents available through an online fax-on-demand service, and the capability for chat, instant-messenger or phone-callback services.

SL3054_frame_C08 Page 163 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

163

The virtual show was very much oriented toward self service. The exhibiting companies completely controlled the content of their booths from browsers at their offices. The participating companies had access to online tools, with which they constructed their own online booths, customizable at will for an unlimited number of times at the click of a mouse. ITradeFair.com supported the event with pre-event publicity, e-mail blitzes, and post event follow-up e-mails to drive traffic. Visitors such as investors and investment bankers who would have otherwise not visited the event in Tulsa, were able to attend online. Visitors from as far away as New York and California came online to look at the investment opportunities in Oklahoma via the Internet. The Internet-based extension of the event tripled the audience to the Southwest Capital Conference 2000. Several presenters received inquiries from interested venture financiers in the Midwest and Northeast. In summary, according to Paul White, executive director of Oklahoma Investment Forum, “The online component was critical to the success of Southwest Capital Conference 2000.” TECHNOXPO

AT

CONVEX 2000 (SAN DIEGO CALIFORNIA,

AND

ONLINE)

PEI is the international trade association for more than 1600 distributors, manufacturers, and installers of equipment used in petroleum marketing and liquid-handling operations. Users of the equipment include service station and convenience store owners, terminals, bulk plants, and airport refueling operations. TechnoXpo is a high-tech add-on to Convex, a large trade show held in San Diego in 2000 — its 50th anniversary. Convex Online was introduced in 2000 as an online adjunct to the event in San Diego. The online event was publicized through online methods and had strong support from the event organizer. A message appearing on the online bulletin board of Convex Online summarizes the event’s sentiment: “This is the only view of Convex that I will have since I am not going to San Diego. Keep up the good work.” AECT SHOW

OF THE

FUTURE

AECT (Association for Educational Communications Technology) is a leader in the educational communications and technology industry and interfaces among professionals with a common interest in the use of educational technology and its application to the learning process. The online event, called AECT’s Show of the Future, was accessible over the Internet for 45 days during October–November 2000. ASCP SENIOR CARE PHARMACY ONLINE 2000 The American Society of Consultant Pharmacists (ASCP) is the international professional association that provides leadership, education, advocacy, and resources to advance the practice of senior care pharmacy. ASCP’s Senior Care Pharmacy show was brought online for a 45-day period after the physical event was over.

SL3054_frame_C08 Page 164 Tuesday, November 20, 2001 9:03 AM

164

The E-Business Handbook

PENNWELL PUBLISHING’S FIRE DEPARTMENT INSTRUCTORS’ CONFERENCE (FDIC ONLINE) In May 2001, Pennwell Publishing brought two events online at one Web site with the idea of leveraging the traffic of both through one site long after the events are over in the physical convention center. Over 800 exhibits were brought online through electronic import of data to create standard virtual booths, upgradable with interactivity by the exhibitors independently. Responses from exhibitors have been very enthusiastic.

8.6 CONCLUSIONS Virtual trade fairs make it possible for an exhibitor to obtain additional leads with minimal cost and effort while allowing attendees to come to the event, but in the convenience of their home or office. By saving tremendously on obtaining qualified leads through a virtual trade fair, companies can reallocate resources toward followup on those quality leads. Virtual trade fairs thus save time, money, and human effort. Virtual trade fairs also empower small and medium-sized businesses by leveling the playing field in trade fair representation. Applications of virtual trade fairs present new technology and management research issues. A virtual booth is a platform for launching many different Web applications including audio, video, text display, e-mail exchange, etc. Development of user interfaces that make this interaction as intuitive and easy as in a physical show remains a challenge and a major research issue. There are also numerous opportunities to study the patterns of interactions among attendees and exhibitors. Virtual trade fairs will offer a rich dataset of logs to begin studying the online behaviors of community members in a B2B environment. There are also many business changes to study. Given that the trade-show industry is so cash-rich and growing, the technology acceptance model for adoption of innovative ideas is probably different from other industries. Resistance to change is common, but it is even stronger when the established players are in a comfortable situation. The technology adoption curve for this industry is worth further study.5 Current and rapidly available technologies as well as the growing bandwidth make virtual trade fairs an emerging Internet application to facilitate commerce. The application not only can enhance existing same-time, same-place gatherings to include same-time, different-place components, it can also trigger new categories of online events (e.g., a book launch on the Web). We believe that it is a high-growth industry in terms of its size, and also of much research interest in terms of technologies, user interfaces, and technology acceptance models.

REFERENCES 1. Center for Exhibition Industry Research,. www.ceir.org/forms/CAEM May01.ppt, June 02, 2001.

SL3054_frame_C08 Page 165 Tuesday, November 20, 2001 9:03 AM

Virtual Trade Fairs: An Emerging Internet Application

165

2. Center for Exhibition Industry Research, www.ceir.org/forms/Trends.ppt, June 02, 2001. 3. Gopalakrishna, S. and G.L. Lilien, A three-stage model of industrial tradeshow performance, Marketing Science, Vol. 14, No.1, pp. 22-42, 1995. 4. Mellinger, B.. (2000, March) Virtual shows: definitions and trends, Magazine for Trade Show and Event Marketing Management, http://www.exhibitornet.com/exhibitormagazine/articles/mar00.asp. 5. Christensen, C., The Drivers of Vertical Disintegration, in Innovation and the General Manager, C.M. Christensen, Ed. Irwin McGraw-Hill, New York, 1999, pp. 429-461.

SEE

ALSO:

Axelson, B.. A Trade Show With No Sore Feet: Online Events Offer Good Value, but It’s Still a Long Leap from a Physical Hall to Cyberspace,” viewed at http://www.ecommercebusinessdaily.com/archive/ECBPA91200-104210.asp, in May 2001. Putting Your Trade Show Online: Virtual Trade shows, http://www2.tsnn.com/html/osp/nohf/ospvirtualts.html.

SL3054_frame_C08 Page 166 Tuesday, November 20, 2001 9:03 AM

SL3054_frame_C09 Page 167 Wednesday, November 28, 2001 10:31 AM

9

Planning Business-toBusiness E-Procurement Marketplaces Jae Kyu Lee and Efraim Turban

CONTENTS 9.1 9.2

9.3

9.4

9.5

9.6

9.7

Introduction ..................................................................................................168 Taxonomy of the E-Procurement Marketplace............................................168 9.2.1 E-Marketplace and Exchanges.........................................................168 9.2.2 Definitions by Kaplan and Sawhney................................................169 9.2.3 Vertical and Horizontal E-Marketplaces..........................................169 9.2.4 External and Internal E-Marketplaces .............................................169 9.2.5 Public and Private Exchanges..........................................................170 9.2.6 Supply Chain Management..............................................................171 9.2.7 Converging Exchanges and SCM to E-Hub....................................171 Characteristics of B2B E-Procurement Marketplaces.................................172 9.3.1 Characteristics of Public Exchanges to Buyers...............................172 9.3.2 Characteristics of Private Exchanges to Buyers..............................172 9.3.3 Characteristics of Internal E-Marketplace to Buyers ......................174 Selection of Public Exchanges ....................................................................174 9.4.1 Activities in Public Exchanges ........................................................174 9.4.2 Vertical E-Marketplaces ...................................................................174 9.4.3 Horizontal E-Marketplaces ..............................................................175 9.4.4 Outside-In System Integration Policy..............................................176 Planning Supply Chain Management Using Private Exchange ..................176 9.5.1 Activities in Private Exchange.........................................................176 9.5.2 Business Models of B2B SCM........................................................176 9.5.3 Inside-Out Integration with Extended ERP.....................................179 Internal E-Marketplaces and Desktop Purchasing ......................................180 9.6.1 Desktop Purchasing with Internal E-Marketplaces .........................180 9.6.2 MS Market in Microsoft ..................................................................180 9.6.3 Eliminating the Procurement Department .......................................181 Considerations in Planning B2B Procurement Systems .............................181 9.7.1 Connecting Service to SMEs...........................................................182 9.7.2 B2B Payment ...................................................................................182

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

167

SL3054_frame_C09 Page 168 Wednesday, November 28, 2001 10:31 AM

168

The E-Business Handbook

9.7.3 Implementation of Outsourced Solutions ........................................183 9.7.4 XML Standard for B2B Message Exchanges .................................184 9.8 Summary and Conclusion............................................................................185 References..............................................................................................................186

9.1 INTRODUCTION Planning a business-to-business (B2B) e-procurement system is a complex process because several types of e-marketplaces exist. To develop a framework of planning a B2B procurement system, we need to classify the types of e-marketplaces with the e-procurement perspective. Three types of e-marketplaces we adopt here are public exchange, private exchange, and internal e-marketplace. To start with, let us define the characteristics of these types of marketplaces, then identify the circumstances under which each of the marketplaces can effectively be adopted. The important factors selected for planning are: • • • •

Items to purchase Managerial objective Supplier relationship System integration policy

Eventually, we need to come up with B2B planning as a combination of different types of marketplaces.1–3 The additional issues to be resolved for the planning of B2B procurement systems are: • • • •

Securing the connectivity of small and medium enterprises (SMEs) Adopting secure and cost-justifiable B2B payment systems Implementing optimal outsourcing and implementation strategies Adopting standard B2B messages in XML

These issues will be dealt in section 9.7. Because the same terms in B2B mean different things to different authors, let us first review the current literature and define the taxonomy.

9.2 TAXONOMY OF THE E-PROCUREMENT MARKETPLACE 9.2.1 E-MARKETPLACE

AND

EXCHANGES

In general, e-marketplace means any type of electronic site that helps and executes trading online. It is not necessarily a B2B site. Therefore, e-marketplace is an umbrella term. Similarly, the term exchange can mean different things, depending on the author’s purpose.4,5 A popular definition of exchange implies a B2B marketplace, usually a neutral one, with many buyers and many sellers. However, in the

SL3054_frame_C09 Page 169 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

169

Purchasing Items

SYSTEMATIC SPOT

Procurement Type

Indirect (Horizontal)

Direct (Vertical)

MRO Hubs

Catalog Hubs

Yield Managers

Exchanges

FIGURE 9.1 Purchasing items and types.

real world, the service scope of exchange sites is evolving without changing their terms. In this case, the exchange might mean a facilitator of any B2B trades. Without clear definition of terms, planning B2B can be very ambiguous. So let us review the terms used in the literature and define the terms for B2B planning purpose. In this chapter, we adopt the broad definition, so an exchange is defined as an e-marketplace where business buyer(s) and seller(s) meet to trade and share information.

9.2.2 DEFINITIONS

BY

KAPLAN

AND

SAWHNEY

E-marketplaces can be classified from various angles. Kaplan and Sawhney6 classified four types of e-marketplaces, depending on the purchasing items (direct or indirect material) and procurement type (systematic or spot purchase) (see Figure 9.1): 1. 2. 3. 4.

MRO hub Catalog hubs Yield managers Exchange

Other classifications are point-to-point, purchasing e-hub, selling e-hub, and neutral e-hub, depending on the number of buyers and sellers (see Figure 9.2).

9.2.3 VERTICAL

AND

HORIZONTAL E-MARKETPLACES

Marketplaces are classified as vertical or horizontal marketplaces, depending on whether items are purchased mainly by one industry or by many industries. Some well-known vertical marketplaces in various industries are described in section 9.4.

9.2.4 EXTERNAL

AND INTERNAL

E-MARKETPLACES

E-marketplaces imply external e-marketplaces. Because a multitude of external marketplaces are not well organized for the buyer’s procurement, some buyers make

SL3054_frame_C09 Page 170 Wednesday, November 28, 2001 10:31 AM

170

The E-Business Handbook

Number of Buyers Small Large Number of Sellers

Small

Large

Point-to-Point

Purchasing e-Hub (Reverse Aggregator)

Selling e-Hub (Forward Aggregator)

Neutral e-Hub (Catalog hub, Exchange)

FIGURE 9.2 Number of buyers and sellers.

their own internal e-marketplace that can be tightly integrated with their internal procurement systems. The main objective is to eliminate the unnecessary purchase approval process for low-end items. This means that the decision between internal or external marketplaces has become an important planning factor.

9.2.5 PUBLIC

AND

PRIVATE EXCHANGES.

The external exchange can be classified as public or private depending on whether the exchange is open to the public or not. To define the public and private exchanges more precisely, we can classify them into four categories (see Figure 9.3): 1. Third Party Exchange — open to both many buyers and many sellers. In this case, the market maker tends to be neutral to all buyers and sellers. 2. Buyer-Centric Exchange — open only to sellers. Usually established by a buyers consortium. A buyer’s own reverse auction site also belongs to this category. 3. Seller-Centric Exchange —open only to buyers, which may be chosen by one or a few sellers. A seller’s direct-marketing site belongs to this category. 4. Private Exchange —open only to a small number of invited sellers and buyers. The private exchange emerged in 1999 to implement tight integration among important partners, so it is usually adequate for supply chain management (SCM). Openness to Buyers

Closed Open Openness to Sellers

Closed (Private to Buyer)

Open (Public to Buyer)

Private Exchange

Seller-centric Exchange

Buyer-centric Exchange

Third Party Exchange

h

FIGURE 9.3 Taxonomy of exchanges.

SL3054_frame_C09 Page 171 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

171

Because the terms “seller-centric” and “buyer-centric” are semi-public, the private exachange can be classified as either public or private, depending on the study’s purpose. In planning the corporate procurement system, a key concern to buyers is whether a priori commitment to an exchange is required. The private exchange, buyer-centric exchange, and internalized marketplace usually require a buyer’s agreement and commitment with the partnered suppliers, while the public exchange does not. In this regard, whether a private exchange or buyer-centric exchange is used makes no difference. So, in this chapter, the term private exchange can also be regarded as the buyer-centric exchange from the procurement’s point of view. On the other hand, buying from either third-party exchange or sellercentric exchange does not require the buyer’s a priori commitment. So public exchange in the study of procurement can include both third-party exchange and seller-centric exchange. The buyer’s concern is when to use public and when to use private exchanges

9.2.6 SUPPLY CHAIN MANAGEMENT SCM has been around for several decades.7,8 It deals with demand forecasting, inventory management, purchase planning, warehousing, delivery management and so forth. In the early stage, its main focus was intra-enterprise SCM, but it evolved to information (such as sales and inventory) sharing among the inter-enterprise partners along the supply chain. If we adopt a wider definition of SCM that encompasses any type of service along the value chain of procurement, sales, and collaboration, its coverage becomes even wider than B2B. This definition covers not only the inter-enterprise value chain, but also the intra-enterprise one, which is usually implemented by ERP. However, originally the primary goal of SCM was reduction of inventory among the aligned partners. The original definition could have a contrast with exchanges that seek to find the lowest prices. Here, SCM is defined as the management of supply chain among a small number of key partners. With this definition, SCM is adequate for the systematic purchase under a long-term contract with the agreed quality and price. Thus, the main goal of SCM, unlike that of public exchanges, is a reduction of inventory cost and inter-enterprise transaction cost. Business models of SCM are explained in section 9.5.

9.2.7 CONVERGING EXCHANGES

AND

SCM

TO

E-HUB.

Even though we distinguish the concept of exchange from SCM, these services are merging to electronic hubs (e-hubs). A hub may provide both exchange and SCM services, so the solution and service providers in both applications have begun to converge and compete. For the planning of B2B procurement, we must select the classification that has a sufficient distinction for the procurement strategy formation, but that is as simple as possible by aggregating the terms with virtually the same implication. In this regard, we concentrate here on three types of B2B procurement e-marketplaces: public exchange, private exchange and internal e-marketplaces.

SL3054_frame_C09 Page 172 Wednesday, November 28, 2001 10:31 AM

172

The E-Business Handbook

9.3 CHARACTERISTICS OF B2B E-PROCUREMENT MARKETPLACES To characterize these marketplaces, we consider five factors for analysis: 1. 2. 3. 4. 5.

Definition Purchased items Managerial objectives Supplier relationship System integration (as summarized in Table 9.1)

9.3.1 CHARACTERISTICS

OF

PUBLIC EXCHANGES

TO

BUYERS

Public exchange means to purchase from either a third party or seller-centric exchange that is open to any buyers. It is usually the most economical implementation for spot purchase. Goods usually purchased from the public exchanges are many items with low value. It belongs to the rule of 80% of items with 20% of value. Most indirect materials for maintenance, repair, and operations (MRO) belong to this category. However, even some maverick and small quantity of direct material can be purchased from the public vertical exchanges as well. These days, most commercial public exchange sites also support private rooms for negotiation between buyer and seller. The primary managerial objective the buying company can pursue in the public exchange is the cost reduction through comparison purchase and reverse auctions. Buyers can, of course, pursue lowering administrative cost and enhancing speed, but these factors can be sought in any type of e-marketplace. Discovering new vendors is also a big opportunity. The public exchange is appropriate for the spot purchase of market-proven branded items. As a buying company deals with multiple public exchanges, tight integration with the buyer’s back-end system is difficult to implement. Therefore, adherence to the standard interface offered by public exchanges is a reasonable strategy to adopt. A variational application of the public exchange is using it as if it were a buyercentric exchange. Because the major hurdle to buying in the public exchange is the absence of some existing suppliers, a buyer may establish an agreement with existing suppliers to trade at a designated public exchange.

9.3.2 CHARACTERISTICS

OF

PRIVATE EXCHANGES

TO

BUYERS

Private exchange here refers to purchasing from either a private exchange or buyer-centric exchange that consists of only invited buyers. The items best fitted to purchase from the private exchange are a small number of items with high value. It belongs to the rule of 20% of items with 80% of value. Most direct materials purchased from the partnered suppliers belong to this category. When a material can be purchased only from limited qualified suppliers, the buying company needs to assure the quality and make a long-term contract for systematic purchase. Therefore, a major concern is connecting key existing suppliers online.

SL3054_frame_C09 Page 173 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

173

TABLE 9.1 Characteristics of Procurement Marketplaces Public Exchange

Private Exchange

Definition

Third Party Exchange; Seller-centric Exchange

Private Exchange Buyer-centric Exchange

Purchased Items

Large number of items with low volume each; Tends to be indirect material (MRO); Direct material from vertical marketplaces; Quality is assured by most vendors without buyer’s verification Price Cut

Small number of items with high volume each; Direct material from committed suppliers; Quality assured suppliers are invited

Managerial Objectives

Supplier Relationship

Spot purchase; Discover new suppliers

System Integration

Loosely couple the marketplaces and suppliers with the buyer’s back-end system; Outside-in approach is adequate

Inventory reduction; Information sharing along the supply chain Systematic purchase from partnered suppliers; Connect with existing suppliers Tight integration of private exchanges and partners who may use the compatible ERP software; Inside-out approach is adequate

Internal EMarketplace Internal e-catalog based marketplace integrated with eprocurement system Low-end items; Tends to be indirect material; Quality assured suppliers are invited

Reduce the approval process; Desk-top purchasing; Reduce the procurement department Either spot or systematic purchase from the partnered suppliers; Tight integration of procurement system with the internalized e-marketplace

The primary managerial objectives are inventory reduction, transactional efficiency, and information sharing with suppliers about sales and inventory. These goals are exactly the same as those of SCM, so private exchange can be regarded as a platform for efficient and effective SCM. By using a private exchange, the buying company’s back-end system, which might have implemented the use of ERP, can be tightly integrated with the exchange. Thus, the supplier’s information systems can be streamlined along the supply chain. A most efficient implementation among ERP-using companies is to adopt the ERPcompliant exchange software such as MarketSet. SAP has developed the solution jointly with Commerce One, and, in June 2001, invested an additional $225 million to Commerce One, bringing its stake to 20%.9

SL3054_frame_C09 Page 174 Wednesday, November 28, 2001 10:31 AM

174

The E-Business Handbook

9.3.3 CHARACTERISTICS

OF INTERNAL

E-MARKETPLACE

TO

BUYERS

An internal e-marketplace can be established by making a buyer’s customized ecatalog of qualified suppliers with prenegotiated prices. Therefore, the internal emarketplace can be tightly integrated with the e-procurement systems in a buyer’s intranet. By adopting this approach for the purchase of low-end items, the prepurchase approval process can be waived, so the requisitioners can purchase online directly from the suppliers without the assistance of a procurement department. This can result in a slimmer procurement department. This approach is adopted by Microsoft, Kosa, Lockheed Martin, Cisco, among others, as illustrated in section 9.6.

9.4 SELECTION OF PUBLIC EXCHANGES Sections 9.4 to 9.6 describe the activities of current markets, successful case studies, and integration approaches in public exchanges, private exchanges and internal emarketplaces, respectively. In this section, you also will see how to select the right public exchanges.

9.4.1 ACTIVITIES

IN

PUBLIC EXCHANGES

Key features of the public exchange are the representation of buyers’ requirement and specification of sellers’ products. Sellers can display their e-catalogs with posted prices if the products are commodities. However, because the standardized representation of a buyer’s requirement is not easy, few public exchanges can automatically match the buyer’s requirement with the seller’s product specification unless a buyer is willing to specify the requirement in the context of product specification. Instead, a keyword-based search engine supports the search on the buyers’ wish list and sellers’ inventory. This means that the major role of current public exchanges is to help find the relevant buy or sell requests just like a portal, along with the order fulfillment service. For the followon negotiation, interested buyers and sellers can use the private room facility. The auction and reverse auction can support the competitive price determination process. A managerial problem with public exchanges is that only 16% of professional buyers had joined the third-party exchanges by early 2001, and only 22% plan to use one in the future. Therefore, 50% of procurement personnel see little value, mainly because their key existing suppliers are not there yet. Purchasing personnel are more interested in automated trading with existing partners. Overcapacities cause a significant shakeout of public exchanges. It is reported that 80% of registered participating companies had not used the system at all in October 2001. Nevertheless, only 4% of exchanges went out of business or merged by early 2001. The years 2001–2002 are expected to be make-or-break years. However, after the shakeout, a few large-scale public exchanges will survive in industries that have sufficient liquidity.

9.4.2 VERTICAL E-MARKETPLACES The most popular type of public exchange is a vertically integrated e-marketplace. Active industries and highly ranked exchanges are listed below:11

SL3054_frame_C09 Page 175 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

175

• Aerospace and Defense: Exostar (Consortium of BAE Systems, Boeing, Lockheed Martin, and Raytheon). • Automotive and Heavy Equipment: Covisint (Consortium of Ford, GM, and Daimler Chrysler). • Chemicals and Plastics: Chematch (Independent exchanges). • Consumer Products: Transora (55 investment members of $250 million). • High Tech and Electronics: Converge (Consortium of HP, Compaq, etc; Purchased NECX for offline business, and provide online and offline business complementarily). • Metal: e-Steel (U.S. Steel, Ford, and steel makers for commodity trading; also offers private trading service). • Oil and Gas: FuelQuest (has changed its business to technology provider). • Paper: Paper Exchange (increased its trade transactions by 575% in 2000). • Retail: GlobalNeteXchange (GNX: Established by Sears, and Who’s Who in Retailing. It also supports collaborative forecasting service.) • Utilities: Altra Energy Technology (its transaction volume is $1 billion a month, and it is profitable). A ranking of the B2B Web sites for 15 industries is provided by BtoBonline.com.12 The key industries included are agricultural and food processing; automotive; construction and construction equipment; financial services and insurance; health care and pharmaceuticals; manufacturing (high-tech); manufacturing (industrial); outsourcing data processing; petroleum, chemicals and mining;professional services; software; telecom service; transportation and shipping; utilities; and wholesale and retail distributors.

9.4.3 HORIZONTAL E-MARKETPLACES Horizontal e-marketplaces that deal with MRO are MRO.com, Grainger.com, and FindMRO.com. Grainger.com (www.grainger.com) is a leading MRO procurement site. The items in various areas are posted at fixed prices. It also uses the domain name www.totalmro.com. MRO.COM™ exchange is the real-time reverse auction portion of the MRO.COM™ Web site. In a reverse auction, the price is driven down as competing suppliers bid lower in order to win business. Many RFQs can be viewed on the exchange screen even if the viewer is not registered. Registered users can bid on RFQs and post them online. MRO Software (MRO.com) provides solutions for maintenance optimization, industrial supply chain planning, and supplier enablement. FindMRO.com supplies services for strategic sourcing and dynamic pricing for hard-to-find MRO products. It provides two types of services: Assisted Find and Fast Find. Assisted Find locates within 24 hours where to buy a particular product by searching multiple catalogs on behalf of clients. Fast Find searches the company’s own database for instant information on millions of products. Customers can also order online and get delivery directly from the suppliers.

SL3054_frame_C09 Page 176 Wednesday, November 28, 2001 10:31 AM

176

The E-Business Handbook

9.4.4 OUTSIDE-IN SYSTEM INTEGRATION POLICY To integrate multiple external public exchanges with a buyer’s procurement system, the Outside-In approach is appropriate. Here, instead of extending the reach of ERPbased business processes through a Web server, software called e-commerce application server integrates multiple back-end systems with an e-marketplace solution (see Figure 9.4). The Outside-In architecture is better suited for complex e-business with multiple back-end and front-end applications. In the Outside-In approach, the e-business application resides within the application server, rather than within the individual back-end systems. Typical software with the function of e-commerce application servers include Application Server (Netscape), Enterprise Server (Microsoft), Domino (Lotus), Websphere (IBM), and Enterprise Server (Sun). However, the effectiveness of the Outside-In approach is limited by the capabilities of the application server platforms on which they are built.13,14

9.5 PLANNING SUPPLY CHAIN MANAGEMENT USING PRIVATE EXCHANGE A primary role of private exchanges is improved SCM. Here, we examine the activities of private exchanges and review the business models of SCM.

9.5.1 ACTIVITIES

IN

PRIVATE EXCHANGE

A third of U.S. companies over $1 billion in annual sales are expected to implement private exchanges by 2005. For instance, the private exchange of PrintNation.com is built for PIP Printing, Inc.’s 450 franchises. Daimler Chrysler AG, Toyota Motor Corp. and Volkswagen are a few of the companies that started to build a private exchange together in 2001. Many public-exchange sites also offer some private-exchange services to key customers by adding SCM functions to public exchanges, e.g., Covisint provides SupplyConnect Service along with the other functions of exchanges like auction, catalogs, and quotation management for procurement. The boundary of pubic and private is blurred, as we have seen in the buyer-centric exchange. How many suppliers can be called “many,” and how much public can be called “public” are not clear.

9.5.2 BUSINESS MODELS

OF

B2B SCM

SCM consists of a combination of transaction processing and planning decision, making optimization and data mining models useful in the planning. Early focus of SCM was the application of such models for a company. In the B2B context, we explore inter-enterprise SCM. For B2B planning, let us review seven B2B SCM models that can be implemented in private exchanges. However, B2B SCM, of course, is not disconnected from intra-organizational SCM. 1. Collaborative Forecasting and Planning — Statistical models and neural network models have been used for demand forecasting. To allow supplies to reduce uncertainty, buyers share with suppliers their information about

SL3054_frame_C09 Page 177 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

ERP-based Catalog …...

Seller

Web-based Catalog …...

Web Browser

Web Browser

Buyer

Web Server

Application n Server

Sales Force Automation Mainframe

ERP System

(a) Inside-Out Approach

177

Supply Chain Planning Data Mark

ERP System

(b) Outside-In Approach

FIGURE 9.4 Architectures of integrating e-marketplaces with ERP.

demand and inventory, and collaborate for forecasting. A well-known example is RetailLink, implemented by Wal-Mart for its major suppliers such as Warner-Lambert (see Figure 9.5). Wal-Mart can ask a reduced price in return for reduced cost to suppliers. The solutions MarketSet 2.0 and Enterprise Buyer 2.0, developed by Commerce One and SAP, enable trading partners to swap product plans, streamline e-procurement, content management, and related buying and selling functions. 2. Vendor Managed Inventory Replenishment — Traditional inventory models dealt with optimizing order quantities, lot sizing, and determining the reorder points. But to reduce uncertainty for suppliers, buyers may allow suppliers to monitor the inventory on the buyer’s shelves, and to replenish continuously and autonomously. This scheme is called vendor managed inventory, and is usually combined with collaborative forecasting and planning. Together, they are called collaborative planning, forecasting, and replenishment (CPFR). A comprehensive scenario between WarnerLambert and CVS is described by Bresnahan.15 3. Multi-Factory Planning and Scheduling — Coordinated scheduling over multiple factories can enhance the level of on-time delivery. According to Copperweld Corporation, which produces copper tubing parts and sells them to Ford Motor and Caterpillar, coordinated scheduling could increase the on-time-delivery level from 62% to 95% by adopting i2’s factory planning module. (I2 is a multi-billion-dollar solutions company founded by Sajib Sithu.) 4. Outsourced Warehouse Planning and Control — Outsourcing the warehouse service has become popular in e-commerce. The manufacturer needs to track the progress of logistics as if it were handled in its own warehouse. Managing the warehouse efficiently means checking the

Internet

FIGURE 9.5 Collaborative planning, foredcasting and replenishment: retail link case.

Planner

Forecast

Sales data about W-L Products

Retail Link

Data warehouse

Operational System

Review and Comments

WWW

EDI

Planner

Manufacturing Plan

ERP

Supplier:Warner-Lambert

178

Inventory Plan

Wal-Mart

SL3054_frame_C09 Page 178 Wednesday, November 28, 2001 10:31 AM

The E-Business Handbook

SL3054_frame_C09 Page 179 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

179

incoming shipment, assigning storage location, routing inventory to stores and pick, assigning gates to trucks and picked items, and loading to the right trucks. UPS provides for SCM and collaborative planning along with order management, warehouse, pick, pack and ship, and value-added service. EXE’s solution, Exceed eFulfillment System, supports such functions. HPShopping.com — a subsidiary of HP — keeps its inventory in a FedEx warehouse, so delivery within 24 hours is possible. 5. Multi-Enterprise Trucking Plan and Control — This business model attempts to plan and control the routing of trucks in alliance with partners and eliminate empty backhauls. For instance, General Mills16 has 40 distribution centers and manufacturing plants across the United States. The shipping alone cost $400 million which makes up 60% of the cost of the goods. The rate of empty-truck trips in the U.S. is 12–18% (lost revenue of $30 billion a year). To reduce the empty backhaul, General Mills shares shipping information over the Web with cereal-box papermaker Fort James Corp. to fill empty backhauled trucks. This increased the percentage of full load to 97% (from 85% before) and saved $700,000 for General Mills. By expanding the program to 19 partners and 200 carriers, General Mills expects to save $24 million a year. 6. Collaborative Design and Product Lifecycle Management — This is another application, expected to grow very rapidly, of collaborative commerce designed to reduce the time to market of new products. For instance, Ingram Micro receives customized PC orders from resellers and transfer the orders to one of nine manufacturers owned by Solectron or Ingram Micro. Solectron buys chips from Intel for these orders. The participating companies must share supply level, manufacturing capacity, inventory and logistics data. The fulfilled orders are delivered to sellers or end customers. This kind of service may be handled by a private exchange. 7. Aftermarket Hub — An e-hub can be used to support the aftermarket. For example, Toyota spends billions of dollars each year on maintenance service parts. So Toyota, with 1,500 U.S. dealers, created a joint venture with i2 called the iStar-Xchange to share the order and inventory information with top 30 suppliers. $100 million is expected to be saved over 3 years. U.S. auto makers are working on similar projects.17 Another example is AviationX, which supports the aftermarket for aircraft. AviationX takes orders and collaboratively designs them with its partners through the hub. It reduces inventory by sharing information about parts, services, technical manuals, and other data needed to keep planes in the air.

9.5.3 INSIDE-OUT INTEGRATION

WITH

EXTENDED ERP

The leading ERP vendors offer a way to extend their solutions so that they are usable with external e-marketplaces. This approach is called the Inside-Out approach (see Figure 9.4). One method of implementing this approach is to have an ERP solution maker also provide an e-marketplace solution that is compatible with the ERP package. For example, the solution MySAP (www.mysap.com) is developed by SAP

SL3054_frame_C09 Page 180 Wednesday, November 28, 2001 10:31 AM

180

The E-Business Handbook

for this purpose as an Extended ERP.18 Another scheme for more general interface can be achieved by building a strategic alignment with the e-marketplace solution providers, e.g., SAP has a strategic partnership with Commerce One.,19 and has jointly developed a SAP-compliant e-market building solution known as MarketSet. When the e-marketplace solution requires a simple mapping of ERP functionality with a Web interface, the Inside-Out architecture can be highly effective. It allows companies to distribute ERP transaction capabilities to a wide audience of Web users, without requiring that they load any specific client software on their PCs. However, from the e-marketplace point of view, this approach is applicable only when all participating companies install the ERP system. A limitation of this approach is that many companies still use legacy systems.

9.6 INTERNAL E-MARKETPLACES AND DESKTOP PURCHASING When an internal e-marketplace is implemented, the requisitioners can bypass the procurement department. Let us review some cases of desktop purchase and the phenomenon of reducing the procurement department. Such reduction means the emergence of outside procurement service providers.

9.6.1 DESKTOP PURCHASING

WITH INTERNAL

E-MARKETPLACES

Desktop purchase means that ultimate users order items at their desks without the assistance of the requisition department and without going through an approval process. Typical examples can be found in the following cases of Microsoft, KoSa, Lockheed Martin and Cisco. 1.

MS Market in Microsoft: In Microsoft, small purchases represent about 70% of total volume, but only 3% of accounts payable. In the past, many employees were wasting time turning requisitions into purchase orders, trying to follow business rules and processes. To handle this problem, in 1996, Microsoft Corporate Procurement Group implemented MS Market, an online ordering system that works on Microsoft’s intranet. The system is integrated with SAP R/3. MS Market is interfaced with key procurement partners such as Barnes and Noble, Boise Cascade and Marriott. Upon request, MS Market immediately identifies requisitioners’ preference and approval codes through their login IDs. Then the buyer can select the supplier to display the items and prices that have been pre-negotiated between Microsoft and the suppliers. An employee can initiate an order after verifying his group’s cost center number and the manager’s name. The order is immediately transmitted to suppliers, and to accounting for payment. MS Market reduces the personnel required to manage low-cost requisitions and gives 6,600 employees worldwide a quick, easy way to order material without being burdened with paperwork and bureaucratic approval process. The company invested $1.1 million and expects that

SL3054_frame_C09 Page 181 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

181

more than $3 billion will be purchased through MS Market annually. It handles 1,000 orders per day, and the purchase cycle time is reduced from 8 to 3 days.20 2. KoSa is headquartered in Houston and has a main office in Frankfurt, as well as 10,000 employees worldwide. The company develops and sells polyester-based intermediate products and polymers. The company deployed an internal e-catalog for more than 56,000 products for one-stop procurement via desktops. Through strategic sourcing and desktop purchasing, 80% of orders are handled by six selected and qualified suppliers instead of the 450 previous suppliers. 3. Other Cases: Lockheed Martin created an e-catalog for small-dollar (less than $10,000) procurements, moving 30%–35% of purchase decisions to end-users. Cisco also developed the same type of system to let low-end items go without the traditional approval process. More cases can be found on the mySAP case site.21

9.6.3 ELIMINATING

THE

PROCUREMENT DEPARTMENT

Because desktop purchasing processes bypass the procurement department, the role of the department is changing from procurement transaction processing to strategic sourcing. Consequently, some companies have eliminated the traditional type of procurement department. Following are examples of an eliminated procurement department and the emergence of outside procurement service. 1. Avendra LLC: Procurement Department Goes Outside As the desktop becomes more popular, the role of procurement departments shrinks, and eventually the role may be completely outsourced. For instance, Hyatt Hotel and Marriott International Hotel have completely eliminated their procurement departments. Instead, the former procurement staffs in these and three other lodging companies formed a joint venture, Avendra LLC, to procure for these hotels. 2. WorldCrest: A Specialized Procurement Service Provider Another example of a specialized procurement service provider is WorldCrest, which specializes in negotiating office supplies, furniture, gas, chemicals, and bargains for group purchasing. For example, the members of Pantellos, a group of 20 large energy companies, access WorldCrest to purchase indirect goods and services.

9.7 CONSIDERATIONS IN PLANNING B2B PROCUREMENT SYSTEMS The other hurdles in implementing B2B procurement systems are securing small and medium enterprise (SME) connectivity, inexpensive B2B payments, outsourcing and implementation strategy, and a B2B communication standard.

SL3054_frame_C09 Page 182 Wednesday, November 28, 2001 10:31 AM

182

The E-Business Handbook

9.7.1 CONNECTING SERVICE

TO

SMES

Most manufacturers use e-marketplaces only with their largest 20 suppliers, so the connectivity of SME suppliers is a must for effective B2B. According to Sears, among 3,000 small and medium-sized suppliers, a large number of its SME suppliers have no Internet linkage as yet. Besides, SMEs need training about the concept and systems of B2B. Therefore, exchanges start to provide training in addition to the online service. To fill the missing link, intermediate hub services to SMEs are emerging. For example, SPS Commerce provides linkage service between Sears and its SME suppliers (see Figure 9.6). SPS Commerce receives fax, telephone, and mail messages from SMEs and forwards them to Sears via the Internet, and vice versa.22 Another example is The 21st Supplier. The company’s name reflects it support to small suppliers beyond the largest 20 suppliers. This company is a business unit of Ingersoll-Rand, which allows SME suppliers to use the Web site to connect to the manufacturer’s ERP. The 21st Supplier allows checking of the shipment schedule, order processing, dispatching and payment to 9,300 suppliers.23

9.7.2 B2B PAYMENT In exchanges, 90% of B2B deals are still sealed offline. Unlike business-to-customer (B2C) payment, the B2B payment is tightly associated with the procurement processes, including quotation, negotiation, approval, ordering, billing, financing, invoicing, dispute resolution, and settlement. Therefore, the payment system should be tightly integrated with corporate e-procurement systems, external exchanges and external payment organizations such as banks. To come up with a standard protocol among these entities, several XML-based communication standards are under development. For instance, OBI (Open Business Interface) — organized by eCommerce SME

Secure Internet EDI

SPS Internet

Commerce

Fax Phone

Sears

Internet SCM System

FIGURE 9.6 Connecting services for SMEs.

SL3054_frame_C09 Page 183 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

183

Supplier Catalog Mgmt. Requisitioner

Price Information Mgmt.

3a

Order Entry & Inventory Mgmt 1

3b

3 5

Buying Organization Supplier Search 7

Requisitioner Profile Mgmt.

6

Payment Authority

Approval. 1. Connect to BO's Web Server and Select a Hyperlink to SO's catalog. 2. Authenticate Requisitioner using Digital Certificate 3. OBI Order Request 4. Add Administrative Information 5. OBI Order 6. Obtain Credit Authorization 7. Issue Invoice and Receive Payment

FIGURE 9.7 Procedures of OBI (open buying on the Internet) protocol.

organizations including CommerceOne, Ariba, SupplyWorks, EPIC Systems, Netfish, and iPlanet — encompasses a payment process as depicted in Figure 9.7.24 Finding B2B exchanges that can provide inexpensive payment systems is necessary to justify their use. For instance, World Outdoor Product Exchange and FinancialSettlementMatrix.com support inexpensive payments through participating banks and financial institutions. They also support the necessary administration for crossborder trades, including letters of credit, buyer credit guarantees, and financing.25

9.7.3 IMPLEMENTATION

OF

OUTSOURCED SOLUTIONS

Implementing B2B solutions is an essential step in planning, which usually involves outsourcing. Not all companies have been successful in this process. Rumor has it that Nike did not have a good experience with i2 in this respect.26 The lessons we can learn from Nike’s painful experience is basically the same as what we must consider for software implementation, namely: • The manufacturer should explain its manufacturing process well to SCM suppliers. • Confirm that solutions match well with the company’s problem. • Monitor the system development process closely to ensure the outcome is what the company needs. • Verify the system before field deployment. • For large comprehensive systems, take a pilot and a parallel conversion process.

SL3054_frame_C09 Page 184 Wednesday, November 28, 2001 10:31 AM

184

The E-Business Handbook

So far, only the most advanced organizations have reengineered their e-procurement process. Two-thirds of the purchasing communities are still in experimental stages. AMR Research concludes, “Big bangs don’t work. Iterative steps work.” This is because the “big-bang” projects require too much integration, take too much time, and need quality data all at once.27

9.7.4 XML STANDARD

FOR

B2B MESSAGE EXCHANGES

EDI has been the major standard platform for B2B communications in the past. Many EDI systems are moving from value-added networks to the Internet, and Webbased XML/EDI becomes the standard platform. In the beginning, Hypertext Markup Language (HTML) was developed to display text for human comprehension. To allow software agents to comprehend the global HTML files, the agents should be equipped with natural language-processing capability. However, natural languageprocessing capability is limited only to cases with a small amount of vocabulary and fairly standard grammar. Because Web sites cover all sorts of information, it is impossible to effectively extract the relevant data from the HTML files. So eXtensible Markup Language (XML) was developed to define the semantic data items in tags. Then the software agents were able to read out the values in the tags. XML files are also transformable to HTML files to display on browsers. To complement the XML files, Document Type Definition (DTD) defines the structure between data elements, and eXtensible Stylesheet Language (XSL) defines the transformation of XML and DTD to HTML files for human comprehension. XML has become popular as the second generation of Web technology. For B2B EC, XML can be observed from the view of EDI and agents. From EDI’s point of view, XML is a tool to implement EDI on the Web. Users can just download the XML-based Web page, browse the transformed HTML files, and retrieve the values of embedded data items. If the purpose of XML is just a message exchange, it can be regarded as the XML/EDI. However, the EDI community does not limit the function of XML to message exchange, as the traditional EDI did. EDI task forces, mainly led by industrial experts, set up business protocols implemented on XML. The main issue here is the establishment of standard protocols, including business entities, procedure, message format, and product specification. For instance, the protocol open business interface (OBI) adopts the requisitioner’s buying organizations, suppliers, and payment authorities as the entities of B2B protocol. It is very difficult for a single protocol to meet the needs in all circumstances. So, establishing standards is essential for capturing a strategically beneficial position in B2B EC. Several task forces attempt to establish a number of XML-based business protocols. Some of them are: • OTP (Open Trading Protocol): Proposed by a 30-company consortium for handling remote electronic purchase regardless of the payment mechanism. • OFX (Open Financial Exchange): Proposed by Microsoft, Intuit, and Checkfree for exchanging financial transaction documents.

SL3054_frame_C09 Page 185 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

185

• OSD (Open Software Description): Proposed by Marimba and Microsoft for describing software package components to use in automated software distribution environments. • OBI (Open Buying on the Internet): Proposed by e-commerce organizations and major buying and selling organizations (www.openbuy.com). • CBL (Common Business Language): Supports the messages for the basic business forms used in ANSI X12 EDI (www.xmledi.com) transactions as well as those in OTP and OBI. • RossetaNet: Developed specifically for the PC industry (www.rosettanet.org). Software vendors also attempt to establish protocols and then develop solutions that can implement the standard protocols. Biz Talk, developed by Microsoft, is one of these. A concern at this point is that there are too many standards, so companies are confused as to which will really become the de facto standard in the market. To overcome this chaos, UN/CEFACT and OASIS developed and approved ebXML specifications at a meeting in Vienna, Austria on 11 May 2001. A bright side of this standard is that major solution vendors announced that they would support ebXML when it is established. So ebXML may become the de facto industry standard.28

9.8 SUMMARY AND CONCLUSION The taxonomy of e-marketplaces is reviewed and defined from various angles. From the procurement point of view, an adequate classification is public exchange, private exchange, and internal e-marketplace. The public exchange is appropriate for the spot purchase of large numbers of low-value items, to reduce the item cost without heavy investment on implementation. The tight integration with a buyer’s back-end system is not economically feasible. However, it turns out that the main goal of e-procurement, which is to reduce inventory of key items by sharing information along the supply chain with major suppliers, cannot be handled by public exchanges. The private exchange for invited partners is emerging as the best solution, so the private exchange can be regarded as the platform for B2B SCM. The third approach is the internal e-marketplace, which can handle the purchase of low-end items without the bureaucratic approval process and intervention of a procurement department. Because most companies need effective spot purchasing, systematic SCM, and efficient desktop purchasing for low-end items, planning B2B procurement is actually planning a portfolio of the e-marketplaces. An integration policy should be established depending upon the type of emarketplaces to be adopted. The planning should also encompass the connectivity of existing SME suppliers, inexpensive B2B e-payment platforms, XML-based message standards, and cautious deployment strategy. Since this area is changing so rapidly in its business models and technologies,29,30 it is necessary to monitor changes closely.

SL3054_frame_C09 Page 186 Wednesday, November 28, 2001 10:31 AM

186

The E-Business Handbook

REFERENCES 1. Turban, E., J.K. Lee, D. King and M. Chung, Electronic Commerce 2002: A Managerial Perspective, Prentice Hall, 2002. 2. Turban, E., E. McLean, and J. Wetherbe, Information Technology for Management, 3rd ed., NY: John Wiley & Sons, Inc., 2002. 3. Cunningham, M.J., B2B: How to Build a Profitable E-Commerce Strategy, Perseus Publishing, Cambridge, MA. 2000. 4. Sculley, A.B. and W.W. Woods, B2B Exchanges, ISI Publications, 1999. 5. Silverstein, B., Business-to-Business Internet Marketing, Gulf Breeze, FL: Maximum Press, 1999. 6. Kaplan S. and M. Sawhney, e-hubs: the new B2B marketplaces, Harvard Business Review, 78, 3, May-June 2000, pp. 97-103. 7. Fisher, M.,What is the right supply-chain for your product, Harvard Business Review, March 1997, p.105. 8. Handfield, R. and E. Nicols, Supply Chain Management, Upper Saddle River, NJ: Prentice Hall, 1999 9. Weston, R., SAP ups its Commerce One investment, AMR Research Alert, June29, 2001, www.amrresearch.com/preview/010629alert78.htm. 10. Morneau, J., Who's using exchanges?, InternetWeek, Feb 14, 2001. 11. Harbin, J. and J. Fontanella, Top trading exchange services for industry verticals, AMR Research, April 17, 2001. 12. The 2000 NetMarketing 200 best B-To-B Web sites by category, BtoBonline.com, www.netb2b.com/netMarketing200, 2001. 13. Sullivan, D., Extending E-business to ERP, e-business Advisor, Jan 1999a, pp.18-23. 14. Sullivan, D., Take ERP on the road, e-business Advisor, Jan 1999b, pp. 24-27. 15. Bresnahan, J., The incredible journey, CIO Enterprise Magazine, August 15, 1998, www.cio.com/archive/enterprise/081598_jour_content.html. 16. Moozakis, C., No-slack supply chain, InternetWeek, January 30, 2001, www.internetweek.com/newslead01/lead013001.htm. 17. Pryweller, J., Toyota gears up aftermarket hub, BtoBonline.com, March 5, 2001, www.btobonline.com/cgi-bin/article.pl?id=5241. 18. Nelson, M., SAP adds module for I-Commerce, InfoWorld, Vol. 21, No. 27, Jul 6, 1998. 19. Weston, W., Commerce One debuts SAP-oriented tools, News.com, June 12, 1998 www.news.com/News/Item/0,4,23566,00.html. 20. Kalakota, R. and M. Robinson, e-Business: Roadmap for Success, Reading, MA, Addison Wesley, 1999, pp.241-243. 21. MySAP.com™, E-procurement — customer successes, www.mysap.com/solutions/eprocurement/customersuccesses.htm, 2001. 22. Kemp, T., Small suppliers: weak retail link, InternetWeek, February 20, 2001, www.internetweek.com/newslead01/lead022001.htm. 23. Moozakis, C., Ingersoll’s big tent, InternetWeek, April 9, 2001 www.internetweek.com/newslead01/lead040901.htm. 24. The OBI Consortium, OBITM Technical Specifications: Open Buying on the Internet, 1999, www.openbuy.org/obi/specs/OBIv210.pdf. 25. Moozakis, C., E-settlement: sealing deals online, InternetWeek, December 6, 2000, content.techWeb.com//wire/story/TWB20001206S008. 26. Karpinski, R., Don’t get Nike-ed, InternetWeek, March 7, 2001 www.internetweek.com/transtoday01/ttoday030701.htm.

SL3054_frame_C09 Page 187 Wednesday, November 28, 2001 10:31 AM

Planning Business-to-Business E-Procurement Marketplaces

187

27. O’Marah, K. and K. Murphy, Supply chain initiatives require an iterative approach, AMR Research Alert, June 29, 2001, www.amrresearch.com/preview/010629alert79.htm. 28. Lee, J.K., Business-to-Business Electronic Commerce, Encyclopedia of Information Systems, New York, Academic Press, 2001. 29. Lim, G. and J.K. Lee, Buyer-Carts for B2B EC: The b-Cart Approach, Proceedings of the International Conference on Electronic Commerce, Seoul, pp. 54-63, 2000 30. Joh, Y.H. and J.K. Lee, Buyer’s Customized Directory Management over Sellers’ eCatalogs: Logic Programming Approach, Decision Support Systems, 2001(forthcoming).

WEB RESOURCES

ON

B2B EC

BtoB Magazine: www.netb2b.com InternetWeek: www.internetwk.com InformationWeek: www.informationweek.com TechWeb: www.techWeb.com CIO: www.cio.com McKinsey Quarterly: www.mckinseyquarterly.com AMR Research: www.amrresearch.com Forrester Research: www.forrester.com Gartner: www4.gartner.com eMarketer: www.emarketer.com eCommerce Times: www.ecommercetimes.com InfoWorld: www.infoworld.com Computer World: www.computerworld.com Internet: www.internet.com News.com: news.cnet.com International Center for Electronic Commerce: icec.net

SL3054_frame_C09 Page 188 Wednesday, November 28, 2001 10:31 AM

SL3054_frame_C10 Page 189 Tuesday, November 20, 2001 9:06 AM

10

Internet Evolution and Social Impact* Sara Kiesler, Robert Kraut, Jonathon Cummings, Bonka Boneva, Vicki Helgeson, and Anne Crawford

CONTENTS 10.1 Internet Evolution and Social Impact..........................................................189 10.1.1 Study 1: Follow-Up of the Original HomeNet Sample ..................191 10.1.2 Study 2: A Panel Study of Computer and Television Purchasers...192 10.2 Study Method...............................................................................................193 10.2.1 Results ..............................................................................................194 10.3 Outcomes of Using the Internet ..................................................................195 10.3.1 Entire Sample...................................................................................195 10.3.2 Extraverts vs. Introverts ...................................................................195 10.3.3 For Those High and Low in Social Support ...................................196 10.3.4 Teens and Adults ..............................................................................196 10.4 Implications ..................................................................................................197 References..............................................................................................................198

10.1 INTERNET EVOLUTION AND SOCIAL IMPACT With the rapidly expanding reach of the Internet into most aspects of everyday life, we need to understand its social impact and the behaviors leading to this impact. Since 1995, our studies have consistently pointed to communication as a principal reason people use the Internet. From the early days of networked mainframe computers to the present, interpersonal communication has been the technology’s most frequent use.1,2 More than 90% of people who used the Internet in a typical day during 2000 sent or received e-mail.3 Using e-mail leads people to spend more time online, encourages their use of the Internet for information, entertainment, and shopping, and discourages them from dropping Internet service.4 As new Internet communication services arise — instant messaging, chat rooms, multiple-person games, auctions, and myriad support groups — they become instantly popular. * This chapter is adapted from Internet Paradox Revisited, a forthcoming article in the Journal of Social Issues.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

189

SL3054_frame_C10 Page 190 Tuesday, November 20, 2001 9:06 AM

190

The E-Business Handbook

If communication is so important to Internet users, there is good reason to expect that the Internet will have positive social impact. Communication, including contact with neighbors, friends, and family, and participation in social groups, improves people’s level of social support, their probability of having fulfilling personal relationships, their sense of meaning in life, their commitment to social norms and to their communities, and their psychological and physical well being. 5–10 Through its use for communication, the Internet could have important positive social effects on individuals,11,12 groups, organizations,1 communities,13 and society at large.14,15 Broad social access could increase people’s social involvement, as the telephone did.16,17 It also could facilitate the formation of new relationships,11 social identity and commitment among otherwise isolated persons,18 participation in groups and organizations by distant or marginal members,1 and political mobilization.19 Whether the Internet has positive or negative social impact, however, may depend upon the quality of people’s online activities and what they give up to spend time online. Stronger social ties generally lead to better social outcomes than do weaker ties.20,21 Many writers have worried that the ease of Internet communication might encourage people to spend more time alone, talking online with strangers, or forming superficial “drive-by” relationships, at the expense of deeper face-to-face discussion and companionship with friends and family.22 Further, even if people use the Internet to talk with close ties, these online discussions might displace higher quality faceto-face and telephone conversation.23 Research has not yet led to consensus on either the nature of social interaction online or its effects on social involvement and personal well-being. Some survey research indicates that online social relationships are weaker than off-line relationships,24 that people who use e-mail regard it as less valuable than other modes of communication for maintaining social relationships,23,25 that people who use e-mail heavily have weaker social relationships than those who do not,26 and that people who use the Internet heavily report spending less time communicating with their families.27,28 In contrast, other survey research shows that people who use the Internet heavily report more social support and more in-person visits with family and friends than those who use it less,3 and that people use the Internet to bolster existing community.29 Because this research has been conducted with different samples in different years, it is difficult to identify central tendencies and changes in these tendencies with time. Further, the cross-sectional nature of the research makes it impossible to distinguish self-selection (in which socially engaged and disengaged people use the Internet differently) from causation (in which use of the Internet encourages or discourages social engagement). In a longitudinal study by Kraut et al.,30 the authors attempted to assess causal direction. The HomeNet field trial followed 93 households in their first 12–18 months online. Although the sample as a whole reported high well being at the start of the study, those participants who used the Internet more became reliably less socially involved and more lonely and showed an increase in depressive symptoms. These changes occurred even though participants’ dominant use of the Internet was communication. These findings were controversial. One problem in the original HomeNet study is the unknown generalizability of the results over people and time. The participants

SL3054_frame_C10 Page 191 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

191

in the original study were an opportunity sample of families in Pittsburgh with high social involvement and strong social ties initially, compared with the population as a whole. In 1995 and 1996, when they began the study, few of their family and friends had Internet access. Using the Internet might have disrupted this group’s existing social relationships. Had the study begun with a more socially deprived sample or when more of the population was online, their use of the Internet for social interaction might have led to more positive effects. This chapter addresses these issues of generalizability through a follow-up of the original HomeNet sample and a new longitudinal study. We first examine the longer-term impact of Internet use on those in the original study. Although following the same participants over time does not allow us to distinguish the effects of changes in the sample (e.g., acquisition of more online experience) from effects of changes in the Internet (e.g., more of one’s social circle being online), this analysis provides a second look at a group for whom initial Internet use had negative effects. We next follow a 1998 sample of people in the Pittsburgh area for a year. All had recently purchased a new computer or television set. This study addresses the effects of Internet use in a more recent era. The sample was sufficiently large to permit an analysis of the impact of individual differences in extraversion, social support, and age on outcomes, and of the possible differences in use of the Internet that could explain different outcomes.

10.1.1 STUDY 1: FOLLOW-UP HOMENET SAMPLE

OF THE

ORIGINAL

We examined data from 208 members of 93 Pittsburgh families, to whom we provided a computer and access to the Internet in 1995 or 1996. The families were recruited through four high-school journalism programs and four community-development organizations in eight Pittsburgh neighborhoods. The sample was more demographically diverse than was typical of Internet users at the time. Details of the sampling and research protocol are described in Kraut et al.31 The analyses of social impact reported in Kraut et al.30 were drawn from Internet usage records, from surveys given just before participants began the study, and again in May 1997. Server software recorded participants’ use of the Internet — hours online, e-mail volume, and Web sites visited per week. The surveys assessed demographic characteristics and measures of social involvement and psychological well being. In our re-analysis, we looked at the impact of the use of the Internet using a third survey administered in February 1998. For about half the participants, the final survey came nearly 3 years after they first used the Internet; for the other half, 2 years later. We limited analysis to the 208 participants who completed two out of three surveys. To assess changes in social and psychological outcomes, we used a longitudinal panel design to evaluate changes in social involvement and psychological well being from pretest to first posttest, and from first posttest to second posttest. We statistically controlled for the prior level of social involvement and psychological well being by including a lagged form of the dependent variable as an independent variable in the model. For example, when examining the effect of Internet use on loneliness at the

SL3054_frame_C10 Page 192 Tuesday, November 20, 2001 9:06 AM

192

The E-Business Handbook

TABLE 10.1 Summary of Outcomes of Internet Use: Original vs. Follow-Up Study

Outcome variable

Original study report on first 12-18 months of Internet use (N = 169)

Local social circle Distant social circle Family communication Stress Depressive symptoms

Declined with more Internet use Declined with more Internet use Declined with more Internet use Increased with more Internet use Increased with more Internet use

Loneliness

Increased with more Internet use

Follow-up study, results over 2-3 years (N = 208) No overall effect No overall effect No overall effect Increased with more Internet use Increased with Internet use in first 12-18 months, decreased with Internet use after 12-18 months Increased with Internet use in first 12–18 months, no effect after 12–18 months

Note: Summary results from Ref. 29 and Kraut et al. (in press, Table 1).

second posttest, we included the lagged variable for loneliness at the first posttest to control for the effects of prior loneliness on Internet use. Table 10.1 summarizes our later findings and compares them with those reported by Kraut et al.30 Except for the increase in stress with more Internet use, the effects reported earlier were not maintained over the longer period. Two Internet-use times period statistical interactions reflect different trends at different periods. Depressive symptoms significantly increased with Internet use during the first period but significantly declined with Internet use during the second period (p < .05). Loneliness significantly increased with Internet use during the first period but was not associated with Internet use during the second period (p < .01). When we tested effects of age, the only effect of note was that adults’ stress increased more than teens’ stress with more Internet use (p < .10).

10.1.2 STUDY 2: A PANEL STUDY OF COMPUTER AND TELEVISION PURCHASERS In this study, we attempted to replicate the original HomeNet research design in a sample of households that had recently purchased a new personal computer or television set. We added controls to the design and new measures. First, we attempted to manipulate Internet use to create a true randomized experiment. We randomly offered free Internet service to half of those households purchasing a computer and arranged with the Internet service provider to monitor their usage of the Internet; households in the control condition received an equivalent amount of money ($225) to participate. Unfortunately, by the end of 6 months, 84% of the control households obtained Internet access on their own (vs. 95% of the experimental group). Because of this failed attempt to conduct a true experiment, we combined the groups for analyses of the effects of using the Internet.

SL3054_frame_C10 Page 193 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

193

The addition of the television buyer comparison group (of whom 29% had Internet access after 6 months) helps us to rule out explanations of changes over time based on sample selection. Previous research generally shows that heavy, as compared with light, television viewers stay at home more, are less socially involved, and experience poorer intellectual, physical, and psychological outcomes.32–36 In our analyses of Internet use, we included participants from the television purchaser group, but controlled for sample selection bias by creating a statistical dummy variable indicating whether participants were in the television or computer purchaser group. In this new study, we also examined the differential effects of individual differences in extraversion and perceived social support on the effects of Internet use. Extraversion is the tendency to like people, to be outgoing, and to enjoy social interaction; it is highly consistent over the life course,37 and it is predictive of social support, social integration, well being, and positive life events.38,39 The perception of social support refers to feelings that others are available to provide comfort, esteem, assistance, and information or advice; perceived social support buffers the effects of stress.5,40,41 Two opposing hypotheses predict different relationships between extraversion or social support and Internet use. A “rich-get-richer” hypothesis predicts that those who are highly sociable and have existing social support will get more social benefit from using the Internet. Highly sociable people would reach out to others on the Internet and use it especially to foster relationships. Highly supported people would use the Internet to reinforce their support networks. Both groups may have the social skills necessary to elicit social benefits from using the Internet. If so, these groups would gain more social involvement and well-being from using the Internet than those who are introverted or have poor network relations. By contrast, a “social compensation” hypothesis predicts that those who are introverted or lack social support would profit most from using the Internet. They might use the new communication opportunities to form connections and obtain supportive communications and useful information that they do not have locally.18 At the same time, for those who already have satisfactory relationships, using the Internet could interfere with their real-world relationships if they swap strong ties for weaker ones. Analogous to the finding that cancer patients with emotionally supportive spouses can be harmed by participation in peer-discussion support groups,42 it is possible that people with strong local relationships might turn away from family and friends if they used the Internet for social interaction.

10.2 STUDY METHOD We recruited 446 participants through local newspaper advertisements for a study of household technology, soliciting people who had purchased a new computer or new television within the past 6 months. We obtained agreement from adults and children in the family above age 10 to complete surveys. After the initial telephone contact, we mailed consent forms and pretest surveys with return envelopes. Unlike the procedures used in Study 1, we did not encourage Internet use or provide technology support.

SL3054_frame_C10 Page 194 Tuesday, November 20, 2001 9:06 AM

194

The E-Business Handbook

We administered surveys three times during the study — in February 1998, 6 months later, and a year later, February 1999. We used an index of self-reported Internet use (alpha = .86) from all participants rather than automated measures of usage as in Study 1. (Automated usage records were available for the computerexperimental group but not for participants in the computer-control group and for TV purchasers. The self-report index of Internet use and the automated count of sessions logged into the Internet over 8 previous weeks was correlated r = .55 at Time 2.n = 114. and r = .42 at Time 3n = 104) We used self-report measures to assess demographic characteristics of the participants, and measures from the original HomeNet study, including perceived social support, size of local and distant social circles, and time talking with other family members. We used the same measure of extraversion.43 We added new measures of anomie, trust in people, community involvement, and intentions to stay in the Pittsburgh area. We also assessed respondents’ peer relationships with 10 specific family and friends by asking them to identify family members or friends (five living in the Pittsburgh area and five living outside of the area) who were closest to them in age. Participants described their feelings of closeness to each nominee at each time period on a five-point scale. To assess well being, we again measured depressive symptoms with a widely used scale.44 We also used the daily life stresses scale45 and the UCLA Loneliness Scale.46 from the original HomeNet study. We added measures of self-esteem, positive and negative affect, perceived time pressure and physical health. Finally, because the Internet is a source of skill and information as well as communication, we included a self-report measure of skill using computers and a test of knowledge, including multiple-choice items on national current events, Pittsburgh current events, and general knowledge from a high-school equivalency test (GED). References for published measures and a list of all unpublished measures are available in Kraut et al.47

10.2.1 RESULTS Of the 446 members of 216 households who were eligible to be in the sample, 96% completed survey 1, 83% completed survey 2 and 83.2% completed survey 3. Figure 10.1 shows self-reported time usage data for the sample at the beginning and end of the study. It shows that, as participants gained Internet access over the year, the only home activity that declined overall was watching television. Almost all of this decline happened among adults. Our analyses of social impact were similar to those performed for Study 1. In the Study 2 models, social involvement, well being, and knowledge outcomes at the second and third time period were regressed on self-reported Internet use during that period, controlling for demographic characteristics and the lagged dependent variables. The models controlled for whether the respondent came from the TV purchaser or computer purchaser subsample and whether the dependent variables were collected at the second or third time period. We also tested whether extraversion, social support, or age moderated the effects of using the Internet. In the models we included the main effects for the measure of extraversion43 and Cohen et al.’s.48 measure of social support and the interaction of these variables with Internet use.

SL3054_frame_C10 Page 195 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

195

Household Time on Activities at Home 3.5

Hours in recent weekday

3.0 2.5

1998 1999

2.0 1.5 1.0 0.5 0.0 Talk w. friends

Talk w. family

Alone

Read books

Read Watch TV magazines

Use Internet

FIGURE 10.1 Time reported on different activities (standardized scores).

10.3 OUTCOMES OF USING THE INTERNET 10.3.1 ENTIRE SAMPLE Generally, the effects of using the Internet on interpersonal communication, community involvement, well being, and knowledge were negligible or positive. Participants who used the Internet more had larger increases in the sizes of their local (β = .12, p < .01 ), distant social circle (β = .15, p < .01), and face-to-face interaction with friends and family (β = .09, p <.05). They also became more involved in community activities (β = .03, p < .10) and felt greater trust in people (β = .07, p < .05), although those who used the Internet more were less likely to want to stay in the Pittsburgh area (β = –.13, p < .05). Among the psychological well-being measures, overall, both stress (β = .01, p < .05) and positive affect (β = .14, p < .001) increased with more Internet use. Computer skill increased with more Internet use (β = .31, p < .001). Knowledge of national current events and general knowledge did not change with Internet use, but those who used the Internet more became less knowledgeable about the local Pittsburgh area (β = –.03, p < .05). There were no effects on measures of telephone communication, a measure of anomie, or physical health.

10.3.2 EXTRAVERTS

VS. INTROVERTS

Statistical interactions (combined effects) of Internet use and extraversion tended to show that extraverts benefited more than introverts from greater use of the Internet.

SL3054_frame_C10 Page 196 Tuesday, November 20, 2001 9:06 AM

196

The E-Business Handbook

1.0 Introvert Loneliness

0.5 0.0 -0.5 Extravert -1.0 -2

0 Internet Use

2

FIGURE 10.2 Interaction of Internet use and extraversion on loneliness.

The association of Internet use with increases in community involvement was stronger for extraverts (β = .10, p < .05). Extraverts, as compared with introverts, who used the Internet more also reported decreased levels of loneliness (β = –.08, p < .05), negative affect (β = –.12, p < .01), time pressure (β = –.14, p < .01), and increased self esteem (β = .09, p < .01). Indeed, these effects were in the reverse (negative) direction for introverts. We illustrate the nature of these effects in Figure 10.2, showing the relationship of extraversion and Internet use with changes in loneliness.

10.3.3 THOSE HIGH

AND

LOW

IN

SOCIAL SUPPORT

There were only two significant interaction effects, but both were in the same direction as those for extraversion. The association of Internet use with increases in family communication was larger for those who initially had more social support (β = .05, p < .01). The increase in computer skill was larger among those with more social support (β = .10, p < .05). This effect may be related to family members’ frequent need for help using computers and the Internet; those having more social support can gain the most from their use of the Internet.49

10.3.4 TEENS

AND

ADULTS

Interactions of age with Internet use suggest different positive effects for adults and teens. Teens with more Internet use, as compared with adults, increased their social support (β = -.11, p < .10) and family communication (β = -.06, p < .10), whereas adults with more Internet use, comparatively, increased their face-to-face interaction with family and friends (β = .30, p < .05) and their closeness to distant relatives and friends (β = .35, p < .05). These results suggest that the Internet affects teens most through its impact on the quality of their interactions with local close ties (family and close friends who provide social support), whereas Internet use affects adults most through their local and distant interactions with co-workers, friends, and relatives. Different Purposes of Internet Use How people choose to use the Internet could strongly influence its effects. We asked participants to report how often they used the Internet for various purposes.

SL3054_frame_C10 Page 197 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

197

We conducted a factor analysis of these items to create four scales reflecting different uses of the Internet: • • • •

For For For For

acquiring information, including product information communication with friends and family meeting new people or socializing in chat rooms entertainment such as playing games and downloading music

Table 10.2 shows the Pearson correlations of overall Internet use, the measures of extraversion and social support, and different purposes of using the Internet. Using the Internet for information and for communication with family and friends had the highest association with overall Internet use. Extraverts were somewhat more likely than introverts to use the Internet to keep up with friends and family and to meet new people or frequent chat rooms. Those with stronger initial social support were less likely than those with weaker support to use the Internet to meet new people or use chat rooms online or for entertainment. Teens were especially more likely than adults to use the Internet for meeting new people and for entertainment. However, adding the measures of specific Internet use to the social impact models did not significantly affect the overall effects. We believe additional longitudinal research will be needed to advance understanding of what people do online and offline over time that leads to changes in important domains of their lives.

10.4 IMPLICATIONS The original HomeNet sample began using the Internet in 1995 or 1996. Our followup of participants remaining in the sample in 1998 showed that, overall, the previously reported negative outcomes associated with greater use of the Internet had all but disappeared, except for the association of Internet use with increased stress. The statistical interactions of loneliness and depressive symptoms with time period, however, suggest that use of the Internet led to negative outcomes early in participants’ history online and more-positive outcomes later. In Study 2, conducted from 1998 to 1999, more use of the Internet was associated with mainly positive outcomes over a range of dependent variables measuring social involvement and psychological well being — local and distant social circle, face-toface communication, community involvement, trust in people, positive affect, and unsurprisingly, computer skill. On the other hand, heavier Internet use also was associated with greater stress, less local knowledge, and lower desire to stay in the local area. In general, having more social resources amplified the benefits from using the Internet. There were many differences between the original HomeNet sample and the Study 2 sample. For example, the original sample included a larger proportion of teens, minority households, and computer novices. The sample differences preclude direct comparisons of the two studies. However, the similarity of findings in the later period of Study 1 with the findings in Study 2 suggest that changes in the Internet environment might be more important to understanding the observed effects than differences between the two samples.

SL3054_frame_C10 Page 198 Tuesday, November 20, 2001 9:06 AM

198

The E-Business Handbook

TABLE 10.2 Purposes of Using the Internet Study 2

Information Communication with family and friends Meeting new people; visiting chat rooms Entertainment (e.g., games, music) Overall Internet use Extraversion Social support Adult vs. teen

Communication with family and friends

Meeting new people, visiting chat rooms

Entertainment

.65*** .39***

.48***

.61***

.52***

.44***

.62*** .06 -.07 –.13**

.69*** .10* .02 –.18**

.38*** .12* –.11* –.41***

.51*** .03 –.14** –.29***

Note: Responses were averaged over three survey administrations before computing correlations. N = 446. + p < .10, *p < .05, **p < .01, ***p < .001.

From 1995 to 1998, the number of Americans with access to the Internet at home more than quadrupled. As a result of the vast expansion of subscribers to Internet services, many more of the participants’ close family and friends were likely to have obtained Internet access at home. Similarly, the services offered online changed over this period. More news; useful health, financial, hobby, work, community, and consumer information; new synchronous communication services such as instant messaging; and online shopping became widely available. These changes could have promoted better integration of participants’ online behavior and Internet use into their lives.3,50,52 People who used the Internet heavily in our new sample were very likely to use both communication and information services. We believe that the Internet is becoming easier for the average person to use in the service of his or her personal, work, household or community goals. Our finding that extraverts and those with more support benefited more from their Internet use is consistent with this idea. That is, the Internet may be more beneficial to individuals to the extent they can leverage its opportunities to enhance their everyday lives. Those who are already effective in using social and informational resources in the world are likely to be well positioned to take advantage of a powerful new technology such as the Internet.

REFERENCES 1. Sproull, L. and Kiesler, S. Connections: New ways of Working in the Networked Organization. Cambridge, MA: MIT Press.1991.

SL3054_frame_C10 Page 199 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

199

2. PriceWaterhouseCoopers. E-mail now primary reason people go on line. Reuters October 1. Retrieved November 23, 1999: http://www.nua.ie/surveys/index.cgi?f=VSandart_id=905355315andrel=true 3. Pew Internet Report. More online, doing more. February 18, 2001. Pew Research Center. Retrieved May 10, 2001: //www.pewinternet.org/reports/toc.asp?Report=30 4. Kraut, R. et al. Information and communication: Alternative uses of the Internet in households. Information Systems Research, 10, 287, 2000. 5. Cohen, S. and Wills, T.A. Stress, social support, and the buffering hypothesis. Psych. Bull., 98, 310, 1985. 6. Diener, E. et al. Subjective well being: Three decades of progress. Psych. Bull., 125, 276, 1999. 7. Gove, W. R. and Geerken, M. R. The effect of children and employment on the mental health of married men and women. Social Forces, 56, 66, 1977, pg. 140. 8. Mirowsky, J. and Ross, C. E. Social Causes of Psychological Distress. Hawthorne, NY: Aldine De Gruyter. 1989. 9. Thoits, P. Multiple identities and psychological well being: A reformulation and test of the social isolation hypothesis. Am. Soc. Rev., 48, 174, 1983. 10. Williams, A.W., Ware, J.E., and Donald, C.A. A model of mental health, life events, and social supports applicable to general populations. J. Health Soc. Behav., 22, 324, 1981. 11. Katz, J.E. and Aspden, P.A. Nation of Strangers? Comm. ACM, 40(12), 81, 1997. 12. McKenna, K.Y.A. and Bargh, J.A. Plan 9 from cyberspace: The implications of the Internet for personality and social psychology. Personality and Soc. Psych. Rev. 4, 57, 2000. 13. Hampton, K. and Wellman, B. Net effects: Social support, social capital, and Internet use in the wired suburb and beyond. Paper presented at the annual meetings of the American Sociological Association, Washington, DC, Aug. 12-16, 2000. 14. Dertouzos, M.L. What Will Be: How the New World of Information Will Change Our Lives. San Francisco: HarperEdge. 1997. 15. Hiltz, S.R., and Turoff, M. Network Nation: Human Communication Via Computer. Reading, MA: Addison Wesley. 1978. 16. Fischer, C.S. America Calling. Berkeley, CA: University of California Press.1992. 17. Wellman, B. Are personal communities local? A Dumptarian reconsideration. Soc. Net., 18, 347, 1996. 18. McKenna, K.Y.A. and Bargh, J.A. Coming out in the age of the Internet: Identity “de-marginalization” through virtual group participation. J. Personality and Soc. Psych., 75, 681, 1998. 19. Bonchek, M.S. From Broadcast To Netcast: The Internet and the Flow Of Political Information. Ph.D. dissertation, Harvard University. 1997. 20. Neuling, S.J., and Winefield, H.R. Social support and recovery after surgery for breast cancer: Frequency and correlates of supportive behaviors by family, friends, and surgeon. Soc. Sci. Med., 27, 385, 1988. 21. Wellman, B. and Wortley, S. Different strokes for different folks: Community ties and social support. Am. J. Sociol., 96, 558, 1990. 22. Putnam, R. D. Bowling Alone. New York: Simon and Schuster. 2000. 23. Cummings, J., Butler, B. and Kraut, R. The quality of online social relationships. Comm. ACM. (In press). 24. Parks, M. and Roberts, L. Making MOOsic: The development of personal relationships on line and a comparison to their off-line counterparts. J. Soc. Pers.Relations., 15, 517, 1998.

SL3054_frame_C10 Page 200 Tuesday, November 20, 2001 9:06 AM

200

The E-Business Handbook

25. Kraut, R.E. and Attewell, P. Media use in a global corporation: Electronic mail and organizational knowledge (pp. 323-342). In S. Kiesler (Ed.) Culture of the Internet. Mahwah, NJ: Erlbaum, 1997. 26. Riphagen, J. and Kanfer, A. (1997) How does e-mail affect our lives? ChapaignUrbana , Illinois: National Center for Supercomputing Applications. Retrieved October 15, 1999: http://www.ncsa.uiuc.edu/edu/trg/e-mail/index.html. 27. Cole, J. (2000). Surveying the digital future: The UCLA Internet report. Downloaded from http://WWW.CCP.UCLA.EDU/pages/internet-report.asp. November 17, 2000. 28. Nie, N.H. and Erbring, L. (2000). Internet and society: SIQSS Internet study. (Feb. 18, 2000). Available at http://www.stanford.edu/group/siqss/Press_Release/internetStudy.html. Downloaded Sept. 25, 2000. 29. Hamman, R.B. (1999). Computer networks linking communities: A study of the effects of computer network use upon pre-existing communities. In Thiedke, U. (Ed.) Virtualle Gruppen- Characteristika und Prolemdimensionen (Virtual Groups: Characteristics and Problemmatic Dimensions) Wiesbaden, Germany: Westdeutscher Verlag. Retrieved November 23, 1999: http: www.socio.demon.co.uk/mphil/short.html. 30. Kraut, R.E. et al. (1998). Internet paradox: A social technology that reduces social involvement and psychological well being? Am. Psych., 53 , 1017, 1998. 31. Kraut, R. et al. The HomeNet field trial of residential Internet services. Comm. ACM, 39, 55, 1996. 32. Andersen, R.E. et al. Relationship of physical activity and television watching with body weight and level of fatness among children. JAMA 279, 938, 1998. 33. Canary, D.J. and Spitzberg, B.H. Loneliness and media gratification. Comm. Res., 20, 800, 1993. 34. Kubey, R. and Csikzentmihalyi, M. Television and the Quality of Life: How Viewing Shapes Everyday Experience. Hillsdale, NJ: Lawrence Erlbaum Associates, 1990. 35. Neuman, S.B. Literacy in the Television Age (2nd ed.), New York: Ablex, 1995. 36. Sidney, S. et al. Television viewing and cardiovascular risk factors in young adults: The CARDIA study. Ann. Epidemiol. 6 (2), 154, 1998. 37. Roberts, B.W. and DelVechhio, W.F. The rank-order consistency of personality traits from childhood to old age: A quantitative review of longitudinal studies. Psych. Bull., 126, 3, 2000. 38. Von Dras, D.D. and Siegler, I.C. Stability in extraversion and aspects of social support at midlife. J. Person. Soc. Psych., 72, 233, 1997. 39. Magnus, K. et al. Extraversion and neuroticism as predictors of objective life events: A longitudinal analysis. J. Person. Soc. Psych 65, 1046, 1993. 40. Abbey, A. and Andrews, F. M. Modeling the psychological determinants of life quality. Soc. Ind. Res. 16, 1, 1985. 41. Cohen, S. Psychosocial models of the role of social support in the etiology of physical disease. Hlth. Psych., 7, 269, 1988. 42. Helgeson, V.S. et al. Group support interventions for people with cancer: Who benefits from what? Hlth. Psych., 19, 107, 2000. 43. Bendig, A. W. The Pittsburgh scales of social extraversion, introversion and emotionality. J. Psych. 53, 199, 1962. 44. Radloff, L. The CES-D Scale: A self-report depression scale for research in the general population, Appl. Psych. Meas. 1, 385-401. 45. Kanner, A. D. et al.. Comparisons of two modes of stress measurement: Daily hassles and uplifts versus major life events, J. Behav. Med. 4, 1, 1981. 46. Russell, D., Peplau, L., and Cutrona, C. The revised UCLA loneliness scale: Concurrent and discriminant validity evidence. J. Person. Soc. Psych., 39, 472, 1980.

SL3054_frame_C10 Page 201 Tuesday, November 20, 2001 9:06 AM

Internet Evolution and Social Impact

201

47. Kraut, R. et al. Internet paradox revisited. J. Soc. Issues, in press. 48. Cohen, S. et al. (1984). Measuring the functional components of social support. In I.G. Sarason and B. R. Sarason (Eds.), Social Support: Theory, Research and Applications (pp. 73-94). The Hague, Holland: Martines Niijhoff. 49. Kiesler, S. et al. Troubles with the Internet: The dynamics of help at home. Hum.–Comp. Int., 15, 223, 2000. 50. Cummings, J.N. and Kraut, R. Domesticating Computers and the Internet. Unpublished ms. Carnegie Mellon University, Pittsburgh. 51. Boneva, B., Kraut, R., and Frohlich, D. Using e-mail for personal relationships: The difference gender makes. Am. Behav. Sci., in press.

SL3054_frame_C10 Page 202 Tuesday, November 20, 2001 9:06 AM

SL3054_frame_C11 Page 203 Tuesday, November 20, 2001 9:13 AM

11

Designing a Curriculum for the Death of E-Business: Five Principles Bradley C. Wheeler

CONTENTS 11.1 Introduction ..................................................................................................203 11.2 Design for the End State..............................................................................204 11.2.1 End State Challenges .......................................................................206 11.3 Design for Speed..........................................................................................206 11.3.1 Challenges to Designing for Speed .................................................206 11.4 Design for Evergreen Evolution Over Time ...............................................207 11.4.1 Challenges to an Evergreen Design.................................................207 11.5 Design to Cultivate Absorptive Capacity ....................................................207 11.5.1 Challenges for Cultivating Absorptive Capacity .............................208 11.6 Design for Global Commerce in a Connected World .................................208 11.6.1 Challenges for a Global Perspective................................................208 11.7 Principles in Action: An E-Business Major ................................................209 11.7.1 History ..............................................................................................209 11.8 Future ...........................................................................................................211 11.9 Conclusions ..................................................................................................211 Reference ...............................................................................................................211

11.1 INTRODUCTION If you were to tour one of Ford’s manufacturing facilities, it is unlikely that any executive would boast of an “electric” factory complete with lights, electric motors, and electric production machines. It has been assumed for decades that modern manufacturing facilities use electricity, and it would pass without mention. The absence of modern academic degree programs in “Electric Manufacturing” gives us a signal regarding the likely end state of e-business evolution.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

203

SL3054_frame_C11 Page 204 Tuesday, November 20, 2001 9:13 AM

204

The E-Business Handbook

Reasonable minds can agree that the pervasiveness of digital networks and the favorable economics of using them for commerce are unstoppable. As early as 2002 or as late as 2005, they will be metaphorically the “electricity” described in the prior example. The “e” will go away, as e-business becomes just business as usual. University schools of business face a challenge in creating new curricula or adapting existing programs to serve the pressing needs for e-business education. The objective of this chapter is to address some of the main issues in designing and executing an e-business curricular revision within schools of business. I argue that five principles should guide the infusion of “e” into the undergraduate- and master’s-level business curricula: 1. 2. 3. 4. 5.

Design Design Design Design Design

for the end state for speed for an evergreen evolution over time to cultivate absorptive capacity for global commerce in a connected world

While these principles seem rather simple, executing them in the political systems that exist in university curricular revision is not. By the time of this book, many business schools will be reassessing a second or third generation approach to their evolving e-business curriculum, while some may just be starting. In the sections that follow, I will examine the operationalization of each principle and some of the challenges that it may evoke.

11.2 DESIGN FOR THE END STATE Over time, commerce will evolve from a low to high percentage of business processes being conducted through or supported via digital networks. In some industries, this has happened quickly, and others will follow as the economics and competitive pressures pull them along. If we can agree that e-business becomes just “business as usual” with the “e” going away in the not-too-distant future, any present-day curricular change should focus on an end state for the initiative. Degree programs, majors, and even courses take scarce faculty time and attention to establish. Thus, it would be shortsighted to create these for present-day situations without looking to how they should be positioned 3–5 years later. Designing for an end state requires us to examine whether e-business is an area of study, such as the academic discipline of marketing, or more of an interdepartmental process such as business process reengineering. A school’s answer to this question may reveal much regarding its assumptions for the future. If e-business is viewed as an area of study or as an extension of one or more disciplines, it could evoke unproductive issues of ownership among existing disciplines and turf battles that will not serve students. Three end states for e-business curricula seem possible (Figure 11.1). These end states are:

SL3054_frame_C11 Page 205 Tuesday, November 20, 2001 9:13 AM

Designing a Curriculum for the Death of E-Business: Five Principles

Locus of e-Business Content

Integrated Set of Courses

e-Business Major

Creation of e-Business Course

Single Course

Diffused into Curriculum

205

Reassessment for Future Topical Course(s)

Pervasive e-business observations Low

Pervasive Silent “e”

High % of Business Processes Conducted via Digital Networks

Time

FIGURE 11.1 Three e-business end states.

1. An integrated set of courses that compose a coherent e-business major. 2. A collection of topical e-business courses. 3. E-business concepts being diffused into existing courses without a special e-business offering. A review of business school Web sites around the world already makes clear how trajectories to each of these three end states are evolving. For most schools, ebusiness lectures and application comments began to pervade the existing curriculum in the mid to late 1990s. A regular e-commerce course was created — usually by the IS or marketing faculty — by 1998. By 2000, it was time for a careful reassessment of where the e-business curricular efforts were heading. The evidence from practice is clear that e-business — more or less — involves all areas of a business school, with marketing, operations, management, and information systems being among the most visibly affected areas. Thus, I contend that the end state for any e-business initiative must be interdisciplinary and processoriented. Schools err when they allow or condone the colonization by one discipline or the balkanization of e-business by many disciplines. The most desirable end states are diffusion into the curriculum or an integrated set of courses as a major. An interdisciplinary approach can be operationalized in many ways, but stringing together individual disciplinary courses or lectures is unlikely to be effective. Integration must be intentionally designed to happen within a course at the class event level (e.g., a lecture, topic, project, or assignment) or in a designed set of courses. It can also be reasonably argued that an interdisciplinary e-business curriculum must branch beyond schools of business to incorporate computer science and social informatics. Unfortunately, as the scope of a curricular change effort grows to involve

SL3054_frame_C11 Page 206 Tuesday, November 20, 2001 9:13 AM

206

The E-Business Handbook

more university academic units, so does the risk of its getting slowed in red tape, competing visions, or resource allocation battles. Thus, I will limit the scope of advice here to what can be achieved within schools of business, although sustainable integration with other university programs is most desirable when it can be achieved.

11.2.1 END STATE CHALLENGES The obvious question, then, is why create an e-business initiative at all? If the end state is interdisciplinary, then why not just infuse e-business concepts into existing courses? I believe that such an approach is entirely consistent with the first design principle for a strong end state, but it poses serious operational challenges to the second and third principles (see below). A second challenge to a process-oriented integrative end state is differing priorities and preparedness among faculty in various disciplines. For example, if Marketing or IS takes the lead in developing early e-business courses, then faculty in other disciplines may not be ready to engage in a process-oriented approach in a timely manner. A third challenge is intransigence in the functional designs of majors and curricula at many schools of business. Effective interdisciplinary curricular integration is still more the exception than the norm as reward systems provide little incentive for the difficult work of coordinating and integrating at the topic level. Upon reflection, insights are available regarding how schools handled business process reengineering as an interdisciplinary, though short-lived, topic in the early 1990s.

11.3 DESIGN FOR SPEED The landscape of e-business is changing rapidly, and a curriculum’s relevancy is dependent on engaging the speed imperative. A parade of emerging technologies are creating new economic opportunities that lead to many evolving business practices. A curriculum that discusses last year’s e-business technologies or practice will not succeed with savvy students who are acutely aware of many new developments — often before faculty. A breadth of perspective is required to integrate and create enduring meaning through e-business courses or curricula. Therefore, it is essential that e-business initiatives be designed for speed in evolution and integration. One approach is to make extensive use of cameo experts in course designs. These may be faculty from within or outside of the school or industry speakers. Requiring student subscriptions to periodicals such as Business 2.0, Wired, or Red Herring can help bring timely topics to complement more traditional readings. Online sources and daily e-mail summaries such as www.internetweek.com can also enhance the speed of topic recognition and currency of the course.

11.3.1 CHALLENGES

TO

DESIGNING

FOR

SPEED

Those who choose not to create specific e-business initiatives via majors or courses face several daunting challenges. First, they must find ways to engage the speed

SL3054_frame_C11 Page 207 Tuesday, November 20, 2001 9:13 AM

Designing a Curriculum for the Death of E-Business: Five Principles

207

imperative among many disparate and uncoordinated courses. This task may prove difficult when faculty are primarily rewarded for other behaviors. Second, there can be little coordination and cohesive governance among how e-business topics are covered in multiple courses. Many faculty members teach in ignorance of the topics covered by faculty in other disciplines and often even their own departmental colleagues. This approach leaves the topical integration work to the students, who may be ill equipped to turn the scattered topics into a cohesive whole.

11.4 DESIGN FOR EVERGREEN EVOLUTION OVER TIME The third design principle advocates an evergreen approach to curricular evolution. Similar to trees that adapt to a range of climates and stay green all year, the governance of an e-business curriculum must enable adaptation toward the end of “e.” The evergreen principle involves two issues. First, it must provide for ongoing changes to the topics, courses, and requirements for an e-business major. Creation of new courses, dropping of old ones, and rearranging of topics among courses are essential for adaptation. A small faculty group (or champion) along with industry guidance may provide this role in evolving the curriculum. The second issue is careful repositioning of the major itself, as the “e” becomes pervasive and invisible. Already, we can see new issues emerging regarding mobile commerce to handheld devices and the rise of broadband services. Given the certainty of more new technologies, new business practices — especially in supply chain, and evolving consumer and business behavior in using them, a process-oriented major should be able to morph to maintain focus on these cutting-edge business trends.

11.4.1 CHALLENGES

TO AN

EVERGREEN DESIGN

E-Business initiatives will become rather dated if they are not kept current. I have strong confidence in market pressures to help constructively steer these design evolutions. Faculty time is the single largest constraint to proactive evolution. Institutions will have to recognize that the time required to keep e-business initiatives current and market-relevant must be recognized in annual review processes or it will not happen at the levels required. The undesirable alternative scenario is one of reactive change when an industry advisory board or students make clear that changes are required.

11.5 DESIGN TO CULTIVATE ABSORPTIVE CAPACITY The fourth design principle is particularly challenging for educators. Absorptive capacity has been defined at the organizational level as “… the ability of a firm to recognize the value of new, external information, assimilate it, and apply it to commercial ends. …”1 The prior knowledge of a firm and its individuals affects a

SL3054_frame_C11 Page 208 Tuesday, November 20, 2001 9:13 AM

208

The E-Business Handbook

firm’s absorptive capacity. Our concern is to cultivate absorptive capacity at the individual student level. Many university courses are designed to effectively convey a factual body of information, concepts, and techniques to students. Textbooks in many disciplines that are in their third edition or later often provide a great vehicle for supporting this objectivist learning approach. The pace of e-business evolution — both in terms of enabling technologies and business practice — severely challenges the capabilities of textbooks as the course reference materials. I believe that effective e-business education must address two educational objectives, with each requiring differing pedagogy. The first objective is for students to understand the landscape of e-business, its vocabulary, and current practice. This objective is common to many other business courses. The second aim is to cultivate absorptive capacity in students. In other words, students must learn how to self learn about the rapid evolutions in e-business technologies and business practice that will continue during the students’ professional lives.

11.5.1 CHALLENGES

FOR

CULTIVATING ABSORPTIVE CAPACITY

A variety of resources and pedagogy can address the first objective, including lateedition textbooks, popular press books, and, most importantly, the Web itself. In my experience, however, achieving the second objective has proven most difficult for students who are not inclined to be self-directed learners. Major pedagogical changes in course conduct are required to ignite self-directed learning from a world of online resources. A course design should challenge students to read, synthesize, and draw conclusions regarding the directions of e-business. Not all e-business news has significant meaning, and students must be challenged to engage and think through to their own conclusions regarding why they do or do not believe that certain trends will create economic value. An example and results of this pedagogy can be viewed at ebusiness.kelley.indiana.edu. It is much easier for instructors to give lectures and teach than it is to cultivate this personal absorptive capacity in students.

11.6 DESIGN FOR GLOBAL COMMERCE IN A CONNECTED WORLD The fifth design principle is self-evident in concept but difficult to implement in practice. E-business is a global phenomenon that is unfolding in different ways and at different paces around the globe. An e-Business curriculum must incorporate an international view at its very core, rather than treat it as a separate set of topics added on at the end of a course. If global digital networks do facilitate “frictionless commerce,” then it must be a core design principle for an e-business curriculum.

11.6.1 CHALLENGES

FOR A

GLOBAL PERSPECTIVE

The greatest challenge is faculty expertise in international settings. Few faculty members have opportunities to visit multiple continents to understand firsthand how

SL3054_frame_C11 Page 209 Tuesday, November 20, 2001 9:13 AM

Designing a Curriculum for the Death of E-Business: Five Principles

209

e-business is developing in other parts of the world. This international challenge, however, may be an opportunity to address the fourth design principle of cultivating absorptive capacity. Many universities have a wealth of international students who are very in touch with e-business developments in their home countries. These students can be effectively employed as course resources or subject-matter experts regarding regional e-business developments. A second challenge is a naive North American bias that other countries are generally behind and will, in time, evolve through the same e-business development states as North America or Europe. The evidence is clear that Asia and South America are not just paralleling North American trends. In many cases, they are leading and countries such as the U.S. will be learning from them. Because e-business interacts with social and political systems, it is clear that regional differences will emerge. Understanding the timing and trajectories of these differences is a core knowledge competency that must be required of e-business students. Publications such as Wired, The Economist, or various regional publications can provide updates on global applications of e-business.

11.7 PRINCIPLES IN ACTION: AN E-BUSINESS MAJOR Since 1995, I have introduced four variations of e-business courses at three universities (University of Maryland, Indiana University, and Helsinki School of Economics) along with two new e-business MBA majors. Through these experiences, I can attest that the five principles present significant challenges to developing sustainable e-business curriculum. The brief example below illustrates how e-business curriculum has evolved at one university and discusses how the five principles can guide its future.

11.7.1 HISTORY During the 1999–2000 academic year, an interdisciplinary group of faculty at the IU Kelley School observed that it was time to bring more coherence to the scattered e-business MBA course offerings. Marketing, operations, and IS were developing new e-business-oriented courses that were needed and appropriate to their respective majors and disciplines. MBA students were starting to create their own ebusiness majors by using a “design major” option that gives them flexibility in selecting courses for a major. There were growing inquiries from prospective MBA student applicants. IS had been teaching a second-year,1.5-credit, 8-week e-business course that was a broad survey of the area (the first-year MBA curriculum is taught as two 1.5credit integrated courses). There were very real constraints, such that many new courses could neither be created nor staffed to serve a new major. Thus, the school would need to make use of some existing courses that were being infused with ebusiness topics. A small group of faculty from marketing, operations, management, and IS discussed the various approaches to bringing e-business topics into the curriculum and considered all five design principles while making its choices. The final design for the 12-credit-hour MBA e-business major balances coherence and speed in a

SL3054_frame_C11 Page 210 Tuesday, November 20, 2001 9:13 AM

210

The E-Business Handbook

new 3-credit “e-Business Core” course with specialty tracks managed by the disciplines. It is the first interdisciplinary new major for the school that is not managed by a traditional academic department. The e-Business Core course is the place for integrating material and relieving other courses of teaching e-business basics. It is being taught and coordinated by the IS faculty, with cameo topical lectures by other faculty experts in the school. The single faculty member point of coordination helps to facilitate speed in adapting the course as e-business evolves. Five 6-hour specialty tracks include consulting, e-marketing, IT Infrastructure, new-business development, and supply chain. These 6 hours are designated by the disciplines. This gives each discipline flexibility to quickly innovate and develop new courses as relevant topics emerge. Other disciplines can add 6-hour tracks as they choose to do so, and the track model makes possible the creation of process-oriented tracks that draw on courses across disciplines (e.g., valuing e-business initiatives using courses from accounting and finance). Finally, students choose three credits of elective courses from an approved course list. The list will evolve each year, as new courses become more infused with e-business topics. During the planning process, the Career Services Director said that, while most recruiters would indeed value e-business skills, few were recruiting specifically for e-business majors at this time. The design of the MBA’s second year facilitates many students to choose to double major. Thus, the faculty expects there will be a large number of marketing and e-business or finance and e-business majors. Double majors are constrained from taking the same e-business specialty track as their other major (e.g., a marketing major cannot take the marketing ebusiness track). This was imposed to help ensure some degree of breadth in the MBA education. The conduct of the e-Business Core Course covered some e-business basics, but focused extensively on principles 4 and 5. The course contained little lecturing. Students were required to develop integrated topical briefing documents regarding contemporary e-business topics. These were posted online for review and then orally defended to the class. In three sections of the course, the students published 99 topical briefings. They addressed technology topics (e.g., Bluetooth and voice recognition); business practice topics (e.g., B2B exchanges, industry practices, privacy policies, business models); and international topics (e.g., multilingual domain names, regional social, business and technology practices). The briefing documents were very current, as they were drawn from the popular press, industry reports, summer internship experiences, and other research. For the 2000–2002 academic timeframe, the structure of an e-business major has helped provide curricular coherence for students who wish to study e-business, provided the school’s student recruiting efforts with a popular area of study, and established a coordination mechanism for e-business topics among courses. During this timeframe, the creation of the major has served principles 1–3 well. As was known during its inception, however, it represents a transitory curricular state that worked well for the needs of the IU Kelley School culture.

SL3054_frame_C11 Page 211 Tuesday, November 20, 2001 9:13 AM

Designing a Curriculum for the Death of E-Business: Five Principles

211

11.8 FUTURE Regarding Figure 11.1, steps are already under way to move the e-business curriculum to the diffused and integrated set of courses end states. Mainstream courses throughout the curriculum are starting to include specific e-business lessons as part of their major topics. The technology aspects of e-business are being addressed through a new set of courses linked to a Master’s of Science degree in Information Systems (MSIS). These courses will be available to the more technically minded MBA students. In time, we expect students’ e-business interests to be satisfied via the traditional majors (e.g., marketing, operations, IS) or the MSIS (a joint MBA/MSIS can be efficiently achieved).

11.9 CONCLUSIONS No school of business can ignore the impact of pervasive digital networks on the conduct of commerce and on organizations themselves. It is tempting to quickly devise e-business initiatives in response to student, industry, or faculty demands, but such hasty designs have little chance of turning the sweat equity and other real financial investments into sustainable courses, majors, and degrees. This essay has offered five design principles for succeeding in these endeavors along with one example of their use. Only time will tell which curricular revision approaches will prove the most enduring, but it is clear even now that the infusion of “e” into the curriculum is an imperative for success.

REFERENCE Cohen, W. and Levinthal, D. (1990). Absorptive Capacity: A new perspective on learning and innovation. Administrative Science Quarterly, 35, 128-152.

SL3054_frame_C11 Page 212 Tuesday, November 20, 2001 9:13 AM

SL3054_frame_C12 Page 213 Tuesday, November 20, 2001 9:15 AM

12

Electronic Commerce Partnerships Between Business and Academia J. Owen Cherrington, Brian Carini and Angie Jensen

CONTENTS 12.1 Academia’s First Partner..............................................................................214 12.2 Academia’s New Partner..............................................................................215 12.2.1 An Up-to-Date Curriculum.............................................................215 12.2.2 Advisory Boards .............................................................................216 12.2.3 Bringing Business to the Classrooms.............................................216 12.2.4 Donating Technology......................................................................216 12.2.5 Providing Real-World Experience for Students .............................217 12.2.6 Internship Programs ........................................................................217 12.2.7 Research Projects ............................................................................217 12.2.8 Mentoring........................................................................................218 12.2.9 Industry Interaction for Faculty......................................................218 12.2.10 Research Opportunities...................................................................218 12.2.11 Sponsorships ...................................................................................219 12.3 How Partnerships with Academia Benefit Business ...................................219 12.3.1 Recruiting Opportunities.................................................................219 12.3.2 Continuing Education for Employees ............................................220 12.3.3 Inexpensive Research and Consulting............................................220 12.3.4 Networking with Other Businesses ................................................221 12.4 How to Manage a Successful Business–Academic Partnership .................221 12.4.1 Motives for Doing Research...........................................................222 12.4.2 Conflicting Views on Intellectual Property ....................................222 12.4.3 Bridging Differences.......................................................................223 References..............................................................................................................224

In summer 2000, Brigham Young University partnered with NetDocuments, an electronic commerce venture, to implement the company’s Internet document manager, a service that enables people to store, access, and share documents on the Web. BYU business students are now registered for a NetDocuments account that allows

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

213

SL3054_frame_C12 Page 214 Tuesday, November 20, 2001 9:15 AM

214

The E-Business Handbook

them to store and submit homework online. Faculty members and their grading assistants can then grade, digitally sign, and return the homework also online. BYU benefits from the partnership because online storage of documents eases the collection and distribution of homework, improves collaboration with other colleagues on and off the campus, and forces students to familiarize themselves with the heavy ecommerce environment awaiting them after graduation. NetDocuments also benefits because it gives them a rigorous testing ground and introduces future entrepreneurs to their product and service. This kind of partnership between academia and business is not uncommon; both have found the benefits too good to ignore.

12.1 ACADEMIA’S FIRST PARTNER Business was not academia’s first partnership. Thanks to funding and research contracts from the U.S. government, academia has long been involved in developing the infrastructure on which e-business rests. In 1945, under contract from the U.S. military, the first digital multipurpose computer was developed at the University of Pennsylvania. The computer, called ENIAC, was far from useful in any business context, but it was a significant milestone in the development of information technology. In the late 1960s, the development of the Internet was another important step in promoting e-business. Then called Arpanet, it was a research project funded by the government’s Defense Advanced Research Projects Agency (DARPA). The ideas behind the Internet originated at MIT with the first papers on packet-switching theory, the concept of a “Galactic Network,” and the first Arpanet plan. For the next 30 years, universities continued to play a dominant role in the Internet’s development. The first contracts for building Arpanet were awarded to UCLA and BBN, a high-tech institution. In 1969, Arpanet connected its original four nodes at UCLA, Stanford, UC Santa Barbara, and the University of Utah. This project is a good example of how partnerships can create an effective breeding ground for future innovators. From Arpanet emerged Bob Metcalfe, who, while working on his Ph.D. in computer science at Harvard University, developed the Ethernet networking technology with D.R. Boggs at Xerox’s Palo Alto Research Center (PARC). Xerox was not interested in further developing the technology, so, in 1979, Metcalfe founded 3Com to promote Ethernet. Ethernet later became the most widely used networking technology. The real-world experience Metcalfe received with Arpanet better equipped him for his own information technology venture. Although, by the mid to late 1970s, larger telecommunication companies were heavily involved in the innovation of IT infrastructure, the government was still one of the principal players. Much of the funding came from the National Science Foundation (NSF), an independent agency the U.S. government created to promote the progress of science. NSF continued to fund the development of the Internet well into the 1990s, with the condition that a university receiving funding must make the Internet connection “available to all qualified users on campus” and not use it for things other than research and education. In the early 1990s, the NSF began to lift restrictions on commercial uses of the Internet as part of its privatization policy. By 1995, NSF had ceased funding the Internet backbone.

SL3054_frame_C12 Page 215 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

215

After Internet privatization, business entrepreneurs, many of them fresh out of college, stepped forward as e-business innovators. Thanks to the advent of the PC and an improved user interface, technology became more accessible to a wider audience. This and the development of the World Wide Web gave e-business an environment in which it could flourish. In 1994, the first shopping malls arrived on the Internet and First Virtual became the first online bank. The revolutionary technologies of the Internet opened hundreds of unexplored ways to make money.

12.2 ACADEMIA’S NEW PARTNER At this point, academia began to have less influence on e-business innovation. Ebusiness was changing at “Internet speed,” which was much faster than the traditional speed of academic institutions. A decline in government funding for academic research also left universities with too few resources to stay current in technology. Academia’s most significant contribution to innovation during this time was as a breeding ground for entrepreneurial ideas. Creative and ambitious students were creating ideas, obtaining funding, and building a business often before finishing school. In 1993, Marc Andreesen, an undergraduate computer science student at the University of Illinois, led a student project to develop Mosaic, a graphical interface browser for the Web. The graphical browser, which allowed people without computer expertise to navigate the World Wide Web, was immediately popular. After graduating in 1994, Andreesen left for California and founded Mosaic Communications (later renamed Netscape Communications) with Silicon Graphics founder Jim Clark. During the first year they hired four of the five original team members and continued to develop and release the browser. Netscape went public in August 1995 as the first Internet IPO and became one of the hottest stock introductions ever. While a few students such as Andreesen made big splashes, academia was still having a tough time providing students with an education that would prepare them for the fast-moving Internet environment. Faculty members were also falling behind in research. Universities understood that, to maintain their effectiveness, they needed to team up with business, the latest innovating force. Partnering with business would help keep their curriculum abreast of industry changes, provide real world experience for students, enable industry interaction for faculty, and supply needed funds through sponsorship.

12.2.1 AN UP-TO-DATE CURRICULUM Just as the business world has been running to catch up with the e-business movement, universities, particularly business schools, have been making sweeping changes to their curriculum to meet the e-business learning needs of their students. Companies want graduates who can add value immediately upon employment, not people they need to train. Universities are now building courses and curricula to help prepare students with more marketable skills. For example, The Institute for Global Electronic Commerce at the University of Maryland developed a postbaccalaureate certificate in electronic commerce that features training in technical, business, policy, and legal issues concerning e-commerce. When creating e-com-

SL3054_frame_C12 Page 216 Tuesday, November 20, 2001 9:15 AM

216

The E-Business Handbook

merce programs such as these, faculty members receive valuable guidance from e-business professionals. Businesses help keep a curriculum current by participating in advisory groups for university programs, becoming involved in classroom instruction, and donating technology.

12.2.2 ADVISORY BOARDS If a company developed a product without ever consulting the market, it would not be a surprise if it failed. Likewise, if a university wants to produce a marketable graduate, it also needs to do its market research. Advisory boards made up of industry leaders are one way a university can identify the skills companies want in the people they hire. By meeting in groups periodically, these industry leaders can discuss their needs and give universities ideas on how to direct their curriculum. Norman White, the director of the E-Business Lab at NYU’s Leonard N. Stern School of Business, finds that businesses are not only willing to provide input but eager to do so. He discovered that one of the best ways to keep businesses active with the lab is to create opportunities for professionals to help shape the curriculum.1 Forward-looking companies recognize it as an opportunity to improve the quality of their future employees. A university would do well to utilize this interest and learn all it can about what the business world needs from its graduates.

12.2.3 BRINGING BUSINESS

TO THE

CLASSROOMS

Faculty members often have a hard time keeping current with the latest business trends because of their heavy teaching loads; therefore, business people are frequently the best teachers of up-to-date-business ideas and trends. Bringing industry leaders to campus to teach or give seminars provides students and faculty access to these important teachers. Stanford Graduate School of Business accomplishes this by offering a course that includes discussions with industry experts. NYU’s Stern School of Business also has two weekly luncheon presentations from outside organizations — the Dot Com Lunch Series that brings in Silicon Alley companies, and TANG (Technology and New Media Group) These bring in reputable firms to talk about their company and e-commerce. Brigham Young University offers a lecture series course that features a different e-business leader each week. Students enjoy the class because it provides real-world examples of what they need to know to be successful in today’s business world. These outside lecturers better prepare students by adding practical e-business insights to the classroom setting.

12.2.4 DONATING TECHNOLOGY Students benefit greatly from company-donated products or services, as illustrated by the NetDocuments example cited above. The Institute for Global Electronic Commerce at the University of Maryland has formed a similar partnership with Oracle to offer Oracle Certified Professional training courses. Oracle provides students with reduced examination fees, free access to the Oracle Academic Initiative’s Job Recruitment Database, and free software licenses. Products and services such as these can be used for both research and educational purposes. Most universities

SL3054_frame_C12 Page 217 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

217

constantly look for funding to help maintain a competitive level of technology. If students are taught on substandard technology, they have one more educational jump to make when they enter the market. When partner companies donate state-of-theart products, students learn to use the products they will find in future jobs. Partner companies benefit because academia is a good test site for their products. After BYU students and faculty used NetDocuments for one semester, they were able to identify both glitches and opportunities that helped NetDocuments improve its service. NetDocuments was able to revamp its service and make it even better and more efficient; meanwhile, students were able to learn by using the latest technologies.

12.2.5 PROVIDING REAL-WORLD EXPERIENCE

FOR

STUDENTS

Partnering with business not only increases the quality of graduates by keeping the curriculum current, but also provides students with real-world interaction. Universities teach technology and concepts, but the best place to learn how to apply them is a live situation. Markus Gappmaier, BYU professor and director of the Business Competency Center for Business Process Reengineering, says, “Learning by solving real-life problems while knowing the theoretical basis gives students a great advantage.” Students with experience have an edge in the marketplace because they have “solutions in their backpack.”2 Business partnerships help provide this experience by offering internship programs, research opportunities, and mentoring.

12.2.6 INTERNSHIP PROGRAMS Internships give students the opportunity to learn about e-business, build upon classroom learning by using what they have learned to solve real-world problems, make valuable contacts, gain work experience, and enhance their credentials. A student who graduates with internship experience is more likely to be hired than a student who has had no such experience. Internships also help students explore career opportunities and make educated decisions about the direction of their career. Strategic business partnering makes internships more accessible to students and helps match their interests and skills with internship opportunities. This increases the number of university graduates who leave school with a competitive job and the experience required to be successful.

12.2.7 RESEARCH PROJECTS Research projects have many of the same benefits as internships; they give students an opportunity to apply their skills and a way to improve their credentials. However, with a research project, students work under the supervision of a faculty member instead of the company, and rather than working with a company on a variety of tasks for an appointed number of months, they provide an assigned product or service. Brigham Young University, for its Master of Information Systems Management degree, and the Institute for eCommerce at Carnegie Mellon University for its Master of Science in Electronic Commerce degree require such an experience. Students register for management consulting or an ecommerce practicum and are organized into teams to work on a project. Projects involve such tasks as creating a

SL3054_frame_C12 Page 218 Tuesday, November 20, 2001 9:15 AM

218

The E-Business Handbook

prototype e-commerce system for an affiliates’ real business problems. Many universities strongly promote research projects because they give students experience while improving the research reputation of the university.

12.2.8 MENTORING Unlike internships and research projects, mentoring does not give students handson experience, but it does give them access to years of experience. At Brigham Young University, students entering the undergraduate program are required to take a class that pairs them with an alumnus. This class is invaluable, because the mentoring experience teaches “lessons that cannot be taught in the classroom.”3 The mentors are able to show the students the “world from the practitioner’s perspective, not the academic’s.” Because the mentors work full time in industry, they are better able to answer questions about interview skills, résumés, needed classes, and what certain jobs are like. Part of the class includes a mock interview with the students’ mentor. One student said that the practice was “priceless.” The mentor experience gives students a good look at industry, a clearer sense of how their classes are applicable, and a better idea of what kind of career they might enjoy.

12.2.9 INDUSTRY INTERACTION

FOR

FACULTY

Faculty members must be as cutting-edge as the industry itself to successfully prepare students to enter industry. When professors call upon experience they had years ago to teach students, they prepare them for a marketplace that has already passed. Intimate contact with businesses provides the interaction faculty members need to stay current. Most academicians want more contact with industry but do not know how to achieve it; however, when universities have partnerships with businesses, this contact is more accessible. Advisory boards for curriculum improvement is just one way interaction with business can benefit the faculty. Other interactions include faculty internships and company visits. Nirmal Pal, executive director of the e-business Research Center at Pennsylvania State University, encourages interaction by having faculty visit companies in the industry.4 However, one of the most common ways business partnerships improve this interaction is by providing research opportunities.

12.2.10 RESEARCH OPPORTUNITIES Partnerships between business organizations and academia to perform relevant research will help re-establish academia as a leader in technological research. Recent e-business successes and failures have shown there is much to learn about how technology can best be applied to improve-business processes. Current issues and information are needed to conduct meaningful research. Norman White of the E-Business Lab at NYU explains that businesses are important partners because, “they provide access to immediate-business challenges and data.” The Center for Electronic Business and Commerce at Stanford’s Graduate School of Business gains access to this information through its “data partnerships.” Partner companies supply primary data to faculty and Ph.D. students on Stanford’s Website. By

SL3054_frame_C12 Page 219 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

219

partnering with companies to do research and consulting, faculty members are able to produce research that is relevant to industry and handles current real-world issues. Such research not only improves research productivity, but it also improves teaching performance

12.2.11 SPONSORSHIPS One of the most common challenges universities face is lack of funds. The money needed for research, labs, and academic positions is often more than tuition and state or private funds provide. Many larger corporations have a budget for research and development; partnering with these-businesses helps academia tap into these funds. Electronic-commerce centers at universities have different programs and ways for businesses to contribute and benefit from these contributions. They use titles such as sponsorship, partnership, founder, and associate to define the duties and benefits of being a contributor. If academia can prove that a partnership will be beneficial to a company, that company can become an important source of funds.

12.3 HOW PARTNERSHIPS WITH ACADEMIA BENEFIT BUSINESS Academia has proven itself beneficial to business in a variety of ways. One of the biggest challenges e-business faces is recruiting and retaining well-trained people. According to Digital Economy 2000, a report from the U.S. Department of Commerce, “The growth in e-commerce … has increased demand for workers with Internet-related technical skills, including network specialists, help desk and end user support staff, and Internet and intranet developers. E-commerce growth has also increased the demand for workers with a knowledge of sales, marketing and business planning”5 Academia helps business solve this problem by providing excellent recruiting opportunities and continuing education for employees. Academia also provides inexpensive research and consulting, an opportunity to network with other businesses, and a way to bridge the gap between academic research and practical business knowledge.

12.3.1 RECRUITING OPPORTUNITIES Partnering with a university gives businesses the opportunity to interact closely with students. This interaction is important because it allows them to watch students work before hiring them. Although interviews, GPAs, and résumés help identify talented students, they are not foolproof. Working with students on internships and research projects helps companies see how they handle stress and a variety of work situations. They can then ascertain which students have characteristics that best fit their company. Working with universities gives businesses enough contact with students to effectively make recruiting decisions. The same contact that allows companies to decide who they want to recruit also increases their success in recruiting top students. The Center for e-business@MIT maintains, “The key to recruitment is getting the right corporate people in front of

SL3054_frame_C12 Page 220 Tuesday, November 20, 2001 9:15 AM

220

The E-Business Handbook

students and then communicating the opportunity of working with your company.”6 Several companies often extend offers to the same talented students. Interacting closely with these students through internships and research projects helps students become familiar with the company. Graduates are in a similar position to the companies hiring them. Just as companies like to know firsthand who they are hiring, students also like to know their future employer. Consequently, students are more likely to accept an offer from a company they have previously enjoyed working with than a company with which they have had little experience. Working with students allows companies to build valuable relationships with the graduates they will eventually want to hire. Partnering with universities also helps companies increase the number of graduates worth recruiting. Many factors of a graduate’s effectiveness, such as natural intelligence and work ethic, are independent of a university education, but a university can influence the preparedness of students possessing these attributes. Working with universities to keep the curriculum current helps raise the number of wellprepared graduates entering the market.

12.3.2 CONTINUING EDUCATION

FOR

EMPLOYEES

Technology changes so rapidly that it is hard to keep employees up to date. MIT says, “Nobody on the planet has more than 5 years of experience in e-business. And until 1999, no top business school has offered an e-business-focused degree. This makes for an ‘untrained’ workforce.” To help businesses remedy this problem, MIT’s center organizes executive educational programs that offer “continuous training of company personnel.” Stanford’s Graduate School of Business similarly offers a “Silicon Valley E-Commerce Executive Program.” This program combines the knowledge of faculty and e-commerce leaders from Silicon Valley companies, allowing participants to learn about new business models and how to better utilize ecommerce. Stanford also supports seminars and conferences that facilitate teaching e-business to employees and business leaders. The E-Commerce@North Carolina State initiative teaches employees through live Web casts and course Web sites. Universities are becoming key organizers of seminars, lecture series, conferences, workshops, and executive education classes that provide an avenue for employees to stay on the leading edge.

12.3.3 INEXPENSIVE RESEARCH

AND

CONSULTING

Joint research projects between business and academia can help business understand the impact of the Internet on business and society. According to MIT, while “Industry is far ahead of academia in the experimental use of the Internet and the onset of e-business … little time has been spent studying and understanding the underlying principles of e-business, and their implication on business, the economy, our organization, the way people work, and the potential for future success in each of these areas.” Both business and academia benefit by taking advantage of each other’s strengths — academia uses business to obtain current data, while-business uses academia’s research ability to gain an edge by understanding how the e-business market works. Universities are full of students

SL3054_frame_C12 Page 221 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

221

looking to gain real-world experience and faculty wanting to keep their fingers on the pulse of e-business. Businesses can take advantage of this by having them address real business problems facing the company. University e-business centers often have the ability to provide high quality research and consulting at a lower price than is available elsewhere. A group of students mentored by a faculty member can provide research and consulting typically at a fraction of the price that a professional consulting or research firm would charge, while maintaining the same professional quality. A good example is the partnership between Dell and the Center for Research in Electronic Commerce (CREC) at the University of Texas at Austin to survey more than 1000 U.S. and European companies to find how businesses use the Internet. According to the study, companies are still not taking full advantage of the Internet. Dell was able to release this information at its annual DirectConnect event, but, more importantly, they have used the results of the study to make strategic decisions within their company.7 Like most electronic commerce centers, CREC does not give companies exclusive rights to the information from their research, but it gives them earlier access to the results and a more detailed report than appears in other publications. With e-business moving at such a rapid speed, businesses do not always have the time to analyze which strategies work best. Academia can help them obtain the information they need to make these decisions. Academia also helps smaller businesses by offering economical consulting. Smaller businesses sometimes lack the experience needed to make effective decisions and the money to pay a full-time consultant. By drawing on faculty expertise, academia can offer small businesses inexpensive solutions. The Digital Economy Initiative at NYU’s Stern School of Business provides consulting to local companies having trouble by matching them with a faculty member who has applicable expertise. This gives small companies access to expertise they need at a price they can afford.

12.3.4 NETWORKING

WITH

OTHER BUSINESSES

Who you know is often as important as what you know in opening business opportunities. Networking provides these important contacts. A university, with its business and individual partnerships, is an ideal catalyst for building these relationships. Participating in university advisory boards, research projects, and continuing-education programs gives businesses the opportunity to interact with others in the industry. It provides an opportunity for business leaders to meet other business leaders in a neutral environment. The E-Commerce @ NC State facilitates this peerto-peer interaction through a virtual network hosted by the E-Commerce Learning Center. Academia makes interacting with other partner organizations much easier by providing businesses with a common meeting ground.

12.4 HOW TO MANAGE A SUCCESSFUL BUSINESS–ACADEMIC PARTNERSHIP The key to a successful partnering relationship between business and academia is the value provided to both parties of the relationship. University personnel who

SL3054_frame_C12 Page 222 Tuesday, November 20, 2001 9:15 AM

222

The E-Business Handbook

expect businesses to be regular, consistent, and generous donors too frequently ignore this fact and fail to provide sufficient value to entice businesses to maintain longterm relationships. Partnerships can be successful only when both parties receive benefits that outweigh the costs of collaboration. Collaboration costs refer to the inconveniences, differences, and expenses involved in forming and maintaining the relationship. Fundamental differences between the objectives of business and academia naturally create some collaboration costs. Most of these costs result from different motives for research and conflicting views on intellectual property.

12.4.1 MOTIVES

FOR

DOING RESEARCH

Professors and business people produce different products. Professors produce research and educated students. The quality of the research is often determined by its contribution to knowledge, not on its usefulness. Professors’ continued employment and reputation depend on how well they do these things. Conversely, business people provide products and services that produce profits. Their continued employment and reputation depend on how well they do this. Business people are more likely to support research when it helps them produce a profit, rather than supporting research for the sake of research. Tim Finn, director of the Institute for Global Electronic Commerce (IGEC) at the University of Maryland points out that businesses are often more interested in research with a shorter perspective. This is because the information is more applicable to current decisions. University research projects with a long-term perspective may have a hard time finding a sponsor, especially in a struggling economy. Only when businesses are doing well do they have the flexibility in their budgets to support research that does not produce immediate benefits. A struggling company is more interested in survival than in long-term planning. The economy not only affects the amount businesses invest in research, but in academia as a whole. Many businesses support academia because of the opportunities it provides to meet and recruit quality students. Because a poor economy reduces the number of graduates a company will recruit,8 when the economy is down, so is the motivation to fund research. Academia’s partnership with business is tied to the economy. For academia, this tie results in a fluctuating source of funds and diminished freedom over what to research.

12.4.2 CONFLICTING VIEWS

ON INTELLECTUAL

PROPERTY

A second cost to collaboration is conflicting views on intellectual property. “Intellectual property is tangible property that can be protected under federal law because it’s considered proprietary to a company or an individual. In information technology, examples include software, text, certain software algorithms, brand names, customer databases and trade secrets.”9 Academia’s and business’s motives for research also extend to their ideas on intellectual property; for this reason, they sometimes disagree on how and why intellectual property should be made available. For example, when a company teams with a university to study market trends, the university wants to publish the results of the study because publishing builds its reputation. The university’s philosophy is that future innovation is built from

SL3054_frame_C12 Page 223 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

223

innovations of the past; therefore, sharing today’s innovations will increase tomorrow’s discoveries. However, the company wants to keep the results to itself to give it an edge in the marketplace. The company’s philosophy is that the study was its investment and those who have not made the same investment should not receive the same benefits. Both the business and the university benefit from the results of research, but in different and, at times, exclusionary ways. It is difficult for a university to publish results without affecting the edge a business seeks by doing the research.

12.4.3 BRIDGING DIFFERENCES Striking a compromise between the differences between business and academia’s motives is not easy, but not impossible. Plenty of businesses and universities have worked beyond their differences and have formed successful and mutually beneficial partnerships. Their success in forming partnerships can generally be attributed to their ability to accept each other’s objectives and their insistence on clear contracts and agreements. The following are important in bridging the differences: • Both parties must recognize the fundamental differences in each other’s objectives. Simply recognizing the differences will open a dialogue that will help clarify each party’s objective in a particular relationship. • Universities should maintain a diverse portfolio of research sponsors including businesses, government agencies, and, perhaps, other universities. This minimizes the impact of a downturn in the economy on the research stream.10 • Most research projects can be crafted to provide an immediate benefit for the company and a contribution to knowledge for the university. With any research topic, there are fundamental concepts that can be studied and the outcome can provide a contribution to our knowledge. There are also immediate issues to be explored and the answers to these issues can be packaged into a report the company can use to improve its products or services. By crafting a research project to investigate the immediate issues as well as the fundamental concepts, both business and academia can benefit by the results. • Businesses must recognize that, when working with universities, there may not be a direct payback. Partnering with a university is a long-term investment, with payoffs in such benefits as public exposure and a pool of quality students for future employment. Also, many of the benefits are more idealistic, such as involvement with the community and opportunities to support programs that reflect a business’s own ideals.11 • Businesses must recognize that there is less drive for efficiency at a university. Projects and tasks generally take longer to accomplish. Also, it is harder to find an “in-charge” person at a university — someone who is in charge of everything and in a position to make a decision.12 The time required to make a decision at a university is generally much longer than in business.

SL3054_frame_C12 Page 224 Tuesday, November 20, 2001 9:15 AM

224

The E-Business Handbook

• Both business and academia should recognize the importance of clear contracts and agreements before the relationship is begun. This is extremely important on research and consulting projects. The contract should specify such things as the nature of the project, its scope, the deliverables, time estimates, and the roles and responsibilities of each party. The agreement allows the business and the university to decide where and how to compromise. They are able to decide beforehand what information should be published, what trade secrets need to be left out, who owns the intellectual property, and who has agreed to do which tasks. To avoid future misunderstanding, it is important that each side know the terms of the agreement before they start • Universities should assign a center to coordinate-business partnership, giving faculty, departments, and businesses a designated place to go when they are interested in becoming involved. Most centers consist of one or more directors who coordinate the efforts of faculty, advisory boards, staff, and students. Together they form a base for maintaining contacts, supplying the center with fresh contacts and funds, and bringing people together. Centers can be formed to reflect the university’s goals and philosophy. A thriving center can be a catalyst for successful partnerships. Together, business and academia can maximize the opportunities provided by e-business. Although academia’s role in the development of e-business has diminished, partnerships with business can provide it with the resources it needs to reclaim a dominant leadership position. Universities must develop centers that focus on partnering with business on every aspect of the educational process, including curriculum development, research projects, continuing education, and new-business development. By helping academia in these areas, business increases the quality of its employees and fosters new ideas for business development. To obtain these benefits, it is important to structure the relationship so that it satisfies the needs of both parties. When business and academia learn to work together despite their differences, they can make tremendous leaps in the innovation of e-business.

REFERENCES 1. White, Norman, acting director for the Center for Digital Economy Research at the Stern School of Business at New York University, telephone interview, 2001. 2. Learn more about the Competency Center for E-Business Process Management, Ed. Sarah Severson. The Rollins Center for E-Business@BYU June newsletter. (http://ebusiness.byu.edu/new/june01/featured_entre.cfm) 3. Gardner, Robert, director of the mentoring program at Brigham Young University, telephone interview, 2001. 4. Pal, Nirmal, executive director of the E-Business Research Center at Pennsylvania State University, telephone interview, 2001. 5. Cooke, Sandra, The Information Technology Workforce, in Digital Economy 2000, U.S. Department of Commerce, chap. 5, pages 48-19.

SL3054_frame_C12 Page 225 Tuesday, November 20, 2001 9:15 AM

Electronic Commerce Partnerships Between Business and Academia

225

6. Proposal for Sponsorship for the Center for e-business@MIT (http://e-business.mit.edu/sponsors/proposal.html) 7. Whinston, Andrew, et al., Research Finds Internet Technology Investments Can Boost Business Financial Preformance, Productivity, (http://Webevents.broadcast.com/Dell/ ecensus2000/press.asp) 8. Finn, Tim, director of the Institute for Global Electronic Commerce at the University of Maryland, Baltimore County, telephone interview, 2001. 9. Alexander, Steve, Intellectual Property, Computerworld, 3 Jan 00, (http://www.computerworld.com/cwi/story/0,1199,NAV47_STO40503,00.html) 10. Finn, Tim, Director of the Institute for Global Electronic Commerce at the University of Maryland, Baltimore County, telephone interview, 2001 11. Murray, Doug, CEO of NoWalls, telephone interview, 2001. 12. Tedjamulia, Alvin, CIO of NetDocuments, telephone interview, 2001.

SL3054_frame_C12 Page 226 Tuesday, November 20, 2001 9:15 AM

SL3054_frame_C13 Page 227 Tuesday, November 20, 2001 9:16 AM

13

The Covered Bazaar on the Internet: Culturally Specific Alternatives to “Web-Marts” Fay Sudweeks and Simeon J. Simoff

CONTENTS 13.1 Introduction ..................................................................................................227 13.2 The Evolution of E-Commerce....................................................................229 13.3 Business to Consumer Models ....................................................................230 13.4 E-Commerce Today......................................................................................236 13.5 Market is Changing from a Mass Market to a Niche Market. ...................236 13.6 Culture-Sensitive E-Commerce ...................................................................237 13.7 The Bazaar ...................................................................................................237 13.8 The Bazaar Metaphor for E-Commerce ......................................................239 13.9 A Culture-Specific E-Commerce Model .....................................................241 References..............................................................................................................241

13.1 INTRODUCTION Over the past decade, the Internet has evolved from an exotic “place” populated with academics and scientists to a common marketplace for the general populace. The global network of electronic infrastructure has played a significant role in this expansion, but the technology itself is not the factor driving the business revolution. The changes are driven by the interaction of information technology and customer demand.1 Gone are those days in the early 1990s when the Internet was populated mainly with research papers, scanned texts and some downloadable software from university research laboratories. The Internet has become the medium of what Vernadsky*2 calls “noosphere” — the next step in the evolution of the biosphere of * Russian scholar Vladimir Vernadsky, whose works in philosophy and psychology were translated into English in the late 1960s and early 1970s, foresaw these processes and their product in a holistic manner. In 1943, in his book Scientific Thought as a Planetary Phenomenon, he introduced the term noosphere, which he considered to be a new layer in the evolution of the Earth, appearing on top of the biosphere.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

227

SL3054_frame_C13 Page 228 Tuesday, November 20, 2001 9:16 AM

228

The E-Business Handbook

the Earth. The developments in the latter half of the 1990s illustrate that the common information environment that supported the development of a common scientific approach to the world (the basis of the “noosphere”) has had an effect of homogenizing the networked global population. A contribution to the weakening of both economic and cultural diversity in the epoch of transition into the 21st century is the push toward globalization at any cost. The latest advances in information and communication technologies (ICTs) have been touted by Internet enthusiasts as the catalysts that lead to greater world democracy and prosperity. Little thought has been given to the possibility that the values and communication preferences inherent in these technologies may not be universal. In fact, the consequences of new communication technologies could be a homogenous “McWorld.”3,4 The alternative to such global homogeneity is what Barber refers to as Jihad* — the reaction that occurs when diverse cultures try to preserve their identity. However, the apparent dilemma between Jihad and McWorld may not be so intractable.5 Indeed, there are examples that demonstrate points between Barber’s dichotomy. Thailand’s use of CMC technologies, for example, allows for both global connectivity (but in a “thin” culture) and the preservation and enhancement of local cultural values and communicative preferences (a “thick” culture).6 Another contribution to the weakening of both economic and cultural diversity in the epoch of transition into the 21st century is the two processes of discontinuity and rapid change. Even the most basic of human activities have lost much of their idiosyncratic individuality as these activities, of necessity, conform to standard protocols and operating procedures. An example of such a basic human activity is the common task of shopping. The rapid expansion of e-commerce on the Internet, and the speed with which societies are adapting to the notion of doing business and shopping electronically, creates the perception that e-commerce is a natural evolution in this information age. Although scholars are cautious about issues such as security,7–9 trust,10 health and lifestyle,11,12 very little research has been carried out to evaluate the effect of global e-commerce on indigenous and local cultures. The current environments, metaphors and processes of Internet commerce have perhaps the most potential to adversely impact on cultural identities. While new technologies are capable of creating and archiving user and product profiles, developers and researchers in the field are only beginning to consider how cultural profiles can assist in the global marketplace. In this chapter, we describe the development of e-commerce in the context of the various metaphors currently used for online shopping. We explore the metaphor of a 3D marketplace and the implementation of such a model in ecommerce systems. Finally, we discuss the efficacy of culturally diverse emarketplaces for maintaining the integrity of languages and cultures along with global economic communities.

* Jihad, an Arabic word, means struggling or striving. In the West, especially in the media, Jihad is generally translated inaccurately as “holy war.”

SL3054_frame_C13 Page 229 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

229

13.2 THE EVOLUTION OF E-COMMERCE The evolution of the media and underlying technology for e-commerce on the Internet can be divided into several distinct phases. During the first phase, in the early 1990s, the Internet was used primarily for information dissemination via email and static Web pages. It was a complementary information channel to magazines, radio and TV for distributing product information. The transfer of information lacked security and integrity. The second phase, from the mid to late 1990s, saw security and privacy protocols being added to a variety of transaction processing services. This addition opened the Internet to a variety of commercial and corporate uses. The development of dynamic Web pages and database-driven Web sites added a spin of interactivity. Ecommerce also borrowed some ideas from research in computer-supported collaborative work (CSCW).13,14 The current phase of e-commerce is connected with the development of intelligent technologies such as data mining, online analytical processing (OLAP) and sophisticated search engines. These technologies are used for creating both product and user profiles, and for adapting the behavior of the e-commerce system to individual combinations of these profiles. They require the development of new interfaces and business models. This dramatically changed the computing universe — the networked microcomputer and advanced communication networks, deregulation of telephone services, expansion of Internet technologies beyond the boundaries of academic and research institutes, the flat pricing structure offered by the Internet — made it possible to deploy the new technologies for e-commerce. By some estimates (http://www.netquest1.com/ecommerce1.htm#overview) about $8 billion in transactions are handled annually over the Internet, generated from 60,000 commercial Web sites. These figures contrast dramatically to the early days of e-commerce when most ventures, especially small and medium-sized enterprises, were not profitable. A study conducted by Activmedia15 found that e-commerce revenue leapt to $132 billion in 2000. Recent research by the GartnerGroup, according to Leung,16 shows that the phenomenal growth of e-commerce is being driven by business-to business (B2B) generally, and B2B trading communities specifically. Trading communities, such as Commerce One’s Marketsite (http://www.commerceone.com/) provide an environment or “marketplace” in which goods can be traded. Unfortunately, many commercial entrepreneurs who hope to be successful worldwide fail to understand the real-world obstacles of international business-to-consumer (B2C) e-commerce. They do not take into account technological, commercial and cultural differences. Differences in telecommunications environments severely limit the development of online markets. Differences in commercial practices affect global online markets. For example, in Germany, two-for-the-price-of-one offers and promotional gifts are illegal; in Sweden, toy advertisements cannot be aimed at children. Another important factor in the success of a global online market is sensitivity to cultural and linguistic differences. English may be regarded as the language of the Internet by many, but in France, for example, a Web site that is specifically aimed at the French consumer must, by law, be in French.17 English Western-style Web pages

SL3054_frame_C13 Page 230 Tuesday, November 20, 2001 9:16 AM

230

The E-Business Handbook

need to be redesigned, translated and adapted to individual nations. Cultural and linguistic differences therefore increase the cost of cross-border e-commerce. Scholars,18 research agencies (http://www.activmediaresearch.com/) and business analysts are attributing the unprecedented scope of innovations in the way business is conducted to the emerging e-commerce technologies. We begin by exploring the pathways through which business is conducted. Marketing channels are the central element in models of e-commerce. They are defined as “systems of independent organizations and technology that make products and services available to the consumer in a useful and accessible form.”18 There is a divergence in the classification of the major models in e-commerce.18,19 The focus of this chapter is on the direct B2C model, which has intensified the competition for customer attention in the marketplace while largely ignoring the cultural and linguistic divergence among customers and business environments in different parts of the world. The lack of cultural and linguistic sensitivity in the direct B2C model could be one of the reasons that B2C e-commerce is lagging behind B2B e-commerce.

13.3 BUSINESS TO CONSUMER MODELS Perhaps the most popular and visible B2C model on the Web is the Web mart (or digital storefront). The model is a result of the creative merger of two shopping metaphors: the mail-order (catalog) business* and the shopping mall and supermarket. The mail-order business has survived more than a century. The first catalog sales began in the United States at the end of 19th century, when two major mail-order companies, Montgomery Ward and Sears Roebuck,** were established. The obvious advantage of this model was a decrease in the amount of time needed for shopping. The disadvantage was the limitations of the medium (paper) to represent the qualities of the goods. The shopping mall model flourished with the growth in the popularity of automobiles and the expansion of road systems, which provided the underlying technology. Large, efficient chain stores lured the customers, who were willing to travel relatively long distances to reach a large store that offered a variety of products at relatively lower prices. The key factor for a chain to compete effectively and achieve profitability at low prices was purchasing in volume. Not surprisingly, the same principle worked for the customers — the volume at low prices compensated for travel time and expenses. As customers were now purchasing in volume, families found it useful to have a shopping list (usually a cumulative list on which members of a household place their needs) as they negotiated massive supermarket aisles with their shopping cart (in which the needed items are placed). The shopping cart is the vehicle for transporting needed items from the supermarket shelves to the cash register and, subsequently, to their automobile. * In its first years, Amazon.com operated as a mail-order book retailer witha relatively small stock list. ** In 1872, Montgomery Ward and Company of Chicago started the first mail-order-house. Richard Sears, who started with selling cheap watches, teamed with watch repairman Alvah C. Roebuck to form Sears, Roebuck and Co. in 1886.

SL3054_frame_C13 Page 231 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

231

FIGURE 13.1 The “front” Web view of a typical “Web-mart.”

The combination of the catalog and the supermarket metaphors formed the underlying metaphor of the popular Web-mart.* Figure 13.1 shows a typical example. Variations across Web-marts are very small — where they do occur they are mainly in the layout. Consistent with their composite counterparts, Web-marts feature a link to browse catalog items and a link to view the contents of the shopping cart as items are placed in it. For full-scale shopping, a user generally enters the mall with a login name and a password. Figure 13.2 illustrates what a customer finds inside a Web-mart — a typical catalog page that is usually equipped with a search engine. To some extent, search engines change the shopping strategy from browsing (through the catalog) to selective searching (for a specific product). However, the selective searching strategy will work if the customer not only knows the language (English in most cases), but also the specific term used to label that product. Similar to the procedure in the physical supermarket, the virtual-shopping-cart metaphor allows customers to accumulate and store lists of items they wish to buy as they continue to shop. The underlying technology that supports the metaphor is a database of catalog information. Formalized in a database form and interfaced with Web style sheets, the product catalog on the merchant server supplies the information that is displayed when the product is retrieved. The database is a collection of product specifications, availability, shipping information, stock levels, on-order information and other data. Figure 13.3 illustrates an enhanced shopping cart metaphor. In this example, the shopping cart technology is enhanced with a facility for “chatting” (talking online) with a shop assistant. * The term Web-mart is introduced to emphasize the analogy with Wal-, K- and other -Mart stores.

SL3054_frame_C13 Page 232 Tuesday, November 20, 2001 9:16 AM

232

The E-Business Handbook

FIGURE 13.2 Inside the Web-mart.

FIGURE 13.3 Shopping cart technology enhanced with chat assistance.

SL3054_frame_C13 Page 233 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

233

FIGURE 13.4 Music Web-shop.

The data model and the content of the database depend on the type of product. A music-CD store, for example, may include a downloadable sample file with a music segment from the CD, as illustrated in Figure 13.4. Perhaps Amazon.com, with its range of products including books, videos, music, CDs, DVDs, electronic cards, consumer electronics and toys, remains the most widely recognized example of a database-driven Web-mart. The online catalog handles millions of product offerings, providing sophisticated data analysis of sales histories, product reviews, in-depth descriptions and cross-references, to guide customers according to some expectation about individual interests. Personalization is part of the strategy of Amazon.com. This feature suggests that the database keeps a record of all previous transactions, including items purchased, and shipping and credit-card information. Combined with information from the customer database, it builds a user profile “on the fly.” Based on previous purchases and cross-referencing with customers who bought similar products, it presents a list of recommended titles to the customer (Figure 13.5. This suggests that the site employs OLAP technologies which, by some criteria, identify similar products. By building and analyzing customer profile data, such computing systems provide a customized (but fairly uniform) service, driving sales of additional items without human participation. For the purpose of this chapter, we can state that the man-machine system has the property of symmetry, which perhaps is reflected in the structure of the database — a symmetry between the product and the human sections.* This symmetry points to dehumanization of the commercial environment. * A parallel can be drawn to Gogol’s Dead Souls, where the products were the names and profiles of dead people.

SL3054_frame_C13 Page 234 Tuesday, November 20, 2001 9:16 AM

234

The E-Business Handbook

FIGURE 13.5 Sales history and cross-reference to customers with similar preferences are features of amazon.com’s site.

It is difficult, if not impossible, to establish contact with a physical person behind the fabulous walls of the Web-marts. Some modern sites, as illustrated in Figure 13.5, offer an access to a life channel similar to the customer telephone lines. The attempt to connect on the live chat, shown in Figure 13.6, demonstrates the analogy with a telephone scenario. The auction is another metaphor that provided a successful model for the ebusiness environment. With this model, information about the prices of a large number of potential buyers in the market for a particular product can be obtained at a relatively low cost. The auction model provides some assurance in effective matching of buyers

FIGURE 13.6 Chat service in a “Web-mart,” simulating a telephone service.

SL3054_frame_C13 Page 235 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

235

FIGURE 13.7 eBay.com — the entrance to the auction.

and sellers. Vickrey20 offered four models of simple auctions, assuming that buyers hold independent, private evaluation of the product value. Vickrey’s auction models established the de facto standard for the auctions of consumer goods in B2C ecommerce. eBay.com, the company that was a pioneer in Web-based auctions, attempted to bring in ideas from networked communities to e-commerce (note the “Community” section in Figure 13.7). Two additional operations compare with the Web-mart: (1) announcing the product, and (2) bidding for a product. The attractiveness of e-auctions is that customers are not only buyers —customers are able to offer their own goods for sale. Thus, the second-generation ecommerce sites combine both models, as illustrated in Figure 13.8. Although the models presented here have some variations on the Internet, the look, feel and functionality of e-commerce sites are very similar. More importantly, the advantages of these types of sites are convenience and lower prices. Consequently, there has been an expectation that online merchants will slowly overtake physical shopping malls. However, even the most ardent fans of cyberspace agree that present Web commerce cannot replace the variety of emotion, and social and cultural experience of shopping in the hustle and bustle of the physical world. One of the reasons for the cultural flatness of e-commerce is “bandwidth colonialism,”21 or U.S. dominance. The structure of the Internet and bandwidth costs give the United States an overwhelming advantage for dominating global e-commerce. As Flynn22claims, “Julius Caesar conquered Gaul with Roman legions, but the U.S. is doing it with Mickey Mouse and the Internet.” The dominant Western culture is certainly evident in the models discussed. They have basically eliminated the notion of the marketplace. Westland and Clark18 refer to this phenomenon as a “placeless marketplace that we call a marketspace — one that is nowhere yet everywhere.”

SL3054_frame_C13 Page 236 Tuesday, November 20, 2001 9:16 AM

236

The E-Business Handbook

FIGURE 13.8 Combining the supermarket and the auction metaphor.

13.4 E-COMMERCE TODAY The e-commerce landscape today features two major trends away from the models of a decade ago. 1. Products are changing from mass produced to custom made. As Amazon.com and other similar major B2C e-commerce sites have demonstrated, customization has become the key to success on the Internet. The product is not just for any consumer, but for a specific individual who has a name, a title, an address and a history as well as emotions such as hope and fear. The product needs to be made available in a way more innovative and cost effective than a competitor company can offer. 2. Production is changing from mass production to job specific. While automation enhanced mechanization and the drive toward more mass production, knowledge engineering and data mining have increased flexibility and made customization possible at an affordable cost.

13.5 MARKET IS CHANGING FROM A MASS MARKET TO A NICHE MARKET The shift to unique products for a specialized customer base is becoming the very essence of e-commerce. However, current e-commerce models are still dominated by the shopping mall/supermarket metaphor. This metaphor and its associated functionality correspond to Western lifestyle and shopping habits and thus continue to foster a homogenous “McWorld.” The success of such models in many countries, where shopping traditionally includes a social element along with bargaining and negotiations, is tenuous. The authors’ experiences in Turkey, for example, demonstrated that the

SL3054_frame_C13 Page 237 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

237

social element is an essential part of a commercial transaction. The prepurchase activities vary from a few minutes talk over a cup of tea (çay) to a half-day excursion to show the cultural history of the product. To demonstrate how cultural integrity can be preserved in online shopping, we use the metaphor of a bazaar as an ecommerce model.

13.6 CULTURE-SENSITIVE E-COMMERCE When engaging in commercial activities across cultures, one must be sensitive to the multidimensions of culture, which include language, religion and artifacts as well as values, cognitive style, and time and space orientations. Culture encompasses a set of norms to which a group of people consciously or unconsciously agree to facilitate a homogenous and harmonious coexistence. Initially, the Internet was an open forum, an Internet “bazaar,” in which the diverse cultures could participate freely. However, with its general commercialization, and the popular supermarket metaphor in particular, globalization has resulted in homogenization and a flattening of cultural diversity. An enormous export market exists in addressing foreign markets — going global is no longer an alternative, but a necessity for today’s business. While the Web has helped to remove — or blur — national borders, many issues still need to be resolved. English is the primary language spoken in just seven countries and these seven represent 30% of the world’s economy and 8% of the world’s population.23 Obviously, there is a large potential market that is not catered to by parochially minded businesses. Global e-commerce is most often limited by a narrow worldview that sees all countries the same at all times. Obviously, crosscultural e-commerce has its costs. Developing Web sites specific to just the major national languages of the world can be a barrier to embarking on an e-commerce venture. However, companies cannot hope to participate in a true global e-commerce environment without being concerned about cultural sensitivity. We propose that a major step in embracing cultural diversity in e-commerce is the use of metaphors that have cultural and social meaning, metaphors to which customers can relate. The example we give here is the bazaar metaphor for online shopping. For Islamic countries, the most common mode of shopping is the bazaar, in which prices are negotiated and transactions are accompanied by specific cultural experiences and emotions.

13.7 THE BAZAAR One of the most notable ways in which a bazaar differs from a supermarket as a marketplace is price flexibility. The prices for each product in a bazaar depend on a variety of factors, including the season (peak or off-peak), the bargaining experience of the seller, the tenacity and culture of the buyer, and the manner in which the buyer handles the preliminary social etiquette. The word bazaar, originating from the language of Uygur, means “marketplace on the Silk Road.” The word conjures up images of bustling and prosperous trading

SL3054_frame_C13 Page 238 Tuesday, November 20, 2001 9:16 AM

238

The E-Business Handbook

activities. In the marketplace, all types of fine items are carefully selected to cater to the needs and tastes of different customers. The markets of Islamic cities are one of the greatest achievements of the Islamic peoples. Economy and religion are the two principal pillars of Islamic bazaars, which symbolize their difference from other markets. Two famous bazaars illustrate the atmosphere and power that could be infused into an online metaphor. The Covered Market, or Grand Bazaar, in Istanbul, Turkey, houses thousands of shops and stalls where merchants display a variety of goods. Starting from a small bedesten (warehouse) built in the time of Mehmet the Conqueror, the bazaar grew to cover a vast area. The foundations of the Covered Grand Bazaar were built after the conquest of Istanbul by the Ottomans. In time, the bazaar added additional shops and halls. The arcades and halls were covered with arches (see Figure 13.9) to form a series of covered streets leading to a central avenue. Streets were named according to the trades, such as gold and silver sellers, carpet sellers, slipper sellers, bootsellers, and booksellers, etc. Shoppers can buy colorful carpets, clothing, copperware, jewelry and many other items. Consisting of more than 4,000 shops, the Grand Bazaar is a maze of narrow streets where you can buy a bangl or a carpet, or just browse. This great covered bazaar is not simply a complex of buildings, but a city covered by hemispheric domes with 18 entrances. The Souq al-Hamadiyyeh bazaar in Damascus, Syria, is the city’s main market. It features long streets covered with high canopies and lined with booths and shops and bustling crowds. The shops are narrow and shallow, filled with goods of every kind, and shopkeepers sit in front of the shop ready to haggle with the passing crowds. It is noisy, as men bargain back and forth. Barbers invite passers-by to have their hair cut. A crowd as numerous as that in the galleries of the Palais-Royal throngs the bazaar all day long.

FIGURE 13.9 The arches of the Grand Bazaar, Istanbul, Turkey.

SL3054_frame_C13 Page 239 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

239

As in the Grand Bazaar in Istanbul, each type of product has a street or part of a street and is named for its product. For example, there is the Street of the Saddlers, Street of the Slipper Merchants, Street of the Spice Men, and many others. The longest and busiest thoroughfare is the famous Street Which Is Called Straight.*

13.8 THE BAZAAR METAPHOR FOR E-COMMERCE We envisage that a bazaar universe (a “world” in Active Worlds**) would appeal to cultures to whom the marketplace is a rich environment, such as the bazaars described in Section 13.6. Virtual worlds have the potential to provide commercial environments that transcend time and space. The development of virtual worlds has emerged from computer-mediated social spaces24 that supported the needs of large, loosely knit virtual communities. Unlike the 2D desktop interface, 3D interfaces can create an experience of immersion. Under the right circumstances, users are able to mentally project themselves into a virtual space. One way this has been accomplished has been with 3D graphics. Another demonstration of immersion has been with MUDs,** which are based purely on textual description. MUDs show that a rich, consistent presentation of a virtual space, even without sophisticated display technology, can be vividly experienced in the imagination of the user. The development of virtual worlds is inherently about creating places that mimic the physical world, but are not necessarily restricted by 3D geometry.25 This gives the person a feeling of being at some actual place, even though they have not physically moved from their home or office. An example of an environment that creates a sense of place is Active Worlds.*** Active Worlds is a 3D modeling environment that includes avatars, or 3D representations of people in the virtual world. This environment provides a sense of place by presenting a 3D world in which the person can walk, talk, teleport, and look around. Although it is object-oriented, Active Worlds emphasizes the 3D models of the contents of the world. It is used primarily for social interaction and as access to documents on the WWW. Because other users are present in these spaces, social interaction is facilitated. * Note that the street may be “called straight,” but that doesn’t necessarily mean that it is straight. ** MUD is an acronym for either Multi-User Dungeon or Multi-User Dimension. A MUD is a form of a virtual world, a virtual meeting place that contains objects and people that behave (in principle) in a similar way to real-life equivalents. The system is based on rooms that can contain objects and where people can meet. In general, activities are restricted to the current room. MUDs weave a virtual world around the user by providing a first-person perspective of one's environment. ** * Other examples are TAPPEDIN, and TeamWave. TAPPEDIN is a learning environment. The large community is supported in a campus-like environment with virtual buildings that are similar to physical buildings in function. TAPPEDIN uses a model of the “room” as the basic component and varies the types of rooms by changing the text description and image of the layout. People in TAPPEDIN are also represented as objects that move around the building, but the person object does not have a geometric representation or presence. TeamWave is a multi-user environment that groups documents and desktop tools into rooms. The organization of the collaborative environment is defined by the users, where rooms are basically containers similar to folders in a filing cabinet. People in the environment are represented by an image and properties such as e-mail address, phone number, etc. Communication occurs in a chat room style of talking.

SL3054_frame_C13 Page 240 Tuesday, November 20, 2001 9:16 AM

240

The E-Business Handbook

FIGURE 13.10 A culturally specific e-commerce model.

Attitude Toward E-commerce

Company

Cultural Appeal

Sustainable E-commerce Activity Communication

Usability

FIGURE 13.11

Products

Profiling

Economic Appeal

SL3054_frame_C13 Page 241 Tuesday, November 20, 2001 9:16 AM

The Covered Bazaar on the Internet

241

The bazaar universe is, of course, developed in a local language. Within the bazaar universe are spaces for different types of goods — for example, a “gold room,” a “carpet room,” a “slipper room,” and so forth. Waiting at the entrance of each space are animated avatars with whom potential customers can converse. The avatars are the counterparts of the shop assistant in the shopping mall, as shown in Figure 13.3. The avatars’ behaviors correspond to particular cultures. Non-verbal behavior, in particular, is highly culture specific and constitutes 60% of interactive messages. For example, an Indonesian would use the right thumb rather than an index finger when pointing to a person; a Japanese smile can mean appreciation but it can also mean feeling embarrassed or sorry for another person. Transactions are carried out by negotiating prices with avatars. Using culturally specific shopping bots,* customer profiling can be developed. Bots have a great potential in data mining, finding patterns in enormous amounts of data. A customer profile may include information about negotiation skills, level of risk taking, and the ratio between an initial offer and the settlement price.

13.9 A CULTURE-SPECIFIC E-COMMERCE MODEL The bazaar e-commerce model (or any other metaphor for a specific culture) can be represented as in Figure 13.10. The four key components for developing and sustaining e-commerce in the global marketplace are (1) consumers’ attitudes toward e-commerce, (2) the cultural appeal, (3) the economic appeal, and (4) the usability of the site. These key components must be consistent with product integrity, a strong organizational culture, communication that facilitates frequent and personalized seller–buyer interactions, and ongoing profiling of consumers. It is not sufficient to have multilingual or national e-commerce sites. E-commerce sites must provides “zones” for customers who are unified by a common culture. Culture zones are markets that share not only resource needs but also cultural mores.

REFERENCES 1. F. Sudweeks and C. Romm, Doing Business on the Internet: Opportunities and Pitfalls. London: Springer, 1999. 2. V.I. Vernadsky, Scientific Thought as a Planetary Phenomenon. Moscow: Science, 1991. 3. B. Barber, Jihad vs. McWorld, The Atlantic Monthly, vol. March, pp. 53-63, 1992. 4. B. Barber, Jihad vs. McWorld. New York: Times Books, 1995. 5. C. Ess, We are the Borg: The Web as agent of assimilation or cultural Renaissance?, ePhilosopher, 2000.

* A bot is a software tool for digging through data. A bot is given directions and it brings back answers. The word is an abbreviation of robot, which is derived from the Czech word robota, meaning work.

SL3054_frame_C13 Page 242 Tuesday, November 20, 2001 9:16 AM

242

The E-Business Handbook

6. S. Hongladarom, Global culture, local cultures, and the Internet: The Thai example, in Cultural Attitudes towards Technology and Communication, C. Ess and F. Sudweeks, Eds. Sydney: University of Sydney, 1998, pp. 187-201. 7. B.-C. Lee, Paying for goods and services in the information age, in Doing Business Electronically: A Global Perspective of Electronic Commerce, C.T. Romm and F. Sudweeks, Eds. London: Springer, 1998, pp. 163-173. 8. N. Adam, A. Gangopadhyay, and R. Holowczak, A survey on research on database protection, presented at Proceedings of the Conference on Statistical Data Protection, 1998. 9. A. Gangopadhyay and M. Adya, Protecting sensitive information in electronic commerce, in Doing Business on the Internet: Opportunities and Pitfalls, F. Sudweeks and C. Romm, Eds. London: Springer, 1999, pp. 77-86. 10. T.F. Rebel and W. Koenig, Ensuring security and trust in electronic commerce, in Doing Business on the Internet: Opportunities and Pitfalls, F. Sudweeks and C.T. Romm, Eds. London: Springer, 1999, pp. 101-112. 11. K. Subrahmanyam, R.E. Kraut, P.M. Greenfield, and E.F. Gross, The impact of home computer use on children’s development, The Future of Children: Children and Computer Technology, vol. 10, 2000. 12. S. Kiesler, V. Lundmark, B. Zdaniuk, and R.E. Kraut, Troubles with the Internet: the dynamics of help at home, Human–Computer Interaction, vol. 15, pp. 323-351, 2000. 13. S. Viller, The group facilitator: A CSCW perspective, in Readings in Groupware and Computer-Supported Cooperative Work: Assisting Human–Human Collaboration, R.M. Baecker, Ed. San Francisco: Morgan Kaufmann, 1993, pp. 145-152. 14. H. Ishii, M. Kobayashi, and J. Grudin, Integration of interpersonal space and shared workspace: clearboard design and experiments, in Groupware for Real-Time Drawing: A Designer’s Guide, S. Greenberg, S. Hayne, and R. Rada, Eds. Berkshire, England: McGraw-Hill, 1995, pp. 96-125. 15 ActivMedia, Real numbers behind ’net profits 2000,” ActivMedia June 2000. 16 L. Leung, Business-to-business ecommerce will explode, says Gartner, vol. 2001: VNUNet.com, 2000. 17 A. Swardson, French groups sue to bar English-only Internet sites, Washington Post, pp. A01, 1996. 18 J.C. Westland and T.H.K. Clark, Global Electronic Commerce: Theory and Case Studies. Cambridge, MA: MIT Press, 1999. 19 L. Wise, Internet Business Models, vol. 2000, 1998. 20 W. Vickrey, Counterspeculation, auctions and competitive sealed tenders, Journal of Finance, vol. 16, pp. 8-37, 1961. 21 K.N. Cuckier, Bandwidth colonialism? The implications of Internet infrastructure on international e-commerce, presented at INET ’99, San Jose, CA, 1999. 22. M. K. Flynn, Nations fear English language dominance on Net, vol. 2001: CNN.com, 2000. 23. B. Dunlap, Reasons for Success in International E-Commerce: Speaking the Customer’s Language, vol. 2000: Euro-Marketing Associates, 1999. 24. M. Abel, Experiences in an exploratory distributed organization, in Intellectual Teamwork: Social Foundations of Cooperative Work, J. Galegher, R.E. Kraut, and C. Edigo, Eds. Hillsdale, NJ: Lawrence Erlbaum Associates, 1990, pp. 489-510. 25. S. J. Simoff and M.L. Maher, Analyzing participation in collaborative design environments, Design Studies, vol. 21, pp. 119-144, 2000.

SL3054_frame_C14 Page 243 Tuesday, November 20, 2001 9:17 AM

14

Electronic Government Yurong Yao and Blake Ives

CONTENTS 14.1 Introduction ..................................................................................................243 14.1.1 Current Development and Evolution ...............................................244 14.1.2 Definition..........................................................................................246 14.2 Benefits of Electronic Government .............................................................247 14.2.1 Cost Saving ......................................................................................247 14.2.2 Efficiency..........................................................................................248 14.2.3 Online Markets.................................................................................249 14.2.4 E-Citizens .........................................................................................249 14.3 Downsides of E-gov.....................................................................................250 14.3.1 Digital Divide...................................................................................250 14.3.2 Lack of Financial Support ...............................................................251 14.3.3 Security and Privacy ........................................................................252 14.3.4 The Threat to Representative Government......................................253 14.4 The Stages of E-Gov....................................................................................254 14.4.1 Preparation .......................................................................................254 14.4.2 Exploration .......................................................................................254 14.4.3 Integration ........................................................................................255 14.4.4 Personalization .................................................................................256 14.4.5 Conclusion........................................................................................256 References..............................................................................................................257

14.1 INTRODUCTION Certain technologies have had a profound impact on our lives and institutions. Among these are steam and electrical power, the internal combustion engine, air conditioning, the radio, the telephone, the airplane, and the computer. The Internet has similarly begun to dramatically transform the way we live, think and learn. Previously unimaginable products and services have been turned into reality by this exciting technology. Government too cannot escape the relentless force of the Internet. Electronic government, or e-gov, will permanently alter the relationship between government and citizen, reshaping both the day-to-day operations of the government and the political processes that form it.31 E-gov will change not only the means of communicating with government but also the frequency and quality

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

243

SL3054_frame_C14 Page 244 Tuesday, November 20, 2001 9:17 AM

244

The E-Business Handbook

of those communications. In 2000, the Clinton administration drew attention to this internationally emerging phenomenon by investing, $1.7 billion in e-gov planning for federal government operations.12 In the near term, e-gov is likely to experience continued rapid growth. Indeed, it is not difficult to imagine a future scenario where any citizen could obtain almost all the services of government on-line.

14.1.1 CURRENT DEVELOPMENT

AND

EVOLUTION

A 1994 earthquake in Southern California catalyzed the initial trial of technology in a U.S. governmental agency.9 With almost a million citizens impacted by the earthquake, the Federal Management Agency’s (FEMA) traditional paper forms and personal interviews significantly delayed applications for disaster relief. In response, the National Emergency Management Information System (NEMIS) was enacted to provide citizens relief service by a rapid electronic means.9 NEMIS, though only a telephone-based information system, was a major first step on the road to e-gov. With the development of technology, many countries have already drawn up plans for aggressively moving toward electronic government. Deloitte Research’s 2001 examination of 250 state-level departments in Australia, Canada, New Zealand, the United Kingdom and the United States, found that about 34% of the world’s population would be expected to access most government services through the Internet by 2002.8 In Asia, the Philippines undertook the implementation of the Government Information System Plan (GISP), providing online services to a large number of its citizens.7 Singapore and Korea, among many others, also have plans to move toward e-gov.46,53 In the United States, almost every state has both the internal information systems and the necessary citizen-centered Web sites established to provide its residents with at least rudimentary government information and services. On various state Web sites, citizens can access, for instance, state policies, health information, and education and employment opportunities. Also typically available are online license renewals and tax payments. Other services are more unusual. Mired in an energy crisis, California has established a Web page to publish energy blackout information,44 as well as tips for energy saving.45 The Web sites of neighboring Nevada and Arizona have also been influenced by the energy crisis,42,49 while Montana’s Web site is currently placing a priority on drought management and prevention from wildfire.47,48 Electronic democracy is also expanding. The U.S. presidential election of 2000, an embarrassment to many Americans, forced state governments to consider electronic voting.8 In several states, including Arizona and Oregon, electronic voting has been in place for some time.26 Private companies are also actively involved in fostering electronic democracy. Vote.com, for instance, provides the opportunity for citizens to express opinions on political policies, propose solutions to current foreign affairs, or even offer suggestions on casting for yet-to-beproduced movies. Once tabulated, these results can be sent by e-mail directly to decision makers.38 In Europe, the European Information Society (EIS) project was set up in the early 1990s to apply technology to the improvement of democracy.3

SL3054_frame_C14 Page 245 Tuesday, November 20, 2001 9:17 AM

Electronic Government

245

As a part of this project, the British government, in 1998, created a people’s panel for which 5000 citizens were randomly selected to represent the population, via online polling, in helping to shape the realization of e-democracy. Other EIS projects, including the Campaign for Open Politics in Europe (a virtual political café), Networks for Union Democracy (NetUnion) and Developing Digital Democracy (D3) are helping to propel other European governments into the digital age.3 E-gov is, to many, a derivative of e-commerce. Indeed, they share several similar features. The basic business model — one participant providing the services to another through the network — is the same. The characteristics of the servicing population, lagging technology adoption by that population, and problems such as security, privacy, and technology access are also similar. However, e-gov differs from e-commerce in four fundamental ways. First, e-gov lies in the public, notfor-profit sector, while e-commerce is largely in the private, for-profit one.12 The influence of several stakeholders in the public setting (e.g., executive, legislative and judicial branches, lobbyist, politician, employee), each perhaps operating with a rather different agenda, can result in systems attributes that are different from what one might have anticipated, were profits the overarching objective. For instance, maintaining the relative balance of power between liberal and conservative political powers may result in either a greater or lesser interest in ensuring wide-scale access to an electronic voting scheme. Similarly, the relative influence of civil service workers may slow the move toward the replacement of traditional, “over-the-counter” services with alternative electronic schemes. Political appointments or favored local vendors may also slow the pace, or reshape the direction of e-gov initiatives. A second area of difference is in the nature and content of the services themselves. For instance, an online retailer may be willing to accept, as they do with checks and credit cards, some level of fraud. The advantages of these payment systems make up for the additional costs of fraudulent transactions. Fraud, however, in an electronic voting system, could not only destroy the perceived integrity of the electoral process, leaving people distrustful of it, but could also bring down the voters’ wrath on the politicians who pushed the system forward. Third, users of electronic governmental services typically do not have the luxury, as they would with normal commerce, of abandoning one supplier for another. Their dissatisfaction, therefore, is more likely to be translated into verbal attacks on the system or ballot box revenge on its political sponsors. Finally, while the population of citizens may appear similar to typical customers, there are significant differences in how they must be served. For instance, the citizenry is geographically dispersed, often to locations that would not provide sufficient returns to a commercial enterprise. Government’s need to serve 100% of the population, rather than just the profitable sector, is further confounded by the access to technology, reading skills, the language of online interaction, and so on. On the other hand, as a monopolist provider, particularly of services to commercial enterprises, the government may have the option of requiring a particular form of interaction. Real estate brokers, for instance, might be required to use online services for necessary transactions with governments.

SL3054_frame_C14 Page 246 Tuesday, November 20, 2001 9:17 AM

246

The E-Business Handbook

E-government is still in the early stages of development. The answer as to how to best implement successful e-gov solutions is emerging slowly. Here, we shed some further light on that question. In the rest of this section, we provide a formal definition of e-gov. The next two sections discuss first the benefits and then the downsides of egov. The fourth section presents a four-stage strategy for e-government development.

14.1.2 DEFINITION E-gov can mean rather different things to different people. To a member of a legislative body, it may mean access to online materials required for legislative decision-making or electronic voting in the chambers of the legislature. To a citizen, it could mean electronic voting booths. To more progressive citizens, it might mean access to governmental services via the Internet or even voting from home. The first step in pursuing any e-gov initiative is agreeing on a definition to provide scope for the intended project. Ezgov, a provider of Internet-based transaction services for government,11 defines e-government as “leveraging the Internet to simplify government,” which they further segment into two dimensions: “online services for external constituencies” and “government operations for internal constituencies.” Their definition is derived from the perspective of services content categories and constituencies. Meta Group, a technology research firm, defines e-gov as “the ability to obtain government services through nontraditional electronic means, enabling access to government information and the completion of government transaction on an anywhere, any time basis and in conformance with equal access requirements.”9 Their definition only emphasizes the beneficiaries of e-gov, with particular attention to efficiency. James12 views e-gov as a chance to utilize Internet-based technology to achieve high productivity and cost reduction. E-gov, according to this view, supplies citizens with a new way to access government information and services, and enhance their involvement in the democratic process.12 Watson and Mundy39 take a broader view, identifying e-government as a component of e-democracy as well as e-politics. To them, Edemocracy is a means to deploy information technology so as to realize unimpeded flow of information between citizens and government, while increasing citizen participation in political activities.39 These definitions tend to examine e-gov from a few perspectives, such as purpose, service content, constituencies or characteristics. Recognizing both the internal and external participants of electronic government, we define e-government as: The use of electronic media for empowering citizens to efficiently and effectively access government information, process transactions, and participate in policy-making while also providing the necessary infrastructure for government employees to reengineer the business of government.

Using this definition, we can examine e-gov from three aspects. The first is that of the government and the electronic face it presents to better serve its citizens while changing the nature and need for work by the governments employees. Second, egov provides citizens with the opportunity to play a new role in government; for, with e-gov, citizens are linked directly to the public marketplace of information,

SL3054_frame_C14 Page 247 Tuesday, November 20, 2001 9:17 AM

Electronic Government

247

initiatives, and services.31 E-gov grants citizens greater ownership of their government and greater say regarding the affairs of government. Finally, e-gov can enhance the interactions between government and citizens. Communication frequency goes up while response time goes down. Moreover, the efficiency of government can be enhanced based on the suggestions of citizens — suggestions that can be easily forwarded to key decision makers. Also, citizens will, hopefully, be more satisfied with government as they know more about it, can readily access its services, and feel more valued by it.

14.2 BENEFITS OF ELECTRONIC GOVERNMENT E-gov brings dramatic changes to government routines and peoples’ lives. In this section, we explore some of these benefits, including cost savings, gains in efficiency, online markets, and the emergence and empowerment of e-citizens.

14.2.1 COST SAVING The most obvious benefit of e-gov is cost saving, including internal and external savings in labor, supplies, traffic, rents, parking, time, and so on. Government employees spend much of their time processing paper or phone calls. Service requests typically come in distributions characterized by high peaks in demand, such as at the end of the month, the end of the year, or during lunch breaks. Citizens pay, either by enduring long lines and busy phone lines or through additional taxes necessary to provide the excess capacity necessary to meet peak demands. Citizens also must incur the costs of traveling to and from the government service locations, the inconvenience of not having brought with them the appropriate materials, and so on. Access to government from home on a 24-hour-a-day, 7-day-a-week basis eliminates or reduces many of these costs, particularly the social costs incurred collectively by citizens in executing transactions. Furthermore, as Watson and Mundy39 have pointed out, an integrated e-gov could provide fluid interdepartmental flows of information, thus reducing the collection and maintenance of redundant information as well as citizen inconvenience. As transactions move online, labor costs should go down, as will costs for parking and office spaces, heat, electricity, supplies, postage, telephone, and so on. But some of these costs, particularly for labor and rent, will likely not go down very quickly unless traditional service distribution channels are reduced or eliminated. Rather, the long lines will shrink during periods of peak demand. The initial benefits, therefore, appear disproportionately weighted to the citizens rather than to the government agency. Still, there can be significant savings. The experience of the U.S. Government Accounting Office (GAO), an agency providing reports as to the requests of members of Congress, illustrates the possible cost savings.37 Starting in 1996, the GAO first began to provide all its reports via its Web site. While the GAO still provides printed reports, these can now be ordered online, providing both faster and less expensive order fulfillment. Online access to the reports reduced the number of copies that GAO needs to print by 33%. About 150,000 to 200,000 copies of each paper are

SL3054_frame_C14 Page 248 Tuesday, November 20, 2001 9:17 AM

248

The E-Business Handbook

now downloaded in machine-readable format each year.37 Online access also has reduced the search time for constituents to browse the reports. The U.S. Government Printing Office (GPO) has also used the network to achieve cost savings in the creation and distribution of the Commerce Business Daily (CBD).37 Currently, government agencies posting notices in the CBD are able to submit them electronically at a price of $5 instead of the $18 previously charged for paper submissions. The publication itself is also now distributed electronically as well as in paper form.37 While these are modest improvements, they roll up into significant savings. One recent study demonstrated that the potential savings of e-gov could be about $110 billion a year in the U.S. and EUR 144 billion in the European Union.28

14.2.2 EFFICIENCY Faster deliveries of services and online access to information are other benefits of egov. While faster and more convenient services can make citizens more satisfied, they can also lead to lower cost for government and a more productive citizenry. Many public services are already being provided by e-gov, including online license renewal, tax payment, fine payments. and so on. Online payments clear the payment system far more quickly than do traditional paper checks. The government of Fairfax County, Virginia, for example, received $4.3 million online in taxes, tickets and other payments in 2000, all paid for online either by credit cards or electronic transfer.5 By eliminating manual intervention, it now takes only about 2 days to receive electronic payment.11 The processing time is shortened and also becomes more flexible and customer friendly. With occasional disruptions, online services can be ubiquitously available. In Boston, for instance, those violating parking regulations can pay their tickets online beginning 3 days after the ticket is issued and until the actual due date.5 With the benefits of wireless technology, we may soon see a day where drivers can, upon discovering a ticket on their windshield, immediately pay it via cellular phone or, better yet, feed the parking meters without having to return to the car. E-gov also simplifies the internal workings of government. Complexity and the bureaucracy it breeds are two major causes of government ineffectiveness. In some cases, government services require complex interactions among employees often scattered across several departments or agencies. In some states or municipalities there may be 50 to 70 different departments,29 each serving many of the same citizens. Simple transactions, such as registering the birth of a baby, getting married, or selling a house, may require filing several different, often redundant, forms and getting the approval of various departments in some specified order, thus wasting the time of citizens and reducing productivity of the workforce.29 E-gov will eventually require these departments to be fully integrated, thus guaranteeing the fluid flow of information. Standard forms can be provided via the Web, integrating the information requirements of various departments. The result can be a single government portal providing one stop for all government services. The governments of Austria and Singapore, among others, have launched a central governmental portal to provide one-stop services.28 In the U.S., Netgov.com provides a portal that attempts to transcend government agencies, providing access to state and municipal government services.19

SL3054_frame_C14 Page 249 Tuesday, November 20, 2001 9:17 AM

Electronic Government

249

14.2.3 ONLINE MARKETS E-gov brings the marketplace to government purchasing. As e-gov provides more efficient, effective, and transparent services, it engenders opportunities for government-to-government and business-to-government transactions.29 Procurement is a rich example. Though government procurement is still in the early stages in the U.S.,8 the Internet will likely soon become the primary means for its accessibility. For example, in December 2000, a reverse auction was held for janitorial supplies in Allegheny County, Pennsylvania.8 While this was just a trial, the county eventually anticipates purchasing upwards of $250 millions annually via the Internet. In Malaysia, Commerce Dot Com has invested RM 100 million to boost the development of a national electronic procurement system.21 Among the benefits of electronic procurement are vendor catalogues with negotiated prices, pre-authorization budgets, authorization approval processes, online bid submissions, order tracking, purchasing history, automated reordering, standard reorders, and so on. In traditional procurement, it’s hard for governments to maintain individuals who are familiar with the suppliers for every commodity purchased. But, by using an online auction, the government can reach a large number of potential suppliers.8 E-gov also can create greater coordination and collaboration among agencies, with opportunities, for instance, to harvest the benefits of joint purchasing.20 Online markets also provide new distribution channels for the sale of government materials. For example, the U.S. Postal Service sold $27 million in stamps over the Web in 2000, while, that same year, the United States Geographical Survey sold about $7.5 million in maps and photographs.23 According to a survey by Federal Computer Week magazine, in 2000, the U.S. federal government earned about $3.6 billion in revenues from online sales.23

14.2.4 E-CITIZENS E-gov allows citizens to play a new or expanded role in helping to shape government. As the distance between government and citizens is narrowed and citizen-to-government communications are enhanced, people can, and do, take greater ownership of their government. As a first step, citizens begin to see and enjoy, perhaps for the first time, an efficient and effective government. In the next step, citizens are provided with a set of account options for personalizing service.18 Through these personalized accounts, or portals, the country’s residents are able to review and, to some extent, modify the dossier of personal information maintained by the government. E-gov services can then be tailored to personal characteristics and requirements and provided from a single online portal.18 Presumably, this kind of citizen-centric design should build confidence and commitment to the government. E-gov also offers residents the rights to participate in policy-making activities. Online voting, for example, has already been launched in the states of Oregon, California and Arizona. The Arizona Democratic Primary election, the first binding online election, was conducted between March 7 and 11, 2000. About 47% of voters cast their ballots via the Internet. Interestingly, though, and perhaps for other reasons,

SL3054_frame_C14 Page 250 Tuesday, November 20, 2001 9:17 AM

250

The E-Business Handbook

575% more people voted in 2000 than in the primary that was held 4 years before.29 Election.com, a private company, provides the facilities to conduct online elections for private institutions or political organizations throughout the world.10 The Internet can also help educate voters. Citizens can easily access candidate biographies, speeches, position papers and press releases. Also available, are discussion boards of similar-minded voters and opportunities to interact online with candidates. An emerging, often younger, population is increasingly comfortable with computer and communications technology.11 This growing set of people is comfortable using technology for online shopping, preparing school assignments, looking for jobs, searching for roommates or apartments, or applying for university financial aid. They anticipate, and will increasingly demand, similar service availability from their government. Online access to government services is already common and growing. Hart and Teelter found in 2000 that about two-fifths of Americans, including two-thirds of U.S. Internet users, had visited certain government Web sites. Nearly 25% accessed government information at least once a week.31 With those services in place, and particularly when coupled with forms of electronic democracy, it is not difficult to imagine greater involvement of these citizens in a political process.

14.3 DOWNSIDES OF E-GOV Despite the myriad promised benefits, the road to the widespread adoption of e-gov contains many bumps. In this section, we investigate several of the more notable, including the digital divide, inadequate funding, privacy and security, and the threat to representative government.

14.3.1 DIGITAL DIVIDE As an early objective, the founders of the Internet had sharing research and related information among research colleagues equipped with similar technological infrastructure. But, as the Internet technologies have migrated from the research domain to the worlds of business and government, the assumption of universal technology availability begins to severely unravel.33 This phenomenon of heterogeneous access has been labeled the “digital divide.” The digital divide, according to the American Library Association, “reflects the differences in access to information, the Internet and other technologies … including differences based on race, gender, geography, economic status and in the skills, knowledge, and abilities to use information.”2 Residents have been classified as either the “haves” or the “have-nots”.5 As we have described above, although e-gov offers the promise of a richer political life for its citizens, this life will be available only to those with access to the requisite technology.33 It has recently been estimated that about 80% of the world’s population is currently unable to participate in the information revolution.6 Even in the U.S, about 45% of the population does not currently have access to the basic technologies

SL3054_frame_C14 Page 251 Tuesday, November 20, 2001 9:17 AM

Electronic Government

251

of the information age.31 While this latter number is predicted to drop to close to 20% by 2005, it will be difficult to push it much lower. This digital divide is of particular concern for online voting. Just before the first online Democratic primary voting in Arizona, the Voting Integrity Project of Virginia filed a lawsuit seeking a prohibition against Internet voting.28 They argued that a digital divide associated with race would cause discrimination in voting practice. Though Arizona’s online primary went as scheduled, the digital divide remains a significant problem for the future of electronic democracy. According to a survey conducted by the U.S. Department of Commerce,29 noticeable digital divisions exist between rich and poor, white and nonwhite, as well as between well- and poorly educated segments of the population. Differences in Internet adoption exist among these groups even as the price of computing and bandwidth continue to decline.29 For example, a child from a low-income white family is three times more likely to be able to access the Internet than is a comparably aged child from a black family, and four times more likely than a Hispanic child.29 A high-income household in an urban environment is about 20 times more likely to have access to the Internet than is a low-income family in a suburb.29 A U.S. Department of Commerce Study34 argues that “the digital divide has turned into a ‘racial ravine’ when one looks at access among households of different racial and ethnic origins” (p.8). Hoffman and Novak,15,16 looking at three successive CommerceNet/Nielsen Internet Demographic Studies (Spring 1997, Fall 1997, Spring 1998), report that similar and statistically significant income and education diversities in the Internet usage exist between the African-American and white populations of the United States. Language may be another factor in explaining why Hispanic families in the United States are less likely to be found online. The majority of U.S. government Web sites are available only in English.22 Disabilities also pose barriers to the expansion of e-gov. An analysis of 1813 federal, state and local Web sites found that only 15% offered some form of disability access, such as a text telephone or other telephone device for the deaf.40 Literacy also provides a significant limitation to the extension of e-gov to the general population. The State of Louisiana, for instance, reports that, in 1997, only 42% of its residents had a reading level of eighth grade or above.17 In recognition of these disparities, many governments have to maintain alternative channels for those services provided to the general community.4 In some cases, however, less expensive and more convenient alternative channels can be employed. For instance, telephone-based services or transportable offices can replace the need for expensive, but under-utilized, local offices. Still, dual distribution channels are expensive and present potential problems with inconsistency across data entry formats. However, failing to provide for the technologically disadvantaged or apathetic risks provoking their ire. The result can be backlash against further extensions of e-gov.

14.3.2 LACK

OF

FINANCIAL SUPPORT

While e-gov offers considerable potential for cost savings, it will require significant initial investments for hardware, software, installation, maintenance and training.

SL3054_frame_C14 Page 252 Tuesday, November 20, 2001 9:17 AM

252

The E-Business Handbook

The amount is difficult to accurately estimate due to the complexity of costs. LaVigne25 analyzed at least six factors impacting the costs, including: 1. 2. 3. 4. 5. 6.

Building, maintaining and managing relationships The similarity of existing processes and work to the envisioned ones The similarity of existing technologies to desired technologies Separability of tasks Intended degree of integration in the final product Variations in data sources

In 1999, the e-gov project in the California Health and Welfare Agency was declared a failure because the project cost skyrocketed from the original bid of $99 million to $345 million.12 This phenomenon of low estimates is not unusual. It’s clear that e-gov projects need sufficient financial support, estimates based on comprehensive front-end requirements analysis, and ongoing project management. Even with effective management schemes in place, e-gov must be understood to be a long-term project with delayed return on investment. These characteristics of e-gov investments can quell the enthusiasm and political will of those who initially envisioned e-gov as a quick way to reap the rewards of extending government to its population. Training is another major stumbling block. Moving government transactions online requires conceptual and operational changes among government employees and behavioral change among citizens. For lower-level government employees, this requires specific training to make sure they can process the services properly and assist citizens. Administrators, on the other hand, require training in reengineering business processes so as to best deliver integrated services over the Web. Training for citizens may present the biggest barrier. Libraries, schools, and job training, after-school, mentoring and tutoring programs are options to provide citizen training,2 but at some cost. Easy-to-use systems are essential and an alternative to some training, but basic computer literacy remains essential for most e-gov applications. As well as financial support, policy reengineering is important. In the U.S., both the Clinton and Bush administrations have drawn attention to e-gov. The result is a federal CIO and $100 million in initial funding for digital government. But these funds are usually assigned to individual agencies, with each mounting its own plan for e-gov development, which causes the inconsistency of cross-agency systems integration.4 Similar approaches for funding are common in U.S. state governments, often magnified by the allocation of federal monies to individual state agencies. While funding tends to be allocated to agency stovepipes, effective e-gov project implementation requires cross-agency cooperation to ensure seamless integration, minimal redundancy, and a standard interface.

14.3.3 SECURITY

AND

PRIVACY

Other critical barriers to the widespread adoption of e-gov lie in both real and perceived concerns about privacy and security of Internet transactions. For instance, in 2000, more than $2.8 billion in revenue were estimated to have been lost in the

SL3054_frame_C14 Page 253 Tuesday, November 20, 2001 9:17 AM

Electronic Government

253

U.S. because potential customers, doubting the privacy of online transactions, did not feel comfortable relying on an available online sales channel.35 The population appears even more wary of e-gov, with its menacing shadow of “Big Brother.”41 Privacy means the right to control the information about oneself and the right to prevent nonrelated access to personal information.35 In the United States, the Privacy Act of 1974 required federal agencies to “establish appropriate safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats to their security or integrity.”36 In February 1996, the Office of Management and Budget (OMB)33 published circular A-130, requiring federal agencies to establish privacy policies suitable to citizens. Individual states also have implemented their own privacy statutes, as have many other countries. Interstate and intercountry flows of personal information further complicate the picture. While the fabric of privacy policy is slowly being woven, it is emerging in a rather fragmented manner.14 Ensuring the privacy of personal information requires that e-gov systems be secure. Security, according to Government Computer News and Dell Computer Corporation, includes securing quick access to electronic information provided by government and data transfers over private and public networks, and reliable storage of citizens’ data.13 Security involves protecting three vulnerable targets: software, hardware and the network. Threats to just the latter, for instance, include disabilities in the power system, the vulnerability of telecommunications networks located in faraway states or countries, and the threat of virus, hackers and sabotages. In 2000, the infamous “I Love You” virus damaged about 45 million computers through e-mail systems over the world at a cost of $10 to $15 billion — all this from a 300-line piece of software written by a kid from the Philippines.14 Many organizations commonly face the horror of stolen data and governments are no exception. Information Assurance attacks grew from about 100 significant incidents in 1988 to more than 8000 in 1999.14 In a survey (Hart/Teeter) conducted in August 2000, about 66% of the public and 38% of government workers were “extremely concerned” about “hackers breaking into government computers.”11 About 55% of Americans were very concerned about government staffs’ misuse of personal information.11

14.3.4 THE THREAT

TO

REPRESENTATIVE GOVERNMENT

Representative government implies that every member of the population is served and represented equally.1 Representative government is viewed as an efficient way to process governmental affairs. Elected officials study and weigh the critical issues and develop satisfactory solutions. Citizens must consider only the opinions and positions of the candidates and vote for those candidates who best match their own views. E-gov potentially allows society to move from representative to direct democracy. In this scheme, people gather enough information through various resources, and construct and express their own opinions to these issues directly via governmental or special-interest Web sites. Indeed, as the various propositions are now appearing commonly on many state ballots, citizens could, through their votes,

SL3054_frame_C14 Page 254 Tuesday, November 20, 2001 9:17 AM

254

The E-Business Handbook

directly shape government policy. When carried to the extreme, the vestiges of representative government — the elected officials — become redundant. But it is those very representatives whose livelihood would be put at risk who must allocate the funds for the pilot projects that might eventually propel us down the road to direct democracy.

14.4 THE STAGES OF E-GOV Despite the barriers to e-gov, there is, in the United States and elsewhere, considerable public support for its adoption. About 73% of sampled Americans have strongly urged the federal government to highly prioritize an e-gov agenda.31 The successful transformation to e-gov requires attention to technology access, organizational restructuring and reengineering, citizen acceptance and involvement, and the development of policies to deal with the unique problems of e-gov. The transition to e-gov must therefore be carefully managed. In the remainder of this section, we present a four-stage strategy for moving toward e-gov. The stages include preparation, exploration, integration and personalization.

14.4.1 PREPARATION E-gov remains unfamiliar to many people, even in technologically advanced societies. The first step, therefore, must be to give residents, as well as the providers of government services, some initial familiarity with the promise and reality of e-gov. These initial experiences with e-gov will primarily support and parallel the processes used for providing existing government services. They will provide a new but friendly face to a process that is already familiar. Most governments’ first objective in e-gov is to make information available from a Web site. These early sites provide easy access to government information and sometimes provide background on government policies.32 Here, too, can be found contact information about officials, locations and hours of operation for government agencies. In this stage, governments explore effective ways to provide information while people find, and master, the necessary technology to access the governmental Web sites. In the U.S. and many other Western countries, these information-centric government Web sites are now commonplace,30 and are now being enhanced by the advanced features we will discuss in the stages below. Much of this development has been spurred by legislative mandate. For instance, during the Clinton administration, the agencies of the U.S. federal government were required to post all previously printed materials on the Web.24 Moreover, voting services provided by private companies for political or private organizations, such as election.com and vote.com, also help familiarize citizens with e-gov.

14.4.2 EXPLORATION As people gain greater understanding about e-gov, they can be empowered to use the Internet to process transactions (e.g., license renewals, national-park reservations, tax payments) and sometimes to maintain personal information. In the preparation

SL3054_frame_C14 Page 255 Tuesday, November 20, 2001 9:17 AM

Electronic Government

255

stage, communication was primarily one-way — from government to citizen; in the exploration stage, it becomes two-way, with a consequent increased requirement for reliability and availability. To ensure reliable and ready access, large government may establish internal, professionally managed, Web sites that serve multiple agencies. Smaller governments may choose to outsource Web services and even applications from application service providers (ASPs).12 Also in this stage, we begin to see the emergence of online Web services seamlessly connected to existing internal information systems as well as more closely integrated with offline processes. Security and privacy emerge as significant issues as individuals are able to actually conduct business online and as the government begins to share personal information. Governments must adopt more complex encryption technology to assure the safe storage and transformation of information. Alternatively, they may turn to external providers to provide secure services, for instance, for online payments. As transaction procession services are now being provided over the Internet, the digital divide issue also will come to the forefront, with often politically motivated calls for increases in citizen access to technology as well as training. During this stage, agencies are likely to experience a considerable increase in the nimber of e-mails they are receiving from residents and will need to ensure that those messages are properly forwarded and promptly responded to. E-mail should be directed to roles rather than individuals, to insulate citizens from turnover in personnel. In the U.S., many state and local governmental Web sites are now providing online applications. The cities of Boston43 and New York50 are illustrative, as is the county of San Diego.52 Britain’s new Inland Revenue site now allows online tax payment.30 Generally, these sites are being well received. Among the Internet users in the U.S., about 71% ranked the quality of current government Web sites as excellent or good, with 60% indicating that it was easy to find needed Web sites, despite services being isolated by agency.31 Governments have also begun to increase investments in training associated with e-gov projects. For instance, in the U.S. in 1999, the Library Services and Technology Act authorized $166.2 million to ensure permanent citizens’ access to e-gov information.25

14.4.3 INTEGRATION Further benefits from e-gov will come by crafting information flows that can transcend the stovepipes of agency systems. Integration requires that each agency or department online application be united and presented through a single governmental portal, with shared agency use of common data (e.g., address, phone number). The portal’s design reflects the needs of citizens and the functions they must carry out, rather than the structure of departments and agencies. Here, the goal is citizen-centric services.30 As the portal automatically links across various departments and agencies, the citizen is insulated from bureaucratic complexity, making the process more transparent. Simple integration can be achieved by linking the single portal to various agency systems. But the real benefits will be achieved only when there is also integration at the level of the data. In other words, each agency should not be maintaining separate addressing information on each citizen. Despite the obvious citizen service advantages to such integration, it does raise the stakes regarding privacy.

SL3054_frame_C14 Page 256 Tuesday, November 20, 2001 9:17 AM

256

The E-Business Handbook

Just as there are opportunities for integration across agencies of the same government, so too are there opportunities for integration across different bodies of government or even with for-profit businesses. Some of this integration is aided by common naming conventions for governmental Web sites. In the U.S., for instance, all state Web site URLs are uniformly named, such as www.state.ny.us and www.state.ca.us. While uniform, these combinations are not particularly memorable. One alternative is a portal focused only on government services.Several companies have attempted to offer one-stop e-gov solution to citizens and their local governments; among these are ezgov.com and netgov.com.39 While initially conceived as universal government portals, these companies have more recently evolved into application providers for government agencies. A more common way for citizens to begin their search for government services is by using portals such as Yahoo.com or their local equivalents.

14.4.4 PERSONALIZATION In the personalization stage, citizens can access some applications and information by use of a login ID and password, and a personalized portal. Through these portals, governments can begin to foster one-to-one relationships with their citizens.39 Various services are provided by government, but not all of them are useful to every citizen. Sometimes, it’s difficult for a person to find the suitable service among the various available services. In the personalization stage, people can organize personal portals with their own package of links to services, thus providing a fast track to commonly used services. Similarly, users may be able to “sign-up” for e-mail or Web-based notifications regarding policy-making in areas of their personal interest, thus hopefully promoting greater participation in political activities and more ownership of government. Using this personal portal, government can provide each citizen with access to their personal information, for instance, the historical details of property tax payments or parking violations.39 Other information, such as address and phone number, can be self-maintained through the personal portal. Alhough most states in the U.S. are still in the second or third stages of e-gov maturation, North Carolina has moved into the personalization stage, creating “personalize My NC.”51 California has also implemented a rudimentary personalized portal. But just as government-only portals have failed in the private sector, so too have some government portals failed to attract enough users. Alternatively, generalpurpose portals, such as Yahoo (http://my.yahoo.com) and Microsoft Network allow users to personalize the portal with links to their favorite resources. Governments and portal providers will wish to ensure that links can easily be established from these personalized directories to government resources.

14.4.5 CONCLUSION Many citizens are beginning to realize that e-gov has the potential to revolutionize the provision of government services, at least for countries with widespread access to technical infrastructure. E-gov can significantly, even dramatically, change

SL3054_frame_C14 Page 257 Tuesday, November 20, 2001 9:17 AM

Electronic Government

257

governmental internal operations as well as the way ordinary citizens’ interact with their government. As we have described, the benefits of e-gov will come through costs saving, more convenient service to users, online markets, and an empowered population. But to fully realize the potential of e-gov, we must overcome barriers such as the digital divide, the lack of financial support, security and privacy concerns, and any real or perceived threat to representative democracy. Apparently recognizing some of these concerns, about 65% of polled Americans indicate that they would prefer to proceed slowly in establishing the Internet as an essential communication media between the population and governments.31 Still, the benefits of e-gov are so compelling that they will likely be harvested as the technical infrastructure becomes widely available to the residents of a particular governmental jurisdiction. Initially, that infrastructure will be employed primarily for the usual transactions between a government and its citizens. But, as that usage becomes ubiquitous, it will likely spread from services to policy-making and direct citizen involvement in democracy. In the U.S. at least, this may result in pressure for a new scheme for citizen-centric policy-making that was viewed as neither feasible nor desirable by the framers of the U.S. Constitution. It is this latter development that may ignite the real revolution of e-gov.

REFERENCES 1. American Heritage Educational Dictionary, Computer Version 1.0, Liberal Home Page, http:// www.liberal.com/Define/Define.html 2. American Library Association, Libraries: Ensuring Information Equity in the Digital age, white paper for ALABriefing2, 2001. 3. Anttiroiko, A. Toward the European Information Society, Association for Computing Machinery, Communications of the ACM, Vol. 44, 31, 2001. 4. Atkinson, R.D., Digital Government: the New Step to Reengineering the Federal Government, an except from the March, 2000 PPI report of the same name, which can be read on www.ppionlin.org, 2000. 5. Bringing local government home, The American City & County, Pittsfield, MA, Vol.115,Iss. 6, 2000. 6. Business Recorder, United Nations Report Calls For Bridging the Digital Divide, February 25, 2001. 7. Business World (Philippines), Electronic Government Scheme, Biggest Catalyst to E-commerce in the Country, September 12, 2000. 8. Cottrill, K. E-government Grows, Traffic World, Vol. 265, Iss.10, 2001. 9. Dean, J. E-government Evolves, Government Execute, Vol.32, Iss.13, 2000. 10. Election.com, Garden City, NY, http://www.election.com/, 2001 11. Ezgov, E-government Making Sense of a Revolution, Government Technology Magazine, the United Kingdom: www.ezgov.com, 2000. 12. James, G. Empowering Bureaucrats, MC Technology Marketing Intelligence, Dec. Vol. 20, Iss.12, pp. 62-68, 2000. 13. Government Computer News and Dell Computer Corporation, White paper, (a), Client Security in The Enterprise Network: Dell’s Perspective, February, 2000, http://www.netcaucus.org/books/egov2001/.

SL3054_frame_C14 Page 258 Tuesday, November 20, 2001 9:17 AM

258

The E-Business Handbook

14. Government Computer News and Dell Computer Corporation, White paper, (b), Protecting the Public: Security Strategies for the Electronic Government — a Big Time Response to a Big Time Problem, 2000, http://www.netcaucus.org/books/egov2001/. 15. Hoffman, D.L. and Novak, T.P., The Evolution of the Digital Divide: Examining the Relationship of Race to Internet Access and Usage over Time. unpublished manuscript, 1999. 16. Hoffman, D.L., Novak, T.P. and Venkatesh, A., Diversity on the Internet: the Relationship of Race to Access and Usage, unpublished manuscript, 1997. 17. Louisiana; Vision 2020: Master Plan For Economic Development, Louisiana Economic Development Council, July 1999. 18. Nasire, Creating Citizen-Centric Digital Government — A Guide for the State, Kentucky: NASIRE, representing chief information officers of the states, 2001, www.nasire.org. 19. Netgov, http://www.netgov.com/products/citinfo/navigator.htm, June, 2001. 20. New Straits Times (Malaysia), E-government For Efficiency, September 8, p.37, 2000. 21. New Straits Times — Computimes (Malaysia), National E-procurement Project Gets Funds, February 22, 2001. 22. Newsday (New York, NY), @home; The Challenge of Getting Latinos Online, May 2, 2001. 23. New York Times, Compressed Data: Dot-Govs Give Dot-Coms A Little Competition, May 28, 2001. 24. Pardo, T., Realizing the Promise of Digital Government: It’s More Than Building a Web Site, white paper in Center for Technology in Government, University at Albany/SUNY, 2000. 25. Rogers, M. and Oder, N., Good Vibes On Legislative Day, Library Journal; Jun 1, 1999. 26. Solop, F.I., Public Support for Internet Voting: Are We Falling into a “Racial Ravine”? Script prepared for the American Association of Public Opinion Research Conference, May, 2000. 27. Solop, F.I., Digital Democracy Comes of Age in Arizona: Participation and Politics in the First Binding Internet Election, presented at the American Political Science Association national conference, Washington D.C., 2000. 28. Symonds, M., Government and the Internet: the Next Revolution, The Economist, London, June 24, Vol.355, Iss.8176, 2000. 29. Symonds, M., Government and the Internet: Haves and Have-nots, The Economist, London, June 24, Vol. 355, Iss.8176, 2000. 30. Symonds, M., Government and the Internet: No Gain Without Pain, The Economist, London, June 24, Vol. 355, Iss. 8176, 2000. 31. The Council for Excellence in Government, E-govern, The Next American Revolution, Washington: www.excelgov.org. 32. The Citizen as Customer, Society of Management Accountants of Canada, Dec 2000/Jan 2001, Vol.74, Iss.10. 33. Turner, R., E-Government and Digital Divide, U.S./Office of Management and Budget Watch, 2001, http://www.netcaucus.org/books/egov2001/. 34. U.S. Department of Commerce, National Telecommunications and Information Administration, Falling Through the Net: Defining the Digital Divide: A Report on the Telecommunications and Information Technology Gap in America.Rev.11/99 ed.Washington, D.C.: National Telecommunications and Information Administration U.S. Department of Commerce, 1999, http://www.netcaucus.org/books/egov2001/.

SL3054_frame_C14 Page 259 Tuesday, November 20, 2001 9:17 AM

Electronic Government

259

35. U.S. Department of Interior, Office of Information Resources Management; Challenges and Opportunities: Privacy — Information Privacy — a Key Element in Egovernment, 2000, http://www.netcaucus.org/books/egov2001/. 36. U.S. Department of the Navy Chief Information Office, Privacy, 2000, http://www.netcaucus.org/books/egov2001/. 37. U.S. Center for Democracy and Technology and OMB, Cost, an except from Watch Report, The Ten Wanted Government Documents, http://www.cdt.org/righttoknow/10mostwanted/. 38. Vote.com, http://www.vote.com/, 2001. 39. Watson, R.T. and Mundy, B., A Strategic Perspective of Electronic Democracy, Communications of the ACM; Vol.44, Iss.1, pp.27-30, 2001. 40. West, D.M., Assessing E-government: the Internet, Democracy, and Service Delivery by State and Federal Governments, Providence, 2000, www.insidepolitics.org. 41. West, L.A. Electronic Markets and Electronic Governments, International Journal of Electronic Commerce, Vol. 2, No.2, pp. 5-28, (Winter 1997-98). 42. Arizona Department of Commerce, http://www.azcommerce.com/ETips/govdefault.htm, 2001. 43. Boston City Government, www.cityofboston.com, 2001. 44. California State Government, http://www.dgs.ca.gov/energy/energyarchives.asp? scount=88, 2001. 45. California Technology, Trade & Commerce Agency, http://commerce.ca.gov/energy/ energy-tips.html, 2001. 46. Korea Government, http://www.korean.net, 2001. 47. Montana Drought Advisory Committee, http://nris.state.mt.us/drought/, 2001. 48. Montana Disaster and Emergency Services, http://www.opi.state.mt.us/wildlandfire/, 2001. 49. Nevada State Government, http://dem.state.nv.us/plangovsltr.htm, 2001. 50. New York City Government, www.ci.nyc.ny.us, 2001. 51. North Carolina State, http://my.ncgov.com/yahoo?ycookie=v=1%26 n=fpg8ullre3p51%26l=c0_3450kbj.d2qqu/o%26p=01p00000000000%26r=7v%26lg =us%26intl=us%26np=1&, 2001. 52. San Diego Government, www.co.san-diego.ca.us, 2001. 53. Singapore Government, http://app.internet.gov.sg/data/sgip/main.html, 2001.

SL3054_frame_C14 Page 260 Tuesday, November 20, 2001 9:17 AM

SL3054_frame_C15 Page 261 Tuesday, November 20, 2001 9:18 AM

15

E-Business Goes Global: Institutional Environments and Governance of Global Internet Firms Sirkka L. Jarvenpaa and Sai K. Yayavaram

CONTENTS 15.1 15.2 15.3 15.4

Introduction ..................................................................................................261 Internet as a Transaction Grid .....................................................................262 Stylized Governance Forms: “Born Global” versus “Multi-Domestic” .....264 Transaction Cost Economics: Institutional Arrangements ..........................266 15.4.1 The Effect of the Internet on Institutional Arrangements...............268 15.4.2 Institutional Arrangements and International Business Literature..269 15.4.3 The Institutional Environment .........................................................270 15.4.3.1 Technology Environment: Uncertainty, Access, and Innovation ..................................................................271 15.4.3.2 Policy Environment: Contract Law Regimes, Property Rights Regimes, Jurisdiction and Content Regulations .......................................................................272 15.4.3.3 Culture Environment: Language, Practice, and Identity .......................................................................274 15.5 Conclusion....................................................................................................275 Acknowledgment ...................................................................................................276 References..............................................................................................................277

15.1 INTRODUCTION Global e-business involves electronic transactions in which a buyer and seller reside in different countries, and in which the buyer can complete the order online and the seller can process and fulfill those out-of-country purchase orders. E-business firms

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

261

SL3054_frame_C15 Page 262 Tuesday, November 20, 2001 9:18 AM

262

The E-Business Handbook

are managing these global e-business transactions through a variety of organization forms. Some firms have set themselves up as temporary or nimble market forms that serve customers around the world from one Web site and through spot markets. Other forms mirror the more traditional hierarchical “multi-domestic” enterprise with local online operations in multiple countries. Some firms appear as hybrid forms (dynamic networks and portals with long-term contracts with locally based third parties. As the Internet economy develops, these forms compete with each other in a variety of ways. This chapter addresses the following question: What is the relative frequency with which firms will use market versus hierarchical governance structures for global electronic transactions, given the policy, technology, and cultural environments of the sellers and buyers? We build off the transaction cost theory of the firm to understand how policy, culture, and technology factors create “stickiness” on the Internet transaction grid and drive the firm toward hierarchical governance forms for its global e-business transactions. After a short introduction on Internet transactions, we discuss two stylized governance forms: Born Global and Multi-Domestic. We then review the governance concepts from transaction cost theory, and expand our discussion to understand how information technology (IT) and global environment affect governance. Finally, we explore the effect of institutional environments on global e-businesses. This chapter’s contribution is in offering an analytical framework for assessing a firm’s governance structure in global e-business. We do not mean to imply that organizational choice for e-business transactions is fluid1 (indeed, the starting position of a firm with respect to the Internet economy is often pathdependent, resulting from pre-Internet economy factors).

15.2 INTERNET AS A TRANSACTION GRID To understand the strengths and weaknesses of different firm governance forms, we have to understand the characteristics of the Internet as well as the institutional environments of global business operations. The Internet presents a new “transaction grid” on which economic actors can initiate, negotiate, and complete transactions internally or externally, and, by doing so, economize on their business operations. In addition to giving traditional companies a new channel for transactions, the Internet has also given rise to so-called Internet or e-business firms for whom the Internet is the main transaction grid. Since the commercial inception of the Internet’s World Wide Web, much has been written about the unlimited nature of this Borderless Internet Transaction Grid. (See Figure 15.1) The Internet is seen as composed of standard Internet technology that is policy- and culture-neutral (that is, few, if any, cross-national differences regarding laws, governmental regulations, language, and norms affect the generic character of the transactions on the Internet. This neutrality or “smoothness” should generally encourage “borderless” market transactions and the breakdown of “old economy” hierarchical forms for transactions. But a closer look at global e-business transactions suggests a different type of institutional environment than that projected by the Borderless Transaction Grid. Technologies, policies and cultures affecting global e-business transactions are not homogeneous; they are complex and often country-specific. Moreover, institutional

SL3054_frame_C15 Page 263 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

263

FIGURE 15.1 The Internet as a Borderless Transaction Grid.

Import/Export Laws Language

Contracts

Payment Mechanism

Privacy Industry Regulation

Fraud

FIGURE 15.2 Borders matter on the Internet.

environments are growing more complex and less borderless on the Internet. Many countries’ laws, property rights, and government are in flux as they try to adapt to the new online business environments. (See Figure 15.2.) Jessica Litman, an editor of New Developments in Cyberspace Law writes: In 2000 The Motion Picture Association of America shut down the Canadian site iCraveTV.com because its site, allegedly legal under Canadian law, could be viewed by people outside Canada. A French court held that Yahoo violated French law when it permitted auctions of Nazi memorabilia on a site accessible to people in France. The remedies contemplated by the courts deciding these cases are the use of technology to simulate national borders — requiring sites to come up with a way to deny access to browsers originating in complaining countries. If the trend continues, we may see the end of the borderless Internet, with virtual customs agents demanding virtual passports as electronic bits cross virtual borders. The growing complexity of institutional environments not only increases the uncertainty that a seller and buyer face, but also the likelihood of hierarchical governance forms coexisting with market forms for global electronic transactions.*

* Asset specificity refers to the “extent to which assets (e.g., physical, human, or site) are specialized to a specific transaction and can be used only at lower value in alternative applications.” As an example of governance structure, a portal provider must decide whether to purchase the search engine it needs in the marketplace (market), to develop it in-house (hierarchy), or to enter some intermediate form of relationship with a contractor (hybrid).

SL3054_frame_C15 Page 264 Tuesday, November 20, 2001 9:18 AM

264

The E-Business Handbook

With few exceptions, prior research that had addressed the issue of organizational form argued that the Internet and other IT forms give an advantage to market forms over hierarchical forms of governance.3–5 These increased benefits are perceived to derive from 1) a marked reduction in coordination costs for markets as compared with hierarchies due in part to standardized transacting interfaces, and 2) a notable reduction in governance costs for markets as compared with hierarchies, due to a reduction in asset specificity and an increase in the number of potential partners. These benefits could either result in a shift of existing transactions from hierarchies to markets or make the market more attractive for new transactions made possible by IT. Based on these purported advantages of markets, a few researchers such as Malone and Laubacher have made the far-reaching conclusion on organizational forms that the role of hierarchies would be substantially diminished in an electronically networked world.6 In the context of global markets, it has been predicted that firms that are smaller in size than current firms would be able to serve global markets from just one location and through an extensive network of market-based contracts.7 In this chapter we argue that such predictions need to be tempered. These assertions have not given fair play to the transactional hazards arising from institutional factors that globally competing firms face on the Internet.2 Notably, institutional factors are not the sole forces behind why hierarchical governance forms will persist along the market forms. The Internet is increasing the importance of specialized assets due to an increase in customization of products and services and creation of globally recognized brand names. Transactions that involve transaction-specific, nontransferable investments (specialized physical and human commitments to a business transaction or series of transactions, for example) are not handled well by market forms of governance. These conditions make it difficult to mitigate the risks of opportunistic behavior by one’s contractual partner.8 Having made a specialized investment, an actor is vulnerable to opportunism when the contract breaks down, for to leave the relationship means lost startup costs (nonredeployable assets, whether they be physical, human, or intangible intellectual capital or brand image). To manage opportunism arising from these specialized assets, hierarchical forms will be relatively commonplace and will coexist with market forms.

15.3 STYLIZED GOVERNANCE FORMS: “BORN GLOBAL” VERSUS “MULTI-DOMESTIC” Compared with their traditional counterparts that built their businesses on brick-andmortar grids, Internet firms are entering international markets faster, and are venturing further into foreign markets that are culturally distant from their own.9 In theory at least, e-business firms can be “Born Global” by merely having a presence on the Internet, which creates a presence that is immediate and everywhere.10 These Born Global firms can operate in international markets from the earliest days of their establishment without setting up a foreign-specific presence to procure inputs or manage their transactions with customers from a particular country.11 Born Globals are small and agile, as they do not need to build a physical network of production, R and D units, and logistics and marketing channels. These firms create value

SL3054_frame_C15 Page 265 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

265

not by seeking scale and scope economies of tangible assets, but through innovation in product design and information and process technology to meet ever-changing customer needs.12 Born Globals are expected to deploy market forms of transacting to a much greater extent than their traditional counterparts (i.e., global bricks-andmortars that rely heavily on vertical and horizontal integration). In their article “The Dawn of the E-lance Economy,” Malone and Laubacher ascribe a similar structure to a Born Global.6 They argue that the Internet allows for quick relay of information between potential contracting agents and the establishment of a network from which contracting parties can be quickly and costlessly coordinated. More precisely, they argue that the Internet promotes spontaneous organization of “e-lancers” (independent business actors who “join together into fluid and temporary networks to produce and sell goods and services.”) In some sense, these e-lancers become nodes, however temporary, in the market-based structure. “When the job is done (after a day, a month, a year) the network dissolves and its members become independent agents again, circulating through the economy, seeking the next assignment.”6 Long-term contracting relationships and centralized organizations with hierarchy have little role here (Malone and Laubacher attribute this predicted fall to the decreasing cost of coordinating Internet business activity. They predict that the hierarchical organization of the 20th century will be merely a transitional structure.6 The e-lancer model assumes the Internet to be a borderless transaction grid supporting frictionless commerce. According to R. Kuttner, “The Internet is a nearly perfect market because information is instantaneous and buyers can compare the offerings of sellers worldwide.”13 The e-lancer model is in contrast to another global governance model: the “MultiDomestic,” which resembles the traditional hierarchical multinational enterprise that initially develops core competency in a domestic market and expands internationally by gradually setting up locally based Web operations in other countries.2 The core product, technology, and market strategies are developed at the home base and then adapted to local context to maximize opportunities and minimize barriers in that country’s institutional environment. Autobytel.com, the United States’ leading newcar-buying site, started its operations in 1995, and only several years later expanded operations to Europe, one country at a time. Amazon.com has set up a network of online bookstores in Europe; each country is supported by a local Web site with prices that may differ as much as 40% by country. Yahoo! has developed different Web sites for different countries and enjoys an extensive network of local partners by countries. Operating separate Web sites and partnering networks locally is equivalent to producing locally as the firm has developed site-specific assets. Zhao and Du characterize Born Global as an open business model and the traditional Multi-Domestic model*as a closed business model.9 In a Multi-Domestic model, channels of transactions and communication are closed or partially closed via ownership. Product, services, and information flows take place in the bounded spaces and often in predetermined sequences. There are flow delays due to different time zones and many layers of intermediaries. The closed model favors large firms; the open model, by contrast, favors small entrepreneurial firms. The * Zhao and Du label their model as multinational (MNE).9

SL3054_frame_C15 Page 266 Tuesday, November 20, 2001 9:18 AM

266

The E-Business Handbook

Continuum of Market and Hierarchy Market One global Website; spot-markets/ short-term service and production contracts with independent local firms

Hybrid Local or regional web presence via long-term partnerships and joint ventures with local firms

Hierarchy Local web presence through centrally controlled but locally executed country or regional websites

FIGURE 15.3 Stylized governance forms.

Internet supports an open global cybermarket where business and customers can interact flexibly without costly investments in production or marketing channels and long-term contracts with intermediaries, where the flow of production and information is multidirectional and synchronized, and where there can be a spontaneous sharing of information and a real-time response to clients’ questions.9 Admittedly, few firms if any exhibit these pure governance forms of Born Global or Multi-Domestic; rather firms differ in their propensity toward one or the other form in a transaction. We are using these two pure forms to contrast them and argue that the Internet economy will not obliterate the hierarchical form. Global e-business firms will deploy hierarchical forms as well as market forms and hybrid forms for their transactions. In a hybrid form, firms rely on long-term partnerships and joint ventures with local firms. (See Figure 15.3) A dimension that varies across the continuum of the stylized governance forms is how a globally competing firm handles local presence. Local presence could be nonexistent, a joint-venture, long-term partnership or a fully owned subsidiary that is governed either centrally or noncentrally. In the last option, if the local presence is tightly controlled from the home base (i.e., centralized), then the form is more of a hierarchy than if there is significant local governance over key strategies. One way to conceptualize these differences is through a diagram whose rows are designated as global central versus global local, and whose columns are headed hierarchy versus market. The top rows are the pure forms and the bottom forms are those approaching a hybrid mode. (See Figure 15.4.)

15.4 TRANSACTION COST ECONOMICS: INSTITUTIONAL ARRANGEMENTS The transaction cost economics (TCE) literature involves an examination of both the governance choices or institutional arrangements and the political, legal, cultural and technological rules of the game or institutional environments.14 The relationship between these two is of critical importance in understanding the comparative advantages of one governance choice over another in the Internet economy.

SL3054_frame_C15 Page 267 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

267

Market

Globally Centralized/ integrated

Globally Decentralized

Hierarchy

Spot-markets or shortterm service or production contracts with independent local firms

N-to-N e-business system centrally controlled and executed including full transaction support, fulfillment/logistics, support

Licensing, franchising, Non-equity arrangements with local firms

Local websites that are centrally controlled for their strategic aspects but with local execution and operation

FIGURE 15.4 Modes of governance.

According to transaction cost theory, a critical aspect of choosing optimal organizational forms is to align the transactions, which differ in their vulnerabilities to opportunism by trading partners, with the appropriate governance mechanism, or institutional arrangement. These institutional arrangements vary in their abilities to manage transactions from the various hazards that may arise in a competitive market. Institutional arrangements are generally presented as the possible forms of economic organization — that is, markets, hybrids, and hierarchies. With respect to Internet firms, the corollaries might be e-lancers, networks, and Multi-Domestic Internet business operations, respectively. These institutional arrangements are the basic “private-ordering” mechanisms for managing coordination costs, uncertainty, contracting hazards and property rights involving transactions between economic actors.8 In Williamson’s Model, transaction is the basic unit of analysis and transactions are assigned to governance structures to economize on transaction costs.8 To accomplish this, it is necessary to identify the types of costs and the attributes of transactions that affect the costs and describe the reasons that these costs are different for the alternative governance forms. For example, Williamson considers production and governance costs of hierarchies and markets in his analysis.8 The attributes of the transactions that affect the costs are asset specificity, frequency and uncertainty. Markets have an advantage over firms in production costs due to advantages of pooling of demand, better incentives and lower bureaucratic costs. This advantage of markets decreases with the increasing level of asset specificity. Hierarchies have an advantage over markets in governance costs when asset specificity and uncertainty are high in a smallnumbers bargaining situation. Hybrids, of course, are something in between markets and hierarchies. (See Figure 15.5.) An important insight of TCE is the notion that agreements (or contracts) between economic actors are by nature incomplete (due in large part to the limited cognitive abilities of people). Words in a contract cannot completely capture the many contingencies that arise in a business agreement, and there are many instances when the contract terms are insufficient to govern the relationship. These are particularly acute

SL3054_frame_C15 Page 268 Tuesday, November 20, 2001 9:18 AM

268

The E-Business Handbook

• Transactional relationships vary in their governance characteristics: frequency, asset specificity, uncertainty • Governance structures vary in: • Their ability to adapt to changing circumstances • Their ability to protect transacting parties from opportunism • Their cost of administration • Markets have lower production costs due to pooling of demand and better incentives. • When asset specificity is high, hierarchies have an advantage in governance costs. Uncertainty and frequency interact with asset specificity to increase the costs of market mode. • Hybrid modes have an advantage over hierarchies and markets when asset specificity is moderate. FIGURE 15.5 Transaction cost theory.

in new business mediums, such as the Internet, where agreements are more likely to be negotiated facelessly and cross-culturally, and often involve vaguely defined goal outcomes (Internet firms must often evolve their business model when entering the transaction arena because of issues of competitive sustainability, and thus, the goals and needs of a contracting relationship may change quickly). Assuming that some economic actors are afflicted with opportunism (a behavioral characteristic that Williamson describes as “self-interest-seeking with guile,”14) negotiating actors will be cautious in relying on the terms of an agreement to be self-enforcing.) It is not necessary that all economic actors be opportunistic; the mere possibility that some will be presents a contracting hazard in arranging the transaction relationship. Opportunism can happen in a variety of ways. For example, an actor holding market power may require its partners to make specialized investments in a proprietary system if they wish to deal with the actor holding market power. The investment can be technological (such as committing one’s IT apparatus to a supplier’s specific standard in using electronic ordering) or human-knowledge-based (such as developing human expertise of a partner’s products and operations). The specific investment could also be in co-branding image (such as being associated with Yahoo! or AOL networks). But a specific investment in a transaction will be beneficial only if a continuing transactional relationship can be had (follow-on contracts, in particular). After a party has made specific investment commitments, it may be subject to opportunism by its partner, who now knows that the other party is holding nonredeployable assets (the supplier has a vendor hooked on IT-product ordering standards, for example).

15.4.1 THE EFFECT OF THE INTERNET ARRANGEMENTS

ON INSTITUTIONAL

The Internet is a special type of information technology with a high degree of standardization, making it relatively generic and accessible.15 While we accept that technological standardization can reduce asset specificity, the Internet does not, however, eliminate asset specificity that is tied to a relationship between a seller and

SL3054_frame_C15 Page 269 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

269

a buyer (e.g., trust) and, moreover, it does not reduce opportunism. In a pre-Internet context, Clemons and Row found that the goal of lowering coordination costs through the use of IT with external business partners such as suppliers increased the risk of relationship-specific investments.16 Further, information technology IT can facilitate transactions for which hierarchies have a relative advantage, such as when transactions enjoy economies of scale and scope of existing firm-specific assets. For example, IT can increase the returns of firm-specific assets such as R and D and brands by increasing the global reach of the firm. This, for example, explains the diversification of Amazon.com to other product markets beyond books (music, toys, etc.) Moreover, the Internet does not reduce opportunism between market actors. Opportunism-related costs or governance costs, as termed by Williamson, are primarily concerned with thwarting opportunism.8 Admittedly, there have been few investigations of opportunism and IT, let alone the Internet and opportunism. Kraut et al. found no theoretical or empirical support that IT in general reduces opportunism between firms17 — they did not study the Internet specifically. With respect to global Internet business, hierarchy is still a valued organizational form to deal with the opportunism that attends transactions involving specialized asset investments.

15.4.2 INSTITUTIONAL ARRANGEMENTS BUSINESS LITERATURE

AND INTERNATIONAL

The purported increase in the advantage of markets in the Internet and information technology literatures has also been used to draw the implication that distances between producers and consumers, or differences in factor and product markets due to resources, culture, consumer tastes or any other location-specific factors, are no longer important. That is, a global e-business would not develop any location-specific facilities such as country-specific Web sites internally and would manage any local operations only through market contracts. In theory at least, a firm such as Yahoo! could choose an organization form in which it operates exclusively out of its headquarters and, as needed, would have contracts with partners in various countries to manage any local issues.7 These arguments don’t consider the effect of uncertainty on the governance that arises from the broader institutional factors. The more global the firm (the more countries the firm sells to and higher the percentage of sales from nondomestic customers), the more different country-specific environments it will face as it serves customers, and hence, the more it will use hierarchical governance forms assuming contracting occurs across national boundaries, rather than local contracting. The economic theories of international strategy and organization stress the cost and risk factors in international expansion, advocating a graduate process from lowcost, low-risk strategy such as exporting, to higher-cost or higher-risk strategies such as wholly owned foreign facilities.18–20 The application of transaction cost theory in the international context suggests that the higher the level of environmental uncertainty and market imperfections, the greater the opportunism to asset specificity a firm faces and, hence, the more the firm seeks vertical and horizontal integration (i.e., hierarchy).8,21,22 The international strategy theories also suggest that advantages accrue to global firms over a local firm when global firms possess economies of

SL3054_frame_C15 Page 270 Tuesday, November 20, 2001 9:18 AM

270

The E-Business Handbook

scale and scope, and when such returns are accentuated by the presence of nonimitable specialized assets. Examples from such specialized assets include technology, brand name, global marketing and other organizational skills requiring specialization. Firm-specific specialized assets are said to be increasing when a firm focuses more on its competences and these are interrelated with those of other firms.23 Specialized assets often have to be developed in a path-dependent way and have time compression diseconomies to prevent imitation. Hence, we argue that, for a globally competing firm, the Internet is increasing the importance of specialized assets due to an increase in technology intensiveness, customization of products and services, and creation of globally recognized brand names.24 Also, many of these valued specialized assets are location specific due to the continuing heterogeneity of factor and product markets across various locations and the immobility of tacit knowledge across electronic networks.25 Such location-specific specialized assets imply that firms need to have a distributed presence and cannot operate from just one location. Further, global firms cannot achieve such a distributed presence through market contracts alone. The very firm-specific factors that provide global firms an advantage over local firms make market contracting expensive. Hierarchical governance forms will be an important complement to market forms in global e-business transactions.

15.4.3 THE INSTITUTIONAL ENVIRONMENT The institutional environment* is the broader set of social conditions within which economic transactions take place. “The institutional environment itself operates at two levels: an informal level (the norms, customs, morals, religion) and a formal level (the policy, judiciary, laws of contract and property).”26 We call the informal level the “culture” environment and the formal level the “policy” environment. We also add the technology environment (Internet protocols, Internet access technologies, and Internet standards to the list of institutional environments. (See Figure 15.6) The culture, policy, and technology environments influence the overall uncertainty a firm faces and increases the propensity toward hierarchical forms in those transactions with highest uncertainty. Environmental uncertainty has been empirically found to be linked to • Institutional arrangement (IA): Transactional vulnerability (v) • Markets • Hierarchies • Hybrids • Institutional environments • Technology standardization (t) • Policy harmonization (p) • Cultural homogeneity (c) FIGURE 15.6 Transaction cost theory. * According to Davis and North, the institutional environment is defined as “a set of fundamental political, social, and legal ground rules that establishes the basis for production, exchange, and distribution.” 29

SL3054_frame_C15 Page 271 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

271

Institutional (IA): f(v)

Institutional Arrangement

High (Hierarchy)

IA1 IA2

Low (Market) Low

Transactional Vulnerability

v High

FIGURE 15.7 Shift in governance forms: IA1–IA2 = f(t,p,c).

hierarchical forms.27 The institutional environments can be viewed as shift parameters to an organizational governance continuum. (See Figure 15.7.) 15.4.3.1 Technology Environment: Uncertainty, Access, and Innovation In the traditional economy, market forces and legal regimes often govern the use and ownership of technology. In the new economy, Internet technology often has its own governance features separate from market forces and legal regimes. As Lawrence Lessig phrases it, “Code (software) is law.”28 Internet technology limits or expands social and economic opportunities much like legal and market forces. The Internet was created as an open architecture with no global control and no single point of vulnerability. However, it has proven increasingly difficult to make money in such an open architecture. The corporate giants of the Internet have been among those leading the way to proprietary Internet environments. Consider AOL’s instant messaging system: Microsoft and others who were providing competing products attempted to expand the transactional base for their subscribers (and business operations) by standardizing their instant messaging protocols with AOL. AOL, wishing to retain an organizational boundary that protected its markets from competitors, changed its instant messaging protocols (changed technology) to keep Microsoft out. This situation is not unique. Other proprietary networks have been defined more by technological access than market agreement. The mobile Internet is an example of proprietary standards; different wireless standards prevail in different parts of the world with only moderate global convergence in sight. Internet connectivity, bandwidth, and costs vary greatly from country to country and region to region. Technological innovations are also location specific, as illustrated by the development in California’s Silicon Valley versus Route 128 in Greater Boston. All these technology-related factors make the transaction grid choppy and uncertain, requiring firms to integrate activities to ensure technological access, innovation and control. (See Figure 15.8.)

SL3054_frame_C15 Page 272 Tuesday, November 20, 2001 9:18 AM

272

The E-Business Handbook

• Control • Lessig “Code is the governance mechanism over the transactions” • AOL/Microsoft Instant messaging technologies • Access • Poor telecom connectivity, low bandwidth, high cost • Uncertainty (e.g., standards) • Mobile Internet • Innovation • Silicon Valley vs. Rte. 128 FIGURE 15.8 Tranactioal hazards: technology environment.

15.4.3.2 Policy Environment: Contract Law Regimes, Property Rights Regimes, Jurisdiction and Content Regulations 1. Contract: The effects of a diverse global policy environment are particularly salient with respect to the transaction grid. Consider first the relationship of the transaction grid with contract law regimes, which vary across national boundaries (and within national boundaries in some cases). In some countries (U.S., Germany, U.K., for example), contract law enforcement is strong; in others it is weak (whether due to the laws or enforcement institutions). Strong contract law regimes promote market organization as individual actors can rely on a legal apparatus to enforce individual agreements. It is more difficult for trading partners to engage in opportunism when contract laws are clear and enforcement institutions credible. In weak contract law regimes, individuals cannot rely on government institutions to enforce private contracts. In that environment, contracting actors are more likely to be concerned with opportunism as there is no shadow of policy to encourage cooperation when gains can be had from “cheating.” In that context, firms are more likely to deploy forms of hierarchical business structures to ensure that transactions are faithfully executed,14 thus bypassing the weak contract law regime. In terms of e-commerce, there are many uncertainties about how even strong contract law regimes apply to Internet transactions. The United States, Europe and Asia, for example, have recognized the conflicts of their own contract law regimes with the new Internet transaction grid and all are making fundamental policy decisions about electronic signatures for contracting over the Internet. But these uncertainties in the short run will at least cause Internet firms among themselves to ensure their transactions in other ways, one of which will be through a hierarchy in addition to a market form. In the global context, the contract law issues become even more acute. Even operating in various countries with strong contract law regimes can be problematic when those contract law regimes are not harmonized. What constitutes an enforceable agreement in the U.S., for example, is not necessarily acceptable in Germany, even though both have strong

SL3054_frame_C15 Page 273 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

273

contract law regimes. Moreover, while the transaction grid facilitates multilateral contracting (between economic actors from three or more countries at once), the complexity of contract enforcement is multiplied, and the risks of opportunism accordingly increased. A firm may be faced with the prospect of forgoing the transaction opportunity or finding another mechanism, perhaps through a hierarchy, to ensure the transaction’s completion. This problem is not unique to Internet business, it is only magnified in this context, especially given that some Internet business contracting partners may be virtual in identity and difficult to attach to any contract law regime tied to physical jurisdiction. To the extent that contract law regimes become strengthened and harmonized (in terms of content, enforcement, and application to the Internet) the hierarchical forms of organization will be less complementary than the market forms in global e-business transactions. 2. Intellectual property: Weak property rights regimes may likewise push contracting parties on the Internet into a hierarchy when enforcement and harmonization are weak. If proprietary information (a trade secret, for example) is necessarily leaked in a contractual relationship, or if there are innovative processes and products created (for which patents or copyrights could be sought), there is a need for a legal regime that recognizes and enforces intellectual property rights. If the intellectual property regime is weak, then firms will want to contain the information flows to within the company’s boundaries, thereby preventing leakage or uncompensated use of the firm’s intellectual property assets. Relying on market exchange when intellectual property rights are weak may present too many risks, as contracting actors can walk away with the intellectual assets of their partners. Hierarchically organized transactions can effectively contain the value of the exchange and the leakage of strategic information or property rights.30,31 The global Internet business environment creates many uncertainties for property rights. First, there is much difficulty in defining and understanding what intellectual property is created (data, know-how, etc.). For example, in the European Union, databases are governed under the copyright law (though that has not been traditionally the case under U.S. copyright law. Second, harmonization is unlikely anytime soon. For example, look at the U.S. patent policy on business methods: the U.S. Patent Office and the U.S. federal courts have recently allowed the patenting of Internet business methods. Firms such as Amazon.com, with its business method patent on the 1-Click checkout, or Priceline.com, with its business method patent on reverse auctioning on the Internet, cannot currently count on enforcement of these patents outside the U.S. These types of intellectual property will certainly meet with different receptions across national borders. If these patents were universally enforceable, the patent holders would have the option of obtaining royalty payments, it they should choose not to enter a foreign market by themselves. To the extent that these property rights must be protected,

SL3054_frame_C15 Page 274 Tuesday, November 20, 2001 9:18 AM

274

The E-Business Handbook

firms will have to enter a foreign market by themselves to exercise control and use hierarchical governance forms. 3. Capitalization and bankruptcy: Different national policies on capitalization and bankruptcy favor highly integrated or centralized Multi-Domestic firms over local, decentralized and Born Global Web firms. Many of the market forms of e-business begin as Internet start-up companies. In Europe, for example, venture capital is difficult to get for startups, bankruptcy laws are stiff (discouraging startups, which naturally have high failure rates) and the culture is such that bankruptcy is a social stigma (again discouraging high-risk startups). All these investment hazards will encourage firms to maintain centralized control in their global transactions. (See Figure 15.8.) 4. Jurisdiction and content restrictions: While the Internet was designed to provide a seamless and unlimited access to content, many governments have been trying to limit access in some way or other. Attempts by the governments in China and Singapore to control the access of their citizens to certain content is well known. Such access restriction in access is being witnessed in more-open societies as well. In a well-followed case, a French court held that Yahoo! should block French Internet users from viewing the Nazi-related items being sold at any of its auction Web sites including those in the U.S., where selling such items is not illegal. Judges in Germany and Italy have made similar rulings on the application of national jurisdictional laws on the Internet. As of now, the way U.S. companies use information about their consumers does not seem to meet the stringent privacy laws in Europe. This is another area where national jurisdiction may soon apply. Earlier, the possibility that borders could be erected on the Internet was dismissed due to technological limitations. However, new technology (geolocation software combined with keyword filters) that can determine the location of a particular Internet user has been developed. Such technology, which is being developed because of its significant use for advertisers, can be used to restrict access to a majority of the Internet users in a particular region. While new technology will evolve to help determined Internet users overcome such restrictions, such restriction in access is often as good as the restrictions in the non-Internet arena. A few months after the court ruling, Yahoo! removed Nazi-related items from its Web sites. While Yahoo! denied that it was complying with the French court ruling, it seems that the ruling had its desired effect. 15.4.3.3 Culture Environment: Language, Practice, and Identity The borderless Internet grid assumes a homogeneous culture involving, among other things, attitudes toward contracting and trading that encourage people to engage in market transactions at low cost. It does not consider the fact that cultures vary greatly in terms of their attitudes toward risk.

SL3054_frame_C15 Page 275 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

275

With respect to technology and policy, the Internet is becoming more culturally heterogeneous. One instance is language. In 1999, 78% of Web sites were in English. By 2002, more than half of Internet users are expected to speak a language other than English. By 2003, the majority of Web content is predicted to be in a language other than English. Corporations have difficulty managing content in one language, let alone in many languages and particularly when it involves dynamic content that changes 24 hours a day. This cultural heterogeneity leads to greater complexity and uncertainty in global e-business transactions. Bowne et al. discuss how globalization of Internet business leads to an exponential growth in content and to a multiplication of country sites, divisional sites, brand sites, and community sites.32 All this multiplication leads to a host of issues around quality control and accountability. Over time, firms will bring more of their content operations from open market to in-house to improve control (horizontal and vertical integration). Firms will invest in globally distributed content management and workflow systems that help manage the integration of databases, workflow, editorial tools, and output utilities. Browne et al.’s model suggests that Internet firms evolve from market hybrid to hierarchical structures over time, as they try to manage local content issues. Globalization is also bringing into focus the heterogeneity in business processes and practices, payment methods, customer service, and local demand preferences. In Japan, credit cards are not used, and in Europe and Japan, checks are practically never used in day-to-day life. Such differences imply that globally competing ebusiness firms must cater to local preferences. What is the effect of such cultural heterogeneity on global Internet firms? First, Internet firms must establish local presence to manage local Web sites. That, indeed, has been the strategy of leading Internet firms such as Yahoo! and Amazon.com. Local Web sites allow these companies to customize their Web sites to local preferences. For example, the French Web site of Yahoo! lists movies under culture (whereas movies are under entertainment in the U.S.), and has a much more extensive hierarchy of wines than the U.S. Web site, and does not list Nazi-related items on its auction Web sites. As such cultural heterogeneity (often linked to national identity) is likely to persist for a long time, a Born Global seeking to operate out of its home base is unlikely to be successful in culturally diverse markets. Can a Born Global use market transactions to provide local content? As discussed in the previous section, a Born Global will face the risk of opportunism when it holds specialized assets (a precursor to success in the global arena).

15.5 CONCLUSION Since the time of R.H. Coase, researchers have studied the reasons that firms exist.33 If firms were not so much required, the market could handle most transactions using the neoclassical economic ideal and achieve the efficiency of nearly perfect competition. The Internet has raised the hope that such an ideal can be achieved. Researchers have focused on the perceived lack of borders on the Internet and the near frictionless commerce and predicted that the use of hierarchies will be substantially diminished in transactions. When extended to the global domain, the prediction

SL3054_frame_C15 Page 276 Tuesday, November 20, 2001 9:18 AM

276

The E-Business Handbook

implies that a Born Global is a superior organizational form as compared with a Multi-Domestic e-business firm. A firm that is operating out of its home country and through appropriate market contracts is expected to outperform a firm that has local presence in a number of countries and manages its subsidiaries through some forms of hierarchy as well as hybrid forms. In this chapter, we argue that many factors indicate that the role of hierarchies is unlikely to be diminished any time soon (if ever) in global transactions involving the Internet. While the Internet has been successful in removing some borders, many still remain, and it seems that some old ones will soon be re-erected. The Transaction Cost Economics framework developed by Williamson and others, which focuses on opportunism and asset specificity, still remains a valid framework that guides the distribution of transactions between firms and markets.8 While the Internet and other forms of IT reduce asset specificity in many cases (by increasing standardization and flexibility), they can also lead to an increase in asset specificity (relationshipspecific IT), with little or no effect on opportunism. Further, they can lead to an increase in the value of existing specialized assets (such as R and D and brands) and to more transactions within the firm. Such specialized assets can also provide the necessary advantage to a global firm. As heterogeneity in factor and product markets continues to exist, a global firm must have distributed operations and hierarchy will be still present in these operations in addition to the market forms. In short, Multi-Domestic e-business firms are here are to stay. One reaches a similar conclusion when institutional environments are considered. Institutional environments, the broader set of social conditions within which economic transactions take place, are composed of cultural, policy and technological environments, and affect the choice of organizational form through their effect on uncertainty. A study of the effects of the Internet on the institutional environment shows that its role, too, has not diminished much. The initially open architecture of the Internet is now composed of a few regions of proprietary networks. Such proprietary networks are seen as one way to make money on the Internet. In addition to firms, governments have been attempting to create borders by restricting access to content. New technology, such as geolocation software combined with keyword filters, can make such attempts at least partly successful. Differences in contractual and property rights regimes between countries increase the uncertainty associated with a transaction. The Internet creates its own share of differences. Many countries have been trying to formulate their own contractual and property rights regimes, not all of which are in consonance with the others. The fact that a firm can be virtual increases some of the complications associated with contracts and property rights. Finally, persistent differences in culture, some of which are related to national identity, require local presence, which will be managed through hierarchy and hybrid forms. Again, one reaches the conclusion that Multi-Domestic e-business firms are here to stay.

ACKNOWLEDGMENT We thank Emerson Tiller at the Center for Business, Technology, and Law at the University of Texas at Austin for providing ideas and feedback for this chapter.

SL3054_frame_C15 Page 277 Tuesday, November 20, 2001 9:18 AM

E-Business Goes Global

277

REFERENCES 1. Argyres, N.S. and Liebeskind, J.P., Contractual commitments, bargaining power, and governance inseparability: incorporating history into transaction cost theory, Academy of Mgmt. Rev., 24, 49, 1999. 2. Jarvenpaa, S.L., Tiller, E.H., and Kirsch, L.J., The global network organization of the future, in Information Technology and the Future Enterprise: New Models for Managers, Dickson, G.W. and DeSanctis, G., Eds., Prentice-Hall, New York, in press, 2001. 3. Malone, T.W., Yates, J. and Benjamin, R.I., Electronic markets and electronic hierarchies, Comm. ACM, 30, 484, 1987. 4. Dewan, S., Michael, S.C., and Min, C-K., Firm characteristics and investments in information technology: scale and scope effects, IS Res., 9, 219, 1998. 5. Hitt, L M., Information technology and firm boundaries: evidence from panel data, IS Res., 10, 134, 1999. 6. Malone, T.W. and Laubacher, R.J., The dawn of the e-lance economy, Harvard Bus. Rev., vol, 145, 1998. 7. Hagel, J., III and Singer, M., What business are you really in?, Harvard Bus. Rev., vol, 133, 1999. 8. Williamson, O.E., The Economic Institutions of Capitalism, Free Press, New York, 1985, 41. 9. Zhao, J.H. and Du, J., Electronic commerce and international business: a new test of internationalization theory, presented at eCommerce and Global Business Forum, Santa Cruz, CA, May 17-19, 2000. 10. Dunning, J. and Wymbs, C., The challenge of electronic markets for international business theory, presented at eCommerce and Global Business Forum, Santa Cruz, CA, May 17-19, 2000. 11. Quelch, J.A. and Klein, L.R., The Internet and international marketing, Sloan Mgmt. Rev., 37, 60, 1996. 12. Knight, G.A. and Cavusgil, S.T., The born global firm: a challenge to traditional internationalization theory, Advances in Int. Mktg., 8, 11, 1996. 13. Brynjolfsson, E. and Smith, M. D., Frictionless commerce? A comparison of Internet and conventional retailers, Mgmt. Sci., 46, 563, 2000. 14. Williamson, O.E., Comparative economic organization: analysis of discrete structural alternatives, Admin. Sci. Quart., 36, 269, 1991. 15. Nickerson, J.A. and Lazzarini, S.G., Modular governance: explaining the effect of information technology on the boundaries of the firm, Working Paper, 2000. 16. Clemons, E.K. and Row, M.C., Information technology and industrial cooperation: the changing economics of coordination and ownership, J. Mgmt. IS, 9, 9, 1992. 17. Kraut, R., et al., Coordination and virtualization: the role of electronic networks and personal relationships, Org. Sci. 10, 722, 1999. 18. Buckley, P.J. and Casson, M.C., The Economic Theory of the Multinational Enterprise, Macmillan, London, 1986. 19. Hitt, M.A., Hoskisson, R.E. and Kim, H., International diversification: effects on innovation and firm performance in product-diversified firms, Academy of Mgmt. J. 40, 767, 1997. 20. Buckley, P.J. and Casson, M.C., Analyzing foreign market entry strategies: extending the internationalization approach, J. Int. Bus. Studies, 29, 539, 1998. 21. Hennart, J-F., A Theory of Multinational Enterprise, University of Michigan Press, Ann Arbor, 1982.

SL3054_frame_C15 Page 278 Tuesday, November 20, 2001 9:18 AM

278

The E-Business Handbook

22. Teece, D.J., Multinational enterprise, internal governance, and industrial organization, Am. Econ. Rev., 75, 233, 1985. 23. Silverman, B.S., Technological resources and the direction of corporate diversification: toward an integration of the resource-based view and transaction cost economics, Mgmt. Sci., 45, 1109, 1999. 24. Evans, P. and Wurster, T. S., Getting real about virtual commerce, Harvard Bus. Rev., vol, 85, 1999. 25. Bartholomew, S., National systems of biotechnology innovation: complex interdependence in the global system, J. Int. Bus. Studies, vol, 241, 1997. 26. Henisz, W. and Williamson, O. E., Comparative economic organization – within and between countries, Business and Politics, 1, 261, 1999. 27. Rindfleisch, A. and Heide, J. B., Transaction cost analysis: past, present, and future applications, J. Mktg. vol, 30, 1997. 28. Lessig, L., Code and Other Laws of Cyberspace, Basic Books, New York, 1999. 29. Davis, G. and North, D., Institutional Change and American Economic Growth, Cambridge University Press, Cambridge, MA,1971. 30. Oxley, J.E., Institutional environment and the mechanisms of governance: the impact of intellectual property protection on the structure of inter-firm alliances, J. Econ. Behavior and Org. 38, 283, 1999. 31. Gulati, R. and Singh, H., The architecture of cooperation: managing coordination costs and appropriation concerns in strategic alliances, Admin. Sci. Quart., 43, 781, 1998. 32. Bowne et al., Bowne Global Solutions, Global eCommerce: The Market, Challenges, and Opportunities, Proc. Conf. Electronic Comm. and Global Bus. May 17-19, Santa Cruz, CA. 33. Coase, R.H., The nature of the firm, in Readings in Price Theory, Stigler, G.J. and Boulding, K.E., Eds., Irwin, Homewood, 1952, 331.

SL3054_frame_C16 Page 279 Tuesday, November 20, 2001 9:19 AM

16

Paradigm for Financial Modernization in E-Commerce Martin Nemzow

CONTENTS 16.1 Introduction .................................................................................................279 16.2 The Historical Basis....................................................................................281 16.3 Multicurrency and Risk Complexities in Localization, Globalization, Internationalization, and Multinationalization ...........................................282 16.4 Currency Flow and Multiple Currency Definitions ...................................283 16.5 Time Value of Money .................................................................................286 16.6 Risk Management .......................................................................................287 16.7 Asset Revaluation .......................................................................................288 16.8 Political, Legal, and Business Implications ...............................................289 16.9 The Problems of Multicurrency Multinationalization................................290 16.10 Functional Computerized Solutions for Modernized E-Commerce ..........291 16.11 The Monetary Paradigm for M18N Multicurrency ...................................293 16.12 Enhancement to Double-Entry Methods ....................................................294 16.13 Conclusion ..................................................................................................294

16.1 INTRODUCTION Corporate historians and financial executives are revisionists by nature; they spin their foreign-currency and risk blunders into grandiose accomplishments. However, the truth is available online through the Security and Exchange Commission (SEC) EDGAR (www.edgar.gov) archives. The 10-K, 10-Q, and annual report footnotes subordinate currency, risk, and investment information to better news. The finance group of every company knows what must be reported by law but also understands how to escape placing such blunders in the main body of these reports. The SEC has rarely enforced violations of the Financial Accounting Services Board (FASB) reporting requirements for global trade mistakes. The SEC has rarely cracked down on reporting abuses. This is changing because of the currency and risk management problems occurring over the last 15 years are finally coming to light, sparking many shareholder lawsuits, and compelling a diverse range of groups from the U.S. 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

279

SL3054_frame_C16 Page 280 Tuesday, November 20, 2001 9:19 AM

280

The E-Business Handbook

Congress, FASB, and accounting trade groups to reassess reporting mandates and their corresponding punishments. Here are five examples of egregious time value of money and foreign-currency mistakes. Caterpillar, Lufthansa and Laker Airlines, Apollo Computer (now part of Hewlett-Packard), and DEC (as in Digital Equipment Corp., which is now part of Compaq) suffered devastating financial effects from sloppy, ignorant, or even careless financial planning and foreign currency operations. In contrast, other firms, such as Union Carbide and SmithKline, have established professional groups for corporation strategies achieving excellent results. Competence, luck, but mostly management professionalism divide winners from losers. Sir Freddy Laker misjudged the fall of the pound against the dollar in 1986 from $3.12 to $1.56. He bankrupted his airline trying to fly British travelers to relatively expensive America on vacation. In contrast, Sir Richard Branson didn’t; he flew Americans on cut-rate junkets to Britain and Europe by inverting Laker’s strategy. This was just a simple switch of strategy to recognize major currency fluctuations, obvious if the financial system includes time values and currency fluctuations. In retrospect, the recognition and use of a currency strategy made one company, while the lack of such as strategy destroyed another. However, as accounting systems and even the-all-present spreadsheet do not support complex monetary calculations or even representations of many currencies and the time value of money, the typical financial workflow fails to account for the time value of money or complexities in foreign exchange. While it is possible to add ledger accounts in accounting programs or line items in spreadsheets, such as planning and forecasting of business monetary flows; discount on the time value of money; appreciation on the time value of money; losses on currency fluctuations; and anticipated profits on currency fluctuations, the complexity to estimate, gather data, and make adjustments is not practical, and, as a focus of this chapter, no longer necessary with this new paradigm. Caterpillar, maker of construction equipment, turned an operational loss in early 1986 of $256 million dollars (on top of $1125 million losses during 1982 through 1985), mostly due to price competition from Hitachi and Komatsu, into a $455 million stockholder profit with a sudden strength in the U.S. dollar’s value relative to the yen, the mark, and, of course, the pound. Caterpillar’s salvage was pure luck, anathema to concepts of professional risk management in banking and insurance. Since that time, Caterpillar has built a corporate currency group to parlay luck into profits. Lufthansa had no luck in 1986 when its since-terminated CFO bet that the dollar would strengthen, signing forward contracts with Boeing Aircraft. Of course, we know it didn’t, he is out, and Lufthansa almost folded with $160 million in spot market losses. Apollo Computer established a professional group (of one by hiring a currency trader from a bank) but suffered enormous losses due to a lack of executive oversight and integration with operations. The trader kept doubling down his losing bets until he could no longer hide the secret losses. Because such investments are not a zerosum game, trading partners rarely blow the whistle. This Apollo incident represents not only a case where management abrogated trust and control, it is also a glaring example of computerized systems woefully inadequate to reflect the complexities of the changed global and time-oriented environment. The venerable Barings Bank

SL3054_frame_C16 Page 281 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

281

in Hong Kong was bankrupted by a rogue trader who gambled the independence of his employer and undermined trust in many Asian banks and institutions. This is another example where system design and development have failed to keep pace with financial monitoring requirements. While some secrets that come to light are in the hundreds of millions of dollars, most companies just do not realize that every foreign sale resulting in 2-, 3-, 4,- 6-, or 9-percentage-point erosions are bleeding their profit line just as surely as an out-of-control gambler. DEC folded in part because of its zero-hedging strategy with dollar-only contracts with customers, pressure in 1988 to show speculation as a senior line manager control, and problems in a market niche where 80% of sales were foreign. Clearly, currency was not the only reason for DEC’s demise, but HP, Sun, and IBM didn’t have the same internal foreign exchange hemorrhages. Winners, such as Union Carbide and SmithKline, are financially healthy in lowtech markets with strength to buy into developing technology, biotechnology, and genome firms, due in no small part to financial process strengths. At best, these two companies and others like them view foreign currency and risk management as a profit center, earning from 1% to 7% returns per year. They lower risks and quarterly swings in financials that keep the analysts and investors from becoming jittery. At worst, they create predictable, insurable, and manageable costs built into sales margins that compete head-to-head with the most reckless of competitors.

16.2 THE HISTORICAL BASIS The current problems represent at least 50 years of computer system and design failure. More to the point, the current limitations in financial representations have been 500 years accruing. Luca Pacioli joined a Franciscan monastery in Sansepulcro and became an apprentice to a local businessman. As a result of that experience and the opportunitity of learning how to write, in 1494 he published Summa de Arithmetica, Geometria, Proportioni et Proportionalita. The relevant section was “Particularis de Computis et Scripturis,” a treatise on accounting principles. De Scripturis was later described by some as “a catalyst that launched the past into the future.” Pacioli was the first person to describe double-entry accounting, also known as the Venetian method. This new system was state-of-the-art, and revolutionized economy and business. Venice flourished in business, banking, and shipping, the global ecommerce of its day. This publication made Pacioli a celebrity and ensured him a place in history as “the Father of Accounting.” His book was the most widely read mathematical work in all of Italy, and became one of the first books published on the Gutenberg press. The issue is not that Pacioli was wrong. In fact, he was correct … as far as he goes. It is just that he doesn’t go further to reflect the necessary methods for describing and accounting for factors in the fluctuation of monetary bases. These factors are: • A plethora of foreign currencies • The need to represent the changing valuation of money and assets over time • The means to reflect risk in planning, transactions, and auditing the changeable valuation of fixed assets based on locale, market opportunities, or as a result from the first three factors

SL3054_frame_C16 Page 282 Tuesday, November 20, 2001 9:19 AM

282

The E-Business Handbook

In fact, manual methods precluded the possibility for addressing these four additional factors. Automated computer operations make it feasible, while global trade and Internet-driven e-commerce drive these new needs. Certainly, the world money markets create a moving target for multicurrency support, but dynamic and effective currency support represents a dilemma unhandled by current operating systems, development tools, database structures, computer applications, or technical training. Designers, developers, and marketers have forgone this most important language of business — money flow. New reasons to reassess multicurrency support are driven by the Internet, electronically enabled commerce, EDI and XML data exchange, the pan-European euro currency, dollarization of sovereign currencies, and growth in cross-border bank, brokerage, insurance, and financial trade. Risk management, asset value fluctuation, and the time value of money are important features for the evolution of ecommerce. Success with global commerce is more dependent on work-flow issues, including localization, globalization, internationalization, and, primarily, multinationalization, which have become serious competitive strategies for thriving within a global market.

16.3 MULTICURRENCY AND RISK COMPLEXITIES IN LOCALIZATION, GLOBALIZATION, INTERNATIONALIZATION, AND MULTINATIONALIZATION This chapter details globalization complexities of currency support beyond the “one currency, not ours” attitude, risk management, asset value fluctuations, and currency transitions. The chapter also presents a technical solution to view each of the many currencies as separate “stock-keeping units” (SKUs), necessitating a new objectoriented paradigm for input, storage, calculation, and display solutions with complex and fluctuating interrelationships. Because this chapter represents an early mover effort, background references detail the rationale for this new currency and risk management paradigm. Localization, globalization, internationalization (I18N), and multinationalization (M18N) represent significant and expensive challenges adversely affecting software development, technical support, Web site operations, transaction processing, and worldwide trade. Existing globalization literature focuses on language translation, cultural idiosyncrasy, gestures, legal issues, iconic image representation in the graphical user interface, and coloration issues in marketing and advertising. Existing application development technology focuses on automatic extraction of text strings, machine translation, localized spelling (such as “cheque” instead of “check”), language packages for a globalized EXE, date and calendar tools, and bi-directional and double-byte language support. Obviously, this is crucial to e-commerce development, but such efforts represent simplistic BandAid-like approaches to a concept 800 years in use but at least 50 years out of date. Given that history and the intricacy of multicurrency support, the industry

SL3054_frame_C16 Page 283 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

283

has been unwilling to address multicurrency and risk management support in all but simplistic ways. Furthermore, because the range and extent of these issues cut across functional and organization boundaries, a unifying or simplifying solution was not perceived and has not been implemented. It is preposterous that there might be any connection among flexible representations of assets, risk management, foreign currency, monetary valuations, and the time value of money — until the paradigm is obvious. The paradigm addresses forecasting, pricing, derivative financial instruments, quoting, hedging, insurance, depreciation, devaluation, mixed currency bases, risk management, finance, bookkeeping, and financial forensics in a simple method using a new data structure.

16.4 CURRENCY FLOW AND MULTIPLE CURRENCY DEFINITIONS Business forecasting, risk management, fluctuations in asset valuation, and a coherent representation of the time value of money are approached by kluged methods that do not interface with double-entry methods. The concept of the electronic spreadsheet in 1976 was an outstanding evolutionary jump by Daniel Bricklin and Robert Frankston. However, spreadsheets have existed apart from production accounting processes. Although double-entry accounting supports the concept of monetary flow, it is practically limited in how it handles flows. Business forecasting is the process of guessing the future outflows and incomes from business events. Because they are forecasts and not indicative of real accounting events until they actually happen, these forecasts are not double-entry accounting activities. Business forecasting underlies most professional business activities. In a similar venue, risk management is the process of assessing (or guessing) the financial repercussions of potential events. Like business forecasting, these too are forecasts and not indicative of real accounting events until they actually happen, so are not double-entry accounting activities. Risk management underlies annuities, retirement planning, and insurance. Fluctuations in asset valuation is a natural process that alters the value of tangible and intangible assets. Double-entry accounting partly addresses this through the creation and management of contra-asset accounts such as depletion, depreciation, goodwill, and the like. However, accounting for asset price fluctuations in modern stocks, bonds, and other financial instruments priced by a computerized marketplace is not supported by the manual double-entry accounting model. This is the state of the art today. For the record, it is important to correctly define terms when discussing the issues of computerized multicurrency support. “Multicurrency” means too many things in sales literature, the banking industry, finance, and I18N to really be useful other than as an umbrella term. Multicurrency has meanings blurred by sales literature that might mean any one foreign currency, many foreign currencies, or any and all currencies. For example, QuickBooks, like many other software applications, including those of any organization’s own design, can be localized to support any

SL3054_frame_C16 Page 284 Tuesday, November 20, 2001 9:19 AM

284

The E-Business Handbook

single currency just by adjusting your own personal expectation that the monetary basis is AED (Dirham), MEX (Peso), SDD (Dinar), or ZWD (dollar). System locale or the local country ID (LCID) settings will correctly handle check printing and reports. Hence, a product, built for a U.S. market in dollars, works and has been actually tested for use elsewhere, given that the operating system configuration is reset to specific local keyboard, computer font sets, language, date, and currency settings. This, too, is the state of the art today. Four other terms play widely and inaccurately in sales puffery, but the terms of localization, globalization, internationalization, and multinationalization mean specific technical things, defined here. Localization means the support of a local currency in a software application where the local currency is different from that within the country of initial development. Globalization means the support for two or more (sometimes only two specific currencies such as the mark and the euro) currencies for concurrent usage; “globalization” is not a localization effort repeated two or more times, but clearly an effort to recognize many currencies within the same transaction. It is trivial to localize currency support in most software applications. The meaning of the base currency value is defined either by system, default, or user regional settings (locale, LCID, or in Microsoft code pages) with the result that currency meanings are well understood by end users. Windows code pages, a mixed bag of ASCII and Unicode support at the current time, and Unix configuration with Unicode setups establish a single localization in terms of language, keyboard, currency symbols, currency separators, data formats, calendar selection, ASCII or Unicode code page hierarchies, font directionality, alphabetic sort orders, and color schemes. That means that keyboard, processing, and display support are established for a font set, currency, currency symbol, and currency separators. Delimiters define that 1,000.00 becomes 1.000,00 or 1’000”00 with the appropriate major and minor currency symbols. As an example, this is “$” and “¢” in the U.S. as prefix and suffix for reference with “C” and “¢” for the euro in Europe; there are at least 204 other sets of prefixes, suffixes, symbols, and delimiters in usage today. But you have to pick just one because this is the current state of the art. As a pure programming problem, extending localization is trivial by hard-coding or creating alternatives with tables for field delimiters and currency symbol display. Limited globalization is also possible by creating parallel databases or tables with extra columns, extending input and report fields, and referencing currency exchange rate lookup tables. Internationalization is a fancy sales word for the effort to support the effort to port an application so that it supports a second currency but with the addition of local language support; this can include nothing more than a localization effort and text replacement. Readers are also intrinsically familiar with the efforts to make that application friendly to local customs, laws, coloration issues, and such. Multinationalization is often used to misrepresent the internationalization effort to two or more currencies — of course, because “multi” means many with an internationalization effort. However, multinationalization really means that the software is agile and flexible enough to support wide-ranging compliance with the currencies of many countries at the same time. This simultaneous compliance is the

SL3054_frame_C16 Page 285 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

285

crucial differentiation. Internationalization does not vanish with multinationalization. The mistake of misunderstanding $300,000,000 in yen or pesos (because vendors in both countries routinely use the “$” with local currency because the font is part of the character set on their sign-making machines and computer printers) rather than 45 dirham could kill a deal, or a career; localization and I18N remain a crucial aspect of globalization and M18N; it is a trivial subset, but nonetheless important inclusion, to the larger and more complex issue. Simultaneity is the prime underlying requirement for Web site hosting and true multinational business. In effect, this means that yen, and dollars, francs and drachmas, rupees, euro and tanga ptanga exist as separate and separable, combined, and yet identifiable singular entry, storage, calculation, and report items. The difference in localization, hence internationalization, is that you get to choose one of these locales, whereas, with globalization, hence multinationalization, you choose and use all at the same time. Although currency localization is trivial, the purpose of this chapter is to explain the gravity and complexity of M18N currency support. To date, M18N has not been addressed because the underlying solution paradigms were simply unknown, with supporting technology unavailable. The situation has changed, because the business requirement for currency has changed. It takes special effort to support two (or more) currencies at the same time, to do so consistently, and provide more than a once-daily update of the exchange rate table. Consider the design complexity to save currency information for each and every entry with the currency basis and exchange rate(s) in force at the time of the entry, and process that number in various ledgers, forms, and printed reports. It is a completely different and important issue to support any currency concurrently and simultaneously with any other and all other currencies at the same time. This requires a specialized input method editor (IME), special storage formats, and support for random, changing, and even simultaneous presentation of currency values in multiple bases. The Web site, driven from a database, thus personalized and multinationalized, is the perfect venue to exercise this extended requirement. For example, at one moment, the Amazon site might price a book in US$ with shipping by FedEx, the next moment for an Italian user, price that same book in lira for that same consultant at an Athens-based client with recognition of locale by adding shipping costs and import taxes in drachmas with lira shown within parentheses. Larger multinational transactions could well include at the same time sterling insurance from Lloyd’s of London, Chunnel port-of-entry inspection fees in euro, installation costs based in Turkish lira, and container costs in Panamanian balboa, with bank transaction fees assessed in Swiss francs. The appropriate documenting invoice for the seller, middle entities, and the final buyer should present base currency costs, exchange rates in force at the time of the transaction(s), and localized currency costs. Of course, all the many and different currencies should be formatted according to local conventions — it could be Italian or it could be Greek. Table 16.1 lists the typical transaction variances for multinational currency. One of the many misconceptions about cross-national or multicurrency transactions is that they are one-time, simple, or transactions completed with a Web-based interaction, telephone call, or personal visit. Most global transactions are not about

SL3054_frame_C16 Page 286 Tuesday, November 20, 2001 9:19 AM

286

The E-Business Handbook

TABLE 16.1 Variables in Currency Conversion Costs Transactional Variances Time of quotation Time of purchase Time of payment fulfillment Terms Size of transaction With hedged, shorted, long, or options: Fees Risks Costs With a mixed currency component: Wire fee Data entry trans-coding fee Money transaction fee Brokerage conversion With a transaction: Insurance Shipping Taxes Customs Duties Inspection Tariffs

buying a trade book from Amazon and pricing packaging and shipping. More than 90% of transactions will necessitate renegotiations, redefinition of the order, ongoing changes to the order, changes in the terms of the order, complications in language — even legal language — shipping hassles, shipping insurance, border and tariff problems, and returns. Do not overlook that many transactions, in fact, about 27%, become subject to returns with partial replacement or outright refunds. Note that every application will not need the transcoding abilities, but this, as other extensible features, is built into this robust paradigm.

16.5 TIME VALUE OF MONEY Time value of money is driven by the fluctuation in valuation and the alternatives available to investment capital. While foreign currency is often seen as only a basis change, the process of fulfilling an actual exchange of assets also opens the same fluctuation in valuation and the alternatives available to investment capital. This new paradigm does not break double-entry accounting, but extends it, with new tools and methods corresponding to the strengths of database-driven methods in computerized accounting. Note that computerized accounting is not typically implemented through double-entry methods as computerized data entry invalidates any need for

SL3054_frame_C16 Page 287 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

287

TABLE 16.2 Variables in Time Value of Money Time Value Variances Time of quotation Time of purchase Time of payment fulfillment Terms Payment stream Volatility Convenants Transactional restrictions Size of transaction With a mixed component: Wire fee Data entry trans-coding fee Transaction fee Brokerage conversion With a transaction: Insurance Shipping Taxes

catching transposition and posting errors, common in 12th-century Venice and penciled ledgers. The application of this new paradigm simplifies the accounting life cycle and increases overall accuracy, while also creating new business methods and new derivative financial products for the Internet-driven age of E-commerce and computerized accounting. There is a time value too. The value of money changes between the time a quote is offered, the offer is accepted, and payment fulfillment is actually made. Time value of money represents both a significant risk component and actuarial basis. Risk, reward, and a marketplace of alternatives drive a tiered hierarchy of time valuation. Table 16.2 lists the typical transaction variances for the time value of money.

16.6 RISK MANAGEMENT Risk management is usually built on a statistical basis of the probability of events’ occurring and the financial effect of the event. Risk management is often synonymous with insurance. In standard double-entry accounting, risk management is represented by line-item entries for insurance premiums, ceded or resold insurance premiums (for the distribution of risk), and adjusting entries for actual uninsured losses not covered by insurance, reimbursements for losses, and return of premiums or surpluses. The limitation in double-entry accounting is that it supports only actual transaction events, not forecasts. Table 16.3 lists the typical transaction variances for risk management:

SL3054_frame_C16 Page 288 Tuesday, November 20, 2001 9:19 AM

288

The E-Business Handbook

TABLE 16.3 Variables in Currency Conversion Costs Risk Management Variances Probability of event Insurance costs Surplus returned Commissions and fees Size of transaction Assessment fees Evaluation fees Loss overages Uninsured losses Differences between basis and costs Taxes

16.7 ASSET REVALUATION Stocks, bonds, most financial instruments, the values of businesses and goodwill, balance sheet asset valuations, and other tangible and intangible assets fluctuate almost constantly. Modern financial markets, some of which are functional 24 hours per day, 7 days per week, 52 weeks per year, create fictional (paper) profits and losses. Paper profits and losses are typically tracked in tabular forms such as spreadsheets or specialized software applications for tracking investments. Until paper fluctuations are locked in by an actual transaction, they are included in a doubleentry accounting system. However, to prepare balance sheets, statements of income, and other reports for shareholders and tax agencies, financial officers will create a fictional time slice with valuations at a certain time. SEC and FASB rules require this. However, it is a complex extension of the Pacioli model anticipating constant monetary flow valuations in only a static way by applying adjustments to contraassets to maintain a trial balance of all accounts. It is a partial fix, but not the full paradigm introduced in this chapter. Table 16.4 lists the typical transaction variances in asset revaluation:

TABLE16.4 Variables in Currency Conversion Costs Asset Revaluation Variances Acquisition cost Valuation at a fixed time Estimated positive variance in valuation Estimated negative variance in valuation Estimated transaction costs

SL3054_frame_C16 Page 289 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

289

16.8 POLITICAL, LEGAL, AND BUSINESS IMPLICATIONS Multicurrency is first a business issue, but second a very political and emotional one. Of course, this creates a complex development and support issue. Multicurrency in computing is, at most, 26 years old — since 1974 when the U.S. abandoned the Gold Standard and many other countries henceforward allowed exchange rates to float freely. The efforts to implement multicurrency have been focused on banking and brokerage sectors as supporting activities rather than as frontline market invention, derivative product creation, or new feature development. The Internet, global software markets, and international sales are expanding that focus because this niche is large and growing more important than banking and brokerage. The creation of uniform Latin American, Asian, Pan-Euro, and U.S. dollar markets are also intensifying this market niche. Multicurrency as a legal support issue becomes a computer software and application support issue. Currently, it is handled manually as an off-systems issue because of complexity. Most multinational operations include off-balance attribution of currency costs to stabilize consistency into quarterly and annual reports. It is also a management method of rejecting responsibility for currency operations and oversight of these cash flows. The Financial Accounting Services Board (www.fasb.org) FASB statements 1, 8, 20, 33, 52, 70, 80, 104, 105, 107, 129, and 133 (from a total of 135 FASB rulings) do not require that currency accounting methods be incorporated into accounting systems and operational reports at this time (YET!), only that information regarding negative effects and extraordinary gains through multicurrency transactions be cited somewhere as part of reports. As a result, currency is often represented as a footnote with a special nonoperational line item. Currency is within management control, although traditionally ignored by both management and stockholders. Specifically, management realistically can respond to and create money from currency through: • • • • • • • • • • •

Disclosures of foreign currency translations Accounting for foreign currency transactions Accounting for forward contracts Accounting for futures contracts Accounting for hedging activities Accounting for fair value Accounting for complex derivatives Standard accounting for off-balance-sheet risks and instruments Adjustments and planning for inflationary (or deflationary) markets Accounting for constant purchasing power Reporting changing prices and bases

As more and more companies go multinational with true M18N operations, financial errors are merely noted as small type in annual reports, 10K 10Q, and supplement footnotes, you can be certain that the SEC, stock markets, institutional and individual investors, suppliers, and customers will no longer accept these errors

SL3054_frame_C16 Page 290 Tuesday, November 20, 2001 9:19 AM

290

The E-Business Handbook

as accidents, but as core business failures. In time, FASB and these other influences will demand operation support for multicurrency — if only because automated solutions are now readily available.

16.9 THE PROBLEMS OF MULTICURRENCY MULTINATIONALIZATION The core complexity of currency M18N is this; multinationalization implies by definition the use of two or more concurrent currencies for input, storage, calculation, and formatted display. While LCID, locale, and system configurations resolve localization issues with any one single currency, no inherent system supports the simultaneous access and process for multiple currencies. This creates a software development problem too, because the core platforms and development tools are based on an either/or view of language, keyboard, storage, font selection, display, and processing of currency. In other words, the core environment supports either this currency or that currency, but not both and certainly not both mixed together. Although some accounting systems handle a few currencies (examples include Oracle Financials, SAP R/5, Great Plains Solomon IV, Accpac International Simply Accounting, Sage Acuity Financials, and Account Mate Visual), most vertical or horizontal software applications are limited by the underlying operating system, by the locale, and by LCID limitations. The multicurrency implementation problem is that the application must support input (through an IME), data storage, calculation, and display for multiple currencies as separate stock-keeping units. In addition, the relationship among currencies fluctuates and is more complex than a single currency exchange rate extracted from a table updated once per day. Simple currency exchange calculators do harm to business because the perception is that the calculator solves the problem, whereas it merely obscures it with partial answers that look correct and complete. The graphs later in this chapter detail these oversights (really, true financial losses) from complex multicurrency transactions. Y2K, stock market decimalization, and linguistic translations of 05/06/07 to May 06, 1907, 1/4 to 0.25, or Yes to Si complete the task once and for all future requirements. In contrast, the currency translation value of $1.00 today might be 0.857897 euro on Saturday, December 21, 2000 at 05:35.56, but 0.857367 by Saturday, December 21, 2000 at 05:37.03. In fact, $1.00 could be something completely different on 01/01/1999 and hold several conflicting values on 12/31/2002 as insured, hedged, or long contracts. Furthermore, $1.00 also means something different in euro based on buy or sell orders, and whether the conversion rate for $1.00 is representative of a quantity in $10,000 or $1,000,000 units. These business requirements create multi-tier transactions requiring a reassessment of the currency variable itself in software during many steps in the transaction process, currency storage in general, and currency transaction processing methods in particular. Within a true business perspective, customer satisfaction is increasingly pricesensitive to a glut of products available in global competitive markets. Customers expect you to be knowledgeable of their customs, business practices, and the ways

SL3054_frame_C16 Page 291 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

291

in which they do business. These are tied to posted and printed exchange rates, software-driven variable Web site pricing and return policy terms, which are all, in turn, driven by merchant foreign exchange rate practices, the merchant’s transactional software, and support for true M18N multicurrency. The multicurrency risk is monetary too. Many import-export operations support gross margins that run about 7%, low enough that currency costs eat all of that margin and then some. It takes about a year before someone really notices those intermediate and often unrecorded costs. It is also important to recognize that transactional currency costs are not fixed and can vary substantially, creating a window for risk that can consume the total transaction value, not just the profit margin, in its entirety. Typically, multicurrency expenses run 6% of cross-border transactions, but it is important to note that small operations bear a greater burden, while larger operations have greater risk exposures. A daily exchange rate table, which some (software) vendors host on their Web sites for daily download, provides a useful sales strategy to promote their own software, but does little to address the discrepancies between exchange rates in different markets, buy-side and sell-side spreads, brokerage fees, settlement fees, transaction costs, or hedged time frames, and especially the normal fluctuations in exchange rates.

16.10 FUNCTIONAL COMPUTERIZED SOLUTIONS FOR MODERNIZED E-COMMERCE The M18N multicurrency solution is threefold. First, you need access to data in the form of a data stream, a ticker tape of instrument interest rates and currency exchange rates. The traditional ticker consisting of equity prices is incorrect data. Equity prices are driven by supply and demand, but are only secondary to the international currency markets. In fact, both local and international events will drive interest rate and currency prices; these changes in turn drive equity prices. Equity prices can and do affect interest and currency prices, but the mechanism is secondary. It is insufficient to merely gather and watch this data stream; it must be integrated into your business workflows as a portal process for your workflows and accounting functions. The second part of the solution is, of course, a conversion portal engine to evaluate relative currency values in real time. That represents a dynamic rather than static process. A balance sheet shows a slice of time. Time has become dynamic. Cash reserves, inventory, payables, accounts receivable from foreign creditors, real estate, investment in other business (foreign currency-denominated), and even retained earnings and the stockholder equities are changing all the time in relation to relative time value of monies and other foreign currencies. Obviously, global retail e-commerce, with credit cards and money wired, is subject to these dynamic markets as well. The third part of the solution requires a change in the planning and financial accounting paradigm. This is part of the same and continuing process and software retrofitting. Each currency must be seen as a distinct stock-keeping unit rather than a derivative form of the same thing or even an asset that can be transformed into another asset form. This segregation means that currencies must be stored as separate entities, a column or database for each working currency, rather than one unified

SL3054_frame_C16 Page 292 Tuesday, November 20, 2001 9:19 AM

292

The E-Business Handbook

structure for all. The traditional currency field does not include sufficient information alone. This also means that a currency value is statically defined in time, and cannot change to reflect positive interest rates or negative depletion or depreciation. The paradigm defined here separates money as an asset that is very different from all other assets, specifically a liquid versus a nonliquid asset. Specialized transfer postings and interest and depletion entries that post to charts of accounts address these static double-entry accounting shortfalls in the chart of accounts. However, static postings do not account for the pace of global business today, the time value of money or the transformation of local currencies into one and another. Currency values and formats cannot be reduced to any lowest common denominator, the reason for the inherent failure of the currency field paradigm. For example, dollars are not euro. You cannot store them in the same place at the same time because, while both are currencies, they are not of the same basis or stock-keeping unit. Unlike most inventory items however, such as Coca Cola and canned tomato juice, which are distinctly different liquid assets, dollars and euro are convertible liquid assets. While dollars are not interchangeable with euro, they are exchangeable with euro on the basis of terms changing at all times. Every currency represents a unique basis, or a unique SKU. In addition, the relationship between any two paired currencies fluctuates, on average, 5% per day, with as many as 18,000 discrete reevaluations per day. Within complex accounting operations, such as banking, brokerage, cash management, or speculation, the time value of money plays an important role, one often ignored except through the normal business practice of delaying bill payment beyond 30, 60, or 90 days if possible. Traditionally, in programming, software development and databases, money is a distinct long numeric field, a leading currency symbol, and punctuation separators established by language and culture through the LCID or locale configurations. Rather, in contrast to that, the SKU “normalization” of the money structure transforms it into any other world currency, scales its value over time, or adds many currency bases to generate a single total in any chosen basis. One dynamic and redesigned data storage system thus can handle all world currencies at the same time and display them in any chosen format. While it is, as yet, impossible to reduce all the world’s currency to a universal basis, it is possible and feasible to represent all the world’s currency and the time value component while retaining the uniqueness of each within a novel currency structure. In other words, different currencies cannot be consolidated into a single SKU. That does not work. However, different currencies can be consolidated and aggregated within a consolidated structure that supports the differences while enabling the functional consolidation or manipulation of all world’s currencies as though they were the same SKU. The simple metaphor of dealing with the sensible usage of an assorted collection of national coins in a coin purse defines the problem. Every coin is different, but can be added together. When these coins are thrown into a coin sorter, each one can be identified, assessed, and the results manipulated now and later, as both many tabulations and as a single aggregation to one or any basis. When it is necessary to pay in Mexican pesos, for example, the ability to meet obligations from inventory can be determined and the best methods to substitute or convert alternate currencies can be appraised.

SL3054_frame_C16 Page 293 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

293

16.11 THE MONETARY PARADIGM FOR M18N MULTICURRENCY Within the new monetary paradigm, the currency is a field variable of a special format, or is objectified. The configuration for a computer system defines exactly what that single property is for each system. It is different for the U.S., for Germany, for China, and for Saudi Arabia. Sometimes, the displays might seem upside down or even backward. Because of these cultural differences, and because rates to convert currency from one to another float all the time, we see that the dollar is very different from the pound, and even alien to the new euro. We see these currencies as different inventory items; they even have different SKUs or stock-keeping units. The new monetary paradigm is called SWIFT (Society for Worldwide Interbank Financial Telecommunications) for designating currency by a three-letter designation. This code system is also standardized by ISO 4127 and a three-number code format. The point is, the world’s currencies are segregated as different inventory items. Table 16.5 shows how to restructure currency into a series of descriptive properties. Technically, these descriptive properties objectify the definition of money and encapsulate external meanings; this restructuring of the currency definition is a profound application for object-oriented programming (OOP) concepts. These four listed properties are the minimum needed for conversion to and from any world currency, handling time value of money, risk issues, and asset value fluctuations, while presenting the results in any internationalized or localized display presentation. Added optional properties expand the support for what-if scenarios and complexities of derivative monetary assets. This paradigm is different from the existing foreign currency exchange markets and worldwide bond markets because it creates an implicit and explicit translatable linkage. The paradigm infers the necessity for an automated translation engine and the underlying data delivery. Rather than viewing currencies as discrete and unamicable entities with equity markets in New York City, Hong Kong, London, and Bremen, you are seeing an interrelated recipe linking all of them with a simple mechanism to convert among them. Although the simple flat concept of an objectified currency field now has at least four discrete properties, and while that seems more complex than the traditional currency variable, it is conceptually simpler. Instead of 206 world currencies and an infinity of monetarily valued assets, we now have one unifying SKU infrastructure with four known, useful properties and the method to

TABLE 16.5 Simplified Property Table for Normalized Monetary Data or Object Descriptions Field 1 2 3 4

Name Value Basis Date Display

Purpose Real “inventory” count of currency, just a raw number Description of foreign currency or other monetary basis Transaction date (and sometimes a millisecondof time) Characteristics for localized/internationalized presentation

SL3054_frame_C16 Page 294 Tuesday, November 20, 2001 9:19 AM

294

The E-Business Handbook

exchange among all of them. The paradigm makes it practical, simple, and unrestrained to implement a currency conversion and translation method for any and all “foreign” currencies and any and all bases for monetarized asset accounting, finance, and risk management. In financial and practical terms, the paradigm lowers the costs for multiple currency accounting, centralizes and simplifies the workflows, and automates a complex, error-prone, and time-intensive series of steps into a codified method. Although other solutions — even current manual or automated methods — do exist, the paradigm yields economies of scale, efficiencies, and accuracy not currently available. Because the options are so many, analyze your needs and available choices carefully in terms of immediate fixes and also long-term strategic goals. Localization, globalization, internationalization, and multinationalization are more than language translation, cultural idiosyncrasy, gestures and coloration, automatic extraction of textual components, machine translation, date and calendar tools, and bi-directional and double-byte language support; you, too, need to support the language of business in the form of multi-currency money flow.

16.12 ENHANCEMENT TO DOUBLE-ENTRY METHODS Automated systems support object-oriented currency methods, as do manual methods; it is just not practical for manual ledgers. This object-oriented currency paradigm does not break double-entry accounting in any way. Object-oriented currency methods are a natural progression of the existing Pacioli paradigm. In fact, manual and ledger methods retain all functionality and accuracy with or without objectoriented currency methods. Accounting systems are more accurate with objectoriented currency methods than without them, and they support more extended forecasting, risk management, arbitrage, and foreign currency functions than without them. Automated systems do this easily; it is just not practical for manual ledgers. Computerized methods are not broken either. In simple words, double-entry methods support this object-oriented currency paradigm. However, it is impractical to support manual methods with infinite basis fluctuations. Every single change in a foreign currency or a forecasted risk will necessitate multiple offsetting and balancing account adjustments, perhaps as many as eight entries. While this precludes practical backwards compatibility with manual double-entry systems, it conforms to and extends the functionality of an automated accounting system with full support for concurrent mixed currency, risk management, asset revaluation, and support for the time value of money.

16.13 CONCLUSION The growth and integration of the global business of banking, brokerage, insurance, and e-commerce are limited by the current state of accounting. This adversely affects business, particularly global and electronic business, where business transcends time zones, currencies, and one-time transactions. The current limitations are not so much based on computer processing technology but rather on accounting concepts in need of a fundamental paradigm shift. This object construct for currency representation

SL3054_frame_C16 Page 295 Tuesday, November 20, 2001 9:19 AM

Paradigm for Financial Modernization in E-Commerce

295

normalizes the inflexible line item with a structure supporting global currency bases, a historical, current, and future basis for monetary value; and supports risk management in a single, reductionist, and flexible format necessary for adoption of financial modernization in all aspects of e-commerce.

SL3054_frame_C16 Page 296 Tuesday, November 20, 2001 9:19 AM

SL3054_frame_C17 Page 297 Tuesday, November 20, 2001 9:20 AM

17

Knowledge Management in E-Services: From Mass Customization to Service Individualization Amrit Tiwana and Balasubramaniam Ramesh

CONTENTS 17.1 Introduction ..................................................................................................297 17.2 E-Services.....................................................................................................298 17.3 From Mass Customization to Service Individualization.............................299 17.3.1 Business-to-Business Components of E-Services ...........................300 17.4 Modularization .............................................................................................301 17.5 The Role of Knowledge Management in Modular Service Architectures ...................................................................................304 17.5.1 Traceability-Based Process Knowledge Management Support.......305 17.5.2 Component Subsystem Selection and Architectural Service Individualization...............................................................................307 17.5.3 Design and Integration of Subsystem-Level Service Components ........................................................................308 17.6 Complementarities .......................................................................................308 17.7 Research Implications ..................................................................................309 References..............................................................................................................310

17.1 INTRODUCTION In this chapter, we examine the role of knowledge management in the design, customization, and delivery of electronically delivered services, specifically Internet-delivered e-services. We examine how concepts underlying mass customization can be applied to deliver individualized services over the Internet, while allowing service providers to operate at mass production levels and simultaneously catering to the service needs of individual customers. Next, we propose how such knowledge management can be supported by traceability-based information technology systems. 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

297

SL3054_frame_C17 Page 298 Tuesday, November 20, 2001 9:20 AM

298

The E-Business Handbook

As knowledge becomes the basis for sustainable competitiveness in dynamic, unstable markets with unpredictable requirements, and as transaction costs and lockins are lowered by the Internet, flexible and evolvable service architectures that can opportunistically lock nonoverlapping customers into rapidly rejuvenated streams of services become the hallmark of service firms.27,28 Service industries further rely on a significantly higher proportion of intangible inputs such as knowledge, skills and experience of employees, contracts and alliances with partners, and process or technology integration skills, all of which are characterized by economics of increasing returns — a feature uncommon in manufacturing industries. We introduce the distinguishing characteristics of Internet-delivered services (e-services), relate service delivery processes to mass customization-based concepts of service individualization and modularity of architectural design, and finally establish linkages between service individualization and knowledge management.

17.2 E-SERVICES E-services are Internet-based service applications that communicate with one another to fulfill requests, trigger other services that execute their part of a complex workflow or transaction, and seamlessly bring together distributed, specialized expertise. Examples of e-services include supply chain management, customer relationship management (CRM), order processing, enterprise resource management, and other services that are electronically delivered through the Internet rather than in person. With the advent of e-services, e-businesses increasingly focus on a chosen few strategic processes that are packaged as services to enable complex, real-time transactions39 performed by e-service providers as they locate, negotiate, and handle requests from each other. Some key characteristics of the business environment that create new challenges for service delivery over the Internet, and their corresponding implications for service individualization, are described in Table 17.1. Four characteristics distinguish Internet delivered services from traditional services. Most significant among these is the real-time formulation and individualization of the service. Using the concept of a service architecture, as described in this chapter, such services can be aggregated and delivered by selecting, combining, and integrating service-level subcomponents based on organizational knowledge applied to the context of the specific customer, in real time. Second, such services present a continuous two-way organizational learning mechanism between the provider and customer firm because e-services are never delivered as a single instance of a service but as a continuously delivered stream of services. Third, such services demonstrate the economics of increasing returns because of their high knowledge content. Fourth, they are prime candidates for modularization facilitated reuse wherein the same basic collection of service components can be individualized for different customers without incurring the cost of from-scratch development for each version.

SL3054_frame_C17 Page 299 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

299

TABLE 17.1 Environmental Characteristics and Implications for Service Individualization Environmental Characteristic Time-based competition Proliferating variety in fragmented markets Shortened service lifecycles Market-driven quality Flexibility Just-in-time production High levels of customization

Implications for Service Individualization Services must be customized in real time; service architectures must be continually rejuvenated. Numerous versions of services can be delivered using a limited number of modular service components if a modular service architecture is used. Use of knowledge management facilitates learning from past service offering designs, issues, and problems. Continuous refinement and revitalization of services by aggregating and incorporating customer feedback enabled by KM technology. Modularization of service components and knowledge of interfaces. Modular service components can be integrated on demand and reconfigured in real time. Application of principles of mass customization supported by matching IT.

17.3 FROM MASS CUSTOMIZATION TO SERVICE INDIVIDUALIZATION Customers care about distinctiveness of services, while costs are driven by commonality among the variants of services delivered by a service provider33 In service industries, customers demand precisely what they need and they want it at no additional cost.42 The key idea underlying mass customization is development of the ability to produce custom, personalized services at little added expense and therefore strike a balance between cost and commonality. Leading pioneers of mass customization are providing tremendous variety and individual customization at prices that are comparable to those of standard services.29 Information industries have high knowledge content;18 e-services are therefore prime candidates for knowledge-management-centric customization. Such customization is imperative in e-service firms because recurring costs are spread out over the period of usage and levels of lockin are low, partly because of low up-front investments. Applying the concepts of mass customization from manufacturing to services industries allows knowledgeable workers to enhance the flexibility of services, lower costs, increase responsiveness, and reduce cycle time. Application of mass customization to business to consumer (B2C) electronic commerce has also been suggested in recent Information Systems (IS) research.55 Knowledge management facilitates such mass customization and also enables the service firm to extract a sustainable rent stream from its intangible resources

SL3054_frame_C17 Page 300 Tuesday, November 20, 2001 9:20 AM

300

The E-Business Handbook

B2C E-service

Service Components Consumer

Tracking Services

Delivery Channel

E-service

Consumer

Clickstream Tracking B2B Components

Hardware Platform Software Delivery Platform

Consumer

FIGURE 17.1 Even B2C e-services invariably involve substantial B2B components.

and apply them in unrelated service domains into which it can opportunistically diversify.8,24,48

17.3.1 BUSINESS-TO-BUSINESS COMPONENTS

OF

E-SERVICES

Irrespective of whether the market focus of an e-service is business to business (B2B), B2C, or consumer to consumer (C2C), it inherently involves B2B components. These components of the e-service typically involve software, infrastructure, media exposure and cross-linking, and ancillary services. Figure 17. 1 illustrates this in the example of @backup.com, a B2C data protection e-services (www.backup.com). The e-service delivery platform in this case is the service-side infrastructure, tracking systems for deducing usage patterns, the hardware and software platforms, and the network path between the e-service and its Internet gateway — all of which are provided by other businesses (several in real time). Client-side software developed by @backup.com provides its customer’s systems secure access to its services. Similarly, online customer support is provided through online service components sourced from other developers. Although the delivery channel itself is the Internet, various components of the e-service are invariably B2B in nature. These are then packaged and delivered as a proprietarily combined, value-added e-service to consumers. The same argument can be made for C2C e-services such as instant messaging, file swapping, online trading, and profile matching. The more complex an e-service becomes, the more likely it is that novel recombinations can be customized to service individual customer needs. Managing and applying knowledge of how these components are combined and recombined arguably makes such individualization both rapid and cost-effective.

SL3054_frame_C17 Page 301 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

301

17.4 MODULARIZATION Mass customization necessitates moving from explicated, applied procedural knowledge to architectural knowledge. This requires real time configuration and reconfiguration of people, information, processes, and service resources and, in turn, depends on robust, modular resources. Modularity builds on Simon’s40 notion of decomposability of a complex system into a structured order of successive sets of subsystems.35 Modular architectures create strategic flexibility by enabling a service provider to respond readily to changing market conditions or customer needs based on new combinations of existing modular components.35,49 Modularity boosts the rate of innovation and therefore shrinks the time businesses have to respond to competitors.2,37 Recent research recognizes the central role of architectural decisions in mitigating the tension between product differentiation and design and operational complexity. By viewing product development as a deliberate business process involving hundreds of decisions, Krishnan and Ulrich16 argue for the critical role of architectural knowledge in this process. The service delivery system must therefore be organized as a complex, reconfigurable architecture that is modular in nature. Modularization results in three effects on the service delivery process: 1. It breaks service components into units and subsystems that are interchangeable on demand; modularization also simplifies systemic complexity.33 2. It transforms the nature of the service delivery process by creating a dynamic robust network of modules. 3. It transforms some modules to directly support mass customization while others continue to be at preceding stages that require more craft-like approaches. The service delivery system can be organized in the form of a complex dynamic network made up of subsystems and subcomponents of the service that are reconfigurable in highly flexible combinations. Therefore, services delivered to any given customer can be conceptualized as a combination of service subcomponents or subsystems that are facilitated by the application of architectural knowledge. As exemplified in Figure 17.2, SC1 through SC5 are five service modules or subsystems (which together constitute the service delivery architecture) that can be pooled in different combinations to deliver different, individualized version of the service offering to individual customers C1 through Cn. As various instances of the e-service are delivered, potential opportunities for capitalizing on and building upon feedback from customers are lost due to the lack of proper mechanisms for incorporating these into the service architecture design. Consider, for example, the delivery of Enterprise Resource Planning (ERP) services by an application such as Oracle Financials and Manufacturing by an application service provider. The service subcomponents in Figure 17.1 correspond to the various modules such as accounts payable, accounts receivable, general ledger, inventory, MRP, master scheduling, etc., that have been customized to fit the business

SL3054_frame_C17 Page 302 Tuesday, November 20, 2001 9:20 AM

302

The E-Business Handbook

Service Subcomponents

SC1

Individual Customers Individualized Service

SC2

C1

SC3 C2 SC4

SC5 Cn

Feedback, Learning, and Renewal Loop

FIGURE 17.2 Demand-driven configuration of service subcomponents in a customized service offering.

processes of every customer (c1…cn). The numerous options available for customizing each of these modules along with the possibility of combining them in different ways makes service individualization very critical. Such business-process-driven individualization can be facilitated by management of process knowledge, as discussed in the following section. Exemplars of B2B components of B2C e-services illustrates three B2C e-services using cross-case comparisons. We specifically chose B2C e-services to illustrate their high B2B composition, diversity of business models, and divergent scope of modular individualization that three cases within a single e-service category illustrate. The following sections provide background descriptions of these cases, and Table 17.2 follows with cross-case analysis of their business models, the models that they challenge, substitutes for their services, their direct competitors, and the relevant individualization approaches they have adopted. 1. Beyond.com Beyond.,com (www.beyond.com) was founded in 1994 as Cyber Source, a mail-order software retailer. In 1995, the company began its current line of business by offering 20 software titles that users could try for 30 days and pay for using a credit card if they decided to keep the software. A $50 million contract in 1997 with the U.S. Logistics Agency (to distribute software to its 70,000 desktop systems) gave the company a head start in

Aggregation of music content Record label from both big and 500 branding and independent record labels; sold distribution; by the track or by the album; traditional online experimental flat fee monthly and in-store music plans in an alliance with Hewlett retail Packard; typical album digitally retailed at an average price of $8.99 instead of the $16 on CDs Automated prescheduled High capacity direct backups of personal data files to access store media a remote, encrypted, fireproof and data recovery facility; annual flat-fee cost services structure; unlimited access; CD with personal data shipped overnight in case of data loss

EMusic.com www.emusic.com

@Backup.com www.backup.com

Digital delivery (through the Web) of over 10,000 commercial software packages from hundreds of commercial developers

Beyond.com www.beyond.com

Traditional online and in-store software retail and packaging

Business Model

E-Service Firm

Business Model Challenged Direct Competitors

Iomega ZIP CDR media Apple iDisk Netdrive.com Imacfloppy.com

None

Traditionally Digitalriver.com packaged versions Buy.com of the same software Staples.com AGENCY.COM CNET Networks Razorfish ReleaseNow.com Traditional music Napster.com compact disks MP3.com Gnutella Amazon.com Musicland.com Musicmaker.com

Substitutes

TABLE 17.2 A Cross-Case Analysis of Three Leading B2C E-Service Providers

Usage patterns, capacity utilization by customer segment, customervalued differentiators

Interest-based aggregation, commucustomization, bundling and unbundling for revenue maximization

Digital products relevant to specific individuals and interest groups

Relevant Knowledge

Usage-based eservice segmentation; targeted advertising; automated backup scheduling

Cross-selling, upselling, bundling, and customized promotions based on individual and group profiles.

Interest-based aggregation, buying pattern-based crossselling and upselling; targeted promotions

Individualization Approach

SL3054_frame_C17 Page 303 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services 303

SL3054_frame_C17 Page 304 Tuesday, November 20, 2001 9:20 AM

304

The E-Business Handbook

electronic software distribution services. The company changed its name to software.net and went public in 1998. The company has grown largely through government contracts for digital distribution of software, and it bought out its rival BuyDirect.com in 1999. 2. Emusic.com EMusic.com (www.emusic.com), originally started in 1998 as GoodNoise.com, has largely expanded through its acquisition of rivals like CDUcive.com, and Tunes.com, and by taking operational control of RollingStone.com, and DownBeatJazz.com. The company sells digitized music both from more than 500 independent record labels, and from leading artists. The basic business model of the firm is based on sampling and electronic delivery of digitized music in the popular MP3 format. 3. @Backup.com @Backup.com (www.backup.com) provides high-capacity automated data backup services for individual consumers and small businesses. Client software on the consumer end interfaces with @Backup.com’s remote servers through the Internet to automatically protect data files from users’ computers. The service is delivered through the Web, and is a substitute competitor for high-speed, high-capacity backup media such as CD recordable disks, removable hard disks (e.g., ZIP), and optical disks. Table 17.2 compares these e-services’ business models, competing business models and substitutes, and direct competitors, and illustrates how they pursue customer-focused individualization and customization. Notably, these three eservices serve distinctly non-overlapping markets, combine new and old component-level knowledge into new architectural knowledge,12,13 and use non-imitative business models that seek to directly substitute and replace (not imitate) existing product markets. Web-based data management e-services (e.g., @Backup.com) seek to replace high-capacity storage media and data recovery services; digital software delivery (e.g., Beyond.com) seeks to replace traditional software retail business models; and digitized music delivery (e.g., EMusic.com) seeks to replace traditional music retailers and discounters. Even at the coarsest level of granularity, these e-services were conceived through integration of specialized knowledge of their domain (component knowledge), Internet standards (public knowledge), and knowledge of business models and idiosyncrasies associated with them (architectural knowledge).

17.5 THE ROLE OF KNOWLEDGE MANAGEMENT IN MODULAR SERVICE ARCHITECTURES Productive, innovative firms must be capable of generating a continuous stream of services.20 Successful innovation requires complex, co-evolving networks of firms that can generate and synthesize knowledge of sufficient diversity to create complex technological services and processes.25 In service firms, “the ability to differentiate is not scale-sensitive,” and there is empirical evidence of strong correlation between

SL3054_frame_C17 Page 305 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

305

Service Provider

Service Real-time service formulation and e delivery occurs here Inter fac rfac e t e n I Customer

FIGURE 17.3 E-service individualization is done at the interface among the customer, the service provider, and the service instance delivered.

high margins and differentiation levels.38 This further supports the case for pursuing knowledge-based service individualization. Modular service architectures with clear interfaces embodied between modules can allow a service provider to efficiently derive follow-up successive versions of the service. Knowledge-based service individualization, supported by corresponding IT tools, can create long-term competitive advantage for a service provider. The significance of managing process-centric knowledge has also been highlighted in recent innovation management literature specifically in the context of services46 However, dynamic modular service architectures can be created only once architectural knowledge exists.5 Knowledge management and integration capabilities must therefore complement modular components and service modularity.11,49 Based on this architectural knowledge, a service provider can configure and reconfigure modules within this network to meet market demands. This further necessitates that the delivered service version itself be created at the interface of the customer, service provider, and the service rather than on the provider side (Figure 17.3). Such “assembly” of an e-service from its components and its delivery must be accomplished in real time, which poses additional challenges on the design of the supporting knowledge management system for real-time access to relevant content in an interpretable format. Further, to sustain their effectiveness, such architectures and their underlying process knowledge must be continually renewed.20

17.5.1 TRACEABILITY-BASED PROCESS KNOWLEDGE MANAGEMENT SUPPORT Robertson et al.33 identified three dimensions of modular design that a product or service provider must focus on: (1) processes, (2) knowledge, and (3) relationships among people involved in the delivery of services. New-product development research has already shown that conceptual stages of design are a complex, crossfunctional, and often cross-institutional process in which various types and forms of tacit and explicit knowledge are involved. To provide such support, we draw on preceding research in traceability to arrive at a mechanism for supporting process

SL3054_frame_C17 Page 306 Tuesday, November 20, 2001 9:20 AM

306

The E-Business Handbook

knowledge and relationships among participants and objects30,32 The key strength of process traceability lies in its austerity; all three dimensions of processes, knowledge, and relationships can be conceptually captured in the knowledge management system using six key ideas underlying traceability mechanisms: We have developed a framework for representing traceability among various information objects produced during complex system development activities such as the customization of an ERP solution. This framework provides primitives to represent the agents, inputs and outputs of the system development process as well as the linkages among them. It can be used to represent the following dimensions of traceability information. • What information is represented — including salient attributes or characteristics of the information? For example, links among the inputs and outputs of the customization process such as requirements, assumptions, designs, system components, decisions, rationale, alternatives, critical success factors, etc., must be maintained. These represent the major conceptual elements among which traceability is maintained during the various life cycle stages. Using the conceptual bases of traceability, these input–output combinations can be customized to any specific service domain. • Who are the stakeholders that play different roles in the creation, maintenance and use of various conceptual objects and traceability links across them? • Where it is represented in terms of sources that “document” traceability information? Examples of sources traceability information include requirement specification documents, meeting minutes, design documents, memoranda, telephone calls as well as references to various stakeholders using their phone numbers, e-mail addresses, etc. Stakeholders manage the sources; i.e., they create, maintain, and use them • How is this information represented — both by formal and informal means and by how it relates to other components of traceability? • Why was a certain conceptual object created, modified, or evolved? The rationale behind the creation, modification, and evolution of various conceptual objects needs to be maintained. This information might include issues, alternatives, and arguments supporting and opposing various implementation decisions. • When was this process-related information captured, modified, and evolved? The above framework addresses the different information views (organizational, functional, data, control and output) proposed by Scheer36 for the architecture of integrated information systems (ARIS) approach.

SL3054_frame_C17 Page 307 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

307

The benefits of capturing and reusing knowledge about customization efforts include: • The ability to understand the rationale behind the creation of various solutions, enhancing the ability to modify them rapidly • The ability to learn from the experiences of one or more such customizations and use this knowledge in developing similar solutions • Avoiding mistakes committed during past implementations • Avoiding rework by using process knowledge to configure different solutions based on a current set of requirements and assumptions REMAP32 is an example of a knowledge management system (KMS) that is capable of supporting the capture and reuse of process knowledge components described above. REMAP provides a Web-enabled tool for participants in a service customization team to capture and maintain traceability information representing the various aforementioned facets. This software tool is capable of representing this knowledge both formally and informally using multimedia chunks.31,40 A reasoning maintenance system supports automated reasoning with captured process knowledge such as the ability to synthesize configurations that are based on a specific set of requirements and assumptions. Krishnan and Ulrich16 call for tools for managing product- (and service-) development knowledge and supporting decision making. REMAP is designed to address this need. It provides tools not only to manage knowledge components necessary for mass customization and service individualization, but also facilitate coordination among various stakeholders involved in the process, which is very critical for success in creative activities such as design.15

17.5.2 COMPONENT SUBSYSTEM SELECTION SERVICE INDIVIDUALIZATION

AND

ARCHITECTURAL

Successful firms illustrate “a consistent pattern of learning that captures knowledge generated in new kinds of work to produce new services.”5 Selection of servicespecific architectural components to provide requisite functionality needs multidisciplined, cross-organizational collaboration focused on customer-centric service requirements.19 This selection process is intensively knowledge-based, and, given the highly compressed time frames within which such decisions must be made, process efficacy spells service design success. Design of a service, as with products, extensively depends on the personal knowledge of participants involved in the process.6 Tacit knowledge of these participants is difficult to retain at an organizational level, especially when the organization is characterized by transient ad hoc teams.32 Furthermore, as customization primarily occurs at the time of delivery,19 how exactly this customization must be done can be guided by knowledge of past customization processes (for earlier customers), their differentiating attributes, and commonalities. The desirability of variability in the features of the services is driven by the (manifest and hidden) needs of the various target market segments identified by sales and marketing. These are informed by other critical components of the context in

SL3054_frame_C17 Page 308 Tuesday, November 20, 2001 9:20 AM

308

The E-Business Handbook

which product families are developed including the technological capabilities, people or human resources available within the organization, and the policies and procedures of the organization.56 Consider, for example, the need for introducing the speech recognition technology that has been identified by Marketing. Two market segments, one that requires speech recognition and another that does not, are identified. This requirement is evaluated in the service family management process and the need for variability in the service line is planned. This scenario is typical in the sense that the need for variability in the service family is often identified based on the understanding of the needs of the various market segments.21 It is critical to maintain the traceability to the sources and rationale for such decisions so that the understanding and evolution of service families can be facilitated. Using IT-based knowledge management support mechanisms for e-service delivery provides a centrally controlled repository of service configurations that evolved over time and over the course of delivery of the provider’s services to multiple customers. Moreover, as a variety of organizations collaborate to deliver e-services, Web-based knowledge management mechanisms provide a shared interaction space that facilitates knowledge integration.52

17.5.3 DESIGN AND INTEGRATION SERVICE COMPONENTS

OF

SUBSYSTEM-LEVEL

A platform-focused e-service approach can not only use KM for tracking the differentiating attributes and commonality points46 among derivative e-services, but also can set the bar at which standardized services and processes end and customization begins.19 Technology integration issues that are often a hurdle for firms operating in dynamically unstable technology-enabled domains14 such as Internetbased service delivery can also be more precisely, accurately, and expeditiously resolved through reapplication of knowledge gained from decisions made in preceding service delivery processes and projects. Feedback provided by consumers of individual service offerings provides a path to renewal, as illustrated in Figure 17.4. This allows the service provider to incorporate new ideas for improved services, innovate on the basis of needs expressed by service purchasers, translate failures into customer needs, and, most importantly, build completely new capabilities by changing the modules and service subcomponents themselves. An architecture that would permit increased reuse of components that is necessary for service individualization33 is made possible by such integration of knowledge management practices in service design and delivery processes in service firms.

17.6 COMPLEMENTARITIES While information management systems support sharing of explicit knowledge, they do not support sharing of tacit knowledge that drives design decisions made at an individual level.57 Architectural knowledge is created at the collective level; therefore, knowledge integration processes must be explicitly supported at the level of the firm.44 Therefore, e-service individualization necessitates IT support

SL3054_frame_C17 Page 309 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

Service Subcomponents SC1

309

Individual Customers Individualized Service

SC2

SC3

C1

C2

SC4 SC5 Cn Knowledge Management System What Why Where How When

External Knowledge

FIGURE 17.4 Integration of traceability-based knowledge management facilitates expeditious, accurate, and flexible integration of service subcomponents into an electronically delivered individualized service package

for organization-wide tacit knowledge transfer among various service delivery instantiations that result from a given service delivery architecture. Integrating knowledge-management practices grounded in traceability mechanisms represents a cross-disciplinary approach to service individualization. Such technology and service architecture enhancements, however, necessitate supporting organizational culture change and reward mechanisms that encourage both supply- and buyerside organizational participants to share knowledge and experiential learning. These aspects represent complementarities22 that we believe merit further empirical and theoretical examination in ongoing research, especially in service industries that are being challenged, redefined, and transformed by the Internet.

17.7 RESEARCH IMPLICATIONS Knowledge management in e-services must be further addressed from two broad perspectives: (1) design, maintenance, and delivery and (2) pricing and strategy. This area offers unprecedented opportunities for both technical and IS strategy-oriented research. Knowledge management and integration can be viewed from a capability perspective,3,47 wherein functions and processes of delivering e-services can be viewed through a resource-based theoretical lens. Components of e-services can be viewed as bundles of assets that can be clustered and integrated using these capabilities to deliver uniquely customized services.

SL3054_frame_C17 Page 310 Tuesday, November 20, 2001 9:20 AM

310

The E-Business Handbook

From a design and delivery perspective, tools and technologies that facilitate the integration of service components and support the evolution of e-service offerings by integrating direct and indirect consumer feedback are worthy of further exploration. The evolutionary nature of e-services resembles that of information products,51 and iteratively develops through interaction among stakeholders.43 Specifically, workflow approaches that have been used in past IS research can be extended for application to e-services. Other approaches that further our understanding of segmentation and versioning of these services, and help create lock-ins,53,54 increase customer loyalty and service quality,58 and reduce discontinuance behavior23,26 deserve further attention. The similarities between e-services and digital information products are also noteworthy, and valuable IS-specific lessons can be gleaned from research on the latter.10,17,50 Much can also be learned from the service-marketing literature about approaches that can be used for linking customer behavior and knowledge,41 increasing lifetime values of individual customers,9 relating versioning and market timing,4 and guiding modularization of e-service delivery processes.1,34 Though development of service families that have a common core with individualized add-ons is appealing from a “production” viewpoint, recent research highlights the implications for marketing such services to not be able to attract price premiums based on differentiation. Based on an analysis of the marketing-manufacturing trade-off, Desai et al.7 identify several implications for managers who need to balance benefits offered by commonality against dilution in differentiation. For example, when the marginal valuation of the quality across the high-end and low-end segments of the market is narrow, it is advantageous to create commonality. Further, when the cost of quality increases, then the same strategy seems to maximize profit for the service provider. These findings suggest that service providers must tailor their strategies based on a detailed analysis of the drivers of costs and revenues. Even though common threads might run across B2B, B2C, and C2C e-service management and delivery, the approaches used might differ in both their scope and their content. However, because e-services are often produced through collaboration across a digital web of collaborating firms,39,45 their business-to-business dimension is perhaps most critical. However, we believe that the two concepts of service architecture modularity and knowledge management about service components are highly complementary in developing a theoretical understanding of digital services, and deserve further attention.

REFERENCES 1. R. Achrol and P. Kotler, Marketing in the network economy, J. Mktg., vol. 63, Special Issue, 1999, pp. 146-163. 2. C. Baldwin and K. Clark, Managing in an age of modularity, Harvard Bus. Rev., September-October, 1997, pp. 84-93. 3. J. Barney, How a firm’s capabilities affect boundary decisions, Sloan Mgmnt. Rev., Spring, 1999, pp. 137-145.

SL3054_frame_C17 Page 311 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

311

4. B. Bayus, S. Jain, and A. Rao, Too little, too early: introduction timing and new product performance in the personal digital assistant industry, J. Mktg. Res., vol. 34, February, 1997, pp. 50-63. 5. A. Boynton and B. Victor, Beyond flexibility: building and managing the dynamically stable organization, Calif. Mgmnt. Rev., vol. 34, no. 1, 1991, pp. 53-56. 6. A. Court, The relationship between information and personal knowledge in new product development, Int. J. Info. Mgmnt., vol. 17, no. 2, 1997, pp. 123-138. 7. P. Desai, S. Kekre, S. Radhakrishnan, and K. Srinivasan, Product differentiation and commonality in design: balancing revenue and cost drivers, Mgmnt. Sci., vol. 47, no. 1, 2001, pp. 37-51. 8. P. Drucker, Management Challenges for the 21st Century, New York: Harper Business, 1999. 9. F. Dwyer, Customer lifetime valuation to support marketing decision making, J. Direct Mktg., vol. 11, no. 4, 1997, pp. 6-13. 10. R. Fielding, J. Whitehead, K. Anderson, and G. Bolcer, Web based development of complex information products, CACM, vol. 41, no. 8, 1998, pp. 84-92. 11. R. Grant, Prospering in dynamically competitive environments: organizational capability as knowledge integration, Org. Sci., vol. 7, no. 4, 1996, pp. 375-387. 12. R. Henderson and K. Clark, Architectural innovation: the reconfiguration of existing product technologies and the failure of established firms, ASQ, vol. 35, 1990, pp. 9-30. 13. R. Henderson and I. Cockburn, Measuring competence? exploring firm effects in pharmaceutical research, Strategic Mgmnt. J., vol. 15, no. Winter Special Issue, 1994, pp. 63-84. 14. M. Iansiti, Technology Integration: Making Critical Choices in a Dynamic World, Boston, MA: Harvard Business School Press, 1998. 15. T.A. Kappel and A.H. Rubenstein, Creativity in design: The contribution of information technology, IEEE Trans. Eng. Mgmnt., vol. 46, no. 2, 1999, pp. 132-143. 16. V. Krishnan and K.T. Ulrich, Product development decisions: A review of literature, Mgmnt. Sci., vol. 47, no. 1, 2001, pp. 1-21. 17. L. Laurent and P. McLeod, Pricing Digital Information Goods and Services on the Net, in Proc. 8th Euro. Conf. on IS, Vienna, Austria, 2000, pp. 476-483. 18. H. Mendelson and K. Kraemer, The information industries: introduction to the special issue, ISR, vol. 9, no. 4, 1998, pp. 1-4. 19. M. Meyer and A. DeTore, Product development for services, Acad. Mgmnt. Exec., vol. 13, no. 3, 1999, pp. 64-76. 20. M. Meyer, P. Terzakian, and J. Utterback, Metrics for managing research and development in the context of the product family, Mgmnt. Sci., vol. 43, no. 1, 1997, pp. 88-114. 21. M.H. Meyer and A.P. Lehnerd, The Power of Product Platforms, New York: Free Press, 1997. 22. P. Milgrom and J. Roberts, Complementarities and fit: strategy, structure, and organizational change in manufacturing, J. Acctg. & Econ., vol. 19, no. 2/3, 1995, pp. 179-208. 23. B. Mittal and W. Lassar, Why do customers switch? the dynamics of satisfaction versus loyalty, J. Services Mktg., vol. 12, no. 3, 1998, pp. 177-194. 24. D. Mowery, J. Oxley, and B. Silverman, Technological overlap and interfirm cooperation: implications for the resource-based theory of the firm, Res. Pol., vol. 27, no. 4, 1998, pp. 507-523.

SL3054_frame_C17 Page 312 Tuesday, November 20, 2001 9:20 AM

312

The E-Business Handbook

25. R. Osborn and J. Hagedoorn, The institutionalization and evolutionary dynamics of interorganizational alliances and networks, Acad. Mgmnt. J., vol. 40, no. 2, 1997, pp. 261-278. 26. M. Parthasarathy and A. Bhattacherjee, Understanding post-adoption behavior in the context of online services, ISR, vol. 9, no. 4, 1998, pp. 362-379. 27. D. Peppers and M. Rogers, As products get smarter companies have to focus on relationships, Forbes ASAP, February 26 1996, pp. 69. 28. F. Phillips, L. Ochs, and M. Schrock, The product is dead — long live the product — service!, Res. Tech. Mgmnt., no. July-August, 1999, pp. 51-56. 29. J. Pine, Mass Customization: The New Frontier in Business Competition, Boston: Harvard Business School Press, 1993. 30. B. Ramesh and M. Jarke, Toward reference models for requirements traceability, IEEE Trans. Software Eng., in press, 2001. 31. B. Ramesh and K. Sengupta, Multimedia in a design rationale decision support system, Decision Support Syst., vol. 15, 1995, pp. 181-196. 32. B. Ramesh and A. Tiwana, Supporting collaborative process knowledge management in new product development teams, Decision Support Syst., vol. 27, no. 1-2, 1999, pp. 213-235. 33. D. Robertson and K. Ulrich, Planning for product platforms, Sloan Mgmnt. Rev., Summer, 1998, pp. 19-31. 34. R. Sanchez, Modular architectures in the marketing process, J. Mktg., vol. 63, no. Special Issue, 1999, pp. 92-111. 35. R. Sanchez and J. Mahoney, Modularity, flexibility, and knowledge management in product organization and design, Strategic Mgmnt. J., vol. 17, no. 1, 1996, pp. 63-76. 36. A. Scheer, Business Process Frameworks, New York: Springer-Verlag, 1998. 37. M. Schilling, Toward a general modular systems theory and its application to interfirm product modularity, Acad. Mgmnt. Rev., vol. 25, no. 2, 2000, pp. 312-334. 38. M. Scott, The Intellect Industry: Profiting and Learning from Professional Services Firms, Chichester, UK: John Wiley & Sons, 1998. 39. P. Seybold, Preparing for the e-Services Revolution, Customers.com Report, Patricia Seybold Group, April, 30 1999. 40. H. Simon, The Sciences of the Artificial, 2nd ed., Cambridge, MA: MIT Press, 1981. 41. J. Sinkula, W. Bawker, and T. Noordewier, A framework for market-based organizational learning: linking values, knowledge, and behavior, J. Acad. Mktg Sci., vol. 25, no. 4, 1997, pp. 305-318. 42. T. Smith and J. Reece, The relationship of strategy, fit, productivity, and business performance in a services setting, J. Operations Mgmnt., vol. 17, 1999, pp. 145-161. 43. T. Smith and G. Stevens, The architectures of small networks: strong interactions and dynamic organization in small social systems, Am. Sociol. Rev., vol. 64, no. June, 1999, pp. 403-420. 44. J.-C. Spender and R. Grant, Knowledge and the firm: an overview, Strategic Mgmnt. J., vol. 17, Winter, 1996, pp. 5-9. 45. D. Tapscott, D. Ticoll, and A. Lowy, Digital Capital: Harnessing the Power of Business Webs, Boston: Harvard Business School Press, 2000. 46. M. Tatikonda, An empirical study of platform and derivative product development projects, J. Prod. Innov. Mgmnt., vol. 16, no. 1, 1999, pp. 3-26., 47. D. Teece, G. Pisano, and A. Shuen, Dynamic capabilities and strategic management Strategic Mgmnt. J., vol. 18, no. 7, 1997, pp. 509-533., 48. A. Tiwana, The Knowledge Management Toolkit: Practical Techniques for Building a Knowledge Management System, Upper Saddle River, NJ: Prentice Hall, 2000.

SL3054_frame_C17 Page 313 Tuesday, November 20, 2001 9:20 AM

Knowledge Managment in e-Services

313

49. A. Tiwana, Managing micro- and macro-level design process knowledge across emergent Internet information system families, in R. Rajkumar, Ed., Industrial Knowledge Management — A Micro Level Approach, London: Springer U.K., 2000. 50. A. Tiwana and B. Ramesh, Supporting Distributed Information Product Development with Design Decision Knowledge, in Proc. Int. Conf. Intelligent Decision Support Syst., Melbourne, Australia, 1999. 51. A. Tiwana and B. Ramesh, A design knowledge management system to support collaborative information product evolution, Dec. Support Syst., vol. 31, 2001, pp. 241-262. 52. A. Tiwana and B. Ramesh, Integrating knowledge on the Web, IEEE Internet Comp., May-June, 2001, pp. 2-9. 53. H. Varian, Differential prices and efficiency, Am. Econ. Rev., no. 70, 1980, pp. 651659. 54. H. Varian, Versioning Information Goods, in Proc. Digital Info. Intellectual Prop., January 23-25, Cambridge, MA, 1997, Harvard University, pp. 1-13. 55. M. Warkentin, R. Bapna, and V. Sugumaran, The role of mass customization in enhancing supply chain relationships in B2C e-commerce markets, J. Elect. Comm. Res., vol. 1, no. 2, 2000, pp. 1-17. 56. D.M. Weiss and C.T.R. Lai, Software Product-Line Engineering, Reading, MA: Addison-Wesley, 1999. 57. M. Zack, Managing Codified Knowledge, Sloan Mgmnt. Rev., Summer, 1999, pp. 45-58. 58. V. Zeithaml, L. Berry, and A. Parsuraman, The behavioral consequences of service quality, J. Mktg., vol. 60, no. April, 1996, pp. 31-46.

SL3054_frame_C17 Page 314 Tuesday, November 20, 2001 9:20 AM

SL3054_frame_C18 Page 315 Tuesday, November 20, 2001 9:22 AM

18

Preventing and Detecting Fraud in Electronic Commerce Systems W. Steve Albrecht and Conan C. Albrecht

CONTENTS 18.1 Elements of Fraud........................................................................................317 18.2 Fraud Motivations ........................................................................................317 18.3 Unique Electronic Commerce Fraud Risks .................................................318 18.3.1 Unique Pressures..............................................................................318 18.3.2 New Opportunities ...........................................................................319 18.3.3 Increased Ease to Rationalize ..........................................................319 18.4 Prevention of Fraud in Electronic Commerce.............................................320 18.4.1 Control Environment........................................................................320 18.4.1.1 Integrity and Ethical Values..............................................321 18.4.1.2 Board of Directors and Audit Committee Participation ...................................................321 18.4.1.3 Management’s Philosophy and Operating Style ..............321 18.4.1.4 Human Resources Policies and Practices ........................321 18.4.2 Risk Assessment...............................................................................321 18.4.2.1 Data Theft .........................................................................322 18.4.2.2 Sniffing..............................................................................322 18.4.2.3 Unauthorized Access to Passwords ..................................322 18.4.2.4 Falsified Identity ...............................................................322 18.4.2.5 Spoofing ............................................................................323 18.4.2.6 Customer Impersonation...................................................323 18.4.2.7 False Web Sites.................................................................323 18.4.2.8 E-mail or Web-Visit Hijacking.........................................323 18.4.3 Control Activities .............................................................................324 18.4.3.1 Adequate Separation of Duties.........................................324 18.4.3.2 Proper Authorization of Transactions and Activities .......325 18.4.3.2.1 Digital Signatures and Certificates.................325 18.4.3.2.2 Biometrics.......................................................325 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

315

SL3054_frame_C18 Page 316 Tuesday, November 20, 2001 9:22 AM

316

The E-Business Handbook

18.4.3.3 Adequate Documents and Records ..................................326 18.4.3.3.1 Encryption.......................................................326 18.4.3.4 Physical Control over Assets and Records ......................327 18.4.3.5 Independent Checks on Performance...............................327 18.5 Detection of Fraud .......................................................................................328 18.5.1 Identifying Fraud Exposures............................................................329 18.5.2 Fraud Symptoms ..............................................................................329 18.5.2.1 Encouraging Others to Reveal Fraud Symptoms.............330 18.5.2.2 Proactively Searching for Fraud Symptoms ....................332 18.5.2.2.1 Discovery Sampling .......................................332 18.5.2.2.2 Using Data Mining Commercial Software ....332 18.5.2.2.3 Digital Analysis Performed on Company Databases ..................................334 18.5.2.2.4 Inductive Fraud Detection ..............................335 18.5.2.3 Which of the Proactive Searching Methods Is Best? ......336 18.6 Conclusions ..................................................................................................337 References..............................................................................................................337

In the broadest sense, fraud can encompass any crime for gain that uses deception as its principal modus operandi. There are but three ways to illegally relieve a victim of his money or assets: Force, trickery, or larceny. All offenses that employ trickery are frauds. Webster’s Dictionary identifies several synonyms to trickery, including “deceive,” “mislead,” “delude,” and “beguile.” “Deceive” implies imposing a false idea or belief that causes ignorance, bewilderment or helplessness; “mislead” implies leading astray that may or may not be intentional; “delude” implies deceiving so thoroughly as to obscure the truth; and “beguile” stresses the use of harm or persuasion in deceiving. All deceptions, though, are not generally considered frauds. To meet the legal definition of fraud, there must be damage, usually in terms of money, to the victim. Under common law, four general elements must be present for a fraud to exist: 1. A material false statement 2. A knowledge on the perpetrator’s part that the statement was false when it was uttered 3. A reliance on the false statement by the victim 4. Resulting damages The legal definition is the same whether the offense is criminal or civil, the only difference being that criminal cases must meet a higher burden of proof. The common element in all frauds is confidence. To be deceived, victims must have confidence in their perpetrators. Otherwise, force is required to steal assets. A statement associated with almost all frauds is, “I cannot believe he or she stole from me. That was my best employee (customer, etc.)!” The appropriate response is, “Of course he or she stole from you. It was that trust and confidence you had in that person that made the fraud possible.”

SL3054_frame_C18 Page 317 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

317

18.1 ELEMENTS OF FRAUD Every fraud involves three elements: 1. The theft 2. Concealment 3. Conversion The theft act involves taking assets such as cash, inventory, or, often in ebusiness cases, information. Theft acts can occur manually, electronically, or in other ways. Concealment involves steps taken by perpetrators to hide their frauds from others. Concealment involves the altering of financial records, the miscounting of cash or other assets, the misprogramming of a computer, or the destroying of evidence. Conversion involves benefiting from the stolen goods and, usually, selling or converting stolen assets into cash and then spending the cash. If the asset taken is cash, conversion usually only means spending the stolen funds. If the fraud involves misstatement of financial statements, the theft act often involves overstating assets and revenues or understating expenses and liabilities, concealment involves manipulating the accounting records to support the over- or understatements and conversion involves having a higher net income or stock price that results in larger bonuses, increased stock options or prices, or an ability to meet restrictive or other covenants. Because all frauds involve concealment, they are rarely observed; this makes them very hard to find because of the lack of thirdparty, real-time witnesses to the crime.

18.2 FRAUD MOTIVATIONS Fraud is usually motivated by three factors that are often combined into a fraud triangle. These three factors are: 1. Perceived pressure 2. Perceived opportunity 3. Rationalization that the fraud is acceptable Every fraud perpetrator, whether an individual perpetrating fraud against a company or the management of a company perpetrating fraud on behalf of a company, faces some kind of pressure. Most pressures involve financial need. For example, individuals may commit fraud because they have debts that cannot be paid. The management of a company may commit fraud because the company has cash flow problems and needs to get over a rough period without revealing its troubles publicly. Nonfinancial pressures, such as the need to report results better than actual performance, frustration with work, or even a challenge to beat the system, can also motivate fraud. The second element in the fraud triangle is perceived opportunity. Perpetrators either think they can get away with the fraud without getting caught or decide they will not be prosecuted even if they are caught. This perceived

SL3054_frame_C18 Page 318 Tuesday, November 20, 2001 9:22 AM

318

The E-Business Handbook

opportunity need not be shared by co-workers or others; it needs only to be perceived by the perpetrator. The third element in the fraud triangle is some way to rationalize the fraud so as to make the illegal actions consistent with the perpetrator’s personal code of conduct. Common rationalizations are, “I’m only borrowing the money and will pay it back,” “You’d understand if you knew how badly I needed it,” or “We’ll just do it until we get over this temporary crisis.” Fraud rationalizations are easier than readers might think; most people judge themselves by their intentions and others by their actions. For example, most people intend to get up earlier, eat less, or exercise more. However, actions often do not measure up to these good intentions. Most fraud perpetrators really do “intend” to pay back the stolen money or information. They do not keep track of how much they took, but in their hearts they have good intentions. And, as long as they “intend to be honest,” it’s quite easy for most people to rationalize fraud. The above-mentioned three elements are common to every fraud. Neither the pressure nor the opportunity has to be real. An observer may look at the fraud and think, “You did not have any pressure that would motivate you to do something like that.” However, the reality seen by this observer is irrelevant. If the perpetrator perceives a pressure or an opportunity and can rationalize his behavior, he is likely to commit fraud. In many ways, fraud is similar to fire. For a fire to occur, three elements must be present: (1) heat, (2) fuel, and (3) oxygen. Take any one of these elements away, and the fire goes out. As with the elements in the fire triangle, the three elements in the fraud triangle are interactive. With fire, the more flammable the fuel, the less oxygen and heat it takes to ignite. Similarly, the purer the oxygen, the less flammable the fuel can be. With fraud, the greater the perceived opportunity or the more intense the pressure, the less rationalization it takes to motivate someone to commit fraud. Likewise, the more dishonest a perpetrator is or the more pressure he feels, the less opportunity it takes to motivate fraud. It is interesting to note that almost every study of honesty recently conducted in advanced countries reveals that levels of honesty are decreasing. Given the interactive nature of the elements in the fraud triangle, the decreasing levels of honesty present a scary future concerning fraud.

18.3 UNIQUE ELECTRONIC COMMERCE FRAUD RISKS While fraud can occur in any environment, there are several aspects of e-business environments that present unique fraud risks. These characteristics can be grouped within the fraud triangle; they usually create unique pressures, new opportunities, or increased ease of rationalization.

18.3.1 UNIQUE PRESSURES The elements of e-business that create increased or unique pressures are described as follows:

SL3054_frame_C18 Page 319 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

319

• Many firms engaged in electronic commerce are new firms or are firms experiencing dramatic growth, thus creating tremendous cash-flow needs. • Firms involved in electronic commerce are more likely (at least now) to be involved in merger or acquisition activity, which often creates pressures to improve the reported financial results. • Many e-business firms are new and involved in borrowing or issuing stock, thus creating additional pressures to “cook the books” or commit fraud. • Many e-business firms are involved in selling new products that require intensive and expensive marketing and for which an existing market does not yet exist. • Many e-business firms have unique business models that are unproven or flawed, creating tremendous cash-flow pressures.

18.3.2 NEW OPPORTUNITIES E-business presents many new opportunities for fraud perpetration. These are described as follows: • Many e-business firms have new and innovative technologies for which security developments often lag behind transaction developments. • Many e-business firms have complex information systems that make the installation of controls difficult and time consuming. • E-business often involves the transfer of large amounts of information, a factor that poses theft and identity risks such as sniffing and unauthorized access. • E-business often involves the removal of personal contact, which allows for easier impersonation or falsified identify. • E-business often involves the removal of bricks and mortar and other physical facilities that allow for falsified Web sites and businesses. • E-business involves the inability to distinguish large or established companies from new or smaller companies, making it easy to deceive customers by falsifying identity or business description. • E-business often involves the electronic transfer of funds, allowing large frauds to be committed more easily. • E-business sometimes means compromised privacy, which results in easier theft using stolen or falsified information.

18.3.3 INCREASED EASE

TO

RATIONALIZE

In many ways, e-business makes it easier for individuals to rationalize fraud. Such methods are listed as follows: • E-business increases the perceived distance and decreases the personal contact between customer and supplier, making it easier to deceive and commit fraud. • E-business allows transactions between anonymous or unknown buyers and sellers, removing physical visibility during transactions. This removal makes it easier to rationalize fraudulent behavior because perpetrators do not see who they are hurting.

SL3054_frame_C18 Page 320 Tuesday, November 20, 2001 9:22 AM

320

The E-Business Handbook

18.4 PREVENTION OF FRAUD IN ELECTRONIC COMMERCE The prevention of fraud in any setting usually involves reducing or eliminating the elements that motivate fraud: pressures, opportunities (to commit, conceal and convert stolen funds) and rationalizations. In an e-business setting, it is very difficult to reduce pressures or rationalizations. The lack of personal contact makes it difficult to know what pressures exist or to see the kinds of rationalizations taking place. Therefore, in an e-business setting, organizations can only do their best to avoid conducting business with those firms that are experiencing high pressures or have dishonest managers who can rationalize more easily. Generally, the better approach to preventing fraud in e-business settings is to focus on reducing opportunities for fraud to occur, usually through implementing appropriate controls. In traditional nonelectronic environments, controls normally involve five different elements: 1. 2. 3. 4. 5.

The control environment Risk assessment Control activities or procedures Information and communication Monitoring

In an e-business setting, the first three items are much more relevant and important in preventing fraud than are the last two. Therefore, in the following sections, we focus only on control environment, risk assessment and control activities.

18.4.1 CONTROL ENVIRONMENT The essence of an effectively controlled organization lies in the attitude of its management. If top management believes that controls are important, this belief will permeate throughout the organization. Others in the organization will sense the importance of controls and will respond by conscientiously observing the established controls. On the other hand, if it is clear to members of the organization that controls are not important to top management and are given only lip service, it is almost certain that management’s control objectives will not be effectively achieved and that fraud is more likely to occur. Because of the importance of the control environment, it is very important that firms trying to prevent e-business fraud do everything possible to have good control environments in their organizations. They must also try to learn of the control environments that exist in the companies they conduct electronic business with. The control environment consists of the actions, policies and procedures that reflect the overall attitude of top management, directors, and owners of an entity about control and its importance to the entity. The following are the most important subcomponents of the control environment.

SL3054_frame_C18 Page 321 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

321

18.4.1.1 Integrity and Ethical Values Integrity and ethical values are the product of the entity’s ethical and behavioral standards and how they are communicated and reinforced in the firm. They include management’s actions to remove or reduce incentives and temptations that might prompt personnel to engage in fraud. They also include the communication of entity values and behavioral standards to personnel through policy statements and codes of conduct and by example. A good question to ask about organizations is whether those companies have formal codes of conduct and whether they will let outsiders examine them. 18.4.1.2 Board of Directors and Audit Committee Participation An effective board of directors is independent of management, and its members are involved in and scrutinize management’s activities. The board delegates responsibility for control to management and is charged with providing regular independent assessments of management-established internal control. In addition, an active and objective board can often effectively reduce the likelihood that management will override existing controls. In a study of financial statement frauds during the period 1987 to 1997, a weak or ineffective board was one of the most common elements in firms that issued fraudulent financial statements.5 18.4.1.3 Management’s Philosophy and Operating Style Through its activities, management provides clear signals to employees about the importance of internal controls. For example, does management take significant risks, or are they risk-averse? Are profit plans and budgets set as “best possible” plans or “most likely” targets? Can management be described as “fat and bureaucratic,” “lean and mean,” dominated by one or a few individuals, or is it just right? Understanding these and similar aspects of management’s philosophy and operating styles provides a sense of management’s attitude about controls and fraud. 18.4.1.4 Human Resources Policies and Practices The most important aspect of internal control is personnel. If employees are competent and trustworthy, other controls can be absent and reliable transactions will still result. Honest, efficient people are able to perform at a high level even when there are few other controls to support them. Even if there are numerous other controls, however, dishonest people can reduce a control system to shambles. The hiring of honest and ethical employees is beyond the scope of this chapter; however, it is a very important factor for management and board members to understand because of its potential fraud implications.

18.4.2 RISK ASSESSMENT Risk assessment involves those steps taken to identify the risks involved in doing business with e-business partners. Part of risk assessment involves trying to assess the

SL3054_frame_C18 Page 322 Tuesday, November 20, 2001 9:22 AM

322

The E-Business Handbook

control environment of those third-party organizations. A related area of risk assessment involves identifying key risks that are unique to electronic interchange of information and money so that specific control procedures or activities can be put in place. Some of the major fraud risks in an e-business environment are data theft, sniffing, unauthorized access to passwords, falsified identify spoofing, customer impersonation, false Web sites, and e-mail or Web site hijacking.* 18.4.2.1 Data Theft Most readers probably associate fraud with the theft of money. In an electronic environment, the theft of data or information can be an even larger concern because of their value. For example, if personal information about bank customers is stolen, it can be sold or otherwise misused, or individuals can be blackmailed. Theft of electronic data is a concern for both businesses and consumers. Managers and assurance providers should be aware of the critical points in an e-business infrastructure at which data can be stolen. 18.4.2.2 Sniffing Sniffing is a term used to describe the viewing of information that passes along a network communication channel. This is a major concern in e-business because electronic communications are, by default, networked. This concern multiplies significantly as we become more and more dependent on public networks such as the Internet. Specialized hardware sniffers may be attached to a network to monitor or record all traffic. Sniffing software is readily available on the Internet, and it can be used legitimately by managers to monitor message and data flow within a company’s e-business infrastructure. However, unauthorized parties can use sniffing techniques to capture passwords or other sensitive information that will allow them to access internal organizational networks. 18.4.2.3 Unauthorized Access to Passwords In today’s interconnected world of e-business, password protection is often the only barrier to unauthorized access. With knowledge of passwords, electronic fraud is very easy to commit. Employees and customers must be trained in the proper use and safeguard of password information. 18.4.2.4 Falsified Identity Falsified identity is a major source of fraud exposure and risk in conducting ebusiness today. For an electronic transaction to take place, each party to the transaction needs to be confident that the claimed identity of the other party is authentic. These threats are of less concern in traditional electronic data interchange (EDI) settings because traditional EDI involves relatively limited access points, dedicated lines, and established value-added network providers as intermediaries. But authenticity is a significant concern for transactions conducted through electronic channels * Much of this material was adapted from Gover, et. al.6

SL3054_frame_C18 Page 323 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

323

in an Internet-based, e-business environment. This concern will increase as electronic transactions become more ad hoc, automated, and numerous. 18.4.2.5 Spoofing Spoofing involves changing the header information in an e-mail message or Web request. Fraud perpetrators can hide their identities by simply changing the information in an e-mail header, thus allowing unauthorized access. A simple form of spoofing is changing the “From” and “Reply-to” fields in e-mails to make them appear as though they came from a trusted source. Unknowing employees might reply to these messages, thinking they are from a supervisor, with private information such as sales figures, customer information, or network passwords. More advanced forms of spoofing involve changing Internet headers with false IP information to tunnel through corporate firewalls as “legitimate” traffic. These packets seamlessly slip past many firewalls and security packages. 18.4.2.6 Customer Impersonation Like traditional businesses that accept checks or credit cards, e-businesses face the burden of verifying customer identity. If a consumer has falsified his or her identity, businesses can lose money on fraudulent requests for products or services. For example, traditional businesses are able to visually verify that the customer’s signature matches the signature on a credit card they are using. However, e-businesses are rarely able to perform this check because credit cards are given over the phone through Web-based forms. They must rely on less effective means, such as addresses or other verifications. 18.4.2.7 False Web Sites One of the most common traditional frauds is referred to as a “bustout.” A bustout is a planned bankruptcy. In its simplest form, a perpetrator sets up a business, buys inventory on credit, sells the inventory for low prices, and then disappears with the money before the bills are paid. These types of frauds are especially problematic in e-business settings because new businesses with little history or backing are so common. The difference is that instead of renting a brick-and-mortar store front, the perpetrator merely establishes (at significantly less cost) a false Web site. The false Web site is used to grab confidential information, enter into fraudulent transactions, or entice stockholders. For example, a false Web site might look like and have a similar name to the site of a real bank or an online broker or retailer and have the capability to collect identification and credit card numbers from unsuspecting customers. Or, the perpetrator could enter into business transactions similar to a “bustout” con artist and never intend to pay for goods or services purchased. 18.4.2.8 E-mail or Web-Visit Hijacking E-mail messages and Web visits can be hijacked because Internet host names can be subtly different. For example, computer.com and computer.org are two completely

SL3054_frame_C18 Page 324 Tuesday, November 20, 2001 9:22 AM

324

The E-Business Handbook

different host names that could easily be confused. In like manner, computerorigins.com, computerorigin.com, and computer-origins.com are potentially three very different sites. If the names are owned by different entities, one site could mimic the other and trick users into thinking they are dealing with the original Web site or e-mail address. Obviously, this is not a complete listing of the fraud risks in an electronic environment. Fraud perpetrators are extremely ingenious. The traditional frauds of theft by employees, buyer and supplier in collusion, or frauds by suppliers are all still possible. In addition, perpetrators are creative and will continue to develop new schemes that are unknown to the public. This is especially possible today, because e-business technologies are relatively new to most people. As Internet technologies mature, methods for defrauding others using these technologies will become more publicly visible. “E-controls” related to the Internet and related ebusiness technologies will eventually be placed in most organizations. However, for the near future, perpetrators have a major advantage because of the new technologies and business models. Those engaged in e-business must be very careful in setting up each transaction.

18.4.3 CONTROL ACTIVITIES Control activities are the policies and procedures that help ensure that necessary actions are taken to address risks and frauds. Control activities generally fall into the following five categories: 1. 2. 3. 4. 5.

Adequate separation of duties Proper authorization of transactions and activities Adequate documents and records Physical control over assets and records Independent checks on performance

While all of the listed controls can be used in many forms in traditional organizations and transactions, they are not all equally effective in e-business relationships. The following sections discuss each of these types of control activities and then consider several e-business and technology controls that are especially relevant in e-business settings. 18.4.3.1 Adequate Separation of Duties This control is typically thought of as being used within an organization to prevent employee theft. In an e-business relationship, it is probably most relevant in making sure that individuals who authorize transactions are different from those who actually execute them. Probably the most common type of fraud in purchasingand sales-type transactions are kickbacks and bribery. Kickbacks usually occur when one individual becomes too cozy or close to suppliers or customers. Adequate segregation of duties can keep employees from being involved in bribery-type transactions because segregation ensures they do not have complete control of transactions.

SL3054_frame_C18 Page 325 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

325

18.4.3.2 Proper Authorization of Transactions and Activities Proper authorization is a key control in e-business environments. Every transaction must be properly authorized if controls are to be satisfactory. If any person in an organization is allowed to acquire or expend assets at will, chaos and increased fraud occur. Authorization controls can be either general or specific. General authorization means that management establishes policies for the organization to follow. Subordinates are instructed to implement these general authorizations by approving all transactions within the limits set by the policy. Specific authorization controls apply to individual transactions. Management is often unwilling to establish a general policy of authorization for some transactions. Instead, it prefers to make authorizations on a case-by-case basis. An example is the authorization of a sales transaction by the sales manager or a purchase by the purchasing manager. Authorization controls are usually the primary control activities (procedures) used in electronic commerce. The major electronic authorization controls that help prevent fraud are passwords, digital signatures and certificates, and biometrics. Passwords are a vital part of the security of any electronic system; however, they often constitute a weak link in a system’s security because they involve people who are untrained in proper password management. Usually, if passwords are compromised, unauthorized transactions can be made. To help prevent fraud, an organization should have a clearly communicated policy regarding selecting, changing, and disclosing passwords to others. In an electronic environment, there is probably no other control that can prevent fraud caused by intrusion better than the wise use of passwords. 18.4.3.2.1 Digital Signatures and Certificates Digital signatures and certificates are an increasingly important part of electronic transactions because they help prevent falsified identity and impersonation. Just as a signature on a paper document serves as authorization or verification of a procedure or important information, a digital signature provides beneficiaries the reassurance that transactions are valid. Digital signatures and certificates have been working well in defined areas of e-business for many years. However, they are only recently gaining widespread popular use. 18.4.3.2.2 Biometrics One of the most promising areas of technology and systems security is biometrics, the use of unique features of the human body to create secure access controls. Because each person possesses unique biological characteristics (e.g., iris and retina patterns, fingerprints, voice tones, facial structures, writing styles, etc.), scientists have been able to develop specialized security devices that have the potential to be highly accurate in authenticating a party’s individual identity. Access and permission to execute a transaction is granted or denied based on how similar the subsequent reading is to the reference template. However, for biometrics to be a generally available option for security, specialized input machines (such as retina scanners) need to be installed ubiquitously to nodes on the Internet. Therefore, while biometrics is very promising, its use for general, ad hoc e-business transactions is probably several years away.

SL3054_frame_C18 Page 326 Tuesday, November 20, 2001 9:22 AM

326

The E-Business Handbook

18.4.3.3 Adequate Documents and Records Documents and records are the physical objects on which transactions are entered and summarized. They include such diverse items as sales invoices, purchase orders, subsidiary records, sales journals, employee time cards and even checks. In an ebusiness setting, these documents are often missing or are maintained in computer files until they are printed out for specific purposes. Both documents of original entry and records upon which transactions are entered are important, but the inadequacy of documents typically poses greater fraud risks. Documents perform the function of transmitting information throughout the client’s organization and between different organizations. The documents must be adequate to provide reasonable assurance that all assets are properly controlled and that all transactions are correctly recorded. In e-business, most documents are electronic. In fact, the lack of hard documentation is a major factor that creates increased fraud risks in e-business situations. Documents and records generally provide detective controls rather than preventive controls. They are the most effective way to provide an audit trail and to allow investigation of suspected wrongdoing. Although most computer systems create records of transactions that can be accessed or reconstructed, smart fraud perpetrators often figure out how to remove (or simply destroy) evidence of transactions from servers and computers. 18.4.3.3.1 Encryption Because many of the traditional controls are not available in an electronic environment, compensating electronic transaction controls are put in place. The primary electronic transaction and document control is encryption, an effective way to protect confidential or sensitive information (such as checks or purchase or sales transactions) from being sniffed or stolen. Public key encryption allows information to be sent in an encrypted format over unsecured networks like the Internet. Public key encryption has achieved widespread use to protect data and ensure privacy in the ebusiness world. In public-key arrangements, the parties who will be communicating have two keys, one that is made public and another that is held private. These keys are inversely related: if one key is used to lock a message, the other must be used to unlock it. Thus, a message locked by a public key can be read only by the party holding the private key. Similarly, a message that can be unlocked by a particular public key could have originated only from the party holding the corresponding private key. Public-key encryption can thus be used for privacy (by locking a message with the intended recipient’s public key) and for authenticity (by locking a message with the originator’s private key). Today’s key-oriented encryption derives its security from the fact that its potential possible values are too large for today’s computers to enumerate in real time. However, with the exponential advances of technology that have occurred during the past several decades, computers require less and less time to guess key values. This risk increases as distributed computers are used in parallel to decipher messages. Public- and private-key encryption provides one of the best methods for security that is available today. However, as embodied in the name of a popular

SL3054_frame_C18 Page 327 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

327

encryption/decryption program, it provides only “pretty good privacy” rather than foolproof security. 18.4.3.4 Physical Control over Assets and Records To maintain adequate internal controls and prevent fraud, it is essential to protect assets and records. If assets are left unprotected, they can be stolen. If records, whether electronic or paper, are not adequately protected, they can be stolen, damaged, or lost. In the event of such an occurrence, the accounting process and normal operations could be seriously disrupted. When a company is highly computerized and involved in e-business transactions, it is especially important to protect its computer equipment, programs and data files. Three categories of controls are related to protecting technology equipment, programs, and data files from fraud. As with other types of assets, physical controls are used to protect the computer facilities. Examples are locks on doors to the computer room and terminals and adequate and safe storage space for software and data files to protect them from theft or intrusion. Physical controls relate particularly to e-businesses in the sense that, in addition to software-based security, the software and hardware that make up the technological infrastructure must be physically secure. If unauthorized personnel are allowed access to computers and servers, they can execute unauthorized transactions or steal sensitive information. Sometimes, physical infrastructure is so sensitive and critical to e-business operations that systems are placed in isolated locations with only high-level security access. 18.4.3.5 Independent Checks on Performance The last category of control activities is the careful and continuous review of the other four, often called independent checks or internal verification. The need for independent checks arises because the control environment tends to change over time, unless there is a mechanism for frequent review. Personnel are likely to forget or intentionally fail to follow procedures, or they may become careless unless someone observes and evaluates their performance. Fraudulent transactions are possible when controls break down. Independent checks are very important to prevent fraud in an e-business environment. Organizations should always conduct checks on e-business partners. These checks can range from simple Dun and Bradstreet reviews to full-fledged investigations of the firm and its officers. A quick search of Lexis-Nexis and other financial databases or the Internet often reveals problems that organizations should be aware of before conducting e-business with a firm. Often, e-business fraud, especially that perpetrated by smaller companies, is committed by the highest individuals in an organization, and quite often on behalf of the organization as opposed to against it. Because management is often involved, it is very important that management and directors or business partners be examined to determine their exposure to, and motivation for, committing fraud. In preventing fraud, it is important to gain an understanding of the management of all involved business partners and what motivates them. In particular, the three fraud-related

SL3054_frame_C18 Page 328 Tuesday, November 20, 2001 9:22 AM

328

The E-Business Handbook

variables of (1) their backgrounds, (2) their motivations and (3) their influence in making decisions for the organization should be researched. With respect to backgrounds, it is important to gain an understanding of what kinds of organizations and situations management and directors have been associated with in the past. Regarding management and director motivations, it is important to understand what it is that really drives and motivates the organization’s leaders. Is their personal worth tied up in the organization? Are they under pressure to deliver unrealistic results? Is their compensation primarily performance based or are there debt covenants or other financial pressures that must be met? Management’s ability to influence decisions for the organization is important to understand because it is much easier to perpetrate fraud when one or two individuals have primary decision-making power than it is in an organization with a more democratic leadership.

18.5 DETECTION OF FRAUD Historically, detecting fraud has been very difficult. Empirical studies of how frauds were discovered have shown that auditors, fraud investigators and management detect only a small fraction of all frauds. Rather, most frauds are detected either by accident, the receipt of a tip, or a complaint of wrongdoing. Because of recent developments in technology, however, it is now possible to proactively detect fraud To understand how fraud can be pro-actively detected, it is necessary to recall the nature of fraud, introduced early in the chapter. As you will recall, every fraud involves three elements: (1) theft act, (2) concealment, and (3) conversion. The theft act involves taking assets such as cash, inventory, or information. Concealment can involve altering financial records, miscounting cash or other assets, or destroying evidence. Conversion involves benefiting from the stolen goods and usually involves selling or converting stolen assets into cash and then spending the cash. Because all frauds involve concealment, they are rarely observed. Instead, only indicators, or symptoms, of fraud are seen. Fraud symptoms can relate to any or all of the three elements of fraud as well as the three factors that combine to motivate someone to commit fraud (pressure, opportunity, and rationalization). In the past, most organizations only suspected and investigated fraud after symptoms became so obvious that they could no longer be denied. And, because most organizations did not educate employees and vendors about fraud or make the reporting of suspected fraudulent acts easy, often, even when co-workers suspected fraud, it was not always reported. Unfortunately, the problem of waiting for obvious fraud symptoms is that, by the time such symptoms are observed, the fraud is usually quite large and costly to the organization. Fraud usually reduces net income on a dollar-for-dollar basis, meaning that a $10,000 fraud, for example, reduces net income by $10,000. If a company’s profit margin (net income or revenues) is 10%, the company must generate ten times as much additional revenue ($100,000 in this case) as the fraud to increase net income to its prefraud level. Because of the high cost of fraud, it is important that efforts be made to detect fraud as early as possible. For purposes of this chapter, fraud detection is distinguished from fraud investigation. Fraud detection means ways in which the suspicion of fraud, or “fraud predication”

SL3054_frame_C18 Page 329 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

329

is identified. Fraud investigation, on the other hand, involves those methods used to examine and study the fraud once it is suspected or predication is present. Fraud investigation involves all the efforts made to determine who committed the fraud, methods used, when the fraud was committed, what motivated it and how much money or other assets were taken. Obviously, fraud investigation cannot proceed until fraud detection takes place. It is also possible that observed “fraud symptoms” could be caused by factors other than fraud. Therefore, it is important that fraud investigators remain objective and neutral, assuming neither guilt nor innocence. Detecting fraud, no matter what type, involves a four-step process: 1. 2. 3. 4.

Identifying fraud exposures Understanding the kinds of symptoms the fraud exposures exhibit Using various kinds of analyses to actively look for relevant symptoms Following up on the symptoms observed to determine whether the symptoms relate to fraud or are occurring for other reasons

18.5.1 IDENTIFYING FRAUD EXPOSURES Identifying fraud exposures is one of the most difficult steps in detecting fraud. Correctly identifying fraud exposures means that e-business partners must clearly understand the operations and nature of the e-business transactions they are examining, as well as the nature of the business and industry with which they are doing business. They must have a good understanding of their business partner’s management and what motivates it, as well as the way the company is organized. They must also be aware of relationships the company has with other parties, and the influence that each of those parties has on their business partner and its officers. In addition to understanding the company the organization is dealing with, to detect fraud, individuals must understand where fraud is most likely to occur. The previous section of this chapter listed a number of e-business fraud risks. These risks are the most likely areas where fraud can occur. When a company has pressures or perceives opportunities, it may commit fraud in the easiest way. Good fraud detection means that individuals must constantly be monitoring the fraud risks to look for fraud symptoms.

18.5.2 FRAUD SYMPTOMS Unlike murder or bank robbery, fraud is rarely observed. Instead, only symptoms, indicators, or red flags are seen. To detect fraud, individuals must be able to identify a symptom. Fraud symptoms (of all types) can be divided into six categories. All six are reviewed, although some of them are not very useful for detecting fraud in e-business environments. 1. Analytical Symptoms —These involve things that are unusual — too big, too small, wrong time, wrong person, etc. These are the unexpected or unexplained —things out of the ordinary or that do not make sense. 2. Document or Electronic Record Symptoms — These involve discrepancies in the e-business transaction records, such as missing documentation,

SL3054_frame_C18 Page 330 Tuesday, November 20, 2001 9:22 AM

330

The E-Business Handbook

3.

4.

5.

6.

lack of support or approval for transactions, missing transaction numbers and so forth. Lifestyle Symptoms — When people embezzle, they spend their illgotten gains. Few if any perpetrators actually save what they steal. Once the critical need that motivated the fraud is met, perpetrators start to improve their lifestyle. Control Symptoms — These are breakdowns in the control environment, accounting system, or internal control activities or procedures that are so egregious that they hint that management override is taking place. Examples are an override of transaction controls or approvals to enact a transaction. Behavioral and Verbal Symptoms — Most fraud perpetrators are firsttime offenders. When they commit fraud, they feel guilty; this guilt creates stress. Fraud perpetrators change their behavior to cope with this stress or to hide fraud symptoms. These changes in behavior, together with verbal responses, are often excellent fraud symptoms. Tips and Complaints — The last category of fraud symptoms includes tips or complaints from employees, spouses, vendors, customers, competitors, and others. While no tip should be ignored, the providing of a tip that fraud is occurring does not automatically mean that it is taking place. Fraud tips and complaints may be motivated not because fraud is occurring, but because someone is seeking revenge, wants attention, or for other non-fraud reasons.

In e-business transactions, there is usually no face-to-face contact. Therefore, lifestyle and behavioral symptoms are usually less helpful in detecting e-business fraud than are the other four. Sometimes, however, even in e-business transactions, gratuitous information is made available to you about someone’s unreasonable lifestyle or inappropriate behavior. Remember, with all these symptoms, the key concept is “change.” It is an unexpected change in an analytical relationship, a record, someone’s lifestyle or behavior, or the use of controls that usually signals fraud. After a fraud has occurred and been detected, the symptoms are usually obvious. In many cases where we have been involved in investigating or detecting fraud, or in expert witnessing, management or the auditors had their hands on the symptoms, but did not recognize them for what they were. 18.5.2.1 Encouraging Others to Reveal Fraud Symptoms One of the most important ways to detect fraud is to make it easy for those who know about fraud to report it. The most common way to get people to report fraud is to install a hotline or 800 number they can call when they suspect wrongdoing. In most organizations, there are co-workers and others who have knowledge or suspicions that fraud is occurring, but do not come forward with their information. There are five reasons for this hesitancy. First, usually it is impossible to know for sure that fraud is taking place. Remember, there are no dead bodies or sure knowledge that a crime has been committed. All the potential informants see is symptoms. They may see someone who is living a changed lifestyle, behaving strangely, or stashing

SL3054_frame_C18 Page 331 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

331

company inventory in a garage. Because they recognize that they are seeing only symptoms, they do not want to take the chance of wrongly accusing someone. Even when their suspicions are strong, the possibility exists that there is a legal and legitimate reason for the symptom. The second reason most informants are hesitant to come forward is that they have read or heard horror stories about what happens to whistle blowers. Even though such reports are usually anomalies and are often exaggerated, people do fear they will suffer by losing their jobs or undergoing some other kind of reprisal if they become informants. Third, employees and others are often intimidated by perpetrators. Especially when the perpetrator is a superior, subordinates are afraid to come forward with their suspicions. For example, one fraud continued for 6 years even though several co-workers knew about it, because the perpetrator had such a dominant personality. He made others afraid of him, and he fired people who questioned his integrity. Fourth, most of us have been conditioned to believe that it is not good to “squeal” on others, even when they are doing something wrong. Finally, most employees and others do not come forward with their suspicions or knowledge of fraud because organizations do not make it easy for them to do so. This is the most discouraging reason, because it is entirely preventable from management’s point of view. In most organizations, employees do not know who they should talk to if they suspect fraud, how the information should be conveyed, or what the consequences will be if they do come forward. In addition, they do not know whether their tips will remain anonymous or whether their squealing will be disclosed. Organizations that are effective in using tips and complaints in fraud detection have learned that, to receive tips, they need to nourish and encourage employees. They have learned that employees must be given an easy avenue for whistle blowing and be encouraged to come forward. Some successful companies have packaged fraud with other undesirable actions such as drug abuse, safety violations, discrimination, and harassment, and have trained all employees what to do if they see any of these. In such companies, the training has taken the form of seminars for newhires; posters and other periodic reminders; a billfold card that is given to each employee that lists alternative actions they can take if they witness violations, and videos that are periodically shown as reminders of the program. Employees are told, and the information is reinforced on the wallet card, that they have five options if they suspect problems in any of these areas: 1. 2. 3. 4.

They can talk to their manager or their manager’s superior. They can call corporate security at a specified number. They can call internal audit at a specified number. They can call a company-wide ombudsman, who will forward the complaint or tip. 5. They can call an 800-number hot line that connects them to an outside answering service that screens the calls, guarantees anonymity, and forwards the information to relevant company individuals who can deal with the problem.

SL3054_frame_C18 Page 332 Tuesday, November 20, 2001 9:22 AM

332

The E-Business Handbook

Companies that provide hot lines have detected numerous frauds that would not otherwise have been detected. These companies have also reported use of the hot line as erratic, including periods of considerable use and periods of very little use. What is important is to make an option available to employees who would not otherwise report suspected activities. 18.5.2.2 Proactively Searching for Fraud Symptoms Proactive searching for fraud symptoms allows businesses to discover fraud in new and exciting ways. Rather than waiting for tips and complaints or for symptoms to make themselves evident, businesses can actively discover and stop fraud before it becomes too large. 18.5.2.2.1 Discovery Sampling The first, but probably least effective, proactive deductive method of searching for fraud is discovery sampling. Essentially, discovery sampling is a form of sampling that deals with the probability of discovering at least one error in a given sample size if the population error rate is a certain percentage. Its use involves two steps: (1) drawing a random sample and (2) using a table to draw inferences about the population from the sample. To illustrate, assume that discovery sampling was to be used to examine electronic transactions to see if fraudulent payments were being made. First, a random number generator or random number table is used to select the checks to be examined. Once the checks were selected, the next step would be to use a discoverysampling table (see Figure 18.1) to draw conclusions about the checks. If one check was found to be a fictitious vendor, the researcher would be certain that fraud existed. If he did not find one fraudulent check, all 6000 checks would still have to be examined to be absolutely sure (100% confident) that no fraud exists. If anything less than 100% of the checks were sampled and no fraud was found, discovery sampling would allow the researcher to decide how much risk to assume. In other words, discovery sampling allows an individual to quantify the risk of nondetection. From Figure 18.1, it is evident that if 300 checks were sampled and no fictitious vendors were found, the researcher would be 95% confident that the true population fraud rate did not exceed 1%, and 78% confident that no more than 0.5% of the checks were fraudulent. The table is based on the assumption that no fictitious checks are found. The more confident an individual wants to be and the less risk of not finding fraudulent checks he wants to assume, the larger the required sample size. Discovery sampling never ensures that fraud does not exist in a population of checks. While inferences can be made about the population, there is still the possibility that the sample will not be representative of the population (sampling risk), or that the researcher will examine a fraudulent check and not recognize it as being fraudulent (nonsampling risk). Using proactive discovery sampling, however, individuals can quantify risk until they conclude that they have sufficient evidence that fraud does not exist. 18.5.2.2.2 Using Data Mining Commercial Software A second deductive proactive method of detecting fraud symptoms is the use of commercial data mining packages, such as Audit Command Language (ACL), to look

SL3054_frame_C18 Page 333 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

333

Probability (Percentage) of Including at Least One Error in the Sample Rate of Occurrence in the Population (Percent) Sample Size 50 60 70 80 90 100 120 140 160 200 240 300 340 400 460 500 800 1,000 1,500 2,500

0.01 1 1 1 1 1 1 1 2 2 2 3 3 4 5 5 8 10 14 22

0.05 2 3 3 4 4 5 6 7 8 10 11 14 16 18 21 22 33 39 53 71

0.1 5 6 7 8 9 10 11 13 15 18 21 26 29 33 37 39 55 63 78 92

0.2 9 11 13 15 16 18 21 24 27 33 38 45 49 55 60 63 80 86 95 99

0.3 14 16 19 21 24 26 30 34 38 45 51 59 64 70 75 78 91 95 99 99+

0.5 22 26 30 33 36 39 45 50 55 63 70 78 82 87 90 92 98 99 99+ 99+

1.0 39 45 51 55 60 63 70 76 80 87 91 95 97 98 99 99 99+ 99+ 99+ 99+

2.0 64 70 76 80 84 87 91 94 96 98 99 99+ 99+ 99+ 99+ 99+ 99+ 99+ 99+ 99+

FIGURE 18.1 Discovery Sampling Table.

for anomalies in databases. As an example of the application of data mining software, consider the case of XYZ Corporation. Believing that a high-risk area of fraud involved kickbacks from vendors to buyers, the company examined purchasing trends of various products. Sorting the purchasing records by vendor and by purchase volume, they observed that total purchases from a particular vendor were increasing while total purchases from all vendors were decreasing. Upon further analysis, they also found that the prices of the favored vendor’s products were increasing faster than those of other vendors. These patterns appeared quite unusual, especially considering that the number of complaints about these suppliers’ products had increased substantially. As discussed previously, these patterns are often associated with kickback fraud because, once a buyer starts accepting kickbacks, control of purchasing transactions switches from the buyer to the supplier. Once the supplier takes control of the relationship, prices often increase, the volume of purchases from the favored vendor increases, purchases from other vendors decrease and, sometimes, even the quality of the goods purchased decreases. In this and all cases of proactively searching for fraud, however, it is important to understand that, at best, these patterns represent only circumstantial evidence. There may, in fact, be legitimate reasons that a company or its buyers would increase purchases from one vendor while decreasing purchases from others, even if the favored vendor’s prices are increasing. It could be, for example, that the favored vendor’s quality or timeliness of delivery are superior to those of other vendors.

SL3054_frame_C18 Page 334 Tuesday, November 20, 2001 9:22 AM

334

The E-Business Handbook

In this case, when followed up with an appropriate investigation, it turned out that the buyer was accepting kickbacks. This corruption and bribery led to the buyer’s company’s purchase of more than $11 million of unneeded inventory and supplies. While commercial data mining programs can be extremely helpful in detecting fraud, they, too, have significant disadvantages. The most obvious disadvantage is that databases kept by large corporations are, by definition, very large. Therefore, transfering information onto several zip disks or CDs limits the amount of data that can be taken. In addition, once the information is queried (and usually summarized), it is static and cannot be recombined in different ways with the original corporate data. Transferring all corporate data in its original form can involve the transfer of terabytes of information. This scope of data transfer and replication is both costly and time consuming. Further, applications such as ACL generally have spreadsheetlike interfaces and can analyze only small data sets. This size limitation also drives the requests for zip disks and CDs rather than for the entire corporate data set. Often, inherent limitations in analyzing such a large data set with limited software and data storage adversely affects results. And without further manipulating the data and combining various individual red flags into models, the generic data mining programs sometimes result in identifying thousands of “fraud symptoms” with too many alternative explanations. Further, these programs are general purpose and cannot often be refined enough to focus on actual frauds. Because of their general-purpose use, there is often no way to eliminate incorrect signals. 18.5.2.2.3 Digital Analysis Performed on Company Databases Using commercial data mining packages to search for fraud symptoms is one kind of digital analysis. Another is to proactively search company databases. The idea behind this type of digital analysis is to use the company’s databases themselves to search for accounting anomalies or unusual or unexpected relationships between numbers. One of the most common methods of digital analysis involves applying Benford’s law to various types of data sets. If someone handed a fraud researcher a stack of 10,000 random invoices from suppliers and asked her to estimate how many of the dollar amounts on the invoices began with the digit one, she might intuitively guess the answer was about 1 in 9. The truth is that some integers show up as the first digit of a data set much more often than others. In 1881, the American astronomer Simon Newcomb noticed that the first pages of books of logarithms were soiled much more than the remaining pages. In 1938, Frank Benford discovered that this phenomenon applies to a variety of types of data sets. According to Benford’s law, the first digit of random data sets will begin with a 1 more often than with a 2, a 2 more often than with a 3, and so on. In fact, Benford’s law accurately predicts for many kinds of financial data that the first digits of each group of numbers in a set of random numbers will conform to the following distribution pattern. Keep in mind that Benford’s law applies to numbers that describe the size of similar items and does not apply to assigned numbers such as personal ID numbers or lists where the numbers have a built in minimum. As the chart (see Figure 18.2) indicates, the first digit is expected to be a 1 about 30% of the time, whereas a 9 is expected as the first digit only about 4.6% of the time. This means that, if a researcher compared the distribution of the first numbers

SL3054_frame_C18 Page 335 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

335

35 30 25 Percent

20 15 10 5 0 1

2

3

4

5

6

7

8

9

Digit D

FIGURE 18.2 Frequency of digits according to Benford’s law.

of a set of invoices to the distribution predicted by Benford’s law and found that, for 70% of the invoice numbers, the first digit is an 8 or a 9, fraud likely exists. Using digital analytic methods such as Benford’s law can be extremely useful in detecting e-business fraud because the search techniques can be programmed into transactional databases to be run on a real-time basis. They can be used to examine total purchasing records or the purchasing records of individual vendors and customers. If programming into transactional databases, transactional data that do not look right can generate exception reports that can be examined to determine if fraud is occurring. One major advantage of using Benford’s law to proactively detect fraud is that it is probably the least expensive of all the digital analysis methods to implement and use. Not only is it inexpensive to use, but, because it is applied to the company’s own databases (not querying data to be analyzed by consultants or others), potential suspects are less likely to know an individual is trying to detect fraud. Fraud perpetrators are certainly easier to catch if they have not quit whatever scam they were doing because they believe someone suspects them. A major disadvantage of using Benford’s law is that using it is tantamount to hunting fraud with a shotgun — pull the trigger and hope that a few pellets hit something important. To understand what this means, consider the example of Company X again. What would have happened if those using Benford’s law to detect fraud had stopped after seeing that all vendor invoices together followed Benford’s law so closely? They might very well have erroneously concluded that their organization was free from fraud. Another shortfall of relying solely on Benford’s law is that it serves only to identify broad possibilities of the existence of fraud and fails to narrow the possibilities down to the point where one can easily know the specific nature of the fraud. Once anomalies are identified using Benford’s aw, the fraud examiner must still determine the nature of the fraud and the identity of the perpetrator. 18.5.2.2.4 Inductive Fraud Detection The last three proactive methods of searching for fraud symptoms are all very similar. They involve examining large databases (or inferring from a sample to a larger

SL3054_frame_C18 Page 336 Tuesday, November 20, 2001 9:22 AM

336

The E-Business Handbook

population) in an effort to find anomalies that suggest that fraud might be occurring. In many ways, these methods involve using a “shotgun” approach to find fraud. No particular type of fraud is usually suspected; rather, various types of analysis are applied to databases in the hope that something will be identified. In contrast, the final fraud detection method discussed is an inductive approach that involves determining the kinds of frauds that can occur and then using technology and other ways to determine if it appears that those frauds exist. This method involves the five-step process of (1) understanding the business or operations to be studied, (2) understanding the kinds of frauds that could occur (fraud exposures) in the operation, (3) determining the kinds of symptoms that the most likely frauds would generate, (4) using databases and information systems to search for those symptoms, and (5) following up on the symptoms to determine if they are being caused by actual fraud or by other factors. The authors have personally used this approach to detect fraud in several settings, including in financial institutions and oil refineries, with considerable success. As with digital analysis, once appropriate query routines are identified to search for various types of fraud, they can be automated to run on a real-time basis to generate exception transactions or business partners. 18.5.2.3 Which of the Proactive Searching Methods Is Best? Each of the approaches described here have both advantages and disadvantages. Using commercial data mining packages is usually the most inexpensive approach. However, their usefulness is limited where large databases are present. In addition, the generic searches allowed by such software often lead to an excessive number of possible fraud symptoms. In one case, for example, applications using Microsoft’s FoxPro led to more than 26,000 possible fraud symptoms. The major advantage of commercial data mining packages is that they are easy to use and can be quickly modified and applied. Digital analysis applications, such as using Benford’s law, can be performed on databases of any size. They are most useful when a particular type of fraud, such as vendor kickbacks, is suspected. The major disadvantage of digital analysis is that, it too, can identify large numbers of possible fraud symptoms. The major disadvantage of the inductive approach is that it is usually more expensive than the other approaches. Advantages, however, are that the data and output can be continuously modified and refined until most alternative explanations are eliminated. In deciding which approach to use, researchers should consider the size of the databases to be analyzed and whether the application is a one-time or multipleapplication activity. If the refined analyses of the inductive approach can be used over and over again or be automated into a real-time fraud detection activity, it is probably preferred. On the other hand, if the databases are small enough and if the applications will be used one time only, using commercial data mining packages is probably preferred. Whatever the approach used, all these methods offer proactive approaches that can pay large dividends, especially in e-business environments. Because personal

SL3054_frame_C18 Page 337 Tuesday, November 20, 2001 9:22 AM

Preventing and Detecting Fraud in Electronic Commerce Systems

337

contact is removed in most e-business transactions, the risks are higher, and some kind of proactive approach must be used. When organizations know that e-business partners are serious about fraud detection, they will exercise more care when buying or selling, and employed fraud detection approaches will actually result in significant fraud deterrence. When fraud does occur, the early detection of fraud using these proactive approaches will save considerable amounts of time, money and embarrassment.

18.6 CONCLUSIONS Fraud is a significant problem that is increasing both in frequency of occurrence and in amount. When fraud occurs, it is expensive and disruptive to business. In ebusiness settings, because personal contact is limited and because it is easier to defraud someone when perpetrators are shielded from personal hurt they are causing, fraud risks are higher than in other settings. Because of the ease of perpetrating fraud in e-business environments, it is extremely important that organizations have proactive fraud prevention and detection efforts in place. Fraud prevention is the most cost-effective element related to fraud. There are no winners in fraud. Perpetrators lose because they suffer humiliation and embarrassment as well as legal punishment. They must also often make tax and restitution payments, and there are financial penalties and other adverse consequences. Victims lose because of the financial losses, legal fees, lost time, public exposure, and other consequences. The investigation and prosecution of fraud can be very expensive. Organizations and individuals with proactive fraud-prevention measures usually find that those measures pay big dividends. However, even with excellent fraud prevention methods in place, not all fraud can be eliminated. When sufficient pressure and rationalization are present, even in low-opportunity environments, some people will still commit fraud. Because fraud can never be totally eliminated, organizations that are involved in any kind of business, but especially e-business transactions, must have early proactive fraud detection programs in place. Because people who commit fraud usually start small and then steal larger amounts once they become confident that they will not be caught, early detection can pay huge dividends.

REFERENCES 1. Albrecht, W. Steve, Wernz, Gerald W., and Williams, Timothy L. Fraud: Bringing Light to the Dark Side of Business, Irwin Professional Publishing, New York, New York, 1995. 2. Albrecht, W. Steve, Fraud Examinations: Fraudulent Financial Transactions, AICPA, New York, 2000. 3. Wells, Joseph T. Occupational Fraud and Abuse, Obsidian Publishing Company, Austin, Texas, 1997. 4. Arens, Alvin A. and Loebbecke, James K. Auditing: An Integrated Approach, Prentice Hall, Upper Saddle River, New Jersey, 2000, 8th ed.

SL3054_frame_C18 Page 338 Tuesday, November 20, 2001 9:22 AM

338

The E-Business Handbook 5. Beasley, Mark S., Carcello, Joseph V., and Harmanson, Dana H. Fraudulent Financial Reporting, 1987-1997: An Analysis of U.S. Public Companies, Committee of Sponsoring Organizations of the Treadway Commission, AICPA, Jersey City, New Jersey, 1999. 6. Glover, Steven M., Liddle, Stephen W., and Prawitt, Douglas F. E-Business: Principles and Strategies For Accountants, Prentice Hall, Upper Saddle River, New Jersey, 2001.

SL3054_frame_C19 Page 339 Tuesday, November 20, 2001 9:23 AM

19

Protecting a Borderless World: Recognizing and Understanding Security Threats to E-Commerce Steven E. Roberts and Dorothy E. Denning

CONTENTS 19.1 The New American Economy......................................................................339 19.2 The California Case Study...........................................................................340 19.3 Dependence on Critical Infrastructures .......................................................341 19.3.1 Infrastructure-Specific Effects .........................................................341 19.3.2 Macro Effects ...................................................................................342 19.3.3 Threats ..............................................................................................343 19.4 Mitigating Critical Infrastructure Risks.......................................................344 19.5 Other Threats To E-Commerce....................................................................346 19.5.1 Internet Fraud...................................................................................346 19.5.2 Denial-of-Service Attacks ................................................................348 19.5.3 Web Defacement ..............................................................................348 19.5.4 Computer Viruses and Worms .........................................................349 19.5.5 Privacy ..............................................................................................349 19.6 Conclusions ..................................................................................................350 References..............................................................................................................351

19.1 THE NEW AMERICAN ECONOMY The past decade has seen a business revolution unlike anything Adam Smith or Karl Marx could have predicted. E-commerce has created a virtual business community where many of the traditional barriers to innovation do not exist. Now, everything and anything is seemingly available in cyberspace. Indeed, with so many Web sites online, knowing where to look is half the battle. Despite a tech slowdown that began in late 2000, e-commerce and e-commerce infrastructure companies continue to grow. Annual sales of $100 million or more

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

339

SL3054_frame_C19 Page 340 Tuesday, November 20, 2001 9:23 AM

340

The E-Business Handbook

are not uncommon, and the biggest e-business players have commanded market values in the tens of billions of dollars. Expansion and consolidation fuel the growth of the online marketplace. Corporate mergers between brick-and-mortar companies and e-businesses blur the lines that once separated the “old” and “new” economy. Examples abound. One need look no further than the AOL-TimeWarner mega-merger announced in 2000 and finalized in early 2001. The increasing trend toward consolidation and strategic partnerships within the business community parallels the rise of the global marketplace. With a business model where each computer screen is also a potential storefront, ecommerce merchants continue to embrace the concept of a borderless business world. This world brings with it the promise of unimaginable growth and revenue potential. The proliferation of Internet-ready personal digital assistants such as the Palm Pilot VIIx supports this notion and suggests that mobile commerce (mcommerce) will soon be as easy and as accepted as “traditional” purchases made from a home computer. E-commerce, however, is not an isolated activity. It relies on the presence of supporting infrastructures, broadly defined as “the framework of interdependent networks and systems … that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of government at all levels, and society as a whole.”1 Malicious threats to the nation’s eight critical infrastructures — gas and oil storage and delivery, water supply systems, banking and finance, transportation, electrical energy, information systems and telecommunications, emergency services, and government operations — are, by definition, threats to e-commerce. Without an electrical grid to power computers, telephone and cable lines to connect them, and banks to send and receive payment transactions, e-commerce would not — indeed could not — exist.

19.2 THE CALIFORNIA CASE STUDY The California energy crisis of 2001 created some of the same effects as a consolidated terrorist attack. The power crunch debilitating the nation’s most populous state — and the world’s sixth-largest economy — has affected virtually every Californian. Except for the lucky few with an independent electrical power capacity or a back-up generator, no one has escaped the rolling blackouts. The activities of daily life that require electricity — from drying a load of wet laundry to using a computer to make a purchase online — all must be readjusted and reconsidered during periods when electrical power is unavailable. Whether prolonged or merely repetitive, electrical outages focus citizen anger on public officials. The inability to continue ordinary activities creates frustrations that compound with every passing powerless hour. This is no less true for corporations than for individuals. Mounting pressures impel local, state, and even federal officials to restore power quickly and completely. Failure to do so is politically untenable: the wrath of the electorate — united toward a common end — compels compliance. Short-term solutions without fundamental reforms, however, set the stage for more outages.

SL3054_frame_C19 Page 341 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

341

Government then becomes the vital link. Because they lack the ability, access, and expertise to solve the problem, individuals and businesses cannot restore electrical power independently. In fact, this is even true for California as a whole, for the state relies on sources outside its borders for much of its electrical power. According to United States Bureau of Reclamation statistics, California consumes more than 57% of all power generated by the Hoover Dam — a facility located between Arizona and Nevada.2 This most recent energy crunch has bolstered the demands to make California less dependent on outside power generation — and therefore less vulnerable to disruptions outside of its control. This concern was evident when the nation’s leading energy official, United States Secretary of Energy Spencer Abraham, stated that “a real solution must address the need for the construction of more electric power generation in California … .”3 California’s electrical capacity is particularly relevant to the issues of critical infrastructure protection and e-commerce. Insufficient electrical power can create a cascade of failures. Without power, the remaining seven infrastructures will not operate. As a result, gas pumps, automated teller machines, and water purification equipment all cease to function. 911 calls may go unanswered. And, in such an environment, of course, e-business simply has to wait. Indeed, infrastructure interconnectivity and interdependence make this situation particularly problematical. Conceivably, a single system failure could create a general “market failure.” Even if the e-commerce community could mitigate its own vulnerabilities to lost power, interdependence makes such an approach futile in the long run.

19.3 DEPENDENCE ON CRITICAL INFRASTRUCTURES The electrical power grid is but one of eight critical infrastructures. Disruption of any of the others would also damage e-commerce.

19.3.1 INFRASTRUCTURE-SPECIFIC EFFECTS The debilitation of the information systems and telecommunications infrastructure — which includes everything from small telephone cross-boxes at the end of a street to large satellite relay stations — will preclude the transmission of data. From the perspective of e-business, such a disruption not only hinders the general communication of voice, fax, and e-mail information, but also the exchange of order, payment, and shipping information between online consumers and e-commerce merchants. The ability of merchants to communicate with suppliers, banks, and even employees is also compromised. An attack against the banking and finance infrastructure produces similar results. For example, without the ability of online consumers to use credit cards, merchants to process them, and banks to correctly credit and debit the appropriate accounts, e-commerce halts. Considering that e-commerce is premised on the effective use of credit, the interruption of banking and finance is particularly troubling. Because goods ordered online must be delivered, the interruption of oil storage and delivery or transportation infrastructures also harms e-commerce. Even though

SL3054_frame_C19 Page 342 Tuesday, November 20, 2001 9:23 AM

342

The E-Business Handbook

goods might be purchased online, traditional modes of transportation must be employed to complete the ordering process. Thus, a lack of fuel oil for airplanes, trucks, and ships — as well as the inability to use the nation’s network of roads, bridges, tunnels, and ports — translates into higher online prices. Merchants have little choice but to pass on the increased costs to consumers. A more severe disruption of the oil or transportation infrastructures might stop the movement of goods between online merchants and consumers altogether. On the surface, a disruption of the water supply may not seem to threaten ecommerce. But if a community’s water is contaminated or unavailable, the public’s principal concern will be the restoration of something drinkable from the tap — not buying books online. Similarly, if the ordinary operation of government falters, individuals will not receive social security checks or government loans, inhibiting their ability to make online purchases. Loss of emergency services could divert attention from online shopping.

19.3.2 MACRO EFFECTS The debilitation of a critical infrastructure creates additional consequences of a more generalized nature. These can be considered the “macro effects” of an infrastructure failure. They are less quantifiable than infrastructure-specific effects, but equally significant. Infrastructure failures diminish consumer confidence. Unreliable power grids, communication networks, or banking systems feed insecurity about the world in general and the virtual marketplace in particular. Confidence in the national infrastructure, after all, is the hallmark of a First World economy. Without that confidence, consumers begin to question the overall reliability of online shopping. Worse, fundamental questions, many heard since the earliest days of the e-commerce business revolution, reappear: Will I get my product? Will I be charged the correct amount? Will my credit card information be stolen or misused? What about returns? Efforts to reassure consumers shaken by “post-infrastructure failure uncertainty” demand an investment of time as well as money. In the meantime, traditional brick-and-mortar merchants, who do not face many of the risks associated with online retailing, prosper. Because investors fear uncertainty, a major infrastructure failure has the potential to create havoc on Wall Street. Attempting to mitigate Wall Street uncertainty — and falling stock prices — in the aftermath of a severe infrastructure failure exemplifies another macro effect: diversion of government attention. During a crisis, the paramount goal of federal, state, and local government immediately becomes containment, treatment, and restoration. Damage must be isolated and prevented from spreading (the cascade effect). The injured must be given medical care. Reconstitution of the crippled infrastructure(s) must begin. Just as government refocuses its efforts to address the nation’s most immediate and malignant issues, so too does the population. During and after a major infrastructure disruption, the citizenry desires a return to normalcy — a state of affairs that is safe, predictable, and reliable, a social order in which there is electricity to power lights, fuel to run automobiles, safe water to drink, and the ability to access

SL3054_frame_C19 Page 343 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

343

one’s financial resources, among others. E-shopping may not be high on anyone’s list of priorities, except as it may be used to purchase prescriptions, food, or emergency supplies.

19.3.3 THREATS The nation’s eight major critical infrastructures are a clear target for any attacker eager to create widespread damage, chaos, and uncertainty. Yet, deterring potential perpetrators — and intercepting them before they act — is problematical for the military, intelligence, and law enforcement communities. Having a modern, integrated, electronic infrastructure means that a determined individual or group may be able to assail vital components of that infrastructure at any time from multiple locations. The United States experiences cyber attacks every day. They are mainly launched by teenagers looking for thrills and bragging rights, thieves seeking access to credit card numbers and bank accounts, disgruntled employees eager to get even, and spies of every stripe. There are, however, certain groups that may be inclined to launch a damaging offensive against critical infrastructures. Of particular concern are international terrorist groups, hostile nations, antigovernment militias, and cult-type organizations. Those who decide to target critical infrastructures are likely to employ two methodologies: “cyber” or “physical.” A cyber assault attacks an infrastructure’s critical computerized systems with software. The assailant is assisted by hacking tools and techniques, including computer penetration programs, computer viruses and worms, Trojan horses, and denial of service tools. A concerted attack might employ several methods simultaneously against the same asset. Combining different cyber operations is especially debilitating, as it increases the virulence of the assault and the likelihood of success. Physical infrastructure attacks employ more traditional modes of warfare, primarily bombs. Physical components, such as a building where critical assets are located or the pipes that carry energy supplies or water, may be destroyed or contaminated with chemical, biological, or radiological agents. Though the ends may be similar, the means and immediate results are not, for there are crucial differences between cyber and physical methods. With a cyber attack, an assailant’s actual proximity to the target is theoretically irrelevant. The operation can be executed from anywhere in the world as long as there is remote access. This is not the case for physical assaults. Destroying an infrastructure’s tangible assets can only be accomplished if the attacker is able to position a weapon near the target. Cyber offensives require knowledge of computer programming and networks, as well as the target infrastructure. Familiarity with and access to computerized technology is also mandatory. Although individuals possessing these capabilities and skills are not unique, those willing to use their skills maliciously are not overly common. A successful attack against the computerized network(s) of a critical infrastructure that is hardened against cyber threats requires someone with both the specific skills and the motive to cause harm.

SL3054_frame_C19 Page 344 Tuesday, November 20, 2001 9:23 AM

344

The E-Business Handbook

Physical assaults, however, generally require less expertise. Any amateur can load a truck with fertilizer and fuel oil, park it next to a critical infrastructure, such as a fundamental petroleum pipeline, and detonate it. Arguably, the ease of a physical assault relative to a cyber assault would seem to make physical infrastructure attacks more likely. A carefully planned operation — such as an offensive launched by an organized terrorist group or a hostile foreign government — might utilize both methodologies concurrently. Contaminating a locality’s water infrastructure with a biological agent while sabotaging the same community’s 911 call center with a software attack would be as debilitating as it would be deadly. Moreover, such an assault would have longterm consequences — health and otherwise. The effects would resonate not only through the targeted area but also through the entire nation. Communities around the country would begin to ask, “Are we next? How would our city handle that?” The resulting costs from such a single, localized attack, imposed nationwide, would be considerable.

19.4 MITIGATING CRITICAL INFRASTRUCTURE RISKS Security systems are essential for mitigating risks. Well-guarded networks are less likely to be the target point of entry. If the systems that run a critical infrastructure are maintained on a secure network with layers of redundancy, they will be less vulnerable to a successful and debilitating offensive. It is important to note, however, that in an age of massive and converged networks, hardened systems that are impervious to a sophisticated and well-planned cyber assault exist more in theory than in practice. Systems are intricate and it may be impossible to eliminate all vulnerabilities. Indeed, even if the technical measures are strong, the humans who manage, operate, and use the networks may be a weak link. Security requires constant vigilance. Patches must be installed and operators alert for possible weaknesses and breaches. Toward this end, the federal government has recognized the importance of protecting critical infrastructures. Efforts to uphold, support, defend, and counteract the consequences of a critical infrastructure failure currently are under way. Such initiatives are complex, requiring patience as well as public sector–private sector cooperation. The most significant efforts to protect the nation — and thus the ability for ecommerce and e-business operations to continue without interruption — began in 1995 with the Critical Infrastructure Working Group, which was replaced in 1996 with the President’s Commission on Critical Infrastructure Protection (PCCIP). Established by Presidential Executive Order, the PCCIP reviewed the nation’s infrastructures, identified areas prone to exploitation, and recommended methods of improvement. Its concluding report found a “… widespread capability to exploit infrastructure vulnerabilities. The capability to do harm — particularly through information networks — is real; it is growing at an alarming rate; and we have little defense against it.”4 Based on the findings of the commission, the Clinton administration decided to take further action and issued Presidential Decision Directive-63 (PDD-63) in May 1998. Representing the “… culmination of an intense, interagency effort to evaluate

SL3054_frame_C19 Page 345 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

345

[the recommendations of the PCCIP] and produce a workable and innovative framework for critical infrastructure protection,” PDD-63 established a foundation for action. It created a National Coordinator for Infrastructure Protection and established the National Infrastructure Protection Center (NIPC) as well as the Critical Infrastructure Assurance Office (CIAO). It called for the formation of Information Sharing and Analysis Centers (ISACs) and the National Infrastructure Assurance Council.5 PDD-63 also directed the creation of the first National Plan for Information Systems Protection. PDD-63 initiatives generally fall into three categories: information gathering, incident response, and public–private sector cooperation. These divisions are not mutually exclusive. Much like the infrastructures they seek to protect, these categories overlap and are interdependent. Information gathering includes efforts to acquire pertinent intelligence related to critical infrastructures. The collected data may relate to potential infrastructure vulnerabilities, threats, actual incidents, reconstitution plans, or mitigation efforts. Already, ISACs have been established in several industry sectors to provide better intelligence to their constituents. Incident response is generally handled by the NIPC, which is located at FBI Headquarters. The resources and expertise of other government agencies assist the NIPC’s incident response efforts. Furthermore, collaboration among federal, state, and local government is important when reacting to an incident. Public-private partnerships form the third element of the triad. Because the overwhelming majority of the nation’s infrastructures are privately owned and operated, private sector cooperation is crucial. What makes cooperation especially challenging, however, is its scope: To meet the challenge effectively, owners and operators must cooperate not only with the government but also with each other. Fostering collaborative efforts is a challenge of the highest order. Effective responses to infrastructure threats require access to sensitive information. But many companies, especially utilities, view such intimate cooperation as foolish and counterintuitive. The predictable response runs something like this: “Why should our firm discuss sensitive policies, reveal potential weaknesses, and interact with the competition, all because of a theoretical threat? And won’t cooperation with government lead to more oversight, more expenditures, and less independence?” Business is also concerned that sensitive information shared with the government may be susceptible to Freedom of Information Act (FOIA) requests. To increase collaboration and help industry understand its vital role in critical infrastructure protection, government initiatives have focused on education, awareness, and information sharing. Designed to bring industry and government together, several programs exist. These include the InfraGard program, a cooperative effort between the NIPC/FBI and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. One key program is the Partnership for Critical Infrastructure Security (PCIS). Introduced by the Clinton administration, the formation of this partnership “… recognizes and acknowledges that the Federal government alone cannot protect these infrastructures or assure the delivery of services over them…the Partnership hopes to raise awareness, promote understanding, and, when appropriate, serve as a catalyst for action.”6

SL3054_frame_C19 Page 346 Tuesday, November 20, 2001 9:23 AM

346

The E-Business Handbook

The PCIS can be an effective tool for industry and government. It helps participants share ideas, test scenarios, and gain a more profound understanding of the salient issues. Though targeted to the owners and operators of the nation’s infrastructures, the essence of the program speaks to the business community as a whole. In this sense, therefore, e-commerce companies are a part of critical infrastructure protection efforts, even if their role appears more tangential and less practical relative to that of “infrastructure-specific businesses,” such as natural gas or water management companies. The Bush administration has acknowledged the critical role played by the PCIS. The second partnership meeting, held in March 2001 at the Chamber of Commerce in Washington, D.C., featured a speech by National Security Advisor Condoleezza Rice. Speaking to more than 250 business leaders on behalf of the President and his administration, Dr. Rice reiterated that the protection “… of our nation’s critical infrastructures can only be done in concert with private industry.”7 She applauded the work of the partnership and its efforts to assist in the formation of Version Two of the National Plan for Information Systems Protection, due to be released in the summer of 2001. The eagerness of the Bush administration to address this issue and engage the business community less than 100 days after taking office reveals the importance of critical infrastructure protection as a long-term policy goal. The President himself has made it known that “… infrastructure protection is important to our economy and to our national security, and it will, therefore, be a priority for this administration.”8 Strong executive leadership is significant: it suggests that government-sponsored programs to promote collaboration and cooperation between the public and private sectors will continue — and grow.

19.5 OTHER THREATS TO E-COMMERCE Though clearly significant, infrastructure vulnerabilities represent one issue among many. Other threats to e-commerce include Internet fraud, denial-of-service attacks, Web defacement, computer viruses and worms, and invasions of privacy. Failure to acknowledge their presence and act accordingly endangers the functionality and reliability of the e-commerce marketplace.

19.5.1 INTERNET FRAUD Frauds involving credit cards, auctions, and securities are three of the most common forms of thievery online. Collectively, these criminal activities cost online retailers millions of dollars in lost revenue — not to mention countless hours in lost productivity. As perpetrators become more brazen and more sophisticated, businesses will be required to spend more of the bottom line obstructing attackers. Arguably, the financial consequences of Internet fraud extend far beyond direct monetary and productivity losses. The true expense must include the costs of combating the problem, whether or not an attack ever occurs. These costs include monies spent on defenses such as encryption, firewalls, malicious-code detection, intrusion detection, secure storage devices, redundant systems, and training.

SL3054_frame_C19 Page 347 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

347

One would expect that the very best security devices would guard the personal information of the world’s economic and political elite. Yet, at the January 2001 meeting of the World Economic Forum in Davos, Switzerland, computer security was compromised. The credit card numbers and bank accounts of more than 1,400 people, including prime ministers and corporate presidents, were lost when hackers invaded insecure databases.9 Stealing credit card numbers from online databases, as perpetrated in Davos, is a major problem. In March 2001, the FBI announced that more than 1 million credit card numbers had been stolen by organized criminal groups operating out of Russia and the Ukraine. The groups attacked more than 40 U.S. computer systems associated with e-commerce or e-banking firms located in 20 states. After successfully penetrating into a company’s server, the hackers attempted to extort the company by offering services to solve the computer vulnerability they had exploited.10 As more and more Internet sites have offered auction-style commerce in addition to “traditional” commerce, auction fraud has risen as well. Indeed, reports of auction fraud to the United States Federal Trade Commission have grown almost exponentially: from 107 in 1997 to 10,700 in 1999.11 The independent nature of online auctions makes oversight difficult. This does not imply that Internet sites that host auctions are devoid of responsibility. To the contrary, whether e-commerce merchants engage in auctioning or merely provide a venue for auctions (a point online auction leader eBay stressed in a March 2001 revision of its user agreement), auction sites must make every reasonable effort to ensure fairness and accountability. This includes rating sellers, reporting incidents of fraud, and prohibiting violators from future participation. Even those with a strong commitment to consumer protection, such as eBay, face an uphill battle. Consumers cannot expect auction sites to guarantee with absolute certainty the fairness of the auction process or the results. Buyers must be cognizant of their personal responsibility to conduct due diligence about the seller, utilize escrow accounts where feasible, and employ a third-party authentication service to obtain an objective opinion about the sale item. For a large purchase, auction insurance is now available. But none of these protections is foolproof in an environment where decisions must be made quickly, where bidders and sellers operate under aliases (the norm in eBay-style auctions; less common in B2B auctions), and where enforcement is uneven. Consumers who are the victims of auction fraud fall into three general categories: those who receive an item different from what was promised; those who pay for an item but never receive it; and those who pay an artificially high price for an item as a result of fraudulent bidding, often called shill bidding. Perhaps the most complex — and least obvious — of the three aforementioned categories is shill bidding. Defined by eBay as “… the deliberate placing of bids to artificially drive up the price of an item,” shill bidding leverages the dynamic nature of auctions.12 The presence of multiple bidders aggressively trying to win the auction within a finite time frame provides a perfect venue for fraud. In this type of environment, it is not difficult for the seller to use a fictitious name to bid up the sale price. More organized shill bidding uses third parties to post multiple false bids, thereby giving the impression of several competing interests.

SL3054_frame_C19 Page 348 Tuesday, November 20, 2001 9:23 AM

348

The E-Business Handbook

Many forms of securities fraud are similar to shill bidding and operate with much the same methodology. Its costs to consumers and to the target corporation, however, are almost always greater. In a classic “pump and dump,” perpetrators use online chat rooms and phony newsletters to disseminate “tips” to unsuspecting investors. As a result, investors buy the stock. Higher demand increases the share price, at which time the defrauders sell and pocket a healthy profit. When the fraud is realized and the stock price collapses, unsuspecting investors lose.

19.5.2 DENIAL-OF-SERVICE ATTACKS As suggested by its name, denial-of-service (DoS) assaults prevent the legitimate use of a network, site, or Internet service, typically by targeting network bandwidth. In essence, an assailant floods a server with data. Unable to process information requests effectively, the server — and thus the Web sites it supports — shuts down. The most ambitious offensives plant attack software on potentially hundreds or thousands of host computers, often called “zombies,” which all attack the target at once in what is called a “distributed denial of service (DDoS) attack.” The zombies, which themselves are compromised, become unwitting participants and potentially liable for damages attributed to them. It is not possible to prevent all DoS flooding attacks. The best that can be done is to block them after they have started and restore services. Still, stopping an assault and restoring server functionality can take hours or even days. Identifying the perpetrator may be impossible. When DoS offensives are successful, the results are powerful. The rapid and wide-ranging DDoS attack against some of the Internet’s most popular and frequently visited sites in February 2000 illustrates. Several major sites were targeted, including Yahoo!, eBay, Amazon.com, CNN.com, E*trade, and Buy.com. The attacks did much more than inconvenience users and obstruct the spread of information. They also affected bottom-line revenue. Some estimates put the total cost of the outages over $1 billion. This includes financial losses, productivity losses, and losses from resource reallocation. Dividing projected quarterly sales by the number of hours per quarter showed that Amazon.com’s potential loss as a result of the February 2000 DDoS incident was nearly a quarter of a million dollars an hour.13 A company need not be engaged in direct e-commerce to suffer. Internet portals that derive revenue from advertising, such as Yahoo!, also suffered. Further, a company need not be the direct target of an assault. Because Internet portals often serve as an intermediary and facilitator between users and smaller online merchants, an attack against the portal also affects business at the smaller companies. One company’s losses, however, may be another’s gains. Companies recognized that they could not afford to be victimized in the future. Thus, firms that provide security networking solutions, such as Verisign, CheckPoint, Entrust Technologies, and Internet Security Systems, all saw sharp rises in market valuation as a result of the DDoS attacks. The day of the outages, stock gains were $7.94, $5.38, $6.81, and $7.88 respectively.

19.5.3 WEB DEFACEMENT Perhaps the most common attack against e-commerce Web sites is defacements, which typically alter the content on their victims’ home pages to include offensive text, photos,

SL3054_frame_C19 Page 349 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

349

graphics, and links to more of the same. Web defacement may not be particularly virulent or debilitating, but it is embarrassing and disruptive. Until the site is “sanitized,” e-commerce transactions must wait. Online merchants have no choice except to spend considerable time and expense restoring the site to an acceptable state suitable for public view. In this sense, therefore, Web defacement precludes the normal operation of business — and thus, the financial transactions that would have taken place. Frequently, the targets of this form of vandalism are large e-commerce or government sites that receive considerable Web traffic. Similar to graffiti sprayed on a visible and well-traveled highway overpass, Web defacers seek notoriety and mass dissemination of their “message,” be it political, social, or none of the above. Further, it is not uncommon for sites advocating a particular political or social position to be defaced by those who hold opposing sentiments. The March 2000 arrest of a 17year-old New Hampshire teenager known online as “Coolio” is a case in point. He is alleged to have defaced the antidrug Web site Dare.org with photos and text that advocated drug use.14

19.5.4 COMPUTER VIRUSES

AND

WORMS

Computer viruses and worms impact e-commerce by attacking its consumers and other players. Depending on its level of sophistication and maliciousness, a virus or worm may manipulate or corrupt data, delete data, steal data, and even give the perpetrator administrator’s rights over the target computer. Antivirus software that is updated regularly provides some defense. However, even the best-defended system or astute Internet patron may be victimized. The “success” of a virus or worm is a function of its creativity and appeal. Concealing the virus within an e-mail attachment that promises love, financial freedom, or the photograph of a celebrity or sports icon increases the chances that the file is opened. The “Love Bug,” which hit the Internet in 2000, exemplified this trend. Many could not resist opening a message with the subject “ILOVEYOU.” The worm ran rampant, causing an estimated $10 billion in damages. The Anna Kornikova worm that hit the Internet in early 2001 further illustrates. Appearing to be a photo of Russian tennis star Anna Kornikova, once opened, the file executes and resends itself to everyone in the victim’s Microsoft Outlook address book. Although not as damaging as the Love Bug, it nevertheless caused considerable disruption.

19.5.5 PRIVACY The Internet is an infinite repository of data and information, including that of a highly personal and sensitive nature. For many consumers, the issue of whether privacy can be guaranteed determines whether they will make a purchase online. Companies must address such concerns and institute prudent protection measures. E-commerce companies must be aware of the ways in which consumer data can be misused. The unauthorized dissemination, redirection, and tracking of data are all ways in which personal information can be compromised online. In fact, whether information is jeopardized accidentally or maliciously, e-businesses are responsible for ensuring that neither occurs.

SL3054_frame_C19 Page 350 Tuesday, November 20, 2001 9:23 AM

350

The E-Business Handbook

When purchasing online, patrons almost always are asked for e-mail contact information. Buyers provide such information willingly and they anticipate correspondence. Most e-businesses confirm a shipment, clarify a request, or send a customer receipt via e-mail. What consumers do not bargain for, but often receive, is third-party correspondence. As firms sell e-mail lists to third parties, it is only a matter of time before unsolicited junk e-mail finds its way to a customer’s inbox. Dissemination of personal data such as e-mail addresses may be lawful, but it is almost never welcome. Protected by carefully worded privacy policies, many e-commerce firms choose to increase revenue in this surreptitious manner. What firms often do not realize — or choose to ignore — are the consequences: disclosure of personal information erodes consumer confidence and trust in the entire Internet marketplace. The redirection of data is another way in which some firms violate consumer privacy. Banner ads provide a perfect example. Used by many e-commerce firms, banners often appear at the top and sides of a Web site and promote a related product or service. Clicking on a banner ad redirects a consumer to a new Web site and thus obligates the patron to another company’s terms of use. Consumers are now bound by a new set of policies, which may offer fewer privacy safeguards or guarantees. The fact that it is not actively disclosed, however, is troubling. Not knowing that they are under the aegis of a new set of privacy policies, Web surfers may continue to act and disclose information as if it were regulated by the initial, “more trusted” site. Thus, online customers can operate under a false sense of security. Tracking within and across Internet Web sites is one of the least known but most invasive ways in which privacy is compromised online. Some of the biggest names in e-commerce routinely track where a consumer — or a potential consumer — “travels.” What products are examined, what links are clicked, how much time is spent, and where a Web surfer “goes next” can all be easily and precisely recorded. Electronic markers known as cookies facilitate this type of information gathering. Cookies are invaluable to e-commerce. Retailers can provide such services as shopping carts and generate information about sales trends. Knowing which products attract which consumers allows companies to custom-tailor the placement of merchandise, advertisements, and promotions. Consumers often have no knowledge that they are being followed in cyberspace. The desire for anonymity, however, has spurred the creation of “anonymizer” Web sites. Essentially operating as proxy servers, these sites allow users to surf the Web confidentially without sacrificing accessibility or versatility. The proliferation of anonymizer services suggests that consumers are not only becoming more knowledgeable about the inner workings of the Internet but also more careful and protective.

19.6 CONCLUSIONS Even with so many threats and dangers, the Internet and e-commerce represent one of the greatest advances of human civilization. Never before has information traveled so far, so fast, and so freely. As a direct result of the Web, transactions of all kinds — financial and otherwise — have become commonplace.

SL3054_frame_C19 Page 351 Tuesday, November 20, 2001 9:23 AM

Protecting a Borderless World

351

Yet, as the aforementioned examples illustrate, success has brought new challenges. There are no fast or easy ways to address these concerns. Better security products and services will help, but they will not solve the whole problem. Education and training in cyber defense will be essential as e-commerce moves forward. A knowledgeable public — one that recognizes the threats and how to manage the risks — will be less likely to be victimized. Forced to satisfy its customers, the e-business community will be compelled to raise the bar of e-security to a new level of importance; failure to do so will alienate consumers — and affect the bottom line. The law enforcement community must be included in the education effort. It will never be possible to prevent all cyber crimes, so effective law enforcement is essential as a deterrent and to serve justice. Toward that end, the National Cybercrime Training Partnership is working to ensure that investigators and prosecutors are properly trained to handle electronic and high technology crime. But training alone cannot ensure effective law enforcement. Cybercops need tools and techniques for investigating e-crimes and handling digital evidence. Further, many cyber attacks cross national boundaries, raising numerous international law enforcement issues such as jurisdiction, prosecution, mutual assistance, and extradition. The Council of Europe has been working on a cyber crime convention that attempts to address these issues and harmonize national cyber crime laws. The convention, however, has raised concerns about privacy and corporate responsibilities and liabilities, so there are remaining challenges. But it is a start.

REFERENCES 1. United States of America. Critical Foundations, The Report of the President’s Commission on Critical Infrastructure Protection. Washington, D.C., October 1997, B-2. 2. The United States Department of the Interior. http://www.hooverdam.com/History/powerfaq.html. 3. The Cable News Network. http://www.cnn.com/almanac/daily. 4. United States of America. Critical Foundations, The Report of the President’s Commission on Critical Infrastructure Protection. Washington, D.C., October 1997, i. 5. Critical Infrastructure Assurance Office. http://www.ciao.gov/CIAO_Document_ Library/WhiteHouseFactSheet_PDD63.htm. 6. Critical Infrastructure Assurance Office. http://www.ciao.gov/CIAO_Document _Library/archives/WhiteHouseFactSheet_Cyber_Security.htm. 7. Condoleezza Rice. Remarks of National Security Advisor Condoleezza Rice. The Second Annual Partnership for Critical Infrastructure Security, Washington, D.C., 22 March 2000, Federal News Service. 8. Condoleezza Rice. Remarks of National Security Advisor Condoleezza Rice. The Second Annual Partnership for Critical Infrastructure Security, Washington, D.C., 22 March 2000, Federal News Service. 9. Cable News Network. Hackers Apparently Got Data on 1,400 Leaders. 5 Feb. 2001, http://www.cnn.com/2001/TECH/internet/02/05/davos.hackers.ap/index.html. 10. Cable News Network. FBI Warns Companies About Russian Hacker Attacks. 8 March 2001, http://www.cnn.com/2001/TECH/internet/03/08/hacker.attacks/index.html. 11. Federal Trade Commission. http://www.ftc.gov/opa/2000/02/internetauctionfraud.htm. 12. eBay Corporation. http://www.pages.ebay.com/help/basics/f-shilling.html#1.

SL3054_frame_C19 Page 352 Tuesday, November 20, 2001 9:23 AM

352

The E-Business Handbook

13. APB News. Targets Say Hack Onslaught Caused Few Losses. 14 Feb. 2000, http://www.apbnews.com/newscenter/internetcrime/2000/02/14/hackmoney0214_ 01.html. 14. Cable News Network. Coolio Denies February Attacks; LAPD Plans Charges. 3 March 2000, http://www.cnn.com/2000/TECH/computing/03/03/dos.coolio/index.html.

SL3054_frame_C20 Page 353 Tuesday, November 20, 2001 9:24 AM

20

The Critical Role of Independent Security Audits Nahum Goldmann and Edward Orton

CONTENTS 20.1 Independent Security Audit: Intrinsic Added Value....................................353 20.2 Security Myths and Realities.......................................................................356 20.2.1 Executive Commitment Versus Hackers’ Presence .........................357 20.2.2 Does the Corporate Security Policy Really Work? .........................359 20.2.3 Resolving “Security Cost Paradox”.................................................360 20.2.4 Trust Management versus Risk Assessment....................................360 20.2.5 Increase in Computer Attacks from Outside the Company’s Walls .......................................................................361 20.2.6 Employing Ex-Hackers to Audit Security .......................................361 20.2.7 What the Hackers Would Actually See ...........................................362 References..............................................................................................................363

20.1 INDEPENDENT SECURITY AUDIT: INTRINSIC ADDED VALUE As an absolutely secure system, in principle, is unachievable, every personal, business and government transaction over the Internet assumes a certain degree of risk. The principal objective of risk management and assessment is to balance cost and benefits of preventive measures for a given network. Risk management is always peculiar to a particular business’s needs, services, and network configuration. A hostile penetration may affect the performance of an organization’s missioncritical applications or result in liability for loss of information entrusted to it by clients, partners and the general public. Alternatively, excessive security measures could adversely affect corporate productivity and profitability. Limiting e-mail attachments negatively impacts the sharing of information. Inspecting or controlling the data content using a PKI implementation or a proxy server may reduce communications traffic to a standstill.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

353

SL3054_frame_C20 Page 354 Tuesday, November 20, 2001 9:24 AM

354

The E-Business Handbook

If they perceive security measures as excessive and annoying, front-line users will find ways to circumvent them and, in doing so, compromise corporate defenses. They will also resent the IT and security personnel that cannot find an appropriate balance between maintaining the required degree of security without the appearance of playing “Big Brother” and, however justifiable, interfering with business objectives. I-commerce applications are typically based on cooperation, partnership, and joint ventures among numerous organizations. Such an open environment necessitates treating security as one of the key business enablers. As the defense of a partnership is only as good as its weakest link, every participant is, in fact, liable for all the others. To uncover the weak links, the security of every participant in an I-commerce service must be periodically audited. An organization’s financial audits are always conducted by an independent source, which should also be the case with its security audits. An independent audit can also help an organization to protect the integrity of its network and, in the process, avoid worthless security expenses by focusing security resources on the vulnerabilities discovered. The results of an independent audit also add credibility to the service provider’s claims that its Web site is secure. FDIC guidance FIL-68-99 Risk Assessment Tools and Practices for Information System Security1 recommends regular use of vulnerability assessment tools and penetration analyses as an integral component of an institution’s information security program. The analysis should be independent, and may be conducted by a trusted third party, qualified internal audit team, or a combination of both. If using internal testers, it is imperative to establish their independence from system administrators and security implementers. As well, Electronic Payments Association’s (NACHA) March 2001 rules have created a new Automated Clearing House (ACH) transaction code for identifying debit transactions authorized over the Internet. Under these rules, all financial institutions and businesses that offer an ACH debit as a payment method must conduct an annual security audit. A valid independent audit would address the key requirements of both financial industry documents. According to Ted Julian, who is an analyst at Forrester Research, Inc., in Cambridge, MA,2 Web security audit services are of great benefit, and internal use of audit probes is not a substitute for testing done by external professionals: “Companies need external expertise to audit their sites … . Bringing somebody in from the outside creates a greater initiative to find a problem. Having your internal people, who set up the security system, does not only create a questionable initiative for them to find things that are wrong but it might simply be hard for them to do.” A client organization that relies on a vendor’s word that its data are totally safe with the use of the vendor’s security system has only itself to blame when something goes wrong. It is “buyer beware” — as is the case in any other business. Every technical security measure is, by nature, either transitory or inadequate. Only an upto-date independent security audit provides sufficient confirmation that you can trust

SL3054_frame_C20 Page 355 Tuesday, November 20, 2001 9:24 AM

The Critical Role of Independent Security Audits

355

the vendor with your data. After all, a client organization is still responsible for consequences of failed defenses even if the vendor convinced the executives that it “adequately secured their site.” On the other hand, an independent audit is not intended to be a substitute for self-assessment or an assessment by vendors of IT or security solutions. A company that can afford to buy a probe and run its own security audit team might find such self-audits very useful in establishing its security defenses. It just has to remember that a single commercial tool, however expensive, is unlikely to cover all the tests required to evaluate vulnerabilities of its network, hence, it might need a suite of such penetration tools from various sources. Moreover, it should strive to constantly keep up with the new security threats that occur almost daily. And, of course, it needs very knowledgeable personnel who specialize in security audits and are able to constantly challenge other IT and security experts within the organization to make sure that lapses do not occur. Owning a probe or two does not negate the need for an independent audit, but, rather, reinforces the importance of this essential link in an organization’s security chain. An additional benefit of a security audit is the evaluation and exercising of corporate intrusion-detection tools and systems. As an audit is performed, these security tools should detect the assessment activities and respond in accordance with the corporate security policies. Failure to detect that an audit is taking place indicates a malfunction of the corporate intrusion-detection systems. If the audit process has been detected, but intrusion monitoring personnel were to fail to respond to the detection, it would indicate that, despite the effectiveness of the tools, the supervisory system for response to intrusion detection or corporate policies is ineffective and should be improved. An audit of the Web server, Internet access control, extranet and intranet is an essential component of any sound security policy and practice. An audit is also valuable in protecting the legal rights of the vendor that supplied the security solution. After all, many defense systems fail not because the equipment or software is defective, but because they are not properly set up or maintained in the field. Security hardware and software are only as good as their design and implementation. Shortcomings in application design and configuration, and newly emerging ways to penetrate security defenses can frustrate even the most expensive security solutions, allowing external and internal hackers to seize sensitive data or deface Web sites. Only the results of independent vulnerability tests are likely to provide the conclusive evidence in a court of law in the inevitable case that a hostile penetration occurs at the client site. Security audits should not be a one-time event, but an ongoing part of risk assessment, analysis and management. Given sufficient time and resources, professional hackers are capable of breaking into any organization, regardless of its security systems. Periodic audits are essential to maintain network security over the long run, because every subsequent audit is likely to include new tests and explore new threats. Defense measures must always remain one step ahead of those who would attempt to break into the network. It is hardly a secret that some security vendors that offer external audits use the audit as leverage to sell an expensive “magic bullet” to a nervous client. The pitch

SL3054_frame_C20 Page 356 Tuesday, November 20, 2001 9:24 AM

356

The E-Business Handbook

is that their solution would fix all security problems uncovered by their audit. An impartial audit typically does not require that the company invests in new hardware or software, it helps to identify generic security problems and measures required to swiftly correct the situation. An independent auditor should be totally “equipment neutral” and never dictate the security tools the client has to deploy. To avoid even the appearance of conflict of interest, a truly independent auditor should decline to provide any specific recommendations or services on what measures to take to address the problems uncovered in the audit. If the security audit uncovers problems, it should be entirely up to the client to correct them and to decide whether to use in-house or external resources. By knowing the nature of the problem from the confidential report detailing security vulnerabilities, the client should be able to determine the least expensive and the most efficient solutions to address them.

20.2 SECURITY MYTHS AND REALITIES “Of course, it’s never going to happen to my organization.” Many executives hold this popular view when it comes to considering their company’s online security. However, numerous examples of security breaches compiled by ADDSecure.net (see http://www.ADDSecure.Net/breach.htm) clearly prove that even the best government agencies and the world’s richest corporations have been repeatedly penetrated, despite implementing costly defense solutions. A faultless network security is impossible to achieve at any price. Well-publicized cases of repeated penetration and alteration of military, government and corporate networks prove that no one is immune to criminal hackers regardless of whether they are within or far away from the organization. Today, sophisticated and powerful hacking tools are freely available online and do not even require programming skills or special knowledge for effective use. Every organization owes its stakeholders and clients periodic network audits for potential security problems. Just as with financial audits, companies cannot rely entirely on the tests performed internally or by security implementation vendors. True Internet commerce is unachievable without impartial security audits. When (rather than if) a firm’s security fails and the damage is obvious or becomes well-publicized news, it is corporate executives who will likely be accused of failing to exercise a reasonable level of due diligence. Only two credible methods can determine whether an organization is vulnerable. The first is through ongoing security-risk assessments conducted by independent professionals, and the second is a malicious attack. In numerous Internet industry surveys, more than 70% of online customers, vendors and corporate executives consistently name security as the number one concern in their reluctance to use I-commerce. Consumers are skeptical about industry’s assurance that it is safe to shop online. Citizens are skeptical about government’s assurance that their privacy is respected and their personal data entrusted to the government are safe. Industry is skeptical that its proprietary data in government care are safe. However, I-commerce vendors often balk at implementing security solutions that are “too expensive and complex,” and reject a “high priest” security

SL3054_frame_C20 Page 357 Tuesday, November 20, 2001 9:24 AM

The Critical Role of Independent Security Audits

357

management approach characteristic of the more traditional military, government and Fortune 1000 environments. Unfortunately, many myths and half-truths pervade the “mystical” security domain. Among these, the most persuasive that deeply affect the daily practice of security-conscious organizations are: • Security problems are mainly caused by ultrasophisticated hackers and can be resolved by effective policing and technical means. • A corporate policy document is sufficient to achieve effective security. • The “security cost paradox” must be resolved (is $100 security necessarily better than $1 security?). • Public Key Infrastructure (PKI) is the ultimate security solution. • The most likely threats to the corporate network come from within the corporation. • Employing “reformed” hackers is the best way to address security problems. Let us more closely examine these statements on their real merits.

20.2.1 EXECUTIVE COMMITMENT VERSUS HACKERS’ PRESENCE Technology is but a single component of network security. Technical solutions are always conceptually limited and outdated on delivery. In contrast, effective defense measures, by definition, have to be all encompassing, ongoing and state of the art. They typically include numerous cultural, human and business aspects; hence, no security problem can be resolved with the use of technical means alone. To corporate executives and IT personnel alike, the initial security audit often serves as a wake-up call. According to the GartnerGroup, 90% of all organizations fail their security audit on the first attempt, even if the tests are not that strenuous. Similarly, in our own experience with ADDSecure.Net™ service, virtually all organizations fail on the first external audit, however well prepared they are. The audit provides objective data that are difficult to ignore or to gloss over. It demonstrates to management that security problems do exist. By ordering an independent audit, corporate IT and security specialists can objectively determine the true state of their network security. That is why it is imperative that audit reports be comprehensive, as well easy to understand so clients can clearly comprehend the problems uncovered at their site. In the global Internet, with virtually unlimited access by rogue users, it would be naive to expect that police measures could resolve complex security problems. By concentrating on policing and prosecution of successful “crackers,” responsibility appears to be shifted away from the executives and IT managers who have to accept that security implementation is their job. Recent comprehensive executive commitment studies conducted by KPMG3 and Deloitte & Touche, in partnership with the Information Systems Audit and Control Foundation (ISACF),4 have found that most executives and IT managers are “dangerously complacent” in relation to their electronic commerce security. Both studies found no correlation between the level of hackers’ attacks, the true state of their

SL3054_frame_C20 Page 358 Tuesday, November 20, 2001 9:24 AM

358

The E-Business Handbook

network security, and corporate executives’ satisfaction with the security of their sites. Their findings indicate that high-profile security incidents tend to create a short-term peak of interest and “then everybody tends to go back to sleep.” Ninety percent of organizations do not even use external auditors to validate their subcontractors’ security when outsourcing Web hosting and I-commerce services. A comprehensive study by a group of government and industry organizations with participation of numerous U.S. federal agencies, CERT, SANS Institute and the leading software vendors5 have found that hackers usually exploit only a small number of well-known security flaws. Many flaws result from older programs that network administrators install and then forget about. As many as half of the prevailing software packages installed run older versions with well-known flaws. In 1999, after the occurrence of several high-profile penetrations of military sites, the Pentagon performed its own controlled security testing of the thousands of Internet servers employed by the U.S. Department of Defense. Running a limited number of tests, the DoD auditors were able to penetrate almost two thirds of all military servers. Sadly, system administrators detected only 4% of all attacks. Worse, less than a quarter of the detected (i.e., 1% of the overall) were reported to the authorities, even though Pentagon has a zero-tolerance policy that requires that 100% of all penetration attempts be reported through the chain of command. There is no reason to believe that other government or industry targets fare better in detecting and reporting penetration attempts. According to a 1999 survey by the U.S. Defense Information Systems Agency, 80% of U.S. Federal Government security managers in charge of nonclassified systems do not know whether their networks have been attacked and penetrated by hackers. The situation in industry is not much better. In ADDSecure.Net Inc.’s own experience, even though system administrators are warned well in advance when a security audit will take place, virtually none of them can detect the audit’s activities. Today, the price of a truly comprehensive technical audit might cost from U.S.$40,000 to $85,000 and require extensive time and resources to run and implement consultants’ recommendations. For some auditors, “Fees can total $150,000 to $225, 000, depending on the size of the network,”6 which makes it out of the reach of almost all but the largest organizations. On the one hand, some IT managers insist that only such a comprehensive audit is of any use to them and nothing less would be of any value. On the other hand, high prices and resources involved are often referred to by the executives as the main rationale for postponing the audit “until all the current problems are fixed” (which, in the real world, usually means “forever”). It is assumed that such a course is sound and prudent, as nobody likes to waste money “validating an unfinished business.” In reality, however, the absence of hard dates reserved for the periodic audit sends a strong signal down the chain of command that the executive in charge simply pays lip service to security problems. “We will install the firewall in the next 2 months and everything will be fine without an audit,” one sometimes hears from nontechnical executives who don’t necessarily know what a firewall is or how it operates. As one urgent problem leads to another and time passes, the very premise of external audit as the key validator of the corporate due-diligence process becomes more and more diluted.

SL3054_frame_C20 Page 359 Tuesday, November 20, 2001 9:24 AM

The Critical Role of Independent Security Audits

359

In our own security audit practice, we have found that a relatively inexpensive external security audit performed at reasonable time intervals (at least annually, and preferably quarterly or monthly) can be highly effective as a primary mechanism of due diligence process. First, the external audit mobilizes technical departments toward acknowledging the problems and rapidly finding inexpensive solutions that would be effective for the majority of security breaches run by the “scripty kids.” Perhaps more important, periodic impartial audits foster the “can-do” culture in the organization that emphasizes immediate response to the inevitable problems rather than search for nonexistent silver bullet solutions. In due time, more-esoteric problems can be tackled and more-powerful and -effective solutions implemented, in parallel with evolving the infrastructure and increasing the robustness of everchanging applications. In contrast, many results of comprehensive and expensive security audits are so far outside of the experience, scope of knowledge, available resources, and comprehension of average corporate sysadmins, that they are left unaddressed for many weeks or months. One step at a time, and proceeding from the simple to the comprehensive truly works, whereas overworked technical personnel often ignore complex solutions required for more-difficult problems. In doing so, they often also ignore more-common problems that require inexpensive and simple solutions, the types on which we typically encourage first-time clients to concentrate in our own security audit practice. As new threats evolve daily, a constant need exists to manage security implementation through the auditing process, by rapidly identifying and closing holes. Hackers always take advantage of change. With a stream of daily changes in Web applications and sites, there is a profound effect on security. Consequently, ongoing audits can save substantial resources by forcing the client to focus on identified vulnerabilities rather than to overspend on less likely threats. In the absence of executive commitment and impartial data on the real state of security, blaming hackers cannot be an effective strategy for securing deficient Web sites.

20.2.2 DOES

THE

CORPORATE SECURITY POLICY REALLY WORK?

The 1999 Information Security Industry Survey,7 co-sponsored by ICSA, Inc., and Global Integrity Corp., has revealed fascinating statistics concerning the use and effectiveness of information security policies. According to the statistics, the group of 745 survey respondents represents the best-informed and most security-conscious professionals in the IT field, with nearly two thirds of all respondents said information security has “high visibility” in their organizations. With 76% of surveyed companies having a security policy in place, it is natural to assume that the very presence of such a document improves organizational security. In fact, the survey shows that some types of security breaches actually happen more often in organizations with policies compared with those without them. The moral is that the mere presence of a framed policy document on the CIO’s wall should not be perceived by the executives and staff as a substitute for effective action. The real problem is that, similar to managing a financial system, the corporate executives should not rely entirely on their own staff to prove the soundness and

SL3054_frame_C20 Page 360 Tuesday, November 20, 2001 9:24 AM

360

The E-Business Handbook

integrity of their network security defenses. In contrast, independent vulnerability testing is always seen as an effective wake-up call to corporate action.

20.2.3 RESOLVING “SECURITY COST PARADOX” It is important to emphasize that effective security does not necessarily mean the most expensive hardware and software solutions, and that more expensive security measures do not necessarily mean better security. Without the CEO’s commitment, and in the absence of simple practical measures (such as conducting periodic backups, checking computer logs, and enforcing the use of passwords), no expensive security solution is ever workable. Perhaps more important, all security measures are meaningful only in the context of everyday tasks performed by frontline staff. Many firewalls, encryption tools and antivirus software merely slow down network traffic without providing any security, and are seen by the users as an unnecessary burden on already super-busy networks. According to a 1999 survey by the FBI and CSI, fully a third of all successful external break-ins happen despite the presence of a firewall. Most companies do not know how to install and maintain antiviral software properly. Even though 98% use such software, 90% of it has been contaminated by viruses. In fact, “good housekeeping” is the most cost-effective measure, that is quintessential in establishing quality defenses. As well, all system users should be constantly reminded of their essential role and personal responsibility to keep the network safe.

20.2.4 TRUST MANAGEMENT

VERSUS

RISK ASSESSMENT

Many corporate executives are confused about credible measures that ensure essential levels of due diligence. They typically confuse Internet security and trust management, and truly believe that by implementing this or that expensive Public Key Infrastructure (PKI) solution, their organizations will become safe from all security perils. Consequently, some organizations postpone introduction of simple and effective security measures, waiting forever for the ultimate mother of all security — ideally, a push-button PKI that would somehow magically solve all their security problems. Bruce Schneier, author of the influential book Applied Cryptography, often states in his presentations that most cryptographic products are insecure, even though commercial cryptography itself is stronger than it generally needs to be.8 This is because strong cryptography can’t protect a weak system. “A secure computer is one that has been insured,” says Schneier. “Security should be designed for the day that it fails.” A strong cryptographic algorithm can be terribly weakened by reliance on userremembered secrets, such as passwords. Typically, a password represents about four bits of entropy for each character. A system that generates a 128-bit key, based on a 10-character password, is only as secure as it would be with a 40-bit key, whereas even a 56-bit key is now considered readily crackable. A new type of attack is difficult only for the first person who uses it. Each subsequent attacker just uses the

SL3054_frame_C20 Page 361 Tuesday, November 20, 2001 9:24 AM

The Critical Role of Independent Security Audits

361

first cracker’s script to exploit security holes that have been known, but that an administrator has not bothered to close. In the words of Peter Tippett, CTO of TruSecure Corp., “The cost and effort to maintain an infrastructure that supports Internet encryption probably outweighs any possible gain.”9 According to Sanford Brumley, VP of Business Development for the Chase Manhattan Bank, where a closed PKI system was implemented, 80% of the work that the bank did in PKI installation was, in fact, securing the perimeter of CA. The process took the bank “three or four times the length of time it took us to make the purchase decision on CA itself.”10 Other PKI implementers reported similar experiences. Clearly, risk management and assessment are the absolute prerequisites for any effective PKI implementation and should be taken into account when planning such a massive undertaking.

20.2.5 INCREASE IN COMPUTER ATTACKS THE COMPANY’S WALLS

FROM

OUTSIDE

For years, security experts were citing the old rule of thumb that 80% of all network penetrations originated inside the corporate firewall. Today, there is significant evidence that companies conducting I-commerce experience much higher incidents of external security breaches. Based on the results of its 1999 survey, the Meta Group had predicted that at least 50% of all security breaches would be external by the year 2000. The 1999 Information Security Industry Survey7 also confirmed that the growth of I-commerce has intensified the threat of computer attacks from outside the company’s walls. When a company expands its operations online, breaches involving data leaks increase by 57%, while intrusions by unauthorized outsiders (hackers or crackers) increase by almost 24%. Hence, the role of external vulnerability analysis is becoming more strategic with organizations moving their mission-critical operations online.

20.2.6 EMPLOYING EX-HACKERS

TO

AUDIT SECURITY

Some corporations have already found out the hard way that hiring ex-hackers to check corporate defenses might be imprudent at best. The danger in hiring them is real. Some hackers even apply to become security consultants to exploit the weaknesses of the client’s network. Often, they leave back doors open to gain access after the project is finished, or as insurance, in case of disagreement between the employer and the client. There are well-known stories of ex-hackers hired as security consultants who subsequently describe their client’s vulnerabilities in underground publications. On the other hand, many hackers are just unskilled “script kiddies” who are not really capable of making a network secure. They are able to mount attacks only by using widely available hacking utilities that can be fully mastered in a short time without deep understanding of the underlining technical issues. To many clients who find out that the vendor hires “real” hackers, it seems like an obvious conflict of interest, whatever business advantages such an employee might bring. Mark Joseph Edwards, news editor of a leading industry publication, said it well in his recent editorial on the subject:9

SL3054_frame_C20 Page 362 Tuesday, November 20, 2001 9:24 AM

362

The E-Business Handbook

… knowledge would definitely change my buying habits with this particular vendor. I don’t trust crackers any more than I trust a bank robber, so I wouldn’t trust a company that employs one. My reasoning is simple: Although the employing company might be reputable to a large extent, ex-hacker/cracker employees aren’t, as evidenced by virtue of their past actions. Am I to expect that such a person (an ex-hacker or cracker) has really reformed completely, and is now so reformed that I can entrust part or all of my information security concerns to the individual? Sorry, but I don’t think so. Certainly, there are a few truly reformed people out there who do become great assets to various companies, but how do you know which ones aren’t still ill-tempted at some level? Well, you don’t, and therefore it’s probably not wise to put much trust into an area where so much uncertainty exists. What guarantee do you have that our vulnerabilities list will not be made available to non-privileged people?

The auditing firm that has a worldwide reputation for being independent, professional, and ethical should be very serious when it comes to safeguarding the interests of its clients. Personnel who deal with clients should be carefully selected for their integrity and dedication to the cause of network security. Security analysts should, ideally, be full-time employees of the firm whose references have been carefully checked and who also have been cleared by the corresponding government jurisdiction. None of the employees should have a criminal background or any record of acts of moral turpitude in their past, and the employer should be entirely confident in their personal and professional integrity. What client organizations with sound security approaches are typically looking for is an independent and ethical audit team that has the persistence and adroitness of hackers, but also possesses the professionalism and undisputed integrity of industry security leaders. Hence, it is advisable that the auditing firm should adopt a statement of ethics, signed by every employee. Any staff member who intentionally or knowingly violates any provision of this statement should be subject to action by a peer-review panel or corporate disciplinary action.

20.2.7 WHAT

THE

HACKERS WOULD ACTUALLY SEE

They would see anything and everything. In essence, whatever they wish to see, and yes, they often are quite successful even with the world’s best and most securityconscious corporations and government agencies. The Internet Auditing Project, conducted by a small geographically dispersed group of academically inclined hackers in December 1998,11 has been a seminal event in the Internet security audit. Its potential impact can be compared to the original release of Satan by Dan Farmer in the ’80s. Conducting the project, a small group of hackers from around the world have nearly completely scanned all the three-letter top-level domains (com, net, edu, mil, org, gov, int) and all 214 national domains. In total, the group has conducted an unfocused low-resolution scan on more than 36 million hosts connected to the Internet, for commonly known security vulnerabilities. This, they have estimated, covers 85% of the active address space at the time of the scan.

SL3054_frame_C20 Page 363 Tuesday, November 20, 2001 9:24 AM

The Critical Role of Independent Security Audits

363

Audited organizations have included ISPs, corporations, universities, government facilities, banks and sensitive military installations. The tests have been designed to reduce false positives and false negatives to a minimum, combining passive (server’s version header) and interactive (server’s response to ill-formed input: a buffer-overflow, sneaky characters) implementation signatures to determine vulnerabilities. The scans have been run in parallel, to divide the load over several computers and to reduce bandwidth requirements. The project’s results show that a fairly large share of global networks are quite vulnerable to fairly simple and well-described attacks for which defenses are typically well known. The most disturbing aspect of these results is that, evidently, not that much has changed since Dan Farmer’s original Satan probes of top government, commerce and financial industry sites. Years later, the authors of the Internet Auditing Project are forced to state the obvious: “We were stunned to find just how many networks you would expect to be ultra secure were wide open to attack. Banks, billion dollar commerce sites, computer security companies, even nuclear weapon research centers …”

REFERENCES 1. U.S. Federal Deposit Insurance Corporation’s (FDIC) guidance FIL-68-99 of July 7, 1999, Risk Assessment Tools and Practices for Information System Security. 2. CSCI Audit at ADDSecure.Net Inc., ComputerWorld Canada, February 27, 1998, p.6. 3. e.fr@ud, by KPMG, Vancouver, BC, 2000. 4. E-Commerce Security: Enterprise Best Practices, by Deloitte & Touche and ISACF, 52 pages, 2000. 5. OnGuard: Security Holes Often Go Ignored,” Inter@ctive Week, June 12, 2000, p.48. 6. Auditors present different strengths, by Shammi Gill, eWeek, February 26, 2001, p.2728. 7. Information Security, June 1999, p. 35. 8. Strong cryptography can’t protect a weak system, by Peter Coffee, PC Week, August 10, 1998, p.36. 9. Tippett, Peter, Stronger passwords aren’t, Information Security, June 2001, 42-43. 10. Windows NT Magazine, August 11, 1999, p. 3. 11. The Internet Auditing Project, by Liraz Siri , ver. Aug 11, 1999, http://www.securityfocus.com/tplates/forum_message.html?forum=2&head =32&id=32.

SL3054_frame_C20 Page 364 Tuesday, November 20, 2001 9:24 AM

SL3054_frame_C21 Page 365 Tuesday, November 20, 2001 9:25 AM

21

Trusted Electronic Market Transactions: A Macro- and Micro-Level View Günther Pernul, Alexander W. Röhm and Gaby Herrmann

CONTENTS 21.1 Introduction ..................................................................................................365 21.2 Security and E-Commerce ...........................................................................367 21.2.1 Basic Definitions ..............................................................................367 21.2.2 Examples of Security Requirements................................................369 21.3 COPS — An Infrastructure for Secure and Fair E-Commerce ..................370 21.3.1 COPS — Model ...............................................................................370 21.3.2 COPS Prototype Software Architecture ..........................................371 21.4 MoSSBP — An environment for BPR..........................................................373 21.4.1 MoSSBP — Overall Architecture .....................................................373 21.4.2 MoSSBP — Perspectives and Views.................................................374 21.4.3 MoSSBP — Example “Contract Signing”........................................375 21.5 Conclusion....................................................................................................377 References..............................................................................................................377

21.1 INTRODUCTION Since the early times of commercial use of the Internet we have witnessed a revolution of business activities. In the ’70s and ’80s, the computer made its way into companies and became an integral part of business processes. Now the Internet has brought a completely new way to conduct business between business partners over electronic media. We see a massive adoption of Internet technology into everyday business, as well as innovative business models and new forms of markets. In fact, many organizations are exploiting the opportunities of Internetbased business solutions, and many more are expected to follow. But, in spite of well-publicized success stories, many businesses and consumers are cautious about 1-574444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

365

SL3054_frame_C21 Page 366 Tuesday, November 20, 2001 9:25 AM

366

The E-Business Handbook

e-commerce, and security concerns are often cited as being the most important barrier. Even though the development is exciting in general, some restraints could — once removed — further the use of electronic media and thus make companies and whole economies more efficient. We will take two different perspectives in this chapter: the micro view, which concentrates on the internal business process in an organization, and the macro view, which zeroes in on market transactions. For both perspectives, at least five aspects can act as a restraint on development: security, fairness, integration, openness, user friendliness, and flexibility. In this chapter, we address security and fairness in business transactions as basic requirements demanded by any potential business partner. We use the term business transactions for the integrated view of business processes and market transactions we have chosen. This view comes into place naturally, because the main goal of companies is to interact within markets, and the business processes describe how they act in and outside the organization. When addressing security and fairness issues, a real risk of violating the other requirements exists. Therefore, other aspects, such as openness, must be in view also, unless other problems are introduced. For example, it is easy to construct a secure system that is not open at all. Our approach to achieve security, fairness and, eventually, trust, is centered on the following components that we think are essential for trustworthy electronic commerce: We need a generic, user-friendly and open infrastructure supporting business transactions that has security and fairness as integral parts. Methodologies and models for analyzing and modeling the security semantics of business transactions are also necessary. To justify our approach, consider, as an example, an electronic market.* A generic and user-friendly infrastructure is necessary for the client, who is usually the driving force in a business transaction and, thus, the infrastructure must grant him easy and open access to an electronic market. Otherwise, many potential clients will not participate in the electronic market, which could endanger all the benefits of e-commerce. The security and fairness requirement is necessary for all market participants. A supplier will not offer goods if, for example, secure payment is not guaranteed. The same is true for a client. He will not participate if, for example, delivery is not guaranteed after payment. Neither may participate in the market if their privacy and confidentiality are not guaranteed in a business transaction. While the first two requirements are enabling services for e-commerce, the third requirement is necessary because, on our way into the information age, we are currently in a phase of transformation. E-commerce forces rapid changes in the business behavior of trading partners and, therefore, flexible information systems. The changes will lead to a reorganization of well-established procedures and thus may make corrections of existing systems necessary, which — as a side effect — could also have consequences to their security. Therefore, to develop trust in ecommerce transactions and supporting infrastructures, it is essential to know about * Similar to a conventional market, an electronic market is a mechanism for coordinating the allocation of goods (between supplier and buyer) but instead of acting on the market in a traditional way (physical presence, paper-based) its participants make use extensively of information technology.

SL3054_frame_C21 Page 367 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

367

all security risks in a business transaction. This knowledge is gained by a careful analysis of the transaction’s processes. We call this knowledge the security semantics of the business transaction. We deal with all three issues. This work was done in two different research projects: COPS and MoSSBP. We are developing a technological infrastructure for electronic markets as a basis for secure, fair e-commerce. The infrastructure is called COPS (commercial protocols and services) and its main emphasis is to develop trust for e-commerce transactions by focusing on security and fairness requirements of market participants in each of the phases of a business transaction. It is generic for two reasons: First, it is expandable in the sense that whenever new requirements or security threats occur they can be easily integrated into COPS. Second, it is flexible in that it supports different market structures. This is necessary because different goods may be traded on different types of markets (i.e., direct search, brokered or auction). In a second project, which is called MoSSBP (modeling security semantics of business processes) we are developing a business process reengineering methodology to analyze the security semantics of business processes. The re-engineering aspect is of particular importance in transfering a traditional business transaction into an equivalent e-commerce business transaction. The goal of this chapter is to give a general overview of our research in developing trust for e-commerce business transactions. Section 21.2 gives basic definitions and examples of security and fairness requirements. Section 21.3 introduces the COPS project, where we focus on the macro view (electronic markets). Section 21.4 discusses the ideas behind MoSSBP, where we take the micro view (business process). Section 21.5 describes the relationship between COPS and MoSSBP and concludes the chapter.

21.2 SECURITY AND E-COMMERCE 21.2.1 BASIC DEFINITIONS The term “security” is often used for different concepts. There are very specific understandings of the concept in computer and network security, but there are also broad views. This chapter uses a very broad definition of security, because security in e-commerce is a much greater challenge. We include under security (a nonexhaustive list): • The general definition: confidentiality, integrity, availability • Intellectual property involved in digital goods: authorship, ownership, copyright, right to use, originality • Bindings: legal binding, mutual dependencies, nonrepudiation • Privacy, anonymity, fairness, trust A well-accepted definition of e-commerce is that it is“… the sharing of business information, maintaining business relationships and conducting business transactions by the means of telecommunication networks.”1 An important part of e-commerce, according to this definition, is business transactions, which may take

SL3054_frame_C21 Page 368 Tuesday, November 20, 2001 9:25 AM

368

The E-Business Handbook

supplier

demander

transaction

information phase negotiation phase execution phase

FIGURE 21.1 Market transaction phases.

place within organizations (business processes), between organizations, or in an electronic market (market transactions) to determine the allocation of goods to different market participants. Any market transaction has at least three phases (see Figure 21.1). In the information phase, the matching business partners research each other. For instance, a buyer asks potential suppliers for bids. After he has collected enough bids, he chooses the one he prefers. After he has found the matching business partner, the information phase terminates. During the negotiation phase, the supplier and the client must agree on many details of the contract. For example, they must agree on a method of payment and a method of shipping. The contract must contain all obligations for all included parties. When the contract partners have agreed on the contract, the negotiation phase terminates. The goal of the execution phase is to have both buyer and seller meet the obligations that were described and fixed in the contract. The execution phase usually consists of two subphases: payment and delivery of goods. How these phases look depends on the type of goods as well as on the type of market on which the goods are offered.* The different phases of a market transaction are processed in an interactive and iterative way. The transaction can be interrupted and rolled back in certain situations. For example, when the buyer cannot find a matching supplier, the information phase is not complete and the market transaction does not continue. The same happens in the negotiation phase if business partners cannot come to an agreement. It is possible to go back a step or two and start over with the information phase or the negotiation phase in those cases. A market in which all three phases are supported by information and communication technology is called an electronic market. A looser definition says if at least one of the three phases is supported by information and communication technology, a market can be called an electronic market. Each business transaction involves security risks. The type and degree of risk depend on many different attributes, such as: the type of (electronic) media, the types of goods and their value, the type of market, and, of course, the types of attacks that might occur. As a consequence, security considerations are necessary for each phase of a market transaction. An infrastructure for secure electronic markets must * In many cases, there is also a third subphase in the execution phase that contains the activities of the so-called “after-sales services.” The security aspect of this subphase remains to be researched in further work.

SL3054_frame_C21 Page 369 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

369

cover a variety of security risks in all three phases by offering appropriate security services.

21.2.2 EXAMPLES

OF

SECURITY REQUIREMENTS

During the information phase, the market participants have different security demands. When browsing through the Internet, a buyer must be sure that an offer he is considering is still valid. Additionally, he must be sure that the supplier is still in operation under the network address at which he found the offer. To reduce the trading risk resulting from those questions, the buyer may want to accept only authenticated offers. However, the supplier also has security requirements. For example, the supplier may want his offer to be confidential because competitors might gain advantages through this information. The need for security services in the negotiation phase is obvious. Most important is the security of the contract, which must provide enough information to determine who is right if buyer and supplier later disagree. This information must be secure and not forgeable. During this phase, probably the most important security demands are integrity, authenticity and the legal binding of the contract partners on the content of the contract. If the execution phase is conducted electronically, both the electronic payment and the transfer of goods must be secure. To ensure secure payments, several proposals have been made by academics as well as those in industry. They offer different levels of security and privacy. Secure delivery of digital goods can have many different security demands, depending on the type of goods that must be exchanged. For example, digitally represented shares must be original, but an additional (and often conflicting) requirement is that they must be anonymous (they do not contain the name or even a pseudonym of their owner) for economic reasons. Other security demands in the execution phase neither depend on the goods nor on the method of payment. For example, the fairness problem is evident and not solved by simply signing a contract. Consider a protocol that schedules delivery of goods only after payment has been made. This is an unfair situation for the buyer. The same is true for the supplier if delivery precedes payment. Additionally, the supplier needs confirmation when he delivers the goods to prove that he has met his obligations. The same problem exists with the buyer. Security of electronic commerce is achievable by addressing the different risks in each phase of the transaction in a specific market, when all aspects of the transaction are considered. Among those are: • • • •

The security demands of market participants The type and value of the digital goods The type of market (market structure) Available ways of delivery and payment

Because of this diversity of security requirements, it is necessary to have a clear understanding of the key factors influencing security and fairness in ecommerce.

SL3054_frame_C21 Page 370 Tuesday, November 20, 2001 9:25 AM

370

The E-Business Handbook

21.3 COPS — AN INFRASTRUCTURE FOR SECURE AND FAIR E-COMMERCE In this section, we elaborate on the COPS market model, which provides a systematic way to look at electronic markets, electronic market transactions and their security issues. After an introductory description of the general model, a short description of the software architecture that provides the basic security services in the infrastructure follows. More detailed information about COPS can be found in References 2, 3 and 4.

21.3.1 COPS — MODEL In COPS, we developed a model to describe electronic markets and their security demands as completely as possible. This was to propose matching software architectures and service infrastructures for the Internet by which secure and fair electronic markets can be realized. This model, because it takes the variety of electronic markets into consideration, serves to find and describe security risks, as well as to allow the COPS infrastructure to be flexible. Market-based coordination can be classified into four categories: 1. Direct-search markets (where the future partners seek out one another directly) 2. Brokered markets (with the brokers assuming the search function) 3. Dealer markets (with the dealers holding inventories against which they buy and sell) 4. The auction markets1,5 From this classification we derived four different electronic market player roles: buyer, supplier, electronic intermediary (cybermediary) and trusted third party. Together with the information services, five roles of participants are considered in the COPS market model: Figure 21.2 gives a graphical illustration of the COPS model. The three levels (I,N,E) show the three phases of the business transactions, while the corner elements represent the different participants in a COPS market. The buyer is the instigator of a transaction, because he has a specific need that he tries to satisfy with a product that he wants to buy on the electronic market, where one or more suppliers offer the goods the buyer is looking for. In this early stage of the market transaction, it is important that the infrastructure does not create a threshold to allow other potential participants to enter the market. The buyer initiates all phases, except that, in some cases, the information phase is initiated by the supplier. It is mainly on the buyer’s side that an infrastructure must preserve the open character of an electronic market. In particular, few technical or organizational preconditions should exist for a buyer to participate. This openness generally means that there is no trust relationship between the business partners that could lead to additional security threats.6 The supplier has the choice of offering his goods in a direct-search market, through cybermediaries or in an electronic auction market. The choice will depend

SL3054_frame_C21 Page 371 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

371

services

protocols I demander

intermediary

I

A

supplier A

E

E

I N E

Information services

I

trusted services

N I

E

N E

FIGURE 21.2 COPS market model.

on the supplier’s preferences, on the type of the goods offered, and on other strategic considerations. These circumstances might change over time if the supplier is willing to make another choice later. COPS can react to this situation flexibly. An electronic intermediary disseminates product information such as price or quality. He offers product evaluation, quality assurance, or special combination packages of products (e.g., a travel agency). There are quite different understandings of electronic intermediaries. All agree that intermediaries will survive (despite the fact that direct producer–buyer relationships are easier) in electronic markets, because they are able to produce added value to electronic goods.7 Trusted third parties play an important role in security infrastructures because they are used for public-key certification. Public-key certification is a necessary requirement to support, for example, authenticity of market participants, which may be necessary for the legal binding of contract partners to the contract. This is important for contracting, but also for digital goods, which often need authenticity, originality and similar properties. For future electronic markets, we expect many new tasks for trusted third parties, for example, auction services, notary services, time-stamp services, and registration services. There are also trusted third parties that generate trust by their brand name. They evaluate Web sites according to their security and place their badge on the site. Information services provide technical information about market infrastructure and network. Examples are certificate directories or hosts that process inquiries like: “What is the network address of a trusted third party issuing secure time stamps?” An application of COPS is given in Reference 8. It shows the completion phase of an electronic market for free trading of anonymous and original emission permits.

21.3.2 COPS PROTOTYPE SOFTWARE ARCHITECTURE The architecture of the COPS prototype is shown in Figure 21.3. The picture shows an installation on a local host of any market participant. COPS builds on existing solutions and standard software, and therefore preserves the open character of the

SL3054_frame_C21 Page 372 Tuesday, November 20, 2001 9:25 AM

372

The E-Business Handbook

Local Host Local COPS-Software InterfacesDB 1

Standard Browser

Local ProxPort

Environment II Transaction V Specification V A A

Interpreter

ProxyPort to Server

COPS Software library SMAL

3 Cryptix TCP/IP

2

Proprietary Systems

SeCom JDBCJ

JAVA

FIGURE 21.3 COPS Prototype Software Architecture.

Internet. The two areas in Figure 21.3 numbered with (1) and (2) are such standard elements. (1) shows a standard browser of any make (Netscape, Internet Explorer, etc.). It works in conjunction with the COPS software through a proxy configuration. Each HTTP-request from the browser passes through the COPS software and any HTTP-response from the Web server arrives at the COPS software first, before it is passed on to the browser. Through this configuration the local COPS software can pass on simple standard HTML, and still add COPS functionality to Web pages. (2) shows that COPS is built on JAVA and that COPS is able to use proprietary software (e.g., secure electronic payment systems). To execute those systems from COPS, interface descriptions need to be available. They are stored in an interface database that belongs to the local COPS software shown in area (3). Besides the proprietary security services and protocols that are integrated through the interface database, COPS provides a software library that contains basic (security) mechanisms in a layered architecture. The two upper layers support abstraction levels that allow integration of other security solutions, such as SSL at the communications layer, and new cryptographic systems at the second layer. The second layer includes a commercial security library (Cryptix) extended by some additional security mechanisms. The SMAL (Security mechanism abstraction layer) offers security services in a transparent way and allows the use of cryptographic mechanisms from the second layer without the need to know about their implementation. This makes it easier to change the functionality of COPS without changing other parts of the software and makes COPS flexible if new standards come up or stronger cryptographic mechanisms are found. On top of the software library, the actual COPS application that is seen by the user is realized. It is an interpreter of a specification language for secure business transactions. This language is called ALMO$T (a language for modeling $ecure business transactions).4 It is used to specify secure service modules such as the information services, public-key certificate directories, or certification authorities,

SL3054_frame_C21 Page 373 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

373

as well as single phases and up to whole market transactions. The specified market transactions are executed in the interpreter, where each party runs his role of the transaction specification (corner elements in the COPS model). With the sketched COPS architecture, an important foundation is laid for secure business transactions, which eventually will contribute to the user’s trust in electronic commerce.

21.4 MOSSBP — AN ENVIRONMENT FOR BPR Companies acting as market participants must be aware of their security demands, which are specific for their situation. Therefore, security of business transactions depends heavily on the micro view. As a consequence, the first step to secure business transactions is to analyze the existing needs of the specific context. Neither the security risks nor the security demands are always obvious. Neither is it always easy to find the matching security services that solve the problem. Additionally, it is not a trivial task to find out what parts of the business process, and the company in general, are influenced by the introduction of security functions. To specify secure business transactions, a methodology is needed to give guidance in this process. This is the goal of the MoSSBP project described in this section. To develop trust in e-commerce transactions and supporting infrastructures, it is essential to have a structured approach, because one wants to know about all potential security risks that may be involved in a business processes that is responsible for carrying out an e-commerce transaction. Knowledge that is to be gained through this analysis is known as the security semantics of the business transaction. In the project MoSSBP, we are developing a business process reengineering methodology to analyze the security semantics of business processes. The reengineering aspect is of particular importance, because, in many cases, we start with a traditional business transaction that is to become an e-commerce business transaction. In this section, we give an overview of MoSSBP. Additional information can be found in References 9 and10.

21.4.1 MOSSBP — OVERALL ARCHITECTURE There is a long chain of activities from specifying and modeling the requirements to their final processing in a business process. For enforcing security semantics, we propose the following framework that helps with the management of this chain of activities. A domain expert analyzes and specifies business processes, including their security and integrity requirements from the viewpoint of the application domain. His analysis has a high level of abstraction, because we cannot assume that he is a security specialist. At a very high level, his knowledge is about such requirements as sensitivity, legal binding, high integrity, copyright, and so on, and he will assign those requirements to components of the business process. Later, security requirements will be analyzed by a security expert who is responsible for finding the specific requirements and appropriate security services. Together with the domain expert, he must embed the security services into the e-commerce transactions.

SL3054_frame_C21 Page 374 Tuesday, November 20, 2001 9:25 AM

374

4 3 2 1

The E-Business Handbook

Description of Content High-level, abstract specifications of security semantics Detailed specifications of security semantics (only) Detailed realization concepts Security hardware and software building blocks

Representation Method Graphical model Graphical model ALMO$T Programs, hardware

Supporting Method Business process model security semantics Repository of reference models Transformation rules from layer 3+4 to layer 1 Crypto-library, security APIs, security dongle, ...

FIGURE 21.4 MoSSBP — Four-layered architecture.

MoSSBP consists of a four-layered architecture (see Figure 21. 4). The top layer, 4, contains well-defined concepts used to represent the security semantics of the real world. The domain expert may use these concepts to develop a business process model of the e-commerce transaction and to express its security requirements. Layer 3 contains a repository with reusable reference models for handling security requirements. These reference models look at security requirements in more detail and offer possible ways for their realization. To transform the specified security requirements into an executable form, additional work is necessary. For that, detailed knowledge of security concepts is required. The security administrator takes the high-level security specifications as input and transforms them in a more detailed representation. Consulting the repository from layer 3 helps with this task. Layer 2 of the architecture contains guidelines about dividing security activities into basic building blocks (expressed in an intermediate language). Layer 1 of the architecture offers a repository of hardware and software components that may be needed to realize the building blocks. In the following section, we will comment only on layers 3 and 4 of the architecture.

21.4.2 MOSSBP — PERSPECTIVES

AND

VIEWS

In general, a business process is described by a process model, which contains information about the process characteristics relevant to the purpose of the business target. According to Reference11, a combination of the following four perspectives produces an integrated, consistent, and complete view of a business process: 1. The informational perspective represents the information entities, their structuring and the relationships between them. 2. The functional perspective shows what activities (processes) are performed and which data flow occurs among activities. The functional perspective represents only the flow of data within the system. 3. The dynamical perspective represents all possible states and state transitions that might occur within the life cycle of a information entity. 4. The organizational perspective shows where and by whom activities are performed. This perspective corresponds to the “organigram” of an organization and to role models.

SL3054_frame_C21 Page 375 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

375

Each perspective focuses on a very specific part of a business process. For analyzing security semantics, it is very important to develop an integrated view of all aspects of a business process. In addition to the four perspectives already mentioned, the MoSSBP framework supports a fifth perspective — the business process perspective. The business process perspective represents the flow of work in terms of activities and information flow from the viewpoint of the whole business process. It consists of an integration of the functional and dynamic perspectives and references the informational and organizational perspectives.

21.4.3 MOSSBP — EXAMPLE “CONTRACT SIGNING” Any business process exists in the environment of the company. It is related to the structure of the company and to the totality of other activities in the enterprise. Before a new business process is established, usually a set of business processes already exists and at least parts of it are already explicitly modeled. Therefore, models may exist of the organizational structure of the enterprise (organizational perspective), of the structure of a database (informational perspective), of already existing activities (processes), data flow between them (functional perspective), and of the life cycles of the information entities (dynamic perspective). The model of a new business process must relate to these existing models and must extend them accordingly. Thus, some sort of reengineering methodology may be appropriate. As an example, we will look at the informational perspective of an activity (part of a business process) that has security implications. When a contract is made with a business partner, the security requirement, or “legal binding,” is important. To guarantee legal binding of a contract, different regulations are required according to corresponding law. In many countries, a contract is legally binding if the contract partners explicitly agree about its content in some way (e.g., by shaking hands). Should the contract partners later disagree, its content must be provable — what actually has been part of their agreement and what was not. A common formal method to achieve this is the use of handwritten signatures. The contract is a paperbased document that became legally binding because all contract partners signed it. In our example, we examine the situation in which the document is part of an ecommerce transaction and available in digital form only. The argument is based on the European Communities framework for electronic signatures.12 Article 5 says: “Advanced electronic signatures … satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data.” This kind of digital signature is a seal based on the signed data. The seal is realized by asymmetric cryptography and is created by using the private key of the signatory. It is possible to ascertain the correctness of signed data and the identity of the signatory by using its public key, which must be certified by a certification authority. Each certificate is assigned a period of validity. To conduct the business transaction in an electronic market and to establish a legal contract, the informational perspective of the business process must be extended by:

SL3054_frame_C21 Page 376 Tuesday, November 20, 2001 9:25 AM

376

The E-Business Handbook

• Information about the signatories • The certificates used • The (trusted) parties responsible for issuing the certificates Figure 21.5 shows how data structures must be extended by appropriate entities, attributes and relations, to support legal binding. In particular, besides the entities “supplier” and “buyer” and the relationship “contract,” a new relationshiptype “certificate” is needed. Additionally, the existing relationship type representing the contract must be extended with further attributes. The agreed fact is represented by a digitally signed document and the relationship-type contract between customer and supplier must be extended by a field for the seal (digital signature) for each signatory. Also, information about what algorithm was used for signing must be stored. In addition, customer and supplier are specializations of a generic “signatory,” which must have a certificate relating the applicant to a certification authority. This example shows that if one wishes to transform a (traditional) business transaction into an e-commerce transaction, some sort of reengineering of the enterprise-wide data model (informational perspective) is necessary to support the security requirement of legal binding. Besides the informational perspective, the functional perspective of the business process must be modified to realize the security requirement of legal binding. The document must be signed digitally by each contract partner and the signatures must be verified. Because a certificate of a public key may expire (by time or by declaration of invalidity), additional actions are necessary to guarantee the provability of digitally signed contracts. These actions lead to extensions of the functional perspective, especially in the process responsible for archiving contracts. Verific ation_a lgorithm numbe r va lid _through lim itat ions p ubl ic_k ey ... ... certification authority

traditional non-electronic

certificate

supplier

signatory

contra ct

custo me r

signature _su pp lier signature _cu stomer ve rific ation_ alg _sup ve rific ation_ alg _cus t ...

FIGURE 21.5 MoSSBP informational perspective — legal binding. In the example we use the following notation: Components of existing (traditional) models, which are not affected by security requirements, are written using standard characters. The attributes with relevance to legal binding are given in boldface.

SL3054_frame_C21 Page 377 Tuesday, November 20, 2001 9:25 AM

Trusted Electronic Market Transactions: A Macro- and Micro-Level View

377

An e-commerce transaction demanding legal binding affects the organizational perspective, too. To check the validity of digital signatures and to initiate further actions, a new role becomes necessary in the organization that leads to an extension of the organizational perspective. Of course, it also has effects on the dynamic perspective of the business process. We might have a contract labeled ~valid representing a valid contract (i.e., signed), but the certificate of the signer might be expired. So the situation comes up that a contract is valid but no longer provable. Should this occur, the contract must be re-signed. Security requirements of business transactions potentially have effects on all different perspectives of a business process. The example showed that legal binding, as needed on electronic markets, influences all perspectives of the business process. In MoSSBP we propose extensions to existing models that may seem to be quite complex for someone who is not a security expert. However, the outlined extensions are identical for legal binding of any document in any business process in the same legal environment. Therefore, these extensions can be reused (see layer 3 of the MoSSBP architecture).

21.5 CONCLUSION A precondition for trust in electronic commerce is a reasonable level of security of the electronically conducted activities in business transactions. This reasonable level of security can be realized when the security requirements are analyzed in an appropriate way (MoSSBP), and the matching security services are found and made available in an infrastructure for secure electronic commerce (COPS). We are investigating these issues by developing COPS, an electronic commerce infrastructure, and MoSSBP, a modeling environment for analyzing and enforcing business process security. In this chapter we have given a short overview of both projects. Additional information can be found in the cited literature. COPS focuses mainly on security and fairness, includes five different roles of market participants, supports all phases of a market transaction, and helps to build markets with different structures. MoSSBP can be used to analyze the security semantics of business transactions. It supports different views of a business transaction to arrive at a comprehensive picture of the security requirement.

REFERENCES 1. Zwass, V., Electronic commerce: structures and issues. Int. J. Electron. Comm., Vol. 1, No. 1, M.E. Sharp, (1996). 2. Pernul, G. and Röhm A.W. Integrating Security and Fairness into Electronic Markets. Proc. 4th Research Symp. on Emerging Electron. Mkts. Maastricht, Netherlands, (1997). 3. Röhm, A.W. and Pernul, G., COPS: a model and infrastructure for secure and fair electronic markets. Int. J. Decision Supp. Syst., Elsevier (2000). 4. Röhm, A.W., Pernul, G. and Herrmann, G., Modeling Secure and Fair Electronic Commerce. Proc 14th Ann. Comp. Sec. App. Conf., Phoenix, Dec. 1998.

SL3054_frame_C21 Page 378 Tuesday, November 20, 2001 9:25 AM

378

The E-Business Handbook

5. Clemons, E.K., Croson, D.C. and Weber, B.W. Reengineering money: the Mondex stored value card and beyond. Int. J. Electron. Comm (1997). http://www.cba.bgsu.edu/ijec/ 6. Bons, R.W.H., Designing Trustworthy Trade Procedures for Open Electronic Commerce. PhD-Series in General Management 27; Rotterdam School of Management; (1997). 7. Sarkar, M.B., Butler, B. and Steinfield, C., Intermediaries and cybermediaries: a continuing role for mediating players in the electronic marketplace. J. Comp.-Mediated Comm., Vol. 1, No. 3 (1995). 8. Röhm, A.W. and Gerhard, M., A secure electronic market for anonymous transferable emission permits. Proc. 31st Hawaii Int. Conf. on Syst. Sci. HICSS-31, (1998). 9. Herrmann, G. and Pernul, G., Viewing business process security from different perspectives. Int. J. Electron. Comm. Vol. 3; No. 3; M.E. Sharp; 1999. 10. Herrmann, G. and Pernul, G., Zur Bedeutung von Sicherheit in interorganisationellen Workflows. WIRTSCHAFTSINFORMATIK, Heft 3, Juni 1997, (in German). 11. Curtis, B., Kellner, M. and Over, J., Process modeling. Comm. ACM, Vol. 35, No. 9, 1992. 12. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, Official Journal L 013, 2000, pp. 0012 — 0020.

SL3054_frame_C22 Page 379 Tuesday, November 20, 2001 9:27 AM

22

Development of Reliable E-Commerce Applications in Large Open Distributed Systems* Rida A. Bazzi and Feras Karablieh

CONTENTS 22.1 E-Commerce and Mobile Agents in Large Open Systems .........................379 22.1.1 Electronic Commerce.......................................................................379 22.1.2 Large Open Systems ........................................................................380 22.1.3 Mobile Agents ..................................................................................381 22.1.4 E-Commerce with Mobile Agents ...................................................381 22.2 Requirements of E-Commerce Transactions ...............................................382 22.2.1 General Requirements......................................................................382 22.2.2 Security Requirements .....................................................................384 22.3 Security Threats ...........................................................................................385 22.3.1 Protecting Hosts from Malicious Agents ........................................385 22.3.2 Protecting Agents from Malicious Hosts ........................................388 22.5 Fault Tolerance.............................................................................................390 22.6 Conclusion....................................................................................................392 References..............................................................................................................392

22.1 E-COMMERCE AND MOBILE AGENTS IN LARGE OPEN SYSTEMS 22.1.1 ELECTRONIC COMMERCE Electronic commerce, e-commerce for short, is primarily characterized by the extensive use of Internet communication to support the various aspects of commercial * This material is based on work supported by the U.S. Air Force Office of Scientific Research and the National Science Foundation under Award Nos. F49620-00-1-0063 and CCR-9876052. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect these agencies.

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

379

SL3054_frame_C22 Page 380 Tuesday, November 20, 2001 9:27 AM

380

The E-Business Handbook

activities. As in its traditional brick-and-mortar counterpart, e-commerce has a host of requirements to make it viable. We will start by considering these requirements in terms that apply to both traditional commerce and e-commerce. Then, we will examine the aspects of these requirements that can be supported in mobile agent systems and the aspects that cannot be currently supported in mobile agent systems. According to Reference 1, commercial transactions can be divided into three phases. The first phase is the information phase in which the parties to a transaction, typically buyer and seller, look for information to find the product or service that best suits their needs. The second phase is the negotiation phase, in which the parties to a transaction negotiate the transaction terms. The negotiation phase might be absent from some transactions, such as net price sales. The third phase is the execution phase, in which payments are made and products are delivered. In e-commerce transactions, these phases can be fully, partially, or not at all executed electronically. The different phases can be more or less involved depending on the circumstances. For instance, in business-to-business (B2B) transactions, the negotiations phase can be quite involved, requiring face-to-face meetings between the participants.

22.1.2 LARGE OPEN SYSTEMS At the time of this writing, it is estimated that the Internet contains more than 110 millions hosts that are accessed by 440 million users (www.netsizer.com). These hosts run a variety of operating systems in a variety of languages and are subject to a multitude of local and governmental restrictions. New legal issues are emerging from the use of the Internet as a marketing or business tool. One problem is that of jurisdiction, as it is not always obvious what laws are applicable to content that is available worldwide. The Internet also creates a plethora of technical challenges that are not faced in small or closed systems. Challenges that need to be addressed include: 1. Identification. Principals in commercial transaction need to be able to identify each other. At the same time, principals have privacy concerns that need to be addressed. A principal should to be able to identify himself without providing too much information. 2. Interoperability. Internet servers and clients run a variety of systems in a variety of languages. Standards are needed to support interoperability among diverse platforms and protocols. 3. Scalability. Providing predictable delays on the Internet is not possible. Nonetheless, it is currently possible to provide predictable performance with high probability. 4. Security. Building secure systems is difficult even in closed environments where threats are only internal. Building secure systems that are open to access by anyone connected to the network is much more difficult. Incidents where system weaknesses have been exploited to gain unlawful access have been well publicized, including systems of law enforcement agencies.

SL3054_frame_C22 Page 381 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

381

It is important to note that some of the security problems faced in the Internet also exist in more traditional business dealings. For example, many catalog merchants take orders by phone without obtaining the signature of the client. In case of a dispute, the merchant has only internal documentation of the transaction. This situation is similar to the situation created when orders are placed via the Internet without digital signatures or other security precautions. In traditional transactions, fraud is still possible even when signatures and identifications are required.

22.1.3 MOBILE AGENTS Mobile agents are location-aware programs. They know their location and can initiate action to change it. They can stop executing, save their execution state, or move to a new location and resume their execution. Mobile agents have an owner or base location to which they report, but they can execute autonomously. They can be coded with specific objectives and constraints and left to roam the network to achieve these objectives and to adapt to the changing environment according to their constraints. A mobile agent can execute on one or more machines, communicate with other agents, and make decisions on behalf of its owner. The ability to change location, or migration, allows mobile agents to execute remotely without the need for their owner to be connected to the network. This ability makes mobile agents an attractive choice for time-consuming activities initiated by devices with limited bandwidth, such as handheld PDAs. Mobile agents, as we have just described them, have strong mobility; both the code and data of the agent are mobile. Weaker mobility models also exist. Remote code execution allows the code, but not the data, to be mobile. Remote procedure calls, which cannot be properly classified as agents, allow for data mobility. Some agent systems also allow complete code mobility with a restricted data mobility. Mobile agents have been proposed as a promising approach to developing ecommerce applications, but, to date, mobile agents with strong mobility properties have not been widely deployed in commercial systems. Mobile agents with weaker mobility properties, especially in the form of remote code execution, have already been successfully deployed (Java applets, for example). Many experimental mobile agent systems have been deployed.2–7 In this chapter, we will discuss the potential and current limitations of mobile agent systems in supporting e-commerce applications.

22.1.4 E-COMMERCE

WITH

MOBILE AGENTS

Mobile agents can be a good choice for many e-commerce applications, as their autonomous nature makes them a natural choice for the information phase of ecommerce transactions. Instead of repetitive queries in a search for the best price of a product, a user can launch a noninteractive mobile agent to search for the information by visiting the servers of various enterprises that sell the product and then reporting the best price to its owner. Mobile agents are considered to be a promising technology to develop e-commerce application for the following reasons: • Bandwidth Saving. The ability to execute complex tasks without interaction is an important feature of mobile agents and can create large savings

SL3054_frame_C22 Page 382 Tuesday, November 20, 2001 9:27 AM

382

The E-Business Handbook

in bandwidth. The agent can execute complex queries, filter the results and send the filtered results to the client. • Scalability. Another attraction of using mobile agents for e-commerce is the ability to scale accesses as needed. Agents can be replicated and various agents can execute concurrent portions of a transaction at different servers. • Extended Functionality. The ability to execute a user agent at a server site enables the agent to make full use of the server functionality, which is not possible in the standard client-server model. While mobile agent systems have not been widely deployed in their most general form, they have been deployed with limited mobility support. Java applets are a good example of mobile agents with limited mobility (http://java.sun.com/applets). Java applets allow code mobility, but do not have good support for data mobility. In what follows, we summarize the main requirements of e-commerce applications and discuss how well suited mobile agents are to cope with them.

22.2 REQUIREMENTS OF E-COMMERCE TRANSACTIONS 22.2.1 GENERAL REQUIREMENTS The requirements of e-commerce transactions are, for the most part, natural extensions of the requirements of non-e-commerce transactions. In this section, we list and briefly describe these requirements. In the next section, we give more-detailed treatment of security and fault tolerance requirements. An e-commerce application must be dependable, hence the title of the chapter. Dependability can mean different things in different settings. For our purposes, a dependable system is one that performs correctly, resists failures, and executes within specific time constraints. It should be emphasized that, in our setting, security and timeliness are correctness requirements. For example, authentication is needed to enforce access control, which is a correctness condition that specifies who can and who cannot access certain data. We identify the following requirements of dependable e-commerce applications: 1. Accountability. Accountability is the overriding requirement of any commercial transaction and most security requirements follow from the need for accountability. Among other security requirements, accountability implies a need for authentication. We will discuss accountability in more detail along with the discussion of other security issues. In addition to its technical aspects, accountability has legal aspects that are also discussed below. 2. Reliability. A commercial transaction should be tolerant of failures. An e-commerce system must provide support for exactly-once semantics for its transactions. This means that no matter what failure occurred,

SL3054_frame_C22 Page 383 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

3.

4.

5.

6.

383

the recovery mechanism must ensure that the effects of the transaction execution are equivalent to those of a transaction executed only once in the absence of failures. Failure to provide exactly-once semantics might result in losses. For example, a payment should not be made more than once and should be made at least once. It is important to note that not all e-commerce activities require exactly-once semantics. For example, if a search is executed more than once, the client can easily disregard the duplicate results. Availability. Enough resources should be available to allow the transaction to take place. A transaction should not be aborted or delayed because of lack of resource. The e-commerce system should be responsible for either providing enough resources or informing the participating parties of the lack of system resources ahead of time. The system should be available at all times during the advertised business hours (or around the clock) with a minimal down time. Responsiveness. The system must respond fast enough to incoming requests. The transaction should be executed within a specified time limit. Failures to meet time deadlines can affect the usefulness of the transaction. For example, a transaction to purchase a ticket to attend a concert or a Web cast should allow for last-minute purchases. While it is not currently possible to enforce hard deadline in the Internet, it is possible to provide soft deadlines with high probability. The lack of responsiveness can result in client dissatisfaction, as happened recently with an auction house that installed a system to allow bidders to bid live against auction floor bidders. The system was so slow that lots were attributed without giving online bidders a reasonable time to bid. Ease of Use. The system should be easy to use by a variety of potential customers. Electronic commerce targeted to a global marketplace must address issues that are not necessarily faced by more local enterprises. For example, with an international client base, this implies the need for multilingual versions of e-commerce system. Multilingual Web sites are, for instance, common in European countries. Support for multiple languages is only one aspect of an easy-to-use system targeted to the global marketplace. Other characteristics of potential users should also be taken into account when designing the system interfaces. Educational, social, and religious considerations are examples of parameters that should be addressed in designing the system. More-traditional user interface issues, such as layout and mode of input, for example, still need to be addressed in an e-commerce system. Interoperability. Allowing diverse applications to communicate with each other require establishing standards. Standards often clash with commercial interests, which results in the existence of multiple standards that need to be supported. Examples of standards to support e-commerce infrastructure include the RSA encryption standard, the TCP/IP protocol stack, and the secure socket layer (SSL) protocol.

SL3054_frame_C22 Page 384 Tuesday, November 20, 2001 9:27 AM

384

The E-Business Handbook

22.2.2 SECURITY REQUIREMENTS We elaborate on the security requirements of e-commerce applications. As we stated above, many of these requirements are implied by the need for accountability. Accountability means that all parties to an e-commerce transaction should be accountable for their actions. Accountability requires the ability to authenticate the principals in a transaction. Accountability implies integrity because no party of a transaction should be able to modify the results of a transaction without being detected. Other security requirements not directly implied by accountability are privacy (or confidentiality), prevention of denial of service (or availability), and anonymity. Typically, two parties are involved in an e-commerce transaction, the buyer and the seller. There is always the possibility that a third party might be interested in the transaction for gaining knowledge, making profit, or just for sabotaging — or the parties themselves might try to sabotage the system for their own interest. Security is one of the most important requirements for an e-commerce transaction, due to the sensitivity of the information communicated and the need to establish credible evidence in case of disputes. It is interesting to note that, until recently, there were no laws recognizing digital signatures as a form of identification. With the passage of such laws in the United States8,9 and other countries (especially European), holding parties accountable became easier. Credit card numbers, passwords, names, or even the type of product are examples of information that can be abused by a third party to cause damage. Also, with the increased amount of personal information available online, the number of identity theft cases is growing. These cases can be reduced with increased confidentiality. Confidentiality and integrity should be maintained for e-commerce applications. • Confidentiality. E-commerce transactions should ensure the privacy of the principals. Ensuring privacy means making sure no third party can monitor a transaction and gain knowledge from it. Sometimes even the fact that there is a transaction can be beneficial to a third party. For example, a third party monitoring a buyer and a seller might notice that, after an initial message from the seller (purchase), three other messages are sent. One message is sent from the buyer to the bank, another is sent from the seller to the bank and a third from the seller to its warehouse facility. The third party can infer that a purchase occurred even if it is not able to determine the item purchased. Nevertheless, such knowledge can be useful to gain a business advantage. Privacy is also needed between the seller and the buyer where the buyer would like to be anonymous (similar to cash transaction in traditional commerce). A buyer may want to hide his identity to protect his personal information. Finally, it is important that information kept at all servers be protected from illegal access. The use of firewalls is suggested to reduce server vulnerability to attacks. Firewalls are applications that control access to the system and do not contain data that can be of interest to an intruder. The idea is that securing one terminal is easier than securing every one in the system. • Integrity. The integrity of e-commerce transactions should be maintained. This means that the transaction should execute as specified by its principals

SL3054_frame_C22 Page 385 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

385

with no possibility of sabotage or tampering. No party to a transaction should be able to change, undetected, the conditions that govern the transaction. For example, a seller should not be able to overcharge the customer after getting purchase approval. Also, for mobile agents, one merchant should not be able to change the quotations of another and those that are carried with the agent. Mobile agent systems introduce new types of threats to commercial transactions. In traditional electronic transactions, the two parties, buyer and seller, followed the client-server approach. In that approach, the seller executes its own code with parameters specified by the buyer. While the client-server approach is safer than using mobile agents, it is less efficient. For example, in the case of a client searching for the best product price, the client-server approach would require the client to make several secure connections to each potential seller and then choose the cheapest of the prices offered. With the mobile agent approach, only one initial connection is needed and the whole search can be made without requiring that the buyer be connected at all times.

22.3 SECURITY THREATS Two main security threats are caused by agent mobility. The first is from the agents themselves. The second threat is from the hosts they visit. An agent can attempt to access restricted resources, or cause damage to the host by overwriting data or using computational resources. Also, an agent might attempt to modify other agents running on the same host. A host can try to access agent data, try to reverse-engineer the agent’s code, or even change the agent before forwarding it to other hosts. It is important to keep in mind that security threats caused by the use of mobile agents can be alleviated using legal means, depending on the parties involved in a transaction. For example, in business to business transactions, the two parties can enact an environment to allow for the secure execution of transaction if they have the legal support to enforce breaches through contractual vehicles. The security threats introduced by mobile agent systems (both host-to-agent and agent-to-host) can compromise the privacy, integrity, and accountability of a transaction. Following is a summary of the work done in this field.

22.3.1 PROTECTING HOSTS

FROM

MALICIOUS AGENTS

Providing the service of executing different foreign agents, a host may be the target of sabotage by malicious programs. Ensuring the safety of the executing host is of utmost importance because of the role it plays in providing services to all other agents. Solutions for protecting the host aim at protecting the privacy and integrity of the host’s data as well as the availability of the host’s services (surviving denialof-service attacks). Unlike the problem of protecting the agent from the host, the problem of protecting the host from a visiting agent is well understood and has been studied by many researchers. Protecting the host is relatively easy, because the host has full control over the executing agent and can read, change, or force the agent

SL3054_frame_C22 Page 386 Tuesday, November 20, 2001 9:27 AM

386

The E-Business Handbook

to follow its rule. Nevertheless, implementing techniques for protecting the host can be hampered by organizational or economic factors. In what follows, we will present some of the work aiming at protecting the host from the malicious agents. Most of the work falls into two categories; in the first, safety checks are made before the agent is executed, and, in the second, security mechanisms are applied at runtime. Each of these categories has its advantages and disadvantages. We denote the former approach with the letter C (compile time) and the latter approach with the letter R (runtime). Also, we denote with L approaches that depend on legal enforcement. 1. Proof Carrying Code (PCC) (C) 10 is a method that allows the host to check at compilation time whether the agent is harmful. If the agent is found to be safe, it is executed directly without any further runtime checking. The work defines security policies that are established by the host (code consumer) using first-order predicate logic. These policies state what and how agents can access resources. The code consumer sends these policies to the agent owner (code producer). The code producer writes an easily verified proof that the agent does not violate the policies of the host. The proof is attached to the agent. When the host receives the agent, it checks that the proof is correct. If so, the host can safely execute the agent. The attractive feature of PCC is that it is more efficient than other methods, as the agent runs without interruptions after it is proven safe. PCC provides for high-level specifications of security policies, unlike other methods concerned with low-level memory access control. The drawback is the difficulty of automating writing proofs for general security policies. Also, in some instances, the proof can be very large. 2. Sand Boxing (C) or software-based fault isolation,11 is a method where agents are isolated into distinct fault domains enforced by software. The method is mainly concerned with enforcing memory access restrictions. Contrary to other methods, sand boxing does not require work on the part of the agent owner. An arriving agent is set to directly run into its virtual address space after its code is edited to change all memory accesses such that they point to the data segments and code of the agent’s fault domain. Thus, the system is protected against illegal memory accesses. Such a method is useful to execute programs written in an unsafe language like C, but it has a major drawback in that programs with such confinement cannot do much useful work. It is important to note that, while memory protection is a standard operating system function, sand boxing aims at protecting memory into what is termed nested execution domains. For example, a Java applet might execute as a thread inside the browser that invokes it. Providing protection in such cases cannot be provided by the operating system. Sand boxing allows multiple agents to execute inside one domain. 3. Execution Monitoring (R). In sand boxing, the agent code is modified to prevent any illegal memory access. Execution monitoring12 is similar to sand boxing, but the agent code is not modified and no preprocessing is done. Execution monitoring enforces security policies by interpreting the

SL3054_frame_C22 Page 387 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

387

agent code at runtime. The agent code is directly executed, but its execution is monitored. Whenever an illegal operation is to be executed, the whole agent is terminated. Thus, execution monitoring is a process of enforcing security policies only by monitoring the execution of the program. The main drawback of this approach is the runtime overhead. 4. Code Signing (C, L). In the code signing approach, each platform requires the agent to be digitally signed before executing it. If the agent is signed by a trusted entity, it is allowed to execute with full privileges, if it is signed by an unknown party or not signed at all, the agent may be allowed to run with restrictions enforced using other methods. This method does not provide fine-tuned access control, but it can be used to attain safety if there is a well-established trust relation between agents (reputation services). Code signing is achieved using public-key cryptography in which the code producer has two keys, a private key with which he encrypts (signs) the data, and a published public key that other platforms can use to decrypt the data (verify the signature). To provide integrity, message digest (a one-way hash function result unique to the message) can be computed before signing the agent. Code signing is labeled as a legal approach because the host has proof of the identity of the client and can use legal remedies in case of security breaches. 5. State Appraisal (C, L)13 is a method by which the host can determine what privileges the agent should have while executing. It is an extension of the code signing approach. Because the agent may move from one platform to the other, its state may change either due to some malicious tampering or to its execution. In both cases, as the agent’s state changes, the privileges needed by it on a specific host might also change. In the state appraisal approach, the owner of the agent is responsible for writing a set of appraisal functions that the code consumer can use to check the safety of executing the agent. Writing appraisal functions is not easy, as the writer of such functions has to anticipate all the forms of state changes caused by execution or malicious tampering. After the appraisal functions are executed, the agent can either run with full privileges, partial privileges if it fails some functions, or not at all, if it fails all functions. The major drawbacks to this method are the difficulty of writing the appraisal functions and that these functions are application specific, thus, they must be rewritten for different agents. It should be emphasized that agents protected by state appraisal functions are not totally immune to tampering; it is possible for a platform to modify the agent in such a way that its functionality is compromised without violating state appraisal tests. 6. Path Histories (C, L). The path histories approach also aims at determining the privileges that an agent should have. It is a generalization of code signing. Instead of using the agent’s state as a determining factor, the selection is based on the identity of the platforms previously visited by the agent. Each platform is responsible to create and sign a list that includes the previous platforms visited, the current platform, and the next platform to be visited. This list is encrypted to prevent tampering, and

SL3054_frame_C22 Page 388 Tuesday, November 20, 2001 9:27 AM

388

The E-Business Handbook

attached to the agent. On receiving the agent, the code consumer deciphers the list and checks whether it trusts the previously visited platforms. The method assumes that the agent is initially safe and that there is a way to determine whether a given platform is trustworthy (reputation services). The drawbacks of this approach include the big size of the agent, which increases with the number of platforms visited, and the overhead to verify all the platforms on the list.

22.4 PROTECTING AGENTS FROM MALICIOUS HOSTS The work on protecting agents from malicious hosts is still in its infancy. Not much work has been done in this area, and what has been done is either partially successful or specific to special applications that are not directly applicable to e-commerce. Some of the work is concerned with detecting malicious behavior instead of preventing it. Although detection is not enough for safe systems, it is can be useful in conjunction with legal enforcement to deter hosts from tampering. Protecting mobile agents is difficult because the executing host has complete access to the agent’s code and data. Some researchers believe that providing confidentiality for the agent code and data is impossible.14 Nevertheless, some theoretical work has shown that it is possible to protect the agent code and data for a restricted class of programs. Following is a summary of existing methods for protecting agents: 1. Clueless Agents. This method aims at hiding agent data from the executing host.15 The method allows the agent to use a secret that it carries without divulging the secret to the host. The secret is encrypted through a oneway hash function and then installed into the agents and sent through the network. Thus, the name “clueless agents,” as the agent itself has no knowledge of the secret. It is divulged only if some environmental condition is satisfied during execution. This method is useful as long as the environmental condition is false. Otherwise, the host will have access to the secret. If the user is interested in the existence of an object, he dispatches an agent with a one-way hash of the object. The agent moves from one host to another, encrypting all objects at each host and comparing the encrypted value it holds to the encrypted value of the host’s object. As long as the object doesn’t exist at a given host, the host can only infer that what the agent is looking for is different from all objects it has. This method has its uses in e-commerce. An example of its use is a company with a new product name wanting to check whether this product already exists in the market without disclosing the name. Another example would be for a company checking for the existence of a patent for a given idea. 2. Partial Result Encapsulation. Partial result encapsulation aims at providing some amount of tamper resistance to the executing agent.16 The basic idea of partial result encapsulation is to encapsulate the results of computation at the current host before moving to another one. Methods for encapsulation differ according to the function and purpose of an agent. Data privacy is achieved by encrypting the results at the current host with

SL3054_frame_C22 Page 389 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

389

the public key of the agent originator. The next host visited by the agent cannot gain knowledge of the data obtained from previous hosts. When the agent returns to its originator, its data is decrypted. This approach is perfect for situations where the data obtained from one host need not be processed by the next one. This applies to pure data collection applications. However, if the host needs to operate on the data, it cannot be encrypted. In such a case, some method should be implemented to ensure security. One such method is the partial results encapsulation codes (PRAC). PRAC aims at detecting tampering by malicious hosts. We illustrate it with an example: An agent dispatched to find the cheapest price of a product carries its previous results from one host to another. A malicious host may access this list and delete, insert or change prices inserted by other hosts visited by the agent. In the PRAC method, the agent encapsulates the results from the current host before moving to the new one, using a key chosen from a predefined use-only-once set of keys. After the agent encapsulates the data, it destroys the key. The malicious host can always read and verify the old data but cannot change it because it does not know how to encapsulate it as the key used for encryption (and decryption) is destroyed. Thus, this method guarantees forward integrity. This method has some drawbacks. If the malicious host is revisited, it can tamper with the results obtained from hosts visited after it was visited the first time. In fact, each host has access to all the keys that will be used by the agent in visits to subsequent hosts. Another problem might arise if two or more hosts conspire to tamper with data of the agent. One malicious host can forward the list of keys to another host to be visited in the future. The above encapsulation method relies on the agent to do the encapsulation. Another approach relies on the host to do the encapsulation using a private key. The owner can later decrypt the results using the hosts’ public keys. Trusted third parties can also be used to sign the results before forwarding them to next host. 3. Computing with Encrypted Functions. This approach aims at hiding the function of the agent. Current work on function hiding is theoretical and very restricted. One such work is that of Sander and Tschudin,17 who provide techniques to encrypt agents that compute polynomial functions. The tools they use to achieve the encryption are homomorphic. An encryption scheme E is homomorphic with respect to operation +, for example, if E(a+b) = E(a)+E(b). The resulting scheme they propose is not fully secure. Other schemes have also been proposed, but they are also restricted and are only of a theoretical interest. 4. Code Obfuscation18 aims at hiding the agent function from the malicious host. The techniques used for code obfuscation are ad hoc and do not have formal underpinning. Code obfuscation attempts to scramble the agent code to make it difficult for the host to figure out the agent function. A typical obfuscation technique is variable splitting, where a variable is split into multiple variables and the computations are adjusted to take that into account. Computing with encrypted function can be thought of as a

SL3054_frame_C22 Page 390 Tuesday, November 20, 2001 9:27 AM

390

The E-Business Handbook

special case of code obfuscation. With code obfuscation, the host can always reverse-engineer the program to determine its function. If a lower bound is established for the time the host needs to determine the function of the agent, code obfuscation can be useful in situations where the secret is valid for only a limited amount of time. An example is that of parties changing their private keys every T time units. After T units pass, knowing the secret is useless. Hohl elaborates on this idea in his time-limited blackbox security proposal. 5. Execution Tracing19 requires every platform visited by the agent to record and to maintain a log describing the agent’s behavior during execution. The log should contain the inputs provided to the agent during execution to be able to re-create the agent execution. The log is signed by the corresponding platform and is appended to the agent. If tampering is suspected, the log allows the owner or any other trusted third party to check the correctness of the execution. This method has two major drawbacks: first is the large amount of data that needs to be appended to the agent. This amount increases with the number of nodes visited. Another drawback is the impracticality of always checking the correctness of the execution. The correctness is checked only if malicious behavior is suspected. 6. Replication20 was proposed as a technique to protect agent integrity. It is the only method that also provides some protection against denial of service attacks. Replication has been traditionally used to provide fault tolerance in distributed systems. With increased fault tolerance, this method can be used to prevent tampering in a system where the hosts are replicated and a majority of the replicated hosts are trustworthy. The idea is to replicate the agent before dispatching it. Thus, if a number of agents are corrupted at the end of execution, it is guaranteed that a larger number will have the correct results, assuming a majority of nonmalicious hosts (this method is explained in more detail below). This method also provides some protection against denial of service attacks. If one or more agents is attacked at specific platforms, other replicas can still survive the attack. Drawbacks of this approach are the amount of resources wasted when executing, and communicating all the replicas where mobile agents were used to save these resources in the first place.

22.5 FAULT TOLERANCE E -commerce applications should be executed correctly. Faulty hosts or communication systems may affect the results of a transaction. Various methods have been proposed to increase the fault tolerance of agent-based systems. Different methods are suitable for specific activities, which, in turn, are dependent on the requirements of the application and the level of fault tolerance required. In the example of an agent, the network gathering information, we are interested in the correctness of the results. However, if the agent is executing a commerce transaction, we must make sure that the execution is correct and that its effects are equivalent to those of a

SL3054_frame_C22 Page 391 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

391

transaction that executes exactly once in the absence of failures. In what follows, we outline the main ideas of two different methods for achieving reliability. Traditionally, fault tolerance is achieved with redundant execution. This redundancy can take place in space or time. In spatial redundancy, many copies of an application execute at the same time. In temporal redundancy, the application executes more than once at different times. Both approaches have been used for mobile agents.20,22-26 Schneider20 proposes to use replication to provide fault tolerance to mobile agent applications. The main idea of voting is to have many servers execute identical copies of the agent at the same time and then use voting to decide on the correct answer. This approach would work in the presence of crash failures. With moresevere failures, such as software malfunction, or even malicious hosts (hosts that have been compromised), Schneider proposes a solution that makes use of a threshold secret sharing scheme.21 In this model, computation proceeds in stages, with each stage containing a number of voters. Each machine in a given stage sends its results to voters in the next stage. To prevent bogus votes, the agent carries a secret that can be used to prove authenticity. To protect the secret from being stolen or duplicated by any one host, the secret is split among the agent copies so that at least k+1 machines are needed to reconstruct the secret (where k is a design parameter). This approach can tolerate up to k failures among the replicas. Details of the method are presented in Reference 20. Schneider proposes another method to deal with bogus agents. He assumes that the itinerary of the agent is known a priori. The method uses replication but replaces the threshold secret sharing scheme with the use of authentication chains. The main idea is to have each agent carry an unforgeable certificate describing its trajectory to enable voters to reject bogus agents. Because a majority of voters is assumed to be correct at each stage, it is guaranteed that an agent will be received with the correct authentication chain (see Reference 20 for more details). In Reference 21, a method to provide exactly-once semantics for agent computations is described. As in the work of Schneider, hosts are replicated into stages, with each stage representing a computational unit. Not all hosts in a stage execute the program. Only one executes the program, and the other hosts are observers that monitor the executing host. In case of failures, one of the observers is voted to take over the execution. The larger the number of observers, the higher the fault tolerance of the stage. Thus, not all stages need have the same number of hosts and stages with important functions can have a larger number of hosts. A basic element of the solution is the use of transactional message queues. Transactional message queues provide persistent messages and ensure exactly-once delivery. Each host on the agent’s itinerary has both an input and an output transactional message queue. Initially, the agent is placed in the input queue of the first host on the path. The host then gets the agent from the input queue, executes it, and puts it in the output queue and then commits. The commit action is also sent as a message to the next host on the itinerary. The transactional nature of the queue ensures that the commit is delivered exactly once. After one host commits, the next host can start processing the agent. In case of a failure, the states of the queues of the current host and the next host are restored and the operations done by the host are undone. This protocol

SL3054_frame_C22 Page 392 Tuesday, November 20, 2001 9:27 AM

392

The E-Business Handbook

ensures the exactly-once property but also assumes node restoration. That is, the agent’s operation is delayed until the cause of failure is removed. Such a drawback makes the approach useless in the case of time-limited agent operations. The work of Silva et al.25,26 is a good example of the use of temporal redundancy to provide fault tolerance to mobile agents. In their work, they use failure detection, checkpointing, and recovery to provide fault tolerance to agents. The idea is to save the agent states at regular intervals of time, monitor the agents for potential failures, and initiate recovery if failures are detected. This is a traditional approach for fault tolerance, but these authors tailor it to mobile agent systems by providing mechanisms for agent monitoring, software rejuvenation, atomic migration, and reconfigurable itineraries. Reference18 is another example of the use of temporal redundancy for mobile agent fault tolerance.

22.6 CONCLUSION We have seen that mobile agents can be a good choice for developing reliable ecommerce applications. While many issues regarding the use of mobile agents in ecommerce have been solved, many remain to be solved. Support for mobility, secure communication, and protecting the servers are well-understood issues, but that does not necessarily mean that they can be readily implemented. Other issues, such as protecting the agents, are still being addressed by the research community. It should be emphasized that the difficulties of building reliable mobile agent applications will also hamper other solutions providing similar functionality.

REFERENCES 1. T. Mandry, G. Pernul and A.W. Rohm, Mobile Agents on Electronic Markets: Opportunities, Risks and Agent Protection, Proc. 12th Int. Bled Electron. Comm. Conf. pp. 1-13, Bled, Slovenia; 1999. 2. M. Oshima, G. Karjoth, and K. Ono. Aglets Specification 1.1 Draft. Technical Report, IBM Tokyo Research Laboratory, September 8 1998. 3. H. Peine and T. Stolpmann., The Architecture of the Ara Platform for Mobile Agents, In: Rothermel K., Popescu-Zeletin R. (Eds.), Mobile Agents, Proc. of MA’97, Springer Verlag, Berlin, April 7-8, LNCS 1219, pp 50-61 4. H. Peine, Ara — Agents for Remote Action, in William R. Cockayne and Michael Zyda: Mobile Agents: Explanations and Examples, Manning/Prentice Hall, 1997. 5. Wong D., Paciorek N. and Walsh T, Concordia: An Infrastructure for Collaborating Mobile Agents, in Rothermel K., Popescu-Zeletin R. (Eds), Proc. 1st Int. Workshop on Mobile Agents, 86-97, Lecture Notes on Computer Science 1219, Springer-Verlag, 1997. 6. Concordia. Mitsubishi Electric ITA, July 1999. http://www.meitca.com/HSL/Projects/ Concordia. 7. D. Johansen, R. van Renesse, and F. Schneider, An Introduction to the TACOMA Distributed System Version 1.0. Technical Report 95-23, Department of Computer Science, University of Tromsø, Norway, June 1995.

SL3054_frame_C22 Page 393 Tuesday, November 20, 2001 9:27 AM

Reliable E-Commerce Applications in Large Distributed Systems

393

8. U.S. Senate, S. 1594, Digital Signature and Electronic Authentication Law (SEAL) of 1998. 9. U.S. House of Representatives, H.R. 3472, Digital Signature and Electronic Authentication Law (SEAL) of 1998. 10. G. Necula, Proof-carrying code, Proc. 24th Ann. ACM SIGPLAN-SIGACT Symp, Princ. Programming Languages, Paris, January 1997. 11. R. Wahbe, S. Lucco and T. Anderson, Efficient Software-Based Fault Isolation, Proc. 14th ACM Symp. Operating Syst. Princ., ACM SIGOPS Operating Systems Review, December 1993, pp. 203-216. 12. F. Schneider, Enforceable Security Policies, Technical Report TR98-1664, Cornell University, January 1998. 13. W. Farmer, J. Guttman and V. Swarup, Security for Mobile Agents: Authentication and State Appraisal, Proc. 4th Euro. Symp. Res.in Comp., pp. 118-130, September 1996. 14. D. Chess et al., Itinerant Agents for Mobile Computations, IBM Research Report, March 1995. 15. J. Riordan and B. Schneier, Environmental Key Generation Toward Clueless Agents, G. Vinga (Ed.), Mobile Agents and Security, Lecture Notes in Computer Science No.1419, pp. 44-60, Springer-Verlag, 1998. 16. B. S. Yee, A Sanctuary for Mobile Agents, Technical Report CS97-537, University of California, San Diego, April 1997. 17. T. Sander and C. Tschudin, Protecting Mobile Agents Against Malicious Hosts, G. Vinga (Ed.), Mobile Agents and Security, Lecture Notes in Computer Science No.1419, pp. 44-60, Springer-Verlag, 1998. 18. F. Hohl, Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts, G. Vinga (Ed.), Mobile Agents and Security, Lecture Notes in Computer Science No. 1419, pp. 92-113, Springer-Verlag, 1998. 19. G. Vigna, Protecting Mobile Agents through Tracing, Proc. 3rd ECOOP Workshop on Mobile Object Sys., Finland, June 1997. 20. F. Schneider, Toward Fault-Tolerant and Secure Agentry, Proc. 11th Int. Workshop on Dist. Algo. Saarbucken, Germany, Sept. 1997. 21. A. Shamir, How to Share a Secret, Comm. ACM, 22, 11, 612-613, November 1979. 22. K. Rothermel and M. Strasser. A Fault-Tolerant Protocol for Providing Exactly-Once Property for Mobile Agents, in Proc. 17th IEEE Symp. Reliable Dist. Sys., 100-108, October 1998. 23. M. Strasser, K. Rothermel and C. Maihofer, Providing Reliable Agents for Electronic Commerce, W. Lamersdorf and M. Merz (Eds.), Proc. Int Conf. Trends in Dist. Sys. for Electron. Comm., LNCS 1402, 241-253, Springer-Verlag, June 1998. 24. D. Johansen et al., NAP: Practical Fault-Tolerance for Itinerant Computations, in Proc. 19th IEEE Int. Conf. Dist. Comp. Sys., 180-189, Austin, May 1999. 25. L. Silva, V. Batista, and J. Silva, Fault-Tolerant Execution of Mobile Agents, Proc. Int. Conf. Dependable Sys. and Networks, 135-143, June 2000. 26. F. Silva and R. Popescu-Zeletin, An Approach for Providing Mobile Agent FaultTolerance, Proc. 2nd Int.Workshop on Mobile Agents, Stuttgart, Germany, September 1998.

SL3054_frame_C22 Page 394 Tuesday, November 20, 2001 9:27 AM

SL3054_frame_C23 Page 395 Tuesday, November 20, 2001 9:29 AM

23

Distributed Software Component Integration: A Framework for a Rule-Based Approach Susan D. Urban, Suzanne W. Dietrich, Amy Sundermier, Ying Jin, Sunitha Kambhampati, and Yinghui Na

CONTENTS 23.1 Introduction ..................................................................................................396 23.2 Background for Rule-Based Component Integration..................................397 23.2.1 Active Database Technology ...........................................................397 23.2.2 The Enterprise JavaBeans Component Model ................................399 23.2.3 Status of Rule-Based Component Integration .................................401 23.3 Overview of the IRules Project ...................................................................402 23.3.1 The Investment Enterprise: A Motivating Example........................402 23.3.2 The IRules Definition Language .....................................................404 23.3.2.1 The Component Definition Language ..............................404 23.3.2.2 The IRules Scripting Language........................................406 23.3.2.3 The Event Definition Language .......................................408 23.3.2.4 The Integration Rule Language........................................408 23.4 Architectural Framework .............................................................................410 23.4.1 Wrappers for Black-Box Components ............................................411 23.4.2 Metadata Manager............................................................................412 23.4.3 Object Manager................................................................................413 23.4.4 Event Handler ..................................................................................413 23.4.5 Transaction Manager and Rule Processor .......................................414 23.5 Execution of an Investment Scenario: An Illustration ................................415 23.5.1 Trace of the Execution.....................................................................417 23.5.2 Execution Commentary....................................................................418 23.6 Future Directions..........................................................................................419 Acknowledgment ...................................................................................................419 References..............................................................................................................420

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

395

SL3054_frame_C23 Page 396 Tuesday, November 20, 2001 9:29 AM

396

The E-Business Handbook

23.1 INTRODUCTION Inherently, electronic commerce applications are distributed applications that often require the interconnection of black-box software components from different sources. These components typically provide various services in the context of the application, advertising well-defined interfaces for gaining access to relevant operations. An application integrator then develops “glue code” to interact with component interfaces for the purpose of achieving a more global activity. The development of glue code can be a challenging activity. Integrators must be knowledgeable about the semantics of the interface of each distributed component. They must also understand the implied relationships among components and monitor events that signify different types of activities that need to be performed. The resulting integration process traditionally produces a hard-coded solution that can be difficult to change as the application evolves or when the vendor of a component makes changes to the interfaces and functionality of the software. Furthermore, the environment in which the integration is performed may require that the application integrator handle low-level, distributed transaction processing details. Although standards such as CORBA1 are useful for accessing distributed sources, more supportive environments are still needed for capturing integration semantics and managing the execution aspects of the integration process, especially in environments that require event-based processing. This chapter describes the component integration framework of the Integration Rules (IRules) Project at Arizona State University (http://www.eas.asu.edu/~IRules).2 A unique aspect of the IRules project is that it provides a middle-tier, ruleprocessing framework for the integration of distributed black-box components. Integration rules are based on the concept of active database rules,3 providing a declarative approach to the specification of event-driven activity. Integration rules are used together with application transactions within a semantic framework and run-time environment for component integration to provide a complete supportive environment for development and execution activities. This chapter provides an overview of the IRules approach through the use of an investment application, using an execution scenario to illustrate the architectural support required and the event and transaction processing issues that must be addressed. The IRules approach builds upon the use of the Enterprise JavaBeans (EJB) component model specification from Sun Microsystems.4 The EJB component model promotes the vision of separating component services from the business logic of the components. Assuming that all components are encapsulated using EJB technology, the IRules Definition Language provides the semantic framework for the expression of a component integration object model. This object model provides the basis for the expression of integration rules and application transactions that capture the logic of the application, where application transactions execute methods on EJB components. The execution of application transactions and EJB methods can generate events that subsequently trigger the execution of integration rules. Integration rules are specifically used to examine conditions over the component integration object model and to invoke the execution of additional application transactions.

SL3054_frame_C23 Page 397 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

397

The IRules approach to component integration has several advantages. First, the IRules Definition Language provides a conceptual view of the application that supports the development of application logic. EJB components in the IRules environment are “black-box,” meaning that 1) they can’t be modified, and 2) they are not aware of their participation in the integration framework. The conceptual view of the IRules Definition Language provides a semantic layer on top of existing EJB components, defining relationships between components and enhancing components with additional functionality that is useful in the integration process. Furthermore, integration rules provide a declarative tool for responding to events so that eventdriven activity can be separated from the main logic of application transactions. Finally, the IRules execution framework provides a distributed processing layer that assists the application integrator in the process of handling events and transactions over distributed sources. As a result, the application integrator can focus on the development of application logic rather than low-level execution details associated with event and transaction processing. The remainder of this chapter focuses on the architectural requirements for supporting a rule-based approach to component integration in the IRules environment. Section 23.2 first reviews necessary background on active database technology and also provides an overview of the EJB component model specification. Related work on the use of events and rules in component integration is also addressed. Section 23.3 then provides an overview of the IRules approach by introducing an investment enterprise and demonstrating the manner in which the IRules Definition Language is used to support integration activities. The architectural components of the IRules environment are discussed in Section 23.4, followed by a more detailed illustration of the investment example in Section 23.5. In particular, Section 23.5 steps through the execution of a scenario over the investment enterprise, illustrating the use of the architectural components and the transaction- and event-processing support provided by the environment. The chapter concludes in Section 23.6 with a discussion of our future research activities.

23.2 BACKGROUND FOR RULE-BASED COMPONENT INTEGRATION To fully understand the IRules approach to component integration, it is first necessary to understand the relevant technology on which the IRules project is based. Section 23.2.1 first outlines the relevant features of active database technology, as our use of integration rules is based on active rule languages as well as active database architectures and execution models. Section 23.2.2 then provides an overview of the Enterprise JavaBeans component model. This section concludes in Section 23.2.3 with a brief discussion of related work on event-based and rule-based research on component integration.

23.2.1 ACTIVE DATABASE TECHNOLOGY Active database technology extends traditional database technology with the ability to monitor and react to circumstances that are of interest to an application.5 The

SL3054_frame_C23 Page 398 Tuesday, November 20, 2001 9:29 AM

398

The E-Business Handbook

notion of an active rule is at the core of any active database environment, where active rules are typically a declarative language framework for describing how an application should respond to events of interest. Active rules are typically referred to as Event-Condition-Action (ECA) rules. An event describes a particular situation to which a rule may respond. An event can be primitive, such as the completion of a method execution or the occurrence of a transaction commit. An event can also be a complex Boolean combination of many primitive events specified through the use of an event algebra.6 A condition is a query over the database that is evaluated when the event is raised, returning a true or false value. If the condition evaluates to true, then the action of the rule is executed. A rule action can be a data modification operation, a data retrieval operation, or any general application procedure. Active rules are useful for constraint enforcement in database systems as well as applications that involve event notification or workflow activities. Active rules have been used in a limited form in commercial database systems through the use of database triggers.3 In active database systems, the rule language indicates what can be specified in each active rule, while the rule execution model determines how a set of rules behaves at runtime. There are many different dimensions of an execution model.3,5 The most relevant dimension to our discussion of active rules is the notion of coupling modes. Coupling modes help to specify the semantics associated with how rules are to be processed relative to the transaction that fired them. Coupling modes specify the transactional relationship between a rule’s triggering event and the evaluation of its condition, between the condition evaluation and action execution, and between the event and action for rules with no condition. The different coupling modes implemented by various active database prototypes include the immediate, deferred, and decoupled modes. An immediate coupling mode between the event and condition, for example, implies that the condition is evaluated immediately after the event is raised. For the immediate coupling mode, the transaction that raised the event is halted until the rule execution is complete. In the case of the deferred coupling mode between the event and condition, the rule condition evaluation is deferred until the commit point of the outermost transaction from which the rule was triggered.7 The decoupled mode forces rule processing to start a new transaction for execution of the rule, separate from the transaction that fired the rule. Coupling modes can be used in a similar manner to define execution semantics between the condition and action parts of a rule, or between the event and action of a rule in the case of rules that do not have a condition. With respect to execution architectures, an active database system must have components to support event detection and rule execution. Figure 23.1 shows a generic architecture of an object-oriented active database system with the essential components and the interactions between the various components.3 The event detector is responsible for monitoring and detecting event activity for the rules that are registered in the system. The event detector notifies the rule manager of any events of relevance. The rule manager determines which rules need to be fired together with their order of execution. The rule manager invokes the transaction manager to create the appropriate nested transactions, depending on the coupling modes associated with the rule. The rule manager then invokes the condition evaluator to evaluate rule

SL3054_frame_C23 Page 399 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

399

User/Application Layer

Object Manager

Event Detector

Transaction Manager

Rule Manager Condition Evaluator

FIGURE 23.1 Architecture of an active database system.

conditions. If the condition evaluates to true, the rule manager performs the rule action. The object manager of the database is called if any database operations have to be executed. The rule manager is also responsible for maintaining temporary entities to store the data required for condition evaluation and action execution. The IRules project described in this chapter demonstrates the use of active rules in a distributed environment for component integration. The active rule execution model is based on our past work with the development of an adtive object-oriented database environment.7 We have also experimented with the feasibility of using active rules in distributed environments.8 Our research in demonstrates that active rules are a viable integration option for black-box components.9

23.2.2 THE ENTERPRISE JAVABEANS COMPONENT MODEL The concept of a software component is similar to an object as used in objectoriented programming, as components and objects both have properties and operations and can potentially generate events. A software component differs from an object, however, in several important ways. First, a software component adheres to a component standard, such as the Enterprise JavaBeans component model,4 the COM+ component model,10 or the CORBA component model.11 Component standards such as these specify how a component can be used as an autonomous and self-contained service. The component standard places requirements on the component’s public interface in exchange for providing infrastructure services to the component. In contrast, objects may generally define whatever interface is convenient to the programmer. Objects are also typically tightly coupled to other objects in an application and usually do not support remote network access. Distributed objects support remote access, but do not generally conform to a required well-known interface as defined by a component model. A component model is a framework that defines how a self-containing and selfdescribing component can be deployed into an environment for use as an autonomous

SL3054_frame_C23 Page 400 Tuesday, November 20, 2001 9:29 AM

400

The E-Business Handbook

service. The definition for a component found in Reference 12 highlights the ideas of contractually specified interfaces and explicit context dependencies, independent of deployment and composition. For our research project, we chose to work with the Enterprise JavaBeans component model,4 which conforms to the component definition in Reference 12, supports the Java programming language, and gives us a choice of vendors for component servers. The EJB component model promotes the vision of separating component services and infrastructure from the business logic of the components. In particular, the EJB component model facilitates an efficient division of responsibilities between different types of programmers by specifying three different entities that participate in the execution of EJBs: Objects, Containers, and Servers. EJB objects are software components with application-specific programming logic, while the container and server provide the run-time environment for the components. Application server vendors, such as Sun Microsystems,13 BEA Systems,14 and IBM,15 implement EJB containers and servers to provide robust infrastructure and services for EJB software components, such as transaction management and security. Business logic specialists focus on developing EJB objects that implement enterprise business processes. Ideally, application assemblers then construct business systems by using purchased EJB objects for the majority of the system, therefore leveraging reuse of commercially available components, while still having the flexibility of building custom business components that reflect their company’s unique competitive strategy. The research described in this chapter is making use of the container and server software of BEA Systems’ WebLogic Application Server.14 As described in version 2.0 of the EJB Specification,4 there can be three types of EJB objects: entity beans, session beans, or message beans. An entity bean represents a database or persistent business object in the distributed environment, while a session bean provides transient, per-client, session-based processing. EJB applications typically require both entity and session beans, because they represent different aspects of the application. A message bean is the newest addition to the specification, providing a means for listening to events generated by the Java Messaging Service (JMS).16 Message beans enhance the EJB component model with an active, event-based capability for responding to messages from sources outside the component. Figure 23.2 illustrates the EJB Component Model and the conceptual view of client/EJB interaction. As shown, entity- and session-bean components provide two types of interfaces: the EJBHome interface and the EJBObject interface. The EJBHome interface represents the life-cycle methods of the component. A client calls the operations in the EJBHome interface to create or delete instances of components. For an entity bean, a client can also use the findBy operations of the EJBHome interface to look up a specific object instance using a key value. The EJBObject interface, also known as the remote interface, defines the signatures of business methods within entity and session beans. Business methods can be used for changing attribute values of entity beans and carrying out business logic functions. The EJBHome and EJBObject interfaces are implemented by container-generated classes that are specific to the EJB component. As illustrated by Figure 23.2, all the instances

SL3054_frame_C23 Page 401 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

JMS Destination

401

Message- Driven Bean Instance EJB Instance

EJBHome Session Bean Instance EJBObject Session Bean Client

EJBHome Entity Bean Instance EJBObject Entity Bean Container

FIGURE 23.2 EJB component model.

of an EJB component share the EJBHome, but each instance has a corresponding EJBObject remote interface. Unlike entity and session beans, message beans do not have an EJBHome and EJBObject interface. Message beans allow EJBs to directly subscribe to JMS destinations, where a JMS destination can either be a JMS topic (for publish/subscribe communication) or a JMS queue (for point-to-point communication). Message beans are derived from the javax.jms.MessageListener interface and implement the onMessage method. Clients communicate with message beans by sending messages to a JMS topic or queue. When a new message becomes available on the JMS destination to which the message bean has subscribed, the container forwards the received message to the onMessage method of the message-driven bean instance.

23.2.3 STATUS

OF

RULE-BASED COMPONENT INTEGRATION

Most component-based software development activities in practice use hardcoded software interconnection solutions based on an underlying component model, such as COM+, the CORBA component model, the Enterprise JavaBeans

SL3054_frame_C23 Page 402 Tuesday, November 20, 2001 9:29 AM

402

The E-Business Handbook

component model. Current research has been focused on event-based approaches to provide a declarative way to facilitate the interoperation of distributed components. The event-based integration (EBI) framework, as a high-level reference model, outlines architectural concepts for interconnection through events.17 FIELD18 and Polylith19 are examples of research that fulfills the EBI reference model. The CORBA-Based Event Architecture (COBEA), as a general eventdriven architecture, extends the CORBA Event Service by supporting the publish-register-notify model and provides filtering, fault-tolerance, and access control service.20 ECA rules have also been investigated for software and data interconnection based on CORBA specifications. In one search effort, distributed applications are modeled as distributed active objects by adding wrappers on top of the components that do not have triggers so that ECA rules can be used in distributed environments.21 IECA rules have also been proposed to solve distributed communication for components that have OMG IDL interfaces.6 The focus is on the specification, detection and management of composite events. In contrast, the CORBA-Based Distributed Information System, named C2offein, uses the CORBA push model for event detection and uses wrappers for read access to the underlying data source.22–24 Conditions are checked by means of a query that is a method call. Actions are also performed by a sequence of method calls. All of the event- and rule-based projects mentioned above have been based on the use of CORBA for the interconnection of distributed sources of software and data. The IRules project is different in that we are working on component integration with well-defined interfaces based on the EJB component model. The IRules approach allows application integrators to build distributed environments in a semideclarative way, where rules are used together with global transactions to separate the logic of event handling from the main logic of application transactions.

23.3 OVERVIEW OF THE IRULES PROJECT This section provides a global view of the IRules approach to software-component integration. Section 23.3.1 first motivates the IRules approach by introducing an investment enterprise that is then used in Section 23.3.2 to demonstrate the IRules Definition Language (IRDL), and how it is used to establish software interconnectivity. The same enterprise will be used later in the chapter to illustrate the functionality of the architecture for the distributed processing of integration rules over EJB components.

23.3.1 THE INVESTMENT ENTERPRISE: A MOTIVATING EXAMPLE To motivate the IRules approach to software component integration, consider the investment enterprise in Figure 23.3, illustrating four different containers with purchased software components. The Portfolio container maintains current information in the form of entity beans about client portfolios, including information about current and past stock holdings and the orders under which stocks were bought and sold. The Portfolio container also provides a session bean with application logic to conduct buying and selling of stocks. The PendingOrder container provides entity beans for storing pending orders that are waiting for execution

SL3054_frame_C23 Page 403 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

403

FIGURE 23.3 The investment enterprise.

when a particular market condition is met. The Stock container stores locally managed information about stocks and their current prices as entity beans. This information exists independently of the portfolios that own them. We are assuming that the information in the Stock container is updated based on current stock prices from external sources. The Stock container can also generate events to signal changes in value, depending on buy and sell transactions in the stock market. Finally, the User container provides entity beans that represent billing information about portfolio accounts and the users that are associated with accounts. The User container also provides a session bean with procedures for billing users for stock buy and sell transactions. There are implied relationships between the four containers in Figure 23.3: portfolios buy and sell specific stocks, buy-and-sell transactions on portfolios occur as a result of pending orders on stocks, portfolios are owned by specific user accounts, and accounts are billed for buy-and-sell transactions. Ideally, we would like to capture such externalized relationships25 as part of the application model and use this information in the specification of application logic.

SL3054_frame_C23 Page 404 Tuesday, November 20, 2001 9:29 AM

404

The E-Business Handbook

The lines between the containers in Figure 23.3 represent the externalized relationships of the desired object model, defining relationships among components on different servers. For example, we wish to represent the fact that a Portfolio may have orders waiting for execution, where the order information is stored in the PendingOrder component. The PendingOrder component is also defined to act upon a specific type of stock. The development of application transactions that depend on the relationships among these three components can be enhanced if the integration environment is aware of these relationships. Each component, however, is an independent entity that knows nothing about the existence of the other components in the environment. In the next subsection, we outline the IRules approach to establishing such relationships, where IRules EJB wrappers are generated for each purchased EJB component, as shown in Figure 23.3. An IRules wrapper enhances the interface of an EJB component, both creating the meta-level interface required for the manipulation of externalized relationships by the IRules environment and also providing application-specific extensions for event generation.

23.3.2 THE IRULES DEFINITION LANGUAGE The IRules Definition Language (IRDL) provides the basis for establishing extensions to EJB components as well as semantic interconnections between distributed components. The IRDL is composed of four sublanguages: 1. The Component Definition Language (CDL) for establishing the object model of the integration application 2. The IRules Scripting Language (ISL) for developing application transactions 3. The Event Definition Language (EDL) for defining external, system, and application transaction events 4. The Integration Rule Language (IRL) for defining active rules that relate events to conditions and actions over distributed sources 23.3.2.1 The Component Definition Language CDL is used to define an additional semantic layer on top of existing EJB blackbox components. This layer adds the IRules functionality that is used in the specification of rules and transactions during the application integration process. In particular, CDL is used to define externalized relationships among distributed components, as well as extents, derived attributes, and stored attributes for each component. CDL also adds the capability to explicitly define events that are generated before and after method calls on purchased components and to propagate events generated by black-box components. CDL is loosely based on the Object Management Group’s Object Definition Language (ODL),26 adding syntax for the expression of the IRules integration features. As an example, consider the relationships in Figure 23.3 between the Portfolio component, the PendingOrder component, the Stock component, and the User component. The CDL description of these relationships is shown in Figure 23.4, where

SL3054_frame_C23 Page 405 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

405

component Portfolio implements EntityBean (extent

portfolios)

{ relationship

Account ownedBy inverse Account::owns

relationship

set orders inverse PendingOrder::orderedBy

} component PendingOrder implements EntityBean (extent

pendingOrders)

{ relationship

Stock actUpon inverse Stock::pendingTrades

relationship

Portfolio orderedBy inverse Portfolio::orders

event

afterCreatePendingOrder(pnId, portId, assetId, numOfShares, desiredPrice, action, actUpon, orderedBy) {method after create(pnId, portId, assetId, numOfShares, desiredPrice, action, actUpon, orderedBy)}

} component Stock implements EntityBean (extent

stocks)

{ relationship

set pendingTrades inverse PendingOrder::actUpon

… } component Account implements EntityBean (extent

accounts)

{ relationship

Portfolio owns inverse Portfolio::ownedBy

}

FIGURE 23.4 CDL component definition examples.

each component initially declares that it implements EntityBean. It is assumed that the component name used in the definition corresponds to an existing entity bean with the same name. Compilation of the CDL component definition generates the code for an IRules wrapper of the entity bean, implementing a remote interface with business methods that subsume the signatures of the entity bean and include the additional functionality specified in the CDL definition. Relationship definitions in CDL define externalized relationships between distributed components. In the investment example, we are assuming that the Portfolio and Account components were purchased, potentially from different vendors, and

SL3054_frame_C23 Page 406 Tuesday, November 20, 2001 9:29 AM

406

The E-Business Handbook

were implemented as autonomous, independent components. To build our application, we want to add relationships as shown in Figure 23.4. For example, a Portfolio is ownedBy an Account. An Account, on the other hand, owns a Portfolio. The declaration for such relationships uses the standard ODL syntax. The relationship is external to the black-box component, however, because compilation of the CDL schema definition will generate wrapper code around Portfolio and Account, with the wrapper maintaining inverse relationships between instances of the two components. Similar relationships are defined between Portfolio and PendingOrder and between PendingOrder and Stock. The ellipsis (“…”) notation in the Stock component indicates that additional relationship definitions are required, according to the diagram in Figure 23.3, but are not relevant to this example. An explicit event definition is also illustrated in Figure 23.4. For example, creating an instance of the PendingOrder component will generate the afterCreatePendingOrder event. The first part of the event declaration defines the event name and the parameters of the event. The second half, enclosed in braces, defines the specific operation that will generate the event. In the IRules environment, events can be generated before and after the execution of an operation. Our current prototype, however, implements the generation of events only after the execution of an operation. The specific event shown in Figure 23.4 is an example of a method event within an entity bean. Method events are generated by the IRules wrapper of the EJB component. Before and after method events can also be defined for methods within session beans. For example, assume there is a session bean in the Portfolio container that provides a sellStock method for performing sell transactions on portfolios. If we are interested in monitoring the execution of the sell transaction, the event can be defined as follows: component PortfolioSession implements SessionBean { event afterSellStock(assetId, stockPrice, portfolioId, numOfShares) {method after sellStock(assetId, stockPrice, portfolioId, numOfShares)}

} The IRules instance for the PortfolioSession session bean will then generate an event notification after the successful completion of the sellStock method. In addition to method events, the IRules environment also supports internal events, which are those events defined by black-box components prior to their participation in the IRules environment. Internal events are defined within CDL in a manner similar to method events. They are, however, implemented in a different manner. The difference between handling internal events and method events will be addressed in more detail in Section 23.4. 23.3.2.2 The IRules Scripting Language ISL is used within the IRules environment for the development of application transactions over the object model described using CDL. Application transactions

SL3054_frame_C23 Page 407 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

407

execute methods on EJBs. As illustrated in the previous section, the execution of EJB methods can generate events. These events are used to trigger integration rule. Application transactions can also be invoked as a result of executing integration rules. Rather than develop our own scripting language, we are currently using JACL27 for transaction development. JACL is a scripting language that provides a Java implementation of the Tool Command Language (TCL).28 JACL supports all of the predefined TCL commands. In addition, it extends TCL to support allocation of Java objects and invocation of Java methods from JACL code. It also supports user-defined commands as extensions. An extension command can be used to abstract a sequence of logical statements into one command, thus making the script concise and easy to reuse. Figure 23.5 provides an example of two JACL transactions in the investment example. The clientWantsToSellStock application transaction has two operation scripts. The first is an extension that creates a new instance of the PendingOrder component. The creation of an EJB instance actually involves a sequence of several operations. To make application programming more concise, however, we have created the newInstance extension command. The newInstance command is parameterized to support the creation of instances for other EJB components. The printPendingOrderInfo command is also an extension that will print information about a PendingOrder instance. The second application transaction, sellStockOnNewPO, performs the steps of selling stocks by invoking methods on the Portfolio component and the PendingOrder component. The transaction first creates a new instance of the PortfolioSession session bean in the Portfolio container and then calls the sellStock method

Application Transaction clientWantsToSellStock(String pnId, String portfolioId, String stockId, int numOfShares, float desiredPrice, String action, String actUpon, String orderedBy) { set pn[newInstance PendingOrder $pnId $portfolioId $stockId $numOfShares $desiredPrice $action $actUpon $orderedBy printPendingOrderInfo $pn } Application Transaction sellStockOnNewPO(String stockId, float price, String portfolioId, int numOfShares, PendingOrder pn) { set session[newInstance PortfolioSessionBean] $session sellStock $stockId $price $portfolioId $numOfShares $pn setStatus “executed” printSellInfo $pn }

FIGURE 23.5 Application transactions.

SL3054_frame_C23 Page 408 Tuesday, November 20, 2001 9:29 AM

408

The E-Business Handbook

of the session bean. The status of the PendingOrder instance is then set to “executed” to indicate that the pending order has been processed. Finally, the information from the executed PendingOrder instance is printed by the extension command printSellInfo. 23.3.2.3 The Event Definition Language In addition to method events and internal events, the IRules environment also supports the definition of events that are generated by application transactions. As an example, because a sell transaction will create available cash in the portfolio, we may want to know when the sellStockOnNewPO transaction is complete so that potential buy transactions can be initiated. Using EDL, the event is declared to the IRules environment as follows: event

afterSellStockOnNewPO(stockId, price,portfolioId, numOfShares, pn) {appTrans aftersellStockOnNewPO(stockId, price, portfolioId, numOfShares, pn)}

Method events on application transactions are currently limited to after events on the execution of transactions. Our future plans include the generation of systemlevel transaction events, such as abort and commit events. We are also investigating the capability of monitoring events that are generated external to the IRules environment. For example, the investment application may need to monitor changes in stock prices generated from an external source such as the New York Stock Exchange. 23.3.2.4 The Integration Rule Language The final su-language of IRDL is the Integration Rule Language. IRL is based on the traditional ECA format of active database rules as described in Section 23.2.1. Integration rules, however, have been specifically designed for expressing conditions over the object model as defined by a CDL schema. Integration rules can also be triggered by application transaction events. The action of an integration rule can invoke a method on a component or an application transaction expressed in ISL. Consistent with our use of ODL as the basis for describing relationships between components, OQL is used as the basis for condition expression within IRL. A unique aspect of IRL is the manner in which OQL is used for the explicit definition of rule bindings within the rule condition and the way in which such bindings are subsequently referenced within the rule action. Figure 23.6 presents examples of three integration rules expressed using IRL. The first is the newStockSellPendingOrder rule, which is triggered in response to the afterCreatePendingOrder event defined in Figure 23.4. After a new pending order is created, this rule checks to see if the pending order is a sell transaction. If so, the condition of the rule creates a binding for the stock object and the pending order object if the desired threshold for the sell transaction is less than the current stock price and the pending order is still in “waiting” status (i.e., not yet executed). The action part of the rule can access the bindings defined by stockAndPendingOrder in

SL3054_frame_C23 Page 409 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

create rule newStockSellPendingOrder event

afterCreatePendingOrder(pnId, portfolioId, stockId, numOfShares, desiredPrice, action, actUpon, orderedBy)

condition

immediate when action = “sell” define stockAndPendingOrder as select struct ( stk: s, newPo: pn ) from s in stocks, pn in pendingOrders where pn.id=pnId and pn.actUpon=s and desiredPrice<=s.price and pn.status = “waiting”

action

immediate from sp in stockAndPendingOrder do sellStockOnNewPO(stockId, sp.stk.price, portfolioId, numOfShares, sp.newPo)

create rule stockBuyOnUpdateCash event

afterSellStock(stockId, price, portfolioId, numOfShares)

condition asynchronous

action

define portfolioOnUpdate as select p from p in portfolios where p.portfolioId = portfolioId and p.cash > p.buyThreshold decoupled from p in portfolioOnUpdate do buyStockOnUpdateCash(p)

create rule billingToAccountOnSell event

afterSellStockOnNewPO(stockId, price, portfolioId, numOfShares, pn)

action

deferred from p in portfolios where p.portfolioId = portfolioId do setAccountBillingOnSell(stockId, price, portfolioId, numOfShares, p.accountId)

FIGURE 23.6 Integration rules.

409

SL3054_frame_C23 Page 410 Tuesday, November 20, 2001 9:29 AM

410

The E-Business Handbook

the condition of the rule. Notice that the condition of the rule makes use of the actUpon externalized relationship between PendingOrder and Stock. The rule action then uses these bindings to trigger the sellStockOnNewPO application transaction. The second rule in Figure 23.6 is the stockBuyOnUpdateCash rule. This rule is triggered after the execution of the sellStock method within the PortfolioSession session bean as described above. Recall that the sellStock method is invoked from the sellStockOnNewPO application transaction in Figure 23.5. The stockBuyOnUpdateCash rule retrieves the portfolio object that was updated by the transaction and initiates the buyStockOnUpdateCash transaction if the new cash value of the portfolio is greater than a prespecified buy threshold. The buyStockOnUpdateCash transaction is assumed to examine the current cash on hand for the portfolio compared with any pending buy orders to determine whether any buy orders can be executed. The third rule in Figure 23.6 is the billingToAccountOnSell rule, which is triggered after the execution of the sellStockOnNewPO transaction. This rule demonstrates an event-action rule, retrieving the updated portfolio object and invoking the setAccountBillingOnSell transaction. This transaction will invoke a method on a session bean in the User container to bill the appropriate account for the sell activity. Figure 23.6 illustrates that integration rules support coupling modes similar to those from active rule technology (immediate, deferred, and decoupled), with an additional coupling mode known as asynchronous mode. The asynchronous coupling mode is illustrated in the condition of the stockBuyOnUpdateCash rule. An asynchronous coupling mode on a rule condition indicates that the transaction that raised the event (i.e., the parent transaction) can execute in parallel with the condition evaluation of the rule that was triggered (i.e., the child transaction). The parent transaction must, however, wait for the child transaction to finish execution before the parent transaction can commit. The transaction issues associated with the execution of the investment application in Figures 23.4-6 will be illustrated in further detail in Section 23.5 after a discussion of the architectural components of the IRules execution environment in Section 23.4.

23.4 ARCHITECTURAL FRAMEWORK Providing an execution environment for the IRules approach to component integration requires special architectural considerations. The EJB components of the environment are independent, distributed entities, with no knowledge of their participation in the IRules environment. EJB components also introduce transactional limitations that must be considered for more global transaction and rule processing activities within the environment. Furthermore, events within the environment can be generated from numerous sources. The IRules environment provides the necessary framework to support the execution of application transactions and integration rules over an object model as defined within a CDL schema. To establish the critical components of an IRules execution framework, we have developed a prototype that demonstrates the execution of the investment example described in the previous section. Our long-term goal is to develop a generalized IRules environment for the execution of arbitrary integration rules and application transactions over any schema expressed using CDL. At this stage in our research, however, the

SL3054_frame_C23 Page 411 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

Condition Evaluator

411

Action Performer Metadata Transaction Metadata

Transaction Manager

Rule Metadata

Rule Processor

Component Metadata

Event Handler

JACL Interpreter

Object Manager

IRules Event Topic

Method Events

Application Transaction Events

IRules Wrapper for Black-Box Component Black-Box Component ( Session/Entity EJB)

IRules Propagated Internal Events

Message Beans

Internal Events Black-Box Specific JMS Topic

FIGURE 23.7 Architectural components of the IRules environment.

investment prototype demonstrates the functionality that must be incorporated into the IRules layer that exists between the EJB components and the integration rule processor. The prototype also demonstrates transaction- and event-processing issues that must be considered to support the execution model of integration rules. Figure 23.7 presents an architectural diagram of the IRules execution prototype. As illustrated, the IRules execution environment contains many of the same functional components found in the general active rule architecture presented in Figure 23.1. The nature of these components is different, however, due to the need for executing in a distributed environment. Additional functional components also exist for handling EJB components and distributed events. The following subsections elaborate on different aspects of the architecture and discuss the execution issues associated with the environment.

23.4.1 WRAPPERS

FOR

BLACK-BOX COMPONENTS

One of the most critical aspects of the architecture is the need to generate wrappers for EJB components. The wrappers are referred to as IRules Wrappers and, similar to the components they wrap, they are also implemented as EJB components. IRules

SL3054_frame_C23 Page 412 Tuesday, November 20, 2001 9:29 AM

412

The E-Business Handbook

wrappers maintain a uniform interface for all EJB components, adding the required functionality that is needed for participation in IRules integration activities and thus serving as a proxy to the components of the environment. The compilation of a CDL schema results in the generation of code for the IRules wrappers of the black-box components. Each wrapper is of the same type as the component it wraps (i.e., an IRules entity bean wrapper is used to wrap a black-box entity bean component, an IRules session bean wrapper is used to wrap a black-box session bean component). All methods supported by the remote interface of a black-box component are included in the remote interface of its corresponding IRules wrapper. Methods of the component are accessed by calling the method in the wrapper, which then delegates the execution request to the black-box component. The method signature in the wrapper includes the same parameters as the method in the component as well as an additional parameter for passing the transaction context to the wrapper. This allows the wrapper to take care of global transaction processing details because the execution of one method on a component is typically a subtransaction in the execution of a larger application transaction.29 For operations that create instances of components, additional parameters are also included for initializing externalized relationships. For example, the operation to create a new instance of a PendingOrder in Figure 23.5 includes parameters for establishing the actUpon and orderedBy relationships defined in the CDL schema of Figure 23.4. After creating a wrapper instance and its corresponding instance in the black-box component, the values passed in the relationship parameters are used to establish externalized relationships. For example, in the PendingOrder wrapper instance, the actUpon value is used as a key in the findBy operation of the Stock wrapper to locate the stock component that is related to the pending order. Wrappers therefore provide the appropriate functionality for initializing and storing object references of externalized relationships. Wrappers also generate events associated with the execution of methods on components. As an example, the CDL schema in Figure 23.4 defines the generation of an event after the creation of a PendingOrder instance. The generation of such an event is handled in the IRules wrapper instance for the PendingOrder component after the wrapper invokes the create operation on the black-box component. More specific details about the implementation of wrappers can be found in Reference 30.

23.4.2 METADATA MANAGER In addition to generating the IRules wrappers, the compilation of a CDL schema also generates metadata that is critical to the integration process. As shown in Figure 23.7, the metadata consists of component metadata, rule metadata, and transaction metadata. The component metadata captures the information found in a CDL schema. The rule metadata describes the integration rules of the environment, while the transaction metadata identifies application transactions as well as transaction events and external events compiled from an EDL schema. The transaction manager, the rule processor, and the object manager must all communicate with the metadata component to identify and validate the rules, transactions, objects, and methods that are accessed in the integration process.

SL3054_frame_C23 Page 413 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

413

23.4.3 OBJECT MANAGER The execution of transactions and the evaluation of rule conditions require the invocation of methods on component instances. The object manager is responsible for accessing and manipulating components on behalf of the rule processor. The object manager uses component metadata and the abstract IRules wrapper interface to provide the rule processor with the appropriate references to remote interfaces. Rules and transactions can therefore be written with high-level application semantics in mind and without the need to be concerned about the details of remote component access. The main purpose of the object manager is to make the remote interfaces (i.e., stub classes) for accessing the EJB components available to the rule processor. In a normal EJB application programming environment, the client uses the Java Naming and Directory Interface (JNDI)31 to look up the home interface, which downloads the stub for the home interface through the RMI classloader. When the client invokes create or findBy methods on the home interface, the RMI classloader downloads the stub for the remote interface. The client program can then invoke business methods on the remote interface. In this manner, the client acquires the stub classes to interact with remote EJB components at run time. Because the rule processor is interpreting IRL rules and JACL scripts, references to the components are dynamic and are not compiled into the rule processor program. The rule processor will therefore be accessing stub classes that were previously unknown and unavailable to it. The object manager encapsulates both the process of accessing the IRules metadata for components as well as the process of acquiring stub classes for the home and remote interfaces. By isolating specific details about the component model within the object manager, we anticipate that this design that will allow us to accommodate additional component models in the future by implementing, for example, a COM+ object manager. The use of JNDI and the home and remote interfaces of EJB are implementation details that are specific to Java and the EJB component model. Thus the object manager encapsulates the choice of the EJB component model from the other system components of the IRules framework and architecture.

23.4.4 EVENT HANDLER The IRules distributed framework uses JMS technology to support asynchronous message passing during the execution of active rules. The JMS service provides maximum flexibility in terms of participants and objects that can be exchanged via the JMS service.29 JMS also integrates well with EJB technology, having been incorporated into the EJB 2.0 specification,4 for use with message beans. As described in Section 23.3, IRules events can be generated after the execution of methods on EJB instances. IRules events can also be generated after the execution of application transactions. Figure 23.7 illustrates that method events are generated by IRules wrappers. A wrapper first receives a request for the execution of a method on an EJB instance. The wrapper then invokes the method on the component instance. After the execution returns to the wrapper, the wrapper

SL3054_frame_C23 Page 414 Tuesday, November 20, 2001 9:29 AM

414

The E-Business Handbook

bundles the method parameter values, the event name, and the transaction context into an IRules data structure. The data structure is then published to the IRules event topic as an event message. The IRules event handler listening on the IRules topic forwards the event to the rule processor whenever a new event becomes available. Events generated by the transaction manager after the execution of application transactions are handled in a similar manner. Figure 23.7 also illustrates how the IRules environment handles internal events. Recall that internal events are events that were defined by a black-box component before its participation in the IRules environment. As long as the event is declared to the environment using CDL, then the event can be used to trigger IRules activities. Since an internal event is generated to a topic other than the IRules event topic, the IRules environment uses message beans to listen for such events. When an IRules message bean receives a notification about the occurrence of such an event, the message bean transforms the event into a message that is published to the IRules event topic. In the current IRules prototype, internal events generated by a blackbox component are unable to propagate the IRules transaction context. As a result, internal events can be used only to trigger integration rules with a decoupled eventcondition or event-action coupling mode to create a new top-level transaction. We are currently investigating the feasibility of handling external events in a manner similar to that of internal events.

23.4.5 TRANSACTION MANAGER

AND

RULE PROCESSOR

Application logic in the IRules environment is expressed through the use of integration rules together with application transactions. Application transactions are a sequence of business logic operations and are the typical mechanism for a client to interact with the IRules environment. In contrast, integration rules are triggered by events and are not directly executed by clients. The rule processor and transaction manager shown in Figure 23.7 work together to ensure that rules execute in the context of the transaction nesting.32 Using the EJB component model within the IRules environment introduces complications to transaction management. EJBs execute within a container and are not allowed to create new threads of execution. However, the IRules environment requires the creation of sub-transactions and new top-level transactions for rule processing. The IRules wrappers provide a mechanism for creating new threads of execution in the IRules environment. Because IRules wrappers are also EJB components, they are subject to the restrictions of the containerprovided services. Therefore, the IRules wrapper generates a JMS event to signal the requirement to start a new transaction, and the new thread of execution is started by the rule and transaction manager components outside of the EJB container. The integration rule or application transaction is processed within the newly created thread of execution by the rule processor. The IRules wrapper synchronizes with the rule processor according to the coupling mode of the newly executing rule in order to determine whether the currently executing transaction must suspend (for the immediate mode) or can continue execution (for the asynchronous, deferred, and

SL3054_frame_C23 Page 415 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

415

decoupled modes). The IRules wrappers serve as a transaction management interface between the IRules environment and the black-box EJB components in order to support rule processing. Fortunately, the EJB component model supports deploymenttime configuration of transaction requirements for components, so we can investigate various transaction configurations without modifying black-box components. In the IRules environment, a top-level transaction in a nested transaction hierarchy can be created through the execution of an application transaction or through the execution of a rule with a decoupled mode. The transaction manager establishes the transaction identifier and then forwards the transaction to the rule processor for execution. Since we are using JACL for writing transaction scripts, the rule processor communicates with the JACL interpreter for the actual execution process. The transaction context details are passed along to the script interpreter. Preprocessing of the script is done in order to get the actual references to components. The object manager must interact with the metadata on behalf of the rule processor to get a reference to the instance that wraps the black-box component. The script interpreter executes a method by calling the IRules wrapper, which acts as a proxy for the black-box component. The transaction identifier and context information is again passed forward to the wrapper, thus propagating the transaction context information to the EJB component layer. If an event was defined to be executed after the method in the CDL schema, then the wrapper generates the event after the black-box component completes execution of the method. As described in the previous section, IRules events are published to the IRules topic together with the transaction context information. The IRules event handler notifies the rule processor when a new event becomes available. The rule processor retrieves from the metadata any rules defined for this event and then starts a subtransaction or a new top-level transaction, depending on the coupling modes of the rule. The decoupled mode always signifies the creation of a new top-level transaction, while the immediate, asynchronous, and deferred modes require the creation of subtransactions within the current transaction hierarchy. When the rule processor completes the execution of a JACL-scripted application transaction, the completion of the transaction is communicated back to the transaction processor, where the transaction processor may also generate events with transaction context information to the IRules event topic. As with method events, transaction events can also trigger the execution of integration rules.

23.5 EXECUTION OF AN INVESTMENT SCENARIO: AN ILLUSTRATION To illustrate how the architectural entities in Figure 23.7 work together to support rule and transaction processing in the IRules environment, Figure 23.8 illustrates the execution of the investment scenario introduced in Section 23.3. In particular, Figure 23.8 illustrates how the transactions and rules from Figures 23.5 and 23.6, respectively, execute in the context of the CDL schema in Figure 23.4. As a high-level summary of the scenario, recall that the clientWantsToSellStock transaction creates a new PendingOrder component. The creation of a new PendingOrder

SL3054_frame_C23 Page 416 Tuesday, November 20, 2001 9:29 AM

416

The E-Business Handbook

clientWantsToSellStock

Application transaction {

new PendingOrder

Immediate

newStockSellPendingOr

Event (afterCreatePendingOrder)

der-rule Check Condition

Immediate Action:

sellStockOnNewPO Application transaction {

new SessionBean SessionBean sellStock Event (stockBuyOnUpdateCash)

stockBuyOnUpdateCashAsynchronous

rule Check Condition

setStatus

Continue

printInfoOfPurchase

Decoupled

}

precommit ask asyn rule result Event (afterSellStockOnNewPO) Continue

commit

Action:

buyStockOnUpdateCash

Application transaction { }

PrintOperationInfo }

Deferred Deferred

Precommit ask asyn rule result (none) process deferred rule set

deferred to billingToAccountOnSell-rule

Action: Execute

setAccountBillingOnSell

Application Transaction {

commit

} Continue

commit

FIGURE 23.8 Execution of investment scenario.

component raises the afterCreatePendingOrder event that triggers the execution of the newStockSellPendingOrder rule. This rule determines whether the new pending order is a sell transaction with an appropriate price level that is still in the waiting state. If so, then the rule action invokes the sellStockOnNewPO transaction. The execution of this transaction raises two IRules events: the afterSellStock method event after the execution of the sellStock method on Portfolio and the afterSellStockOnNewPO transaction event after completion of the application transaction. The afterSellStock event triggers the stockBuyOnUpdateCash rule to determine whether to execute a transaction for performing buy activities. The afterSellStockOnNewPO event triggers the billingToAccountOnSell rule to bill the user for the sell transaction. The description that follows demonstrates the execution model of integration rules, the interaction that takes place between rules and transactions, and the manner in which the architectural entities are used to support the execution.

SL3054_frame_C23 Page 417 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

23.5.1 TRACE

OF THE

417

EXECUTION

After a user invokes the clientWantsToSellStock transaction, the transaction manager communicates with the metadata manager to retrieve the transaction definition. The transaction manager uses the transaction definition and the argument values from the clientWantsToSellStock invocation to form parameter bindings that are passed to the rule processor. The transaction manager starts a new thread of execution and requests that the rule processor execute the transaction. In Figure 23.8, the bold outline for the clientWantsToSellStock transaction denotes a top-level transaction in the nested transaction hierarchy. The rule processor communicates with the metadata manager to retrieve the JACL script for the transaction. The rule processor then communicates with the JACL interpreter to execute the script operations. The rule processor obtains remote interface references for the EJB wrapper from the object manager before sending the script to the JACL interpreter for execution. The first script operation in the clientWantsToSellStock transaction is an operation to create a new PendingOrder instance. The wrapper for the PendingOrder component receives the request, creates a new proxy instance in the wrapper for storing externalized relationships with Stock and Portfolio and then invokes the create method on the black-box PendingOrder component. The wrapper then generates the afterCreatePendingOrder event by posting the event message to the IRules event topic. The event handler has its own thread of execution that is independent of the thread of transaction execution. When the afterCreatePendingOrder event is posted to the IRules topic, the event handler is notified of the event. The onMessage method of the event handler creates a new thread to process the event. The event handler then asks the rule processor to process any rules that may be triggered by the event. The rule processor consults with the metadata manager to find rules that are triggered by the event. In this case, the metadata manager identifies the newStockSellPendingOrder rule for execution. From the transaction context of the event and the rule coupling modes, the rule processor determines whether to create a new transaction or to create a subtransaction. In this case the rule processor creates a subtransaction and starts a new thread of execution to process the rule. For the newStockSellPendingOrder rule, the event-condition coupling mode is immediate. As a result, execution of the clientWantsToSellStock transaction is halted until the rule completes execution. The newStockSellPendingOrder rule is started as a subtransaction of the clientWantsToSellStock transaction. If the condition evaluation of the rule returns a nonempty set of bindings as specified in the define statement of the rule condition, the application transaction sellStockOnNewPO in the action of the rule is executed. Since the condition-action coupling mode for the rule is immediate, the transaction is immediately executed within the same subtransaction as the rule. Recall that the sellStock method is executed as part of the sellStockOnNewPO transaction and that the afterSellStock event is generated by the IRules wrapper when the execution of the method is complete. The afterSellStock event is posted to the IRules event topic. The event handler receives the event message and instructs

SL3054_frame_C23 Page 418 Tuesday, November 20, 2001 9:29 AM

418

The E-Business Handbook

the rule processor to process rules associated with the event. At this point, the stockBuyOnUpdateCash rule is triggered as illustrated in Figure 23.8. The eventcondition mode is asynchronous, meaning that the execution of the rule proceeds in parallel with the execution of the sellStockOnNewPO transaction. The asynchronous coupling mode is generally used for cases where the remainder of the transaction that raised the event does not depend on the results of the rule execution. Within the subtransaction for the stockBuyOnUpdateCash rule, the conditionaction coupling mode is decoupled. The decoupled mode signals to the rule processor that the action should be executed as a new transaction separate from the current transaction hierarchy. The dashed heavy lines in Figure 23.8 signify the creation of a new transaction in the execution process. After the sellStockOnNewPO transaction executes in parallel with the stockBuyOnUpdateCash rule, the transaction must wait in the precommit phase for a commit notification from the asynchronous rule execution. After the rule action spawns the new top-level transaction for the decoupled action, the rule sends a continue notification to the waiting transaction. The commit of the sellStockOnNewPO transaction causes two separate actions in the system. First, the rule processor notifies the transaction manager about completion of the script. The transaction manager then consults with the metadata manager to determine if an application transaction event should be generated. The afterSellStockOnNewPO event is posted to the IRules event topic. The rule processor is then invoked by the event handler and the billingToAccountOnSell rule is retrieved. Since the event-action coupling mode of the rule is deferred, the execution of the rule action is delayed until the end of the clientWantsToSellStock transaction.7 The completion of the newStockSellPendingOrder rule is also communicated back to the clientWantsToSellStock transaction so that the rest of the transaction can continue to execute. The precommit phase of the clientWantsToSellStock transaction then processes the deferred action of the billingToAccountOnSell rule as a subtransaction.

23.5.2 EXECUTION COMMENTARY The demonstration of this particular execution scenario illustrates several important points about the IRules component integration framework. In the IRules environment, application transactions can be written to access methods over distributed components. The CDL schema of the application object model together with events expressed using EDL provide the semantic framework for the expression of rules and transactions that make use of the IRules enhancements to distributed components, such as externalized relationships and events. The IRules approach to component integration therefore provides the conceptual language framework to support integration activities. In addition, the object manager provides an additional layer of abstraction that allows the application integrator to reference components at a semantic level, without concern for the implementation details of the specific component model being accessed. The coupling of the transaction processor with the rule processor also allows the IRules environment to support a rule-based approach to handling events. The

SL3054_frame_C23 Page 419 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

419

IRules environment manages the execution of rules and transactions to ensure that all rule and method executions occur within the appropriate nested transaction hierarchy. The execution of rules is under the control of the transaction processor so that rules can be processed as subtransactions or can be used to spawn separate transactions if necessary. This service by the IRules environment frees the application integrator from having to code the low-level details associated with distributed transaction processing, especially when trying to execute methods over EJB components as subtransactions within a larger, global transaction. Rather than embedding the logic of event handling actions into application code, the IRules environment supports the declarative specification of business rules and the subsequent execution of such rules, handling the necessary transaction processing semantics. Not only does this approach allow the application integrator to focus on application logic, but it also creates an integration approach that can be more easily changed as the application evolves. Different transaction semantics can also be expressed at a high level through the use of different coupling modes for integration rules.

23.6 FUTURE DIRECTIONS This chapter has presented the IRules approach to component integration together with the architectural framework and execution environment that is necessary to support such an approach. Our current research on the IRules project is investigating several different issues. We are currently expanding the prototype into a general-purpose rule processor, investigating the use of Jini technology as the distributed computing backbone of the environment.33 Jini provides flexible transaction processing capabilities and also offers JavaSpaces as a unique approach to the management of metadata for the distributed environment.29 We are also investigating the use of Jini to support the development of a truly distributed rule processor, with multiple instances of the rule-processing architectural components running on different Java Virtual Machines. In the development of the general-purpose rule processor, we are investigating concurrency control issues for the execution of rules and transactions and expanding the nested transaction model into an open-nested transaction model that can deal with failure and recovery issues. With respect to language issues, we are currently developing a compiler for the IRules Definition Language that uses JavaSpaces for the storage of metadata and automatically generates the EJB wrapper code for the components. We are also investigating condition evaluation techniques for IRL rule conditions that involves distributed query processing over the distributed components of the environment based on the object model of the CDL schema.

ACKNOWLEDGMENT This research was supported by NSF Grant No. IIS-9978217.

SL3054_frame_C23 Page 420 Tuesday, November 20, 2001 9:29 AM

420

The E-Business Handbook

REFERENCES 1. Object Management Group: The Common Object Request Broker, Architecture and Specification, Revision 2.3.1, Oct., 1999. 2. Urban, S.D. et al., The IRules Project: Using Active Rules for the Integration of Distributed Software Components, Proc. 9th IFIP Working Conf. Database Semantics: Semantic Issues in E-Comm. Sys., Hong Kong, Apr. 2001, pp. 265-286. 3. Widom, J. and Ceri, S., Active Database Systems: Triggers and Rules for Advanced Database Processing, Morgan Kaufmann, San Francisco, 1996. 4. Enterprise Java Beans Specification 2.0 Proposed Final Draft 2, Apr. 2001.http://java.sun.com/products/ejb/doc.html. . 5. Paton, N.W., Active Rules in Database Systems, Springer Verlag, New York, 1999. 6. Chakravarthy, S. and Le, R., ECA Rule Support for Distributed Heterogeneous Environments, Proc. Int. Conf. Data Engrg., Orlando, 1998. pp. 601. 7. Adbellatif, T., An Architecture for Active Database Systems Supporting Static and Dynamic Analysis of Active Rules Through Evolving Database States, Ph.D. Dissertation, Arizona State University, Department of Computer Science and Engineering, Fall 1999, pp. 375. 8. Ayyaswamy, K., The Design and Implementation of a CORBA-Based Environment for Distributed Constraint Maintenance, Arizona State University, M.S. Thesis, Department of Computer Science and Engineering, 1999. 9. Sundermier, A., Dietrich, S.W. and Shah, V., An Active Database Approach to Integrating Black-box Software Components, Proc. 23rd Ann. Int. Comp. Software & Appl. Conf., Phoenix, AZ, 1999, pp. 403-409. 10. Chappell, D., Understanding ActiveX and OLE, Microsoft Press, 1996. 11. Vinoski, S., CORBA: Integrating Diverse Applications within Distributed Heterogeneous Environments, IEEE Comm. Mag., vol. 35, no. 2, February 1997, pp. 46-55. 12. Szyperski, C. and Pfister, C., Component-Oriented Programming: WCOP ’96 Workshop Report, Special Issues on Object-Oriented Programming: Workshop Report of the 10th ECOOP ’96, Linz, Austria, 1996, pp. 127-130. 13. Java 2 SDK, Enterprise Edition 1.3 Beta 2 Release. http://java.sun.com/j2ee/. 14. BEA WebLogic Application Server, http://www.bea.com/products/servers_application .shtml. 15. IBM Websphere Application Server, http://www-4.ibm.com/software/webservers/. 16. Java Message Service 1.02, Nov., 1999, http://www.javasoft.com/products/jms. 17. Barrett, D., Clarke, L., Tarr, P., and Wise, A., A Framework for Event-Based Software Integration, ACM Trans. Software Engrg & Meth., vol. 5, no. 4, Oct. 1996, pp. 378421. 18. Reiss, S., Connecting Tools Using Message Passage in the FIELD Environment, IEEE Software, vol. 7, no. 4, July 1990, pp. 57-66. 19. Purtilo, J. M., The POLYLITH Software Bus, ACM Trans. Prog. Languages & Sys., vol. 16, no. 1, Jan. 1994, pp. 151-194. 20. Ma C. and Bacon, J., “COBEA: A CORBA Based Event Architecture,” Proc. 4th Conf. Object Oriented Tech. & Sys. (COOTS), New Mexico, Apr. 1998, pp. 117-131. 21. Pissinou, N., Makki, K., and Krishnamurthy, R., An ECA Object Service to Support Active Distributed Objects, Informatics & Comp. Sci., 1997, pp. 63-104. 22. Bultzingsloewen, G., Koschel, A., and Kramer, R., Active Information Delivery in a CORBA-based Distributed Information System, Proc. 1st Int. Conf. Cooperative Info. Sys. (CoopIS’96), Brussels, Belgium, June 1996, pp. 218-227.

SL3054_frame_C23 Page 421 Tuesday, November 20, 2001 9:29 AM

Distributed Software Component Integration

421

23. Koschel, A and Kramer, R., Configurable Event Triggered Services for CORBAbased Systems, Proc. 2nd Int. Enterprise Dist. Comp. Workshop (EDOC’98), San Diego, California, Nov. 1998, pp. 306-318. 24. Koschel, A. and Lockemann, P., Distributed Events in Active Database Systems: Letting the Genie Out of the Bottle, J. Data & Knowledge Engrg., vol. 25, 1998, pp. 11-28. 25. Rumbaugh, J., Relations as Semantic Constructs in an Object-Oriented Language, Proc. OOPSLA, 1987, pp. 466-481. 26. Cattell, R.G.G., The Object Database Standard, ODMG 3.0, Morgan Kaufmann, 2000. 27. Johnson, R., “TCL and Java Integration,” http://dev.scriptics.com/software/java/tcljava.pdf. 28. Ousterhout, J., TCL and the TK Toolkit, Addison-Wesley, 1994. 29. Urban, S. D., Saxena, A., Dietrich, S. W., and Sundermier, A., An Evaluation of Distributed Computing Options for the Integration of Black-Box Software Components, Proc. 3rd Int. Workshop on Adv. Issues of E-Comm. & Web-Based Info. Sys. San Jose, CA, June 2001. 30. Dietrich, S.W. et al., S., A Language and Framework for Supporting an Active Approach to Component-Based Software Integration, submitted for publication, 2001. 31. Java Naming and Directory Interface (JNDI) 1.2, 2001, http://java.sun.com/products/jndi. 32. Gray, J. and Reuter, A., Transaction Processing: Concepts And Techniques, Morgan Kaufmann, San Mateo, CA, 1994. 33. Edwards,W., Core Jini, Prentice Hall, 1999.

SL3054_frame_C23 Page 422 Tuesday, November 20, 2001 9:29 AM

SL3054_frame_C24 Page 423 Tuesday, November 20, 2001 9:42 AM

24

Collaborative Architectures that Support Electronic Business Conan C. Albrecht

CONTENTS 24.1 Introduction ..................................................................................................423 24.2 Highly Interactive Applications are Complex .............................................424 24.3 Programming Frameworks...........................................................................425 24.3.1 Framework Goals .............................................................................425 24.4 The Collaborative Server .............................................................................428 24.4.1 Property Hierarchy ...........................................................................430 24.4.2 PropertyHandles ...............................................................................432 24.4.3 Child Indices ....................................................................................432 24.4.4 Client Proxy Objects........................................................................433 24.4.5 Event System....................................................................................435 24.5 Sessioning, Security, and Locking...............................................................437 24.6 Firewalls .......................................................................................................438 24.7 Summary ......................................................................................................439 24.7.1 Testing and Evaluation.....................................................................440 24.7.2 Contributions ....................................................................................440 24.7.3 Limitations .......................................................................................441 24.7.4 Future Research................................................................................442 References..............................................................................................................442

24.1 INTRODUCTION The Internet, popularized in the 1990s with the advent of the World Wide Web (WWW), has become a foundation technology for today’s e-business applications. These applications enable diverse parties to communicate easily in ad hoc fashion. Previous to the wide use of the Internet, companies that participated in e-business used methods such as electronic data interchange (EDI), remote procedure call 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

423

SL3054_frame_C24 Page 424 Tuesday, November 20, 2001 9:42 AM

424

The E-Business Handbook

(RPC), or the common object request broker architecture (CORBA) to communicate transactional data and information. While these methods are powerful and enable complex transactions to take place, they require significant setup on both sides. Today’s Internet allows companies much more flexibility in communicating with one another. However, despite the major leap forward that the popularization and wide adoption of the Internet brought to businesses, much work still remains. The WWW and e-mail are still the primary ways businesspeople use the Internet. In fact, most Internet users incorrectly term the Internet and the WWW plus e-mail as the same thing! While both the WWW and e-mail provide valuable capabilities to business, both are asynchronous. The WWW provides static (and sometimes dynamic) pages of text and graphics that users download and display locally. Any updates to the pages require refreshing of browser windows. In effect, the browser window must be cleared and the entire page reloaded. Similarly, e-mail provides only asynchronous communication. Few people would use e-mail to hold a highly interactive two-way conversation.

24.2 HIGHLY INTERACTIVE APPLICATIONS ARE COMPLEX Highly interactive applications that use the Internet for communication require much more advanced programming than asynchronous applications such as the Web and e-mail. Only a few very specialized applications that use the Internet as their base technology have enjoyed widespread acceptance. Examples include Microsoft’s NetMeeting, which allows distributed participants to chat (text and voice) with one another; and online virtual games, which provide semi-advanced graphics for distributed, multiplayer games. These applications have been successful only with significant development resources and testing. Their success cannot be easily repeated by others. Companies wishing to participate in e-business normally cannot provide the needed levels of funds and time to enable real-time, highly synchronous applications that support their specific needs. Many of the complexities of programming highly synchronous Internet-based applications are listed as follows: • Network programming models (such as RMI and CORBA) present complex application programming interfaces (APIs) and new problems not found in local area network (LAN) environments. For example, firewalls are ever present in the Internet business world and must be worked around for applications to function correctly. • Traditional environments are normally homogeneous in their hardware, operating system, and software, allowing programmers high control over protocols, installation procedures, and application behavior. In contrast, the Internet is, by definition, a heterogeneous network of smaller, disparate networks. Programmers have very little control over the environments within which their applications run.

SL3054_frame_C24 Page 425 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

425

• Data replication and consistency issues require significant programming. These issues, normally handled by relational database systems, cannot be easily solved with off-the-shelf software. Further, packet and message ordering and timing cannot always be predicted with computers connected over public networks such as the Internet. • Real-time applications generally require high bandwidth. While bandwidth is not an issue in local applications, distributed clients are often connected over 14,400-baud modems that do not respond well to high concurrency. GSS applications have traditionally been immediate in their shared-view updates. This functionality, while possible with distributed clients, requires complex programming to achieve robust and scalable solutions. • Distributed, highly interactive applications share many common behaviors, such as shared views, data replication, access control, etc. Network application programmers often “reinvent the wheel” in solving these problems, rather than building upon a standard tested set of solutions.

24.3 PROGRAMMING FRAMEWORKS In response to the complexities listed above, a framework was developed that provides rapid application development of networked, distributed, highly interactive applications. A programming framework is a tested abstracted way of approaching a problem space (such as interactive e-business applications). Frameworks normally include not only a specialized design process, but also a set of tools and components that automate much of the work. These components are “dropped into” new applications to provide instant, robust, efficient functionality. This approach is much like an automobile manufacturing process: car manufacturers, such as Ford or Honda, do not normally build their cars from scratch. Rather, they combine components made around the world, such as the frame, wheels, tires, sound system, seats, paint, etc., to assemble the finished automobile. In like manner, programming frameworks enable designers and programmers to speed the process of application design and implementation. Finished programs are normally more efficient and robust than those built from scratch.

24.3.1 FRAMEWORK GOALS Given these problems and complexities, several goals were outlined for a new architecture and programming model. The Collaborative Server, the end product of this effort, included the following goals, which were outlined as the foundation of this research: • Rapid Application Development: Programmers should be capable of programming complex applications very quickly within the framework. As the server provides collaborative behavior and Java’s Swing provides standard user interface components, this goal is attainable. In addition,

SL3054_frame_C24 Page 426 Tuesday, November 20, 2001 9:42 AM

426

The E-Business Handbook

•

•

•

•

•

•

the server API should be simple so programmers can quickly harness the power of the framework. Dynamic Data Structures: The server must be based in dynamic data structures that allow it to be used in a wide range of application spaces. For example, if a relational database is used for data persistence, the schema must not define tables and fields that are specific to any product area. Rather, the schema must be flexible enough to handle graphics, text, sound and video bytes, and other data types in various forms of organization (lists, trees, and even more complex graphs). Thin Common Client: The initial cost of Java development is the need for the Java Virtual Machine (JVM), which is currently a 5 megabyte download. The JVM is the engine that allows common Java code to run on many different platforms and is packaged for applet use as a browser plug-in. Because full-featured client applications are required, there is no way around the dependence upon the JVM. However, all code beyond the JVM should be thin, light, and small. This allows downloaded applets to start very quickly, even on slower modem connections. As a rule of thumb, the client download should be less than 150K. A Common Client: A common client that all applications run within must be built in Java. The common client should take care of the initial bootstrap process, which includes connecting to the server, establishing event queuing, logging in and sessioning, and application invocation. The client should provide a standard frame that application panels are placed into. A further advantage of the common client is increased potential for caching. Because most browsers cache files downloaded from the Internet, users have downloaded the common client, they should be able to run all framework-based applications without needing to download the common client again. Multiple Client Environments: Because applications must be written to an interface that allows them to be placed into a common client, multiple client environments can be programmed. At least three environments should be provided: applet-based, application-based, and Web-browserbased. User-Interface Driven: Because the server provides access to data as well as common collaborative behaviors, client programmers should be able to focus almost solely on user interfaces. It is expected that, after the common client download, most other classes downloaded will be user interface classes. These classes should be downloaded upon demand by the clients; if a user does not open certain screens or dialogs of the application, these class definitions should not be downloaded. Distributed: The new server should fully support distributed applications. In addition, the data should be kept on the server or set of servers and not on client machines. The applications should be accessible from any client computers on the Internet, providing they have firewall and security access to the applications.

SL3054_frame_C24 Page 427 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

427

• Real-Time: The applications built upon the framework should be multiuser applications. They should be real-time in their ability to replicate data very quickly to all clients connected to a server. Therefore, when one client modifies data on the server, all other clients accessing that same data should immediately see the changes on their screens. While data is real-time, users should be in control of their applications. A modern event system should provide the replication to clients; this event system should be based upon industry-standard messaging theory. • Locking: Multiple users should be able to access the same data at the same time in a robust, consistent way. Therefore, a locking system should be provided by the server and should be automatic at all possible locations. • Security: The server should explicitly manage access to data and applications. Clients should not make decisions on security — decisions must be made at the server level. Having the server manage security ensures that rogue client programs cannot undermine security. Clients should be assigned session tokens containing their rights that are good for a period of time. All server access is carried out through these tokens, and the server may refuse access based on token rights. Sessioning also prevents usernames and passwords from crossing the network unnecessarily. • Portable: The server should be programmed in Java so it can run on a wide variety of operating systems. In addition, no proprietary ties to any third-party code should be made. Custom systems should be written when standard Java interfaces do not provide. For example, the inclusion of custom security and messaging systems ensures the framework is portable to different platforms. • Efficient: While the server is being developed as a prototype, high efficiency is required to ensure scalability and quick replication. These efficiencies should not affect the overall server or client interface, but should integrate seamlessly whether the efficiency-based code is enabled or not. In addition, replication should take place only between clients viewing the same data. Data updates for parts of the application that are not currently visible (other than for caching) are unnecessary. Therefore, the server must know the location of users and what data they are interested in. These lists should be programmed in an efficient manner and should not unnecessarily spend server processor time. • Scalable: The server should initially support small groups of clients (1–50 machines). It is hoped that, within a short time, the server code can be moved to a production-scale server to serve several thousand clients at a time on a single machine. The server code should be written to allow for n-tiered server architectures. Client machines should view their server as the only worldwide server for their data. However, the server might, in actuality, be one in a large set of n-tiered servers, either in hierarchical or workgroup fashion. • Robust: At their most basic level, collaborative applications share data. In the case of this server, data should be kept on the server machine(s). Clients have little control over the integrity of their data. Therefore, it is

SL3054_frame_C24 Page 428 Tuesday, November 20, 2001 9:42 AM

428

The E-Business Handbook

imperative that server data are never lost. Data integrity includes consistency (different clients should always have a current view of the data), and storage (the back-end data storage schemes used by the server should be robust).

24.4 THE COLLABORATIVE SERVER The CMI Collaborative Server (also called the “Framework”) is a proof-of-concept that a highly abstracted, generalized server can be created.1 The following paragraphs describe its design. The Collaborative Server started with the goals outlined above. These goals drove the initial development of server models and diagrams. The server plan is shown in Figure 24.1. The diagram is separated into four areas: the Application/Applet square, the Servlet access area, the Server square, and the Data Controller square. The Application/Applet square represents the main client view into application data. Following the tradition of MVC,2 client applications are views of server-side objects. These

Internet Client

Server Lightweight Messaging System

View of Application Data Data Controller *

User System

View of Application Data

Data Controller *

Application or Applet

* The Data Controller

Client

Controls:

Web Browser

Client

Servlet Access To Application Data

Web Browser

FIGURE 24.1 Initial server model.

- Data Access - Data Security - Messaging and Replication - Persistence Must be Dynamic

SL3054_frame_C24 Page 429 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

429

views are connected at runtime to provide dynamic and real-time distributed functionality. Because full-featured clients are not always possible or desirable, the Server must support more basic access to applications. The Servlet area fills this need with an HTML-based, Web browser entry into applications. The Framework should handle most of the differences between Applet-based and Servlet-based applications. The Server square shows the heart of the Collaborative Server: the data controllers. These controllers (which are termed Properties) are described in the Data Controller square. They control access to, security of, messaging and replication for, and persistence of application data. Controllers are dynamic to allow them to control any type of data. In addition, the Server square shows the need for a lightweight messaging system as well as a full-featured user system. The Collaborative Server is better viewed as a programming framework than as a server. It makes use of several other servers, including an operating system, a database, a Java Virtual Machine, and an Enterprise Javabeans server to achieve its functionality. It automates most of the work involved in distributed programming, leaving only those things that are explicitly application-specific (such as user interfaces) to the programmer. As shown in Figure 24.2, the framework is only part of a larger set of servers and applications. The system hardware and operating system (OS) form the foundation layer of the architecture. They are responsible for managing file structures, TCP/IP and network connectivity, and multitasking. The Java Virtual Machine (JVM) is run from the OS command line. The JVM translates Java bytecodes from the layers above it to the native OS and hardware calls of the platform beneath it. This translation allows the Collaborative Server to be run on any Java-enabled platform, including Windows, Solaris, Linux, Macintosh, and many others. A database provides a means for data persistence. Because Property values are serialized in binary form to the database, several database types are supported, including relational formats, object-oriented databases, and even simple file-based systems. The data persistence scheme is hidden from applications, so it can be swapped at any time without affecting existing code.

Application Views CMI Collaborative Framework Enterprise Javabeans Server Java VM

Database

Hardware / OS

FIGURE 24.2

SL3054_frame_C24 Page 430 Tuesday, November 20, 2001 9:42 AM

430

The E-Business Handbook

The Enterprise Javabeans Server (EJB) controls remote access to server-side Property objects. Properties are a special type of EJB object that allows them to be managed by any EJB server (The framework currently utilizes an open-source EJB solution.) The EJB server controls the creation and activation of Property objects, including managing which Properties are in memory and which are saved to the database at any given moment. It also interacts with the database system to persist Properties and their values. The Collaborative Framework is built upon the EJB foundation. It deals with many issues left open by the layers beneath it, including messaging, locking, security, and data scaffolding. To support the original RAD goals of the framework, it includes everything that can possibly be abstracted out of the application layer above it, leaving only those things that must be application-specific to the programmer. The Application layer includes application-specific user interfaces that give clients custom views into the Property structure. It also includes business logic that cannot be managed automatically by framework.

24.4.1 PROPERTY HIERARCHY The Property hierarchy is the heart of the Collaborative Server. All activity revolves around Property objects, which provide the foundation for data persistence and control. Properties are organized in hierarchical fashion, similar to object hierarchies. This structure serves as a sort of “scaffolding” for all shared data in applications. The Property hierarchy is best explained with a well-known example: a User class. Most collaborative applications have a class that contains user information, such as username, password, real name, phone number, e-mail address, post office address, and title. Figure 24.3 shows a simplified but typical object-oriented (OO) approach for representing a user.

Traditional OO User Object

Framework OO Property

Name

Property

First

Property

First

Middle

Property

Middle

Last

Property

Last

Salary

Property

Salary

Phone Number

Property Number

Phone Number

Email

Property

Email

FIGURE 24.3 Traditional OO vs. Framework OO.

SL3054_frame_C24 Page 431 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

431

Traditional OO: The main structure–the user object–contains a sub-object, name (holding string variables for first, middle, and last name), a number variable for salary, a string variable for phone number, and a string variable for e-mail. The user object holds references to each of the sub-objects it contains, and it manages their existence in memory and on disk. Object-oriented programming typically includes all code required to manage these objects within the class. The “Framework OO” diagram in Figure 24.3 is a converted version of the traditional one. It shows the modifications the architecture makes on traditional OO programming. The base data of name, salary, phone number, and e-mail still exist. However, no governing user object references them. Rather, each value has a Property object managing it. Thus, in Framework program design, all management, references, and pointers are moved to the Property structure and away from the actual data objects. The top-level Property in the diagram above still represents the “User” object. However, no actual data are associated at this level, so it does not point explicitly to data (although it could in other instances). It is assumed that this top-level Property is managed by other parent Properties above it. The entire structure finally ends in a top-level Root Property that manages the data of an entire application. As stated earlier, the Property object abstracts many collaborative and other functions into a single class. Therefore, the eight Property objects shown above are different instantiations of the same class. Experience shows that the Property class can be applied to most application domains. Note also that the values are atomic: string, number, and date. While this is the normal case, these values could also be more complex structures, such as arrays, lists, or even large graphs. The granularity of Property values is governed by application context and purpose. Each Property governs a single datum, called the Property’s value (even though that “datum” might be a complex object graph). This value is accessed through the Property’s getValue( ) and setValue(Object) methods. A Property manages the following about its value: • Security access: All access to the data behind a Property is governed by an access control list in the Property structure. No other access is given, even through low-level database calls. • Messaging: Property objects are natively collaborative objects. Changes to their data are automatically routed to all interested clients. • Viewing: Property values are viewed by clients using a modified ModelView-Controller architecture. Viewers are created by programmers per application, and are the main focus of application design work . • Locking: Properties can be locked at nine levels of access, giving a client exclusive, shared, or replicated access to a Property’s value. • Persistence: Programmers save data through a Property’s setValue(Object) method, after which the Framework and EJB server persist the change. No other action is required by the programmer.

SL3054_frame_C24 Page 432 Tuesday, November 20, 2001 9:42 AM

432

The E-Business Handbook

Each Property contains a globally unique identifier (GUID), which uniquely identifies the Property in space and time. A GUID is a concatenation of the creation time (in milliseconds) and the server IP the Property was created on. It should never duplicate. The Property hierarchy is maintained by parent and child references kept within each Property. Child Properties can be referenced with any number of indices, which are explained later in this chapter. The Property values do not need to keep explicit references to their parent values or children’s values because this information is kept at the Property level.

24.4.2 PROPERTYHANDLES PropertyHandles are GUID-based handles to Property objects. They increase efficiency when clients connect to server-side Properties. Because Properties are remote objects, socket connections are opened for each reference that is achieved. While Java automates and encapsulates this process through the use of stubs and skeletons, each reference opens a real port on both client and server machines. The tree structure of the Property hierarchy is maintained via multiple references to parent and child Properties. When accessed from remote JVMs, these parent and child references potentially bind a significant number of sockets across the network. If allowed to perpetuate throughout the entire tree and across applications, the number of available server sockets would soon be exhausted. In addition, the processing time required to negotiate newly opened sockets is detrimental to system performance. PropertyHandles increase efficiency by decreasing the number of required sockets. A PropertyHandle has only one persistent value: the GUID of the Property it references. Therefore, when a PropertyHandle is serialized, its connection cache and references do not serialize with it. The transient connections are made anew in the new process. Making connections from PropertyHandles to actual server Properties is handled by the PropertyHandle.getInstance( ) method. When getInstance( ) is called, the PropertyHandle first looks in its cache to see if it has already made a remote connection to the Property. If not, it asks its parent PropertyHandle for a reference to the child it points to. Finally, if the parent does not have a connection, the PropertyHandle asks the server to find the object in the database, reinstantiate it back into memory, and return a remote reference. The PropertyHandle caches this connection for more efficient future use.

24.4.3 CHILD INDICES The Property structure is an n-tiered tree structure. The tree structure was chosen because it provides a generalizable standard way to represent data. Client views are also tree-like structures: the root frame holds references to sub-viewers such as the menu, the toolbar, and the main application window. Each part of the view connects to its related Property on the server. This process of references continues recursively down to basic components such as text fields and buttons. Figure 24.4 shows how these references might work in a viewer of the User object example above.

SL3054_frame_C24 Page 433 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

433

Framework OO Property

Property

View User Information First Name:

Property

First

Property

Middle

Property

Last

Middle Name: Last Name: Salary: Phone:

Property

Salary

Property

Phone Number

Property

Email

E-mail:

OK

FIGURE 24.4 Viewer references to server properties.

When the “View User Information” dialog box on the left is created on the client side, it connects to its specified Property on the server. It then creates its frameworkenabled components — text fields in this case — and connects them to their respective Properties to show the data values. The tree structure does not artificially place constraints on program design because each Property value contains one object. These objects can be as complex as the programmer needs (hash tables or other graphs). Therefore, while the Property structure is tree-based, the Property values can be any structure supported by OO. Child Indices hold the backbone references of the server’s tree structure. Properties hold any number of index types, and each index contains any number of child Properties. Indices are plug-ins that allow different types of references to child objects. The ChildIndexer interface defines the methods of an indexer, and the IndexKey interface defines a key type to be used with a given ChildIndexer. While programmers can create application-specific indices upon these interfaces, three default indices (id, sequential, and name) are included with the framework.

24.4.4 CLIENT PROXY OBJECTS The server adapts standard RMI techniques for increased efficiency and to support RAD programming. Rather than modify RMI stubs (which was the first approach taken), a proxy object has been inserted between the client-side viewer and the client-side stub. These layers are shown in Figure 24.5. RMI stubs normally expose the remote object’s interface so local objects can act on the stub as if it were the real object. The client proxy object implements the Property interface so the viewer object can act on the proxy as if it were the remote

SL3054_frame_C24 Page 434 Tuesday, November 20, 2001 9:42 AM

434

The E-Business Handbook

Exposes a Property Interface to Viewer

View

Client Proxy

Internet RMI Stub

RMI Skeleton

Property

Value

FIGURE 24.5 Client proxy objects.

Property. Therefore, the RMI stub “thinks” it is talking to the view, and the view “thinks” it is talking to the Property. Efficiency is increased by short-circuiting many calls to the server. For example, because a getChild(GUID) call returns a PropertyHandle with the given GUID, the Proxy object simply creates a client-side PropertyHandle with the GUID and returns it immediately back to the viewer. No cross-network call is necessary, and the server is relieved of some work, allowing it to process other client needs. Application coding is made simpler (and thus faster) because Proxies handle security concerns such as sessioning and logins. Sessioning is described in detail in the User Directory section below. For session tokens to be used with all Property interactions, they must be sent across the network with each call to the server. The Proxy object attaches this token automatically to all server calls, freeing the programmer from coding sessions explicitly. In fact, programmers can be somewhat oblivious to the use of session tokens and still be able to program very secure, framework-based applications. When sessions expire (for example, the user goes to an hour lunch and returns to the application that is still running), the server throws a SessionExpiredException. This exception is caught automatically within the Proxy object, which shows a login dialog to allow users to reenter their usernames and passwords. If successful, a new session token is assigned, and the application code continues seamlessly as if no exception had occurred. Without this automation, program code would require while loops every time a remote method was invoked, as seen in the following example: // pre processing code here while (true) { try { Property.setValue(“Hello World”, sessionID); break; // if no exception thrown, break out of the loop }catch (SessionExpiredException ex) { // show a login dialog and // assign the user a new session token } }

SL3054_frame_C24 Page 435 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

435

// post processing code The above example shows how an application code becomes complex and potentially buggy. Use of the proxy object transforms the example to the following: // pre processing code here Property.setValue(“Hello World”); // post processing code In the second example, the complexity of sessioning is moved to the Proxy object and away from the application coder. The code is much more readable and focused on application-specific logic.

24.4.5 EVENT SYSTEM The goals of the Collaborative Server can be mapped onto the framework’s event system. First, the messaging system should be efficient. Because the framework uses thin clients that often connect from within low-bandwidth environments, the system sends events only when necessary. Efficiency is the first reason the Framework includes a custom messaging service that is designed specifically for the Collaborative Server. This system achieves many efficiency gains because of its specificity. Second, the event system must be robust. As long as clients are connected, they should be guaranteed to get the events they have subscribed for. In addition, measures should be taken to ensure clients get events in order, no events are skipped, and events are not modified or corrupted in route. The server includes many features to increase robustness. These features are described in the next section. Third, the event system should be portable across servers. A custom messaging service achieves this portability because no third-party libraries or classes are used. Finally, the event system should be as transparent as possible. Application programmers should need to know very little about the messaging taking place. They should not need to subscribe or unsubscribe from event queues and should not need to generate events manually. Encapsulating the messaging system within the Framework supports the RAD goals of the overall framework. The CMI messaging system is based on a modified publish/subscribe scheme. When a Director initializes, it creates an EventQueue object and publishes this object in the shared naming service. The Director also starts a thread pool to manage the items in its event queue. One thread is responsible for event forwarding and routing; the remaining threads are assigned to event objects at their destination queues. The framework allows for n-tiered event queues. The source object creates an array of GUIDs describing the route the event should go follow. The event queues push the event along this route, popping a route ID off the array at each stop. When only one ID remains, the event queue assumes it is the ID of the destination object. It then forwards the event to this object within the same JVM as the last event queue, where the event is processed on the thread pool. Each event queue is responsible for forwarding events received in a first-in, firstout manner to the next step in their designated routes. When an event queue initial-

SL3054_frame_C24 Page 436 Tuesday, November 20, 2001 9:42 AM

436

The E-Business Handbook

izes, it creates a thread pool with default size of 25 items. These threads start immediately and go dormant until an event arrives in the queue. A thread checks the size of the queue every few seconds to ensure it is efficiently managed and events are handled in timely fashion. Because only one queue exists per JVM, this short time delay does not adversely affect system performance. In addition, when events are placed into the queue, the manager is explicitly interrupted; no wait is required for event processing. One static thread pool exists in each JVM. It is assumed that if the thread pool size is inadequate, the size of the thread pool can simply be increased rather than adding the additional overhead of new pools. A managing thread is responsible for assigning free threads to objects. In addition, a balancer thread is responsible for balancing the load placed on the pool. If most of the threads are assigned at any given time, the balancer increases the size of the pool up to a maximum number of threads. The reverse occurs if threads go unassigned for several minutes down to a minimum number of threads. Any object that contains a run method can be processed on the pool. If free threads are available, the manager starts the object immediately on one of the threads. If all threads are busy and no more can be created, the manager retries to assign the object every second. The Framework uses an abstracted routing system. A queue simply sees routes as an array of stops. Because Framework events always traverse from Property to Viewer, each route starts with a Property GUID and ends with a Viewer GUID. When errors occur during the propogation of an event, the publishing Property needs to be notified to remove this route from its list of event listeners. Because the remote connections link JVM to JVM, the event must be propagated backward through its route to its origin. This is accomplished by setting a rollback flag on the event and posting the event to the JVM’s event queue, whereupon it starts is backward propagation. When it arrives at the server, the Property is notified to remove the route. Using this mechanism, listener lists stay clean and current. Viewers also unsubscribe automatically during a clean logoff — described in the next section — which prevents rollbacks from occurring. The Framework is described as a modified publish/subscribe scheme because Viewers automatically subscribe themselves as listeners to Properties. Because Viewers are always associated with Properties, they are subscribed in the ClientDirector.link( ) method. Viewers usually call link( ) and then activate( ) on all sub-viewers, causing recursive subscription of child Viewers and Properties. During activate(false), Viewers remove their subviewer links to server Properties and unsubscribe these Viewers from Property event lists. If Viewers fail to do this, the subscription is automatically removed through the rollback process the next time the Property publishes an event. Properties are virtual event queues (see Socket Management below) because they hold lists of listening Viewers. The term “virtual” is used because Properties do not actually publish events, even though they seem to. Publishing behavior is moved to JVM-wide event queues for efficiency purposes. Likewise, Properties do not know what is contained in their listening routes, but simply fire events to each route in their list.

SL3054_frame_C24 Page 437 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

437

The destination references of events are not set directly by Properties. Rather, Properties set abstract routes. When events reach their final queues, the Framework reads Viewer destinations and sets actual references. This is done because Viewers are not remote objects and cannot publish distributed references. Handles are used in routes to overcome this limitation. RMI establishes socket connections between local and remote objects. While a maximum of 65,536 sockets is expected to exist in operating systems, most operating systems do not have this many actual sockets. Rather, operating systems provide a virtual number of sockets and an unknown actual number of sockets. Because many Viewers within the system need to connect to many Properties, all available sockets would soon be used up — especially on the server where many thousands of clients might be connected at the same time. Socket limitations are one of the foremost reasons for the custom event system. To better manage socket resources, only one JVM-wide event queue publishes itself to the naming service. Viewers and Properties actually register their references with their local EventQueues, preventing the need for socket connections. As stated earlier, Property listener lists store routes rather than actual remote references. These routes are passed through the messaging system until they reach their destination JVM. The destination queue maintains a list of GUIDs and actual Viewer references, which it uses to set the real reference of the final destination.

24.5 SESSIONING, SECURITY, AND LOCKING A best-practices model of user verification includes sessioning. When users successfully log in with valid usernames and passwords, they are assigned unique session ids (GUIDs) that are stored on the server. Clients include their assigned session ids in every call to the server as their authentication tokens. This prevents usernames and passwords from crossing the network unnecessarily. In addition, session IDs are invalidated when users log out, ensuring security even if tokens are snooped on the wire. Further, session IDs time out if they go unused for more than 30 minutes. Users must log in once again to be assigned new session IDs. Relogin is automatically handled by client proxy objects The framework uses access control lists (ACL) to enforce security in the framework. ACLs are used in most modern operating systems and databases. Each Property contains an ACL, which holds user rights to that Property. All activities on an object are mapped into ACL entries, resulting in nine levels of security access. These levels include get value, set value, get child, add child, remove child, modify ACL, set parent, get parent, and lock. Users can be given rights or locked out of any or all of these nine levels of security. Users who create Properties are automatically added with all rights to Property ACLs. If this were not done, no person would be able to access a Property after its creation. This owning user can then add other users to the ACL. ACL rights are hierarchical in nature. If a user accesses a Property and is not explicitly included in its ACL, the parent Property’s ACL is checked. This behavior continues recursively to the Root Property in the system. A user who is given superuser access to the Root Property automatically inherits rights to the entire system.

SL3054_frame_C24 Page 438 Tuesday, November 20, 2001 9:42 AM

438

The E-Business Handbook

Property objects can be locked by users. Users automatically have 30-minute leases on locks they successfully obtain. After 30 minutes, the object is unlocked automatically, preventing persistent locks from tying up objects indefinitely. For example, if a user were to lock a Property and then crash his or her client, the Property might remain locked forever. The use of leasing prevents this persistent behavior. Locks are permission-specific and support partial locking of Properties. For example, a user requesting a write lock would create a lock object with a set value permission. This lock allows other users to gain get value and get parent access to the Property, but not write access.

24.6 FIREWALLS Firewalls are a fact of any enterprise system on the Internet. Firewalls are both complex and limiting from the programmer’s perspective. The vast number of different firewalls on the Internet creates significant challenges for distributed applications. Because of the complexity involved in firewalls, behavior has been included in the Framework to automatically work around network limitations. Encapsulating these issues into the Collaborative Server allows programmers to develop applications quickly and efficiently. The Framework uses a multilayered approach at achieving connectivity in firewall situations. These are described as follows: 1. The client and server first try to connect using regular RMI. This assumes that open ports are available through the firewall. 2. If the client cannot connect to the naming service, the system fails. At least the naming service must be exported through the firewall. 3. If connections to the server fail, RMI automatically tries two additional approaches. These approaches are coded into the standard RMI distribution.3 4. The call is forwarded directly to the naming service port, which is guaranteed to be open or the system would have failed earlier in the process. The naming service unpackages the call and forwards it to the appropriate port once inside the firewall. This approach fails only if a firewall prevents inside port forwarding. 5. If inside port forwarding fails, the call is forwarded to port 80 as an HTTP POST request. A servlet unpacks the POST request and then forwards to the appropriate port. Because almost all firewalls allow traffic on port 80, this final attempt usually succeeds. The forwarding approaches have serious drawbacks, though. Because HTTP is a request/response protocol, the server can respond only to incoming requests. It cannot push data in the same sense as it does in nonfirewall situations. This is solved with changes in the messaging layer. Client-side event queues attempt to export themselves to the naming service. If this fails, the server creates an event queue proxy on the server side (within the firewall). This proxy acts as a buffer and collects events that are pushed to it. The client connects to this proxy in a polling fashion (every few seconds) and pulls events via regular RMI mechanisms. This type of polling gives the approximation

SL3054_frame_C24 Page 439 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

439

and appearance of real-time collaboration, but works through firewalls much better than direct connections. However, the disadvantage is the increased network traffic and server processing requirements that polling creates.

24.7 SUMMARY The Collaborative Server comprises many different systems, including the Property hierarchy, a full-featured event system, and a security system. The interrelationships among these systems is shown in Figure 24.6. Figure 24.6 should be compared with Figure 24.1, the initial Server model. In effect, Figure 24.6 builds upon the earlier model and implements its systems in

Internet Thread Pool

Client Director

Event Queue

Thread Pool

Event Queue Proxies

Root Viewer

Client Proxy

Sub-Viewer

Client Proxy

Sub-Viewer

Client Proxy

Server Director

Event Queue

Relational Database User Directory

Value Root Property * Value

Child Indexer ClientApp

Value

Key

Property *

Java Virtual Machine (application- or browser-based)

Value Key

Servlet Director

Property *

Enterprise JavaBeans Server Java Virtual Machine

Web Browser

* Expansion of the Property Element

Viewer(s)

Access Control List (security)

Listening Viewer Routes (messaging)

Parent Property Reference

Value Reference (dynamic)

Current Viewer Locks (locking)

Web Browser WebClient Java Virtual Machine HTTP Web Server

FIGURE 24.6 The collaborative server.

Child Child Indices Child Indices Indices

SL3054_frame_C24 Page 440 Tuesday, November 20, 2001 9:42 AM

440

The E-Business Handbook

detail. It is again divided into four sections: an Application-based client, a Servletbased client, a Server square, and an expansion of the Property concept. The model also introduces a number of improvements to the original model. The three Directors control behavior in their respective JVMs. They are shown with bold lines, indicating their importance to the entire system. Directors control initial system bootstrap (for both clients and server), initialize messaging and routing, and hold references to the Root Property. Director references always end with bold arrows. The hierarchical nature of Properties and Viewers is also shown in the diagram. The initial server design did not define how server-side data would be related and referenced. The inclusion of ChildIndexers and IndexKeys in the model provide the backbone and scaffolding for application data. The model shows the location and placement of client Proxy objects. These Proxies increase system efficiency and streamline application code. Their RMI connections across the Internet to Properties are depicted with dotted lines, which are inclusive of stubs and skeletons that handle wire protocols and socket connections. The lightweight messaging system has been implemented in this model. It includes JVM-wide event queues and thread pools. Event queues significantly decrease the potential number of actual socket connections because routes are given as IDs rather than as real connections. Client-side viewers are registered with clientside event queues, where destination references are assigned to events that traverse the system. Note the flow of data from Viewers directly to Properties, and from Properties through the messaging system to Viewers. The Servlet square has no event queue because of the stateless nature of HTTP.

24.7.1 TESTING

AND

EVALUATION

The Collaborative Server was used to develop several applications, including a shared word processor, a chat room dialog, a collaborative graphical designer, a shared document-review tool, and a subject-matter-expert data-gathering tool. These applications were developed using both traditional and Framework-based processes. The methodology, analysis, and full results are beyond the scope of this chapter. Interested readers can find them in full in Reference 1. The tested applications showed decreases of at least 80% in collaboration-related code. They also show significant decreases in the amount of time needed to code and test these applications. For example, the total lines of code in the shared document-review tool decreased 65% and the development time decreased 52% when programmers used the Collaborative Server for development. Other applications showed similar effects. In addition, Server-based applications were automatically more functional and more robust because they used prebuilt components for development.

24.7.2 CONTRIBUTIONS The major contribution of this research is the development and validation of a programming framework and related server to support the rapid development of realtime distributed collaborative applications. The tested applications showed decreases

SL3054_frame_C24 Page 441 Tuesday, November 20, 2001 9:42 AM

Collaborative Architectures that Support Electronic Business

441

of at least 80% in collaboration-related code. They also show significant decreases in the amount of time needed to code and test these applications. Several areas of the server architecture present new ways to model data and program within the object-oriented methodology. First, the Property hierarchy is a significant departure from traditional collaborative application design. This hierarchy is abstract to any product space and can be reused without modification for almost all collaborative applications. It automatically provides security, locking, messaging and replication, persistence, and viewing to all application data. It is the basis for the realized gains in productivity and stability. The messaging system modifies traditional event theory in that events are somewhat aware of their destinations. Rather than programming new interfaces for each event consumer class, programmers can create custom events that contain behavior code to be run at event destinations. The result is a decrease in the number of classes and the amount of bandwidth required for the messaging layer. The injected client proxy stub is also a new development. Client viewers essentially have two stubs: one for the Framework and one for RMI networking. The Framework stub automatically manages sessioning, security, and user identification. It also increases efficiency by short-circuiting unneeded calls to the server. It simplifies remote calls and enables programmers to focus on application user interfaces and business logic.

24.7.3 LIMITATIONS Several limitations need to be discussed so readers understand the conditions under which the server was developed. A major factor that influenced development was the young age of Java and Enterprise Javabeans when compared with other languages and distributed technologies. Java was 4–5 years old during the development period of the server. While the language itself changed little during this period, several standard extensions to the language were evolving. Java’s Swing architecture was not finalized, and therefore, was not permanently serializable as data objects in the Property hierarchy. The Java Messaging Service, which defines a standard publishsubscribe set of messaging interfaces for third-party companies to develop with, was also not available. In retrospect, however, the development of a custom messaging service designed specifically for the Property structure worked better than any standard messaging service could have. The Enterprise Javabeans (EJB) specification was released halfway through the development of the server, and very few, if any, commercial products met this specification. No “best practices” or common patterns for deployment within EJB were available to follow. Again in retrospect, EJB was not a good decision because it meets the needs of a different business problem. Realtime collaborative applications require devoted servers such as the Framework alone rather than one built upon EJB. Despite these limitations, programming within the Collaborative Server Framework has shown itself to be very efficient and much easier than traditional methods. Even novice and intermediate programmers have been able to quickly understand the Framework APIs and program effective and robust collaborative applications.

SL3054_frame_C24 Page 442 Tuesday, November 20, 2001 9:42 AM

442

The E-Business Handbook

24.7.4 FUTURE RESEARCH The Collaborative Server is currently in version 4. It is highly stable and functional. However, several development paths and research opportunities exist to bring this Framework to the next level. It should be moved off EJB and onto Jini.4 The Jini architecture was just emerging when the Collaborative Server was finished, but lends itself more to collaborative applications than EJB does. Jini allows clients to find server (Framework) services in a highly robust, dynamic way. For example, if several Framework servers exist on a distributed network, Jini would allow clients to find and connect to different servers, depending on their needs. More testing and laboratory experiments should be conducted to further verify the strengths and weaknesses of the Framework’s approach to collaboration. Realworld applications also need to be developed within professional programming teams and companies. These experiments will provide insights into how mature programmers react to the alternative programming methods of the Framework. The Framework defines a server-side set of collaborative data objects as well as messaging framework with which Properties publish information to clients. A clientside framework needs to be developed to allow local-client components to interact with one another, similar to the JavaBeans architecture and AWT event mechanism. This framework will further simplify the development of collaborative applications by automating much of the client-side user interface work. It will allow visual development environments to be created that are Framework-specific. These development environments will allow programmers to create complex, efficient, and robust applications using their mice, similar to the way today’s integrated development environments allow programmers to visually create single-user applications. While the Framework comes with several common collaborative components, such as chat windows and trees, more-extensive and -complex components are needed, such as shared whiteboards, telecursors, multimedia, and videoconferencing windows. These components can be arranged in the toolbar of the collaborative integrated development environment, further supporting the visual development of applications.

REFERENCES 1. Albrecht, C.C. (2001) A Programming Framework Supporting the Rapid Application Development of Highly Interactive, Collaborative Applications. A dissertation submitted to the faculty of the Committee on Business Administration, Graduate College, University of Arizona, Tucson, AZ. 2. Goldberg, A. (1990) Information models, views, and controllers (software re-use). Dr. Dobb’s Journal of Software Tools, vol. 15, no. 7 (July 1), 54, 56-9, 61, 106-7. 3. Sun Microsystems (2000) RMI Architecture. http://java.sun.com/j2se/1.3/docs/ guide/rmi/spec/rmi-arch6.html. 4. Sun Microsystems (2000b) Jini Connection Technology. http://www.sun.com/jini/.

SL3054_frame_C25 Page 443 Tuesday, November 20, 2001 9:43 AM

25

A Business Component-Based Approach to E-Business Process Design Amitava Dutta and Tarun K. Sen

CONTENTS 25.1 Introduction ..................................................................................................443 25.2 Deficiencies of Traditional Systems Development Approaches .................444 25.3 A Business Components-Based Framework for Systems Design ..............445 25.3.1 Component-Based Systems Design .................................................446 25.4 Components of E-Business Systems ...........................................................448 25.4.1 B2B Architectures Using Components............................................451 25.4.2 B2C Architectures Using Components............................................452 25.4.3 C2C Architectures Using Components............................................453 25.5 Conclusions ..................................................................................................454 References..............................................................................................................455

25.1 INTRODUCTION In today’s digital economy, it is well accepted that, to stay competitive, it is critical for business organizations to be lean and responsive. This implies tight integration across different components of business processes both internal and external to the organization. Because all business processes have accompanying information flows, a necessary step for this integration to occur is the implementation of appropriate information systems. The distinguishing characteristic of such systems, often called e-business systems, is that they need to seamlessly bridge different business functions and provide consistent and integrated information related to business activities. In other words, e-business systems are enterprise systems geared to meet strategic business objectives. We suggest that traditional systems development approaches are inadequate to develop and implement e-business systems. This chapter first presents the reasons for making such a claim and then goes on to suggest the framework for an alternate approach that explicitly recognizes the technical and organizational 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

443

SL3054_frame_C25 Page 444 Tuesday, November 20, 2001 9:43 AM

444

The E-Business Handbook

barriers to implementing e-business systems, and that embraces the trend toward off-the-shelf technical components.

25.2 DEFICIENCIES OF TRADITIONAL SYSTEMS DEVELOPMENT APPROACHES Traditional systems development approaches, such as life cycle, prototyping and even end-user development, have a custom-built flavor to them. The first needs requirements definition to be finalized early on, while requirements evolve iteratively in the second. Today, the trend clearly is away from custom building and toward COTS. In most commercial settings, it is just too expensive to custom build large-scale systems and then maintain them. Even the U.S. Department of Defense which, because of unique mission needs, has had a long history of custom building large systems, is now taking a hard look at COTS and integrating it into their overall IT infrastructure to control costs and shorten development time. Moreover, COTS packages continue to be developed for an ever-increasing variety of applications on diverse computing platforms. This match between demand and supply is fueling the trend away from custom building and toward COTS. However, the traditional approach to developing systems using COTS usually follows these phases: 1. 2. 3. 4.

Determine system requirements. Evaluate packages. Customize the selected COTS package. Deploy the modified COTS package within the organization.8

This is problematic for the following reasons: As mentioned earlier, e-business systems need to take an integrated cross-functional view of organizational information processing. Despite the powerful functionality of today’s COTS packages, none of them, even those as comprehensive as R/3, span the entire value chain of organizations with equal effectiveness in all parts.5 Therefore, in reality, e-business systems are often pieced together from a variety of COTS packages, each with its own business model, technical requirements, and user interface.3 Moreover, these packages often need to be integrated with legacy systems. The “customizing” referred to in step 3 above takes on a whole different meaning in this environment, to include not just individual COTS packages but also their linkages with each other and with legacy systems. Customizing COTS packages is a difficult and costly undertaking. While custom configuring a COTS package may be manageable, changing its application code is fraught with difficulties. For instance, R/3 is written in the proprietary language ABAP. There is a shortage of ABAP qualified personnel. In fact, the literature documents many instances, particularly involving ERP type packages, where it became so costly or cumbersome to customize the COTS package that the enterprise ended up having to change its business practices to suit the characteristics of the package.2

SL3054_frame_C25 Page 445 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

445

In short, the traditional approach to systems design — where requirements are first articulated and then the system is custom-built or modified from COTS packages to suit those requirements — is not well suited to the integration needs of e-business systems and the realities of COTS-based implementation.

25.3 A BUSINESS COMPONENTS-BASED FRAMEWORK FOR SYSTEMS DESIGN In this chapter, we suggest the framework to develop an alternate approach to designing e-business systems that explicitly recognizes the trend toward COTSbased implementation, the reality of multivendor and multiproduct solutions in crafting e-business systems, and the costs of changing organizational processes or structure. It calls for joint-customization of information and business process architectures. In other words, the necessary harmony between processes and systems is achieved not by customizing process and technical components individually or in a sequential manner, but by jointly customizing process and technology components during design. Unlike traditional approaches, it does not take the stance that business processes be designed first, and that systems be then customized to meet those defined processes. Joint customization is open to the possibility that the business process may need to be adjusted to fit the requirements of some COTS packages. The framework also calls for business processes to be designed using an “offthe-shelf” component-based approach, rather than being crafted uniquely for each organization. Informally, this idea can be seen to be present in best-practices approaches, as well as in the industry-sector-specific process maps used by ERP vendors. We envision these process components as each having a variety of COTS modules available to support its individual information requirements. Thus, system architecture is also being implicitly constructed as the overall business process is being designed using process components. Figure 25.1 summarizes these two elements of the suggested framework. COMPONENT BASED PROCESS ARCHITECTURE

End-to-End E-Business Process Supported by Integrated Systems

System COTS Components Modules Library Library

Process Component Library

CUSTOMIZE

CUSTOMIZE

COMPONENT BASED SYSTEM ARCHITECTURE

FIGURE 25.1 Framework for component based e-business system development.

SL3054_frame_C25 Page 446 Tuesday, November 20, 2001 9:43 AM

446

The E-Business Handbook

The benefits of a component-based framework shown in Figure 25.1 are easy to see. Just as COTS has the potential to reduce the time and cost for technology deployment, business components can bring the same benefits to process deployment. However, neither are the challenges to be overcome in implementing the framework hard to see. For instance, it is necessary to develop generic process components and then define their functionality and interfaces. Methods for checking the feasibility and business performance of processes are also needed. Moreover, as Figure 25.1 shows, systematic guidelines for carrying out the joint customization also need to be developed. In the remainder of the chapter, we categorize e-business processes and take the first steps toward identifying such generic process components. Before doing so, it is useful to summarize a few concepts related to component-based design.

25.3.1 COMPONENT-BASED SYSTEMS DESIGN The component-based systems development approach has been used for some time and is considered to be the next step beyond the object-oriented approach.4 Some of its objectives, such as reuse and modularization, are similar to the latter, but it also has other objectives directed at application integration and resolving software complexity by aggregating objects into higher-level functionality that performs more than a specific systems function. A component-based system is typically viewed as a collection of software parts geared toward meeting the functionalities of a business process. Fellner and Turowski4 define a component as follows: “A component is a reusable, self-contained and marketable software part that provides services through a well-defined interface and can be deployed in configurations unknown at development time.” Although component-based systems have their foundation in software engineering,6 it is possible to also view business processes as consisting of process components, that, when structured appropriately, help make an organization lean and responsive to business needs. Furthermore, the concepts of reuse and modularity that characterize software components can also be ported over to the business process domain. In other words, it may be unnecessary to design complex business processes from the ground up. ERP vendors like SAP, Peoplesoft, Oracle, and others already use these approaches. For instance, SAP has its business sector process maps.11 However, these components, where they do exist, are proprietary, and it is not clear if they follow from an analysis of process modularity. A business process component in this paper is defined as follows: “It is a clearly identifiable and replicable business function that can be expressed in a generic manner so that its functionality can be transportable from one business environment to another.” Thus, a process component is platform- and vendor-independent and has no software or hardware characteristics. Any software or hardware characteristic that a business component needs is defined at a lower level, similar to a conceptual model in the database environment. A business component can thus be viewed at two levels: the business level and the conceptual level. At the business level, a business component has three characteristics: a name, a specific set of functions that it supports, and a specific set of links that can be used

SL3054_frame_C25 Page 447 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

447

Name Functions: Fn 1 Fn 2 Fn 3 . . Links: Link 1 Link 2 Link 3 . . .

FIGURE 25.2 Characteristics of business level components.

to interoperate with other business components (Figure 25.2). The functions for each component are relatively narrow in scope and can perform diverse operations within a given domain defined by the component. The versatility of the functions enables a component to be used in different environments where different business processes need to be implemented. This also helps reduce the gap between real business processes in the organization and the constrained business process defined by the use of business components. The links allow different combinations of components to be connected so that different business processes can be implemented using the same set of business components. Also, two components can be connected using different links resulting in different business processes, although the same two components are being used. This is possible because components have different functions and the same two components can be connected for two different business processes that use different functionality from each of them. At the conceptual level (Figure 25.3), components are viewed using characteristics that are needed for implementation reasons. The conceptual level characteristics of a component are data, processes, interfaces, and security. Data describes the Data

Processes

Interfaces

Security

FIGURE 25.3 Characteristics of conceptual level representation of a business component.

SL3054_frame_C25 Page 448 Tuesday, November 20, 2001 9:43 AM

448

The E-Business Handbook

information requirements of the component. This can be accomplished using entity relationship models, class definitions, or relations. Processes describe the functions defined in business components in more detail so that functions can be better understood and implemented. Interfaces describe the look and feel of forms, reports, and other interface media that may be required to describe how users will interact with the component. Security features of the component define privacy and the levels of security available for the component. Some components need higher levels of security than others. Security features are becoming increasingly important in the e-business environment, where data is globally accessible. As discussed earlier, it is necessary to identify generic e-business process components so that reusability, functionality, and interoperability are all facilitated. In the following section, we attempt to identify such a set, based on an analysis of common categories of e-business processes. This component set is not exhaustive and will be refined with further work. It is intended to show the viability of a component-based approach to e-business systems design and to illustrate the benefits of doing so.

25.4 COMPONENTS OF E-BUSINESS SYSTEMS E-Business systems, particularly business to business (B2B) systems, enable one organization’s supply chain to integrate with that of another organization.7 Typically, these systems involve a buyer and a seller. A buyer is looking for material and services that it needs as inputs for its manufacturing or service supply chain. The seller in this scenario is attempting to complete its manufacturing supply chain by selling what it produces. An ideal B2B system would seamlessly connect the buyside of a buyer’s supply chain to the sell-side of a seller’s supply chain. This connection can be established in one of two ways: by establishing a market exchange or by a direct connection between a buyer and seller. In a market exchange, buyers and sellers are brought together in an electronic marketplace.10 This marketplace may be open to all or created for a specific group of buyers and sellers. Buyers and sellers can also be directly integrated in the marketplace based on linkages and extended process definitions. In either case, the required process components are very similar. These same components can be used to build the kind of market mechanism the situation warrants. B2B systems are information systems that include the exchange and sharing of information that goes beyond organizational boundaries. These systems include purchasing and logistics management, supplier management, inventory management, sales and channel management, accounts-payable and -receivable systems, customer support and service systems, and others. Most of the development in the last few years has been focused on the procurement component of an organization’s supply chain activities. Transactions related to invoices, purchase orders, requests for quotations, bills of lading, and receiving reports make up 75% of all information exchanged among business partners in the U.S.12 Procurement systems in B2B environments are typically implemented as hubs or exchanges. Exchanges exist that belong to the same industry, as in the GM, FORD, or Chrysler auto exchange consortia (covisint.com). Exchanges that extend across

SL3054_frame_C25 Page 449 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

449

industries are called functional hubs. Examples of these include exchanges that provide maintenance, repair and operations (MRO) supplies. Exchanges can also be classified by the nature of the business process or function that it supports: commodity, business service, and integration service.9 Commodity exchanges support high-volume trade of commodities and financial instruments. Business service exchanges typically include trading of manufacturing products and business related services, such as financial and customer support services. Integration service exchanges connect business processes between two or more firms. This can happen when a manufacturing or service process is tied closely between the operations of two independently held firms. The characteristics of each of these exchanges differ, and it would be difficult to design one exchange that would work for all. However, any design process would need to abstract commonalties among these exchanges. The design process presented in this paper focuses on identifying these higher level abstractions. One can start with the highest level design components or abstractions and then decompose them into more-customizable modules. We now focus on these high-level design components. There are several key components that make up the e-business functional environment. They include cataloging, pricing, marketing, order, shipping, requisition, payment, market exchange matching mechanism, and customer information support. Although these components are not meant to be exhaustive, they illustrate the principles behind component-based design for business processes. Each component has a specific set of functions that it performs. Components also have a set of links that allow them to be hooked to other components. The components, their functions, and their linkages are shown in Figure 25.4. A brief description of each of these components follows . Cataloging (CAT): Catalogs are an integral component of a B2B system. They have characteristics similar to that in inventory-management systems. Apart from product descriptions, they include inventory-management functions that can be integrated into business supply chain systems. Pricing (PRC): B2B systems need a mechanism by which pricing of materials can be determined. The pricing component provides pricing models, discount computations, negotiating capabilities and other functionalities that are related to pricing decisions. Prices can be determined by simple catalog pricing, various types of auctions and bids (reverse auctions, English auctions), best prices based on responses to RFQs, and other methods. Functions by which the designer can adopt one or more of the pricing strategies should be available. Marketing (MKT): Sellers and (buyers) should have marketing tools available through which they can attract buyers (or sellers). These tools could include advertising, market research, loyalty programs, etc. Buyers also need similar tools to attract sellers to materials they need to purchase. This is particularly important in tighter market conditions. Ordering (ORD): This component primarily offers purchase orders, credit authorizations and other directly related ordering functions. It could also include negotiation tools, which allow buyers and sellers to negotiate with each other before finally deciding whether an order is to be placed. The credit authorization function gives the ability to check the creditworthiness of the buyer before accepting the order.

SL3054_frame_C25 Page 450 Tuesday, November 20, 2001 9:43 AM

450

The E-Business Handbook

Cataloging (CAT)

Pricing (PRC)

Marketing (MKT)

Product Description Inventory Management

Pricing Models Discounts & Negotiations

Advertising Loyalty Programs Market Research

Links to: RFQ, MEM, ORD, PRC

Links to: RFQ, MEM, ORD, CAT

Links to: CAT, CIS

Shipping (SHP))

Requisition (RFQ)

Payment (PMT))

Delivery Orders Shipping Instructions Bill of Lading

Request for Quotes RFQ Processing

Invoicing Terms & Conditions Settlement

Links to: ORD, PMT

Order (ORD)

Purchase Order Credit Authorization Links to: SHP, MEM, RFQ, CAT

Links to: CAT, ORD, PRC

Links to: SHP, CIS, MEM

Customer Information Support (CIS)

Market Exchange Mechanism (MEM)

Customer Profiling Customer Service

Auction Mechanisms Price Selection Bid Processing Links to: RFQ, CAT, ORD, PRC,CIS

Links to: RFQ, MEM, ORD, PRC

FIGURE 25.4 E-Business system components.

Shipping (SHP): This component offers services related to the actual delivery of goods like delivery orders, bills of lading, shipping instructions, etc. Logistics management is also an integral part of this component. In the e-business environment, shipment tracking has become a highly automated function. Most shipping companies such as Federal Express, UPS, etc., provide Web-based automated tracking capabilities. These systems ideally should be integrated with the organization’s supply chain systems. Requisitioning (RFQ): Requisition processing is the beginning of all purchasing activities in an organization. This component relates to requests for quotations (RFQ), receipt and processing of quotations and analysis of quotations so that orders can be placed to appropriate suppliers. This component also keeps track of available suppliers and their past performance. Payments (PMT): The payment component deals with payments to be made after goods are received. Typically, invoices are issued at this stage. Adherence to terms and conditions of payments is also verified. Payment processing is linked to other financial accounting components like the accounts payable su-system.

SL3054_frame_C25 Page 451 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

451

Market Exchange Matching Mechanism (MEM): B2B systems often resemble market matchmakers. Here, sellers offer their products and services and buyers issue their search for the same. These exchange mechanisms are then called upon to match buyers and sellers on different criteria including price, location, volume, type of goods, etc. This mechanism is a key component of this matching process and should be available on a B2B system. Customer Information Support (CIS): This component takes care of customer profiling for both buyers and sellers. This profiling is important for both parties, as it lets them make qualitative decisions about who to do business with and the nature of products and services to offer. There should also be a service and support component, which helps the parties to ensure that there is customer service provided in a manner that meets or exceeds customer expectations.

25.4.1 B2B ARCHITECTURES USING COMPONENTS The components described above are illustrative of how different components can be used to support different business process architectures. We now take these components and develop the architecture of two different B2B systems: a market exchange system for several buyers and sellers and a B2B system that directly connects a buyer to a seller. They are shown in Figures 25.5 and 25.6 respectively. In both cases, the systems are defined by combining components using business logic. Components can be connected only if there are predefined connection plugs available for each component. In Figure 25.4, each component description indicates the linkages that are available with other components. Note that there can be more than one type of connection available between two components. The type of connection chosen for an application depends on the business process required for the application. Figure 25.5 shows an architecture for a market exchange system. The system uses four primary components that are linked: cataloging, requisitioning, market exchange matching mechanism, and ordering. It is assumed that this market exchange brings suppliers and buyers together using a requisitioning system that seeks suppliers and a cataloging system that offers goods and services. The market

Cataloging (CAT)

Market Exchange Mechanism (MEM)

Order (ORD)

FIGURE 25.5 Components of a B2B market exchange.

Requisitions (RFQ )

SL3054_frame_C25 Page 452 Tuesday, November 20, 2001 9:43 AM

452

The E-Business Handbook

Buyer

Requisitions (RFQ)

Pricing (PRC)

Order (ORD)

Shipping (SHP)

Payment (PMT)

Cataloging (CAT)

FIGURE 25.6 Components of directly connected B2B supply chains.

exchange-matching mechanism brings buyers and suppliers together, which potentially results in an order. Once an order is placed, the buyer’s and seller’s supply chain systems complete the transactions. Often, organizations have dedicated suppliers for goods and services. In such cases, B2B systems have to be very closely integrated. In fact, the supply chain for such systems extends over operations in two or more organizations. For example, if a computer manufacturer buys hard drives from a dedicated supplier, then a B2B system is most efficient when the supply chain systems for the two firms are integrated. Figure 25.6 shows a B2B system for two corporations where one is a dedicated supplier for another. Several components in this system are shared by both corporations: RFQ, cataloging, ordering, shipping, and payment. Neither supplier nor buyer can truly share certain aspects of the pricing component. This component must have restricted access.

25.4.2 B2C ARCHITECTURES USING COMPONENTS Business to consumer (B2C) architectures are used to sell goods and services in a retail mode over the Internet using traditional e-commerce support services. Although several ventures in this area have failed in the recent past, B2C architectures have common elements and have withstood the test of actual operations. Most failures occurred because of failed business models. One of the primary challenges faced in the B2C market is to match viable business models to technology-based models. Recent e-commerce failures indicate that traditional brick-and-mortar business practices are also essential. Those e-commerce business models that create value propositions significantly superior to traditional brick-and-mortar models are likely to be profitable. It is extremely difficult to substitute technology with services that can be promoted using traditional brick-and-mortar establishments. Thus, B2C architectures have to be properly integrated with traditional supply chain systems, which, in turn, are evolving into B2B systems. Figure 25.7 describes a B2C system using components defined earlier. It should be noted that the components required in B2C systems, such as cataloging, pricing, payments, ordering, and shipping, are not very different from B2B systems. However, they are linked differently, thereby describing a completely different business

SL3054_frame_C25 Page 453 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

Payment (PMT)

Marketing (MKT)

Cataloging (CAT)

453

Pricing (PRC)

Customer Information Support (CIS)

Order (ORD)

Shipping (SHP)

FIGURE 25.7 Business component architecture for B2C system.

process. This demonstrates clearly the advantage of component-based design; using different combination of components and linkages, completely different business processes can be defined. The B2C system described in Figure 25.7 is based on catalogs supported by a marketing and pricing structure. Orders are placed using catalogs, payments are processed using the payment component, and shipping is handled by the shipping component. Each of these components is tightly integrated with the customer information system component, because customer support is crucial at every stage of the buying process, starting from marketing to sales execution and delivery.

25.4.3 C2C ARCHITECTURES USING COMPONENTS Consumer to consumer (C2C) architecture is used when an individual wants to sell goods over the Internet to another individual in a retail mode of operation. Here, someone puts an article for sale either at a fixed price or to the highest bidder. When the seller accepts a bid or a price, the buyer and the seller on their own usually handle the transaction. That is, they are responsible for the shipping and payment transactions to be completed. An Internet intermediary like eBay is usually responsible for posting the article and handling the pricing component of the sale. Of course, such sites provide other marketing support such as secure payments, insurance against faulty delivery and fraud, seller reliability and other features. The C2C business process architecture requires the cataloging, pricing, market exchange mechanism, ordering and the customer information system components. One arrangement of these components is shown in Figure 25.8. The cataloging component supports the display of goods for sale. The pricing mechanism allows the support of different pricing structures including various types of auctions. The market exchange mechanism facilitates the clearing of a market price on which a sale can be made. The order component executes the sale. The customer information

SL3054_frame_C25 Page 454 Tuesday, November 20, 2001 9:43 AM

454

The E-Business Handbook

Marketing (MKT)

Pricing (PRC)

Cataloging (CAT)

Market Exchange Mechanism (MEM)

Order (ORD)

Customer Information System (CIS)

FIGURE 25.8 Business component architecture for C2C system.

system component supports all the other components with features that provide customer support.

25.5 CONCLUSIONS Designing generic business process components is a complex task.1 The task is challenging because the same component can be used in one or more business processes in more than one organization. However, the endeavor has significant advantages for organizations. They can design their own applications to fit their own business processes instead of adopting proprietary business processes pre-defined by ERP vendors and e-business vendors. Similar to organizations that enforce standards for software and hardware components, there should be standards for business components. Most of the attempts to develop business components have resulted in specifications that involve software components like middleware technology. Components defined using software characteristics make it difficult to implement business processes. It is important to understand that the utility of software components is not being underestimated in our approach. At the business level, however, process components should be independent of software characteristics. Software characteristics should be introduced at the conceptual level of designing business components. The examples of B2B, B2C and C2C architectures given here illustrate the general framework of component-based e-business system design. The business components have been presented schematically, and substantial work remains to be done to specify them more formally. Formal specification of business components will make it possible to develop automated tools to craft complete business processes based on these components and then examine their business performance. Two aspects of the framework mentioned earlier in this article will be developed in the course of further work. One concerns the customization of process and technology components. The other concerns guidelines for balancing process versus technology

SL3054_frame_C25 Page 455 Tuesday, November 20, 2001 9:43 AM

A Business Component-Based Approach to E-Business Process Design

455

customization. Recall that the approach calls for joint customization of these two dimensions of e-business architectures. To develop these guidelines, it will be necessary to identify metrics of organizational and system costs13 and benefits, and then structure cost-benefit analyses to compare selected metrics that are most appropriate for a given circumstance.

REFERENCES 1. Baster G., Konana P., and Scott J., Business omponents: a case study of Bankers Trust Australia Limited, Comm. ACM, Vol. 44, No. 5, 2001, pp. 92-98. 2. Bingi P., Sharma M.K., and Godla J., Critical Isues facing an ERP implementation, Info. Sys. Mgmt., vol. 16, no. 3, 1999, p. 7-14. 3. Cubine M., Paper industry IT architecture: putting the software pieces together, Pulp & Paper, vol. 75, no. 4, 2001, p. 43-47. 4. Fellner K. and Turowski K., Classification Framework for Business Components, Proc. 33rd Hawaii Int. Conf. Sys. Sci., 2000. 5. Griffith L., ERP vs. Best-of-breed architecture: is the pendulum swinging? Apparel Ind. Mag., vol. 61, no. 6, 2000, p. 72. 6. Hall P.A.V., Architecture driven component reuse, Info. Software Tech., vol. 41, no. 14, November 1999, p. 963-968. 7. Kumar K., Technology for supporting supply chain management, Comm. ACM, vol. 44, no. 6, 2001, p. 58-61. 8. Lawlis P.K.et al., A formal process for evaluating COTS software products, Computer, vol. 34, no. 5, 2001, p. 58-63. 9. Phelan P. Implementing Business Applications in a Collaborative Environment, Gartner Group Research Document # R-12-0960, 3, October 2000. 10. Rohm A.W. and Pernul G., COPS: a model and infrastructure for secure and fair electronic markets, Decision Supp. Sys., vol. 29, no. 4, 2000, p. 343-355. 11. SAP, Business Sector Process Maps, www.sap.com/ 2001. 12. Schneider G. and Perry J., Electronic Commerce, Course Technology, Cambridge, MA, 2000. 13. Sedigh-Ali S., Ghafoor A., and Paul R.A., Software engineering metrics for COTSbased systems, Computer, vol. 34, no. 5, May 2001, pp. 44-50.

SL3054_frame_C25 Page 456 Tuesday, November 20, 2001 9:43 AM

SL3054_frame_C26 Page 457 Tuesday, November 20, 2001 9:44 AM

26

Reducing Distance in Electronic Commerce Using Virtual Reality Kenneth R. Walsh

CONTENTS 26.1 26.2 26.3 26.4

Introduction ..................................................................................................457 Distance Issues.............................................................................................458 Virtual Reality ..............................................................................................458 Potential Electronic Commerce Impacts .....................................................459 26.4.1 Experiential Products .......................................................................461 26.4.2 Customizable Products.....................................................................462 26.4.3 In Situ Products................................................................................462 26.4.4 Personal Fit Products .......................................................................462 26.4.5 Trust..................................................................................................463 26.4.6 Branding ...........................................................................................463 26.5 New Business Methods and Products .........................................................464 26.6 Conclusion....................................................................................................465 References..............................................................................................................465

26.1 INTRODUCTION The Internet and The World Wide Web (WWW, or the Web) reduced distance by letting computers of different organizations communicate with one another across a global, standards-based network. Without the Internet, less efficient, often proprietary, communications solutions were used, requiring custom configuration and development delays. The Internet itself had the potential to reduce some of these distances many years ago, but did so only in limited contexts. For example, although researchers could easily send e-mail, the average person did not use it. There was still a distance between what the general public wanted in communication — namely ease of use and low cost — and what the Internet provided. The WWW reduced this distance, giving the average person the ability to make use of the Internet. By making it affordable and easy to use, the Web has made buying a book online or sending an e-mail a relatively common task. In retrospect,

1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

457

SL3054_frame_C26 Page 458 Tuesday, November 20, 2001 9:44 AM

458

The E-Business Handbook

there was a big gap between what was possible on the Internet and what it could be used for. Although the Internet provided standards-based connectivity long before the Web, that reduced only one type of distance barrier. Today a similar gap exists between what we use the WWW for and what its potential could be. Electronic commerce is in its infancy.1 We can think of the gap as a distance that impedes use of the Web, causing people to choose to conduct business in other ways. For example, some products need to be seen in person before purchasing and some deals may require seeing the dealer before trusting him. However, if we view these as distances, rather than roadblocks, we can look at new alternatives for reducing those distances, and virtual reality (VR) is one type of technology that is showing promise. VR technology simulates the real world using immersive systems to stimulate the human senses. By doing so, certain real-world experiences that are necessary to conduct commerce today may be conducted online in the future. This chapter summarizes some distance issues identified in current electronic commerce domains, features of virtual reality systems, and the potential impacts of those features, including examples. The chapter then discusses potential change to business models implied by the potential of VR technology and concludes with implications and future directions for VR technology research.

26.2 DISTANCE ISSUES When making a purchase decision, buyers do so based on assessment of how the product will meet their needs. Buyers increase their understanding of products through research, but are usually somewhat more removed from the product than after the purchase transaction is complete. Some products can be described adequately with a largely text interface such as that used by Amazon.com, but others will need a richer medium.1 Many factors can make it difficult for a buyer to choose a product online. Products that must fit with what a buyer already has may have to be evaluated closely. The fit may be subjective, such as fit with decor, and buyers may not feel they have enough information when viewing the product online and will resort to visiting a physical location. Clothes that need to fit a buyer may present this same challenge.

26.3 VIRTUAL REALITY “A VR system is any computer system that combines advanced computer input and advance computer output to provide a coherent model.”2 My definition is sufficiently general to cover many advanced technologies, whether they fall into more strict definitions of VR technology or not. What is important for distance reduction is advance input and output that stimulate the human senses and a coherent model to allow multiple stimuli to be interpreted by the user as a single model. These technology characteristics can give the user an experience that simulates reality. If the simulation is good enough, some experiences that may have required a physical presence in the past can be replaced by the virtual experience.

SL3054_frame_C26 Page 459 Tuesday, November 20, 2001 9:44 AM

Reducing Distance in Electronic Commerce Using Virtual Reality

459

Advanced computer input and output features that can be used to simulate experience can be divided into three categories. Level 1: flat single-sense technology, such as an image displayed on a monitor Level 2: the integration of dimensions or senses Level 3: immersion in multiple senses and dimensions Level 1 represents technologies that stimulate only one sense and operate in a relatively flat manner. They are generally not considered VR technologies, but can provide part of a VR system. Examples include two-dimensional images and audio. Advances in level 1 technologies will have an impact on distance reduction. For example, higher quality images can give the buyer a better sense of the detail in a product, and, in some cases, this may be the difference between buying online and deferring until a physical experience can be arranged. Level 2 represents technologies that stimulate multiple senses or operate in multiple dimensions. They are often considered VR technologies, particularly when they offer a coherent model. Examples include 3-D modeling, animation, integrated audio, and natural user interfaces. Each of these technologies increases the “realness” of the experience. For example, a 3-D model of an object allows the user to choose the viewing angle arbitrarily, compared with using the static views that could have been developed using only flat images. Level 3 represents technologies that stimulate more than two senses and operate in multiple dimensions. Usually, they are considered VR technologies, and have coherent models. Examples of level 3 technology include graphical role-playing video games and online 3-D communities. These technologies can immerse a user fairly extensively, so that an experience becomes quite realistic. If a user can “see” from the viewpoint of an animated character into 3-D world, much of the shopping experience can be simulated. In 3-D collaborative communities, a user can see other animated characters that are being controlled by different users. In this scenario, another connection is made to the real world through the network. How close humancontrolled characters can become is still an open question, but promises to improve as immersion increases. Table 26.1 summarizes these VR technologies by level.

26.4 POTENTIAL ELECTRONIC COMMERCE IMPACTS A useful way to consider the modes of electronic commerce is to consider the degree to which the product, the process, and the agent are electronic or physical, such as done in the Whinston et al. framework.3 This framework considers commerce as being described primarily by the three components — products, agents, and processes. Products are goods or services that are exchanged, agents are the people or organization conducting transactions, and process is the process used to conduct the transaction. Each of these components may be physical or digital. A product such as an automobile is physical, while a program delivered on the Internet is digital. A salesperson in a department store is an example of a physical agent, and an automated online spider is a digital agent. Purchasing an item in a store is an example of a physical process, but downloading a product on the Internet is a digital process.

SL3054_frame_C26 Page 460 Tuesday, November 20, 2001 9:44 AM

460

The E-Business Handbook

TABLE 26.1 VR Technologies by Level Feature

Description

General Impact

Realistic Audio

Level 1 Images with resolution of high quality photography Sounds close to the original

3-D Modeling

Level 2 Full 3-D definitions of objects

Realistic Imaging

Animation Integrated Audio Natural User Interface

Movement of 3-D models Sound synchronized with other sense stimulation User interfaces that mimic interaction with objects in the physical world

Immersion

Engulfment of user

Believability, proportions, detail, color Believability, audio detail

Believability, reuse of object in different situations Products in use Believability, association of sight and sound Realism, multi-sensory, ease of use

Level 3 Increases believability, reduces distraction, can increase trust

Digital Product

Digital Process

Physical Product

Physical Process Physical Agent

FIGURE 26.1 Electronic commerce areas.3

Digital Agent

SL3054_frame_C26 Page 461 Tuesday, November 20, 2001 9:44 AM

Reducing Distance in Electronic Commerce Using Virtual Reality

461

Of course, many forms of commerce use combinations such as when software is purchased in a physical store or when a book is purchased online and shipped to the buyer. This framework is presented in Figure 26.1. Whinston et a..3 argue that, through improvements in digitization, the electronic segment of commerce will greatly increase, as shown in Figure 26.2. For example, they argue that products such as music CDs will be downloaded rather than purchased physically as the technology improves to better support such digital processes. Because VR technology can be used to simulate the physical world, it can be an important technology for expanding the universe of electronic commerce, as pictured in Figure 26.2. Where today’s transactions use products, processes, or agents in the physical domain, there is potential for VR simulation to develop a digital alternative. As research and technology improve, the digital world will make further inroads into the real world until the day may come when the two worlds are difficult to distinguish. In using VR to expand electronic commerce use when physical limitations abound, a number of situations can be identified. The following sections introduce categories of products and issues that currently have distance issues with potential for reduction through the use of VR technology.

26.4.1 EXPERIENTIAL PRODUCTS Experiential products are those that are consumed as a real experience by the user. A vacation is an example of an experiential product that is consumed when the user travels and experiences the vacation. Experiential products could benefit from VR technology by allowing customers to experience a simulation, thus bringing them closer to understanding the product. In the case of a vacation, it can be fully tested by the customer only by taking the

Digital Product

Digital Process

Physical Product

Physical Process Physical Agent

Digital Agent

FIGURE 26.2 The growth of electronic commerce areas.3

SL3054_frame_C26 Page 462 Tuesday, November 20, 2001 9:44 AM

462

The E-Business Handbook

vacation. However, a virtual reality demonstration can bring the customer closer to trying the vacation than a traditional Web-based presentation and may even be better than listening to a travel agent describe the vacation in person. Of course, current technology cannot fully simulate an adventure such as an African safari, but it may be good enough to choose between alternatives. If VR technology progresses far enough, the simulation could be an experience in itself.

26.4.2 CUSTOMIZABLE PRODUCTS Customizable products are those products having a significant number of options that change the product in important ways. Automobiles or new homes are examples of customizable products. If rooms are added to a new home, the product has been significantly altered. These types of products are often marketed using several physical examples to allow the buyer to actually experience similar products. VR technology has the potential to more quickly change options and to experience an exact configuration of options desired by the customer.

26.4.3 IN SITU PRODUCTS In situ products have an important part of their value derived from fitting into an existing situation. Furniture is an example of an in situ product that needs to fit into its location in an office or home and may need to serve some specific purpose. Although measurements can be provided using basic Web technology, a feel for how much space a piece subjectively occupies may not be clear — for example, how much space around a piece is needed for aesthetic balance or even convenient walking. An instance of a failed attempt is Furniture.com, once the market-leading online furniture retailer, which has since filed for Chapter 11 bankruptcy.4 In situ products could benefit from electronic commerce, as many other products do. In fact, the in situ nature of the product may require a customer to test alternative products. The Web’s ability to aid in contacting several suppliers could be a big improvement over visiting physical stores. VR can be applied to this problem by using simulation of the customer’s situation combined with simulation of potential products to test fit. For example, a consumer’s living room could be simulated, and renderings of chairs could be placed in the simulation. The consumer could easily change VR chairs to compare the in situ result. VR technology would allow the consumer to dynamically change viewpoints of the situation and evaluate the product from multiple perspectives. Current VR technology can display virtual rooms with high quality. However, digitization of the consumer’s own world is still time consuming and requires significant technical expertise.

26.4.4 PERSONAL FIT PRODUCTS Products that must physically fit the customer are quite often purchased in person. Clothing is an example. Even with standard sizes, customers often must choose a different size in a different garment design, making buying based on size information

SL3054_frame_C26 Page 463 Tuesday, November 20, 2001 9:44 AM

Reducing Distance in Electronic Commerce Using Virtual Reality

463

inadequate. Further, the look of a garment on a customer, similar to in situ products, may differ from a customer’s expectations after viewing a garment in a catalog. Although personal-fit products pose real problems for online buyers, online shopping for such products may have benefits. Shoppers can view more products in less time and can specify different parameters such as color or material. Shoppers may prefer to buy some personal items online for privacy.They can also compare products among suppliers more easily than traveling between physical stores. These benefits are largely not realized because of the barriers to making a complete online transaction of a personal-fit product. Browsing may take place on the Web, but the product is often verified in the physical store. If such barriers were reduced, the other benefits could be gained and this electronic market segment could thrive. The online purchasing of personal-fit products is a market in its infancy. VR can be applied to reduce the distance between the online buyer and the personal-fit product by creating a VR simulation of the user and the product. What is unique about this application is that the user’s own body must be simulated. If the user’s body is digitized into a 3-D model, it can be stored online and used for testing personal-fit products. Garments can be “tried on” easily. Once a garment is on the 3-D model, it can be quickly changed. Different sizes, colors and styles can be tested. Multiple views of the 3-D model can be shown so that different products can be compared simultaneously, an impossible task in the physical changing room. Research using existing technologies demonstrates how VR benefits could be achieved. Jojic et al.5 describe a framework for the garment shopping process and Jojic et al.6 show how human digitization can be accomplished. Further, products in this category are often designed using CAD systems, so digital versions are already available, although not necessarily in the format for 3-D rendering. Significant issues exist regarding the extent to which users will accept such technology. Although current systems can demonstrate the concept, they are far from being usable to the end consumer and are not standardized in the industry. Experimentation of how systems are perceived and accepted by end users is critical. The quality of the rendering of both the human body and the product that is necessary for acceptable user perception is still unknown. Research into how systems can be made easy to use is also important. Finally, standardization must occur so such systems can work across suppliers.

26.4.5 TRUST Trust is an important issue in a wide range of transactions. Although little work has been done on development of trust in electronic environments, the potential for increased believability using VR technologies shows potential for increasing trust.

26.4.6 BRANDING One aspect of branding is the creation of well-known names and logos that associate a company, product line, or product with its qualities. Advertising to

SL3054_frame_C26 Page 464 Tuesday, November 20, 2001 9:44 AM

464

The E-Business Handbook

TABLE 26.2 Product Categories and Issues EC Gap

Example

Experiential product Customizable product In situ Products

Vacation, Education Automobile

Personal Fit Products Trust Branding

Clothes

Furniture

Believing in quality of product User remembering and associating products names and symbols

VR Potential Simulation of vacation Simulate complete set of consistent options Simulation of product in environment Simulate clothes as warn by customer Better experience of products Multi-sensory advertising may make names and symbols more memorable.

develop brands has been difficult on the WWW because of the limited attention users pay to advertising, particularly banner advertising. Television is still considered a good branding tool because of the captured attention of the users and the use of multimedia presentation. VR technology can be useful in improving branding on the Web. If VR-product demos that add value to the consumer can be developed, then consumers might devote their attention to it. Once the attention is focused, full multimedia branding techniques can be employed. Product categories and issues are summarized in Table 26.2.

26.5 NEW BUSINESS METHODS AND PRODUCTS The development of VR technologies that can decrease Internet distance can make electronic commerce much more useful for a wider variety of products. It also can enable business transformation. Customizable and personal products have implications for new forms of mass customization. If VR can be used by customers to make complete buying decisions and transactions, then pressure will be on business process to change and adapt to supply wider varieties of product lines to wider varieties of customers. Product design may change as well. Products currently designed with a limited set of variations that can be accommodated by supply chains and physical stores may no longer have such limits. Stores may choose to stock a limited selection of colors and styles because of limits to floor space and customer attention. An online store does not have such restrictions, opening the possibility for considerably more variety. Product design then may change to allow for more variety. Products can be designed to include the host of parameters that will be available to the customer for customization. These products will often need to be developed closely with production processes so they can be efficiently manufactured.

SL3054_frame_C26 Page 465 Tuesday, November 20, 2001 9:44 AM

Reducing Distance in Electronic Commerce Using Virtual Reality

465

26.6 CONCLUSION VR technology has the potential for drastically reducing Internet distances that are currently barriers to many electronic commerce possibilities. Using the dimensions of product, process, and agent can highlight areas where the physical world still dominates commerce and where simulation through VR technology may move commerce to the electronic world. Research should be conducted to test to what extent Internet distance can be collapsed through the use of VR. This is a call for major experimental research into the effects of VR on user perceptions and system usefulness. This would include how immersive a VR technology must be to impact users’ perception. It may be that a low level of immersion is needed for specifying parts for the design of an automobile engine in a B2B context, where a high level may be needed for personal-fit products in a B2C context. It is possible that a greater level of objectivity may, in general, reduce the immersion needed in the B2B world as compared with B2C. Because VR technology is quickly becoming practical, researchers and educators should be concerned with applying systems analysis and design techniques to VR systems. For example, how does one document the requirements for an immersive VR system? What design tools can be used? It is common to not use very systematic approaches to VR design because of its artistic nature.7 Existing software development methods should be applied to VR development and expanded if found to be inadequate. Standards are currently a major barrier that needs continued work. With VR formats proliferating, the integration and systematic use of VR technology on the Web is impossible. Users still must use a proprietary browser to use a particular VR application. Users will switch browsers to accommodate each trading partner. Standards must be developed and used before widespread VR use will be possible. VR encompasses many technologies and can be implemented in many ways. Researchers should develop and follow design theories that link basic theory to systems being designed so that results of different researchers are comparable. An ISDT approach systematically links basic theory to design for fulfilling particular goals.8 An ISDT approach will be useful in this stream of research because of the close interdependence between technology and human cognition. VR technology has much potential, but much work remains. One day, we are likely to find ourselves in a world where it is difficult to distinguish between physical and digital. Although much benefit could be realized from improvements in VR technology, many ethical and societal issues are likely to emerge. The next 10 years of VR research and development will be fascinating to experience.

REFERENCES 1. Shaw, M.J. 2000. Electronic Commerce: State of the Art, in Handbook on Electronic Commerce, Eds., Shaw, M., Blanning R., Strader, T., and Whinston, A. Springer, Berlin. pp. 249-270.

SL3054_frame_C26 Page 466 Tuesday, November 20, 2001 9:44 AM

466

The E-Business Handbook 2. Walsh, K.R. 2001. Virtual Reality for Learning: Some Design Propositions, Proc. Am. Conf. IS. 3. Whinston, A.B., Stahl, D.O., and Choi, S. 1997. The Economics of Electronic Commerce. Macmillan Technical, Indianapolis. 4. Furniture.com, 2001. Home Page, www.furniture.com, accessed 5/28/2001. 5. Jojic, N.et al. 2000. A Framework for Garment Shopping over the Internet, in Handbook on Electronic Commerce, Eds., Shaw, M., Blanning R., Strader, T., and Whinston, A. Springer, Berlin. pp. 3-24. 6. Jojic, N.et al., H. 1999. Computer Modeling, Analysis and Synthesis of Dressed Humans, IEEE Trans. Circuits& Syst. Video Technol., Special Issue on SNHC. 7. Rollings, A. and Morris, D. 2000. Game Architecture and Design. Coriolis, Scottsdale, AZ. 8. Walls, J.G., Widemeyer, G.R., and El Sawy, O.A. 1992. Building an information system design theory for vigilant EIS. Info. Sys. Res., 3:1 (March), pp. 36-59.

SL3054_frame_C27 Page 467 Tuesday, November 20, 2001 9:46 AM

27

XML, A Collaborative Enabler of E-Business through the Mediation of Heterogeneous Data between Trading Partners Paul Benjamin Lowry and William T. Neumann

CONTENTS 27.1 XML and Its Benefits ..................................................................................468 27.1.1 The Benefits of XML.......................................................................468 27.1.2 XML Benefits Applied to E-Commerce..........................................472 27.1.3 Example Benefits of XML for E-Commerce ..................................473 27.2 Factors to Consider before Adopting an Xml Solution ..............................474 27.3 Approaches to XML Data Mediation..........................................................476 27.3.1 Approach 1: XML/EDI Industry Standards ....................................477 27.3.2 Approach 2: XML Business Consortiums ......................................479 27.3.3 Approach 3: Custom XML Solutions..............................................479 27.3.4 Implementing Custom XML Data Mediation .................................480 27.4 Conclusion....................................................................................................485 Appendix 27.1 .......................................................................................................486 References..............................................................................................................491

The Internet is providing dramatic new strategic opportunities for electronic business, especially in terms of business-to-business (B2B) e-commerce. B2B e-commerce offers unprecedented opportunities for creating new trading partnerships, and, arguably, may be the greatest driver of business change in this era. Gerry Galewski, a philosopher on IT, said, “The existence of the Internet has created the ability to reinvent the way that we fundamentally do business to make us all more interconnected, closer in time and space, with less manual work, our processes more timely, and our operations more and more streamlined.”1 The explosive growth of the Internet 1-57444-305-4/02/$0.00+$1.50 © 2002 by CRC Press LLC

467

SL3054_frame_C27 Page 468 Tuesday, November 20, 2001 9:46 AM

468

The E-Business Handbook

and the resulting dramatic changes to business have fueled the spectacular rise of e-business and electronic intracompany collaboration. IDC Research predicts B2B e-commerce will grow from around $100 billion in 1999 to about $500 billion in 2002, and to $1.3 trillion by 2003.1 For example, Ford and GM are using e-commerce for virtually all their supply procurement, which represents $80 billion per year for Ford alone.2 However, to sustain the remarkable revenue growth and the potential of profitability afforded by the Internet, companies need sophisticated, collaborative technologies that extend far beyond the functionality of simple HTML pages and e-mail attachments. In fact, one of the biggest impediments of B2B electronic commerce (e-commerce) is the lack of knowledge of, and standards for, electronic collaboration (e-collaboration). Thus, for strategic e-business collaboration, firms need a common framework to exchange structured business information. Based on this need, this chapter posits that XML is the appropriate language for facilitating e-commerce data exchange and collaboration. In fact, XML has such potential import that at least two thirds of corporations have already implemented XML projects.3 This chapter addresses why XML is an important complementary e-commerce technology that facilitates data exchange. First, a general overview of XML, its benefits, and its issues is presented; then, specific examples are explored where XML facilitates ecommerce and e-collaboration.

27.1 XML AND ITS BENEFITS XML is a markup language for structured data developed by the WWW Consortium (W3C) and officially named in 1996. It is widely supported by major industry leaders such as IBM, Sun, Oracle, Novell, and Microsoft.2 Because XML defines syntax, but not semantics, users can freely describe structured data and their relationships. XML does not transport data (a feature for enterprise application integration or EAI); instead, it defines and validates data and is becoming a de facto enabler in e-business data interchange. A similar markup technology has existed for over two decades in the form of the metalanguage SGML (ISO 8879-1986),25 from which both HTML and XML are derivatives. However, XML is not based on HTML; instead, it is a simplified version of SGML, without SGML’s overall complexity.

27.1.1 THE BENEFITS

OF

XML

XML has several benefits, many of which cannot be fully provided by HTML, including the use of open standards, simple syntax, advanced data structures, and metadata. XML’s readily adaptable grammar is highly flexible and permits data reuse by incorporating advanced views and validated data. XML’s architecture is also extensible, allowing integration of Internet appliances, intelligent agents, and other enterprise applications. Specific XML benefits include providing: • Open standards • Structured syntax • Advanced data structures

SL3054_frame_C27 Page 469 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

• • • • • • • •

469

Metadata Flexibility Data reuse Advanced views Data validation Support for Internet appliances Support of intelligent agents Applications integration.

Open Standards: XML is a de facto Web standard that is both platform independent and vendor neutral3–7 XML’s platform independence allows XML applications to have fully interchangeable data exchange of data content across platforms and applications, without the need for modification. Part of XML’s popularity exists because XML is available through the ubiquitous Web browser and without licensing or royalty fees. Also, XML’s open standards have facilitated its rapid adoption for application interoperability. Moreover, its ubiquity provides assurance to vendors and users that XML is a viable long-term technology in which it is worth investing time and resources; thus ensuring substantial multivendor support. Simple, Structured Syntax: The basic syntax of XML is simple yet strictly enforced, creating what is called a well-formed XML document (the tags must match and must nest properly). Thus, XML solves another limitation of HTML: Its loosely enforced rules can allow developers to produce code that is unreliable and difficult to maintain. For example, HTML documents do not require ending tags and the tags need not nest in a certain order, which can result in sloppy code and browser inconsistencies. Instead, XML’s strictly enforced syntax rules result in better-formed and more reliable code. Advanced Data Structures: The ability to create flexible data structures is another primary benefit of XML. XML’s data structure establishes a vehicle to provide flexibility, data reuse, advanced views, Internet appliance support, metadata, and intelligent agent support. In contrast, HTML combines the underlying data with structural markup (presentation) of Web documents.8 HTML’s focus on presentation causes the loss of useful metadata; for example, a computer program processing an HTML document cannot readily identify the title or date for a report. Unlike HTML, XML tags have no set meaning; they have meaning only in the context of the application that processes the tags, allowing content to be separated from format. Thus XML facilitates the creation of advanced data structures that have precise semantic meaning, and where titles, dates, and other metadata can easily be identified by outside programs. This superior architectural approach can support virtually any data format, providing the flexibility needed for true media independence and international publishing. Metadata: XML’s data structures incorporate a data exchange format that external applications can use to identify the content through self-discovery (a.k.a. metadata). Metadata allows the underlying data of XML documents to outlast contemporary applications, permitting the data to be extensible to future applications. Metadata also provides the tools needed by intelligent agents for dynamic application integration.

SL3054_frame_C27 Page 470 Tuesday, November 20, 2001 9:46 AM

470

The E-Business Handbook

Flexibility: Because XML data structures are user-definable, they are flexible and extensible, allowing users to define new tags and attributes as needed.4,8 This permits data structures to be adapted to support virtually any level of simplicity or complexity of the data to be captured. For example, documents can be containers for other documents, allowing complex documents to be constructed from simpler documents8 with limitless levels of nesting. Flexibility also adds an important benefit to content creators — freedom from vendor control of tools. The possible downside of the flexibility of XML is that it creates the potential for inconsistency and lack of standards. Similar limitations are discussed in section 27.3. Data reuse: XML’s flexible data structure also promotes data reuse through the dynamic manipulation of a master data record on an ad hoc basis. For example, XML can allow different subsets of the same data to be sent to multiple users in an automated fashion. By manipulating a master data set structured using XML, production of customized data sets would be more efficient and unnecessary duplication of data sets can be avoided. Advanced Views: Unlike HTML, XML developers are free to define their own advanced views of the data4,9 from which personalized user interfaces can be dynamically generated. XML data can be structured as a DTD (document type definition), allowing outside applications to examine the content and render it as appropriate to a GUI or another device.10 Alternate user interface metaphors can be created using style sheets through XSL (extensible stylesheet language), allowing developers to customize displays for different devices or users. Because HTML was not designed to support advanced user interfaces and views, developers often try to circumvent HTML’s limitations using proprietary client extensions, such as JavaScript, ActiveX, or other task-specific plug-ins. Ironically, such approaches diminish the Internet’s biggest advantage of universal accessibility and environment independence.10 Data validation: Another benefit of XML, which is in stark contrast to HTML functionality, is that XML provides data validation as part of its definition. Without data validation capabilities, HTML designs are inherently more error prone and require developers to incorporate error management routines to identify invalid data. In contrast, XML incorporates data validation through the DTD of an XML message or the more “stylish” XML schema. Furthermore, the XML approach does not have the proprietary complexity of the validation schemes used with traditional EDI. Support for Internet Appliances: XML also supports Internet appliances, which are a significant growth opportunity for e-business. Although the ubiquitous PC will remain, many experts believe that Internet appliances, such as PDAs (personal digital assistants), televisions, cell phones, and other embedded devices, will become the dominant force in the computing landscape. Indications of this change are readily seen. For example, the number of wireless subscribers in 2001 was 530 million, but this may grow to over 1 billion users by 200511 As nontraditional devices are linked to the Internet, the need for data transformations exposes the weaknesses of HTML data’s being married to its presentation format. By separating data and its presentation descriptions, XML is clearly superior to HTML in supporting Internet appliances. In fact, it is not unreasonable to assert that XML’s capabilities are a critical

SL3054_frame_C27 Page 471 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

471

technology for Internet appliances. XML’s ability to manipulate data dynamically means that each appliance can transform canonical, structured data into the most appropriate format for the specific device (e.g., four-line display on a cell phone versus 10-line display on a PDA). The wireless community has already embraced the XML standard for Internet applications through Wireless Markup Language (WML) as part of the wireless access protocol (WAP).26 WAP is an architectural standard for transmission, information display, and advanced telephony for wireless products. Based on XML standards, the WAP 1.0 specification is a programming model and protocol stack, while WML and WML Script provide a streamlined, JavaScript-like language for thin client applications. Unlike the flat structure of HTML documents, WML documents have adopted the XML approach whereby data elements are divided into a set of well-defined units of user interactions. As a task-specific language, WML provides a smaller, telephonyaware set of markup tags that makes it more appropriate for the Internet than HTML. However, XML-based WAP solutions may not fully provide the necessary performance and support for many Internet appliances, such as small hand-held devices. Vendors will also need to consider the use of complementary technologies to overcome the restricted bandwidth and user interface requirements for handheld Internet devices. Beyond WML, potential technologies that might meet these needs include: • • • •

Intelligent agents to filter messages or guide navigation Voice recognition to act as an alternative user interface Data compression to reduce overall traffic Intelligent auto-previewing technologies to avoid downloading entire messages

Support for Intelligent Agents: Most Web pages are an unstructured collection of static and dynamically generated HTML pages, which makes it difficult for external applications, such as intelligent agents, to extract useful information from Web pages.10 Using HTML scraping, often known as “screen scraping,” approaches to data collection is cumbersome because HTML pages routinely include noninformation data such as graphics. Because information on HTML pages is unstructured, it is often difficult for intelligent agents to correctly ascertain the location and format of embedded data. In contrast, XML is an open standard that is self-describing, which simplifies intelligent agent access to XML documents and applications.9 For example, XML can provide context to structured query searches, thereby enhancing the search capabilities on Web pages.9 As XML is used increasingly on the Web, XML-based content will make the Web virtually fully accessible and scalable to intelligent agents and other automated processes.13 Application Integration: Not only does XML facilitate access by outside agents, but also it can provide tightly coupled application integration.3,7 This could be a potentially significant application for XML, considering Forrester Research’s report that IT integration projects at large firms can consume up to 30% of IT development budgets.3 Using XML to facilitate process integration, the long-term reusability and interoperability of applications can be improved and thus, IT development costs will be significantly lowered. In addition, applications that use XML need to

SL3054_frame_C27 Page 472 Tuesday, November 20, 2001 9:46 AM

472

The E-Business Handbook

recognize only two data formats, the application’s internal format and XML, eliminating the need to interface with proprietary formats.13 Because XML can be incorporated with low overhead and using existing communications infrastructures, it is a viable technology that can be used to help integrate existing supply chains without large increases in infrastructure investments. While the use of XML in supply chain integration is an important application domain, many additional applications areas can benefit from XML-structured information, including DBMS integration, open interfaces into enterprise systems, data bridges from legacy systems, and the transformation and conversion of legacy data.

27.1.2 XML BENEFITS APPLIED

TO

E-COMMERCE

This section expounds on XML’s benefits by examining how it can facilitate ebusiness and e-collaboration. To better understand how XML can benefit e-commerce applications, it is important to recognize that e-commerce is increasingly focused on intracompany collaboration among potential trading partners, which significantly increases the required sophistication of e-commerce applications.14 Internally, firms are demanding IT solutions that offer united business models and fully integrated end-to-end information processing,1 while, at the same time, firms need to exchange with their trading partners with greater ease than ever before. This process-level integration is becoming increasingly complex, requiring e-commerce solutions to support asynchronous and synchronous transactions and communications, multiple parties in virtual relationships, and the elimination of barriers to data exchanges in terms of location, time, or structure. XML’s range of benefits offers a unique capability to meet the requirements of companies engaging in e-commerce, especially because of their universal need for a common language to exchange business information. XML, combined with its complementary technologies, can better deliver systems that can meet the requirements of e-commerce transactions than systems built without XML. For example, XML can be used to develop industry-standard interfaces and methods of data exchange with outside parties, eliminating the need for proprietary solutions.13 By enabling more rapid comparison of price data through the use of intelligent shopping agents, XML can also create higher market efficiencies and lower costs for buyers.13 As an example, XML-based cyber-intermediary agents are offering brokering services to match buying and selling agents, or even orderaggregation services to increase purchasing volume.13 As these agents create increased price competition, suppliers will likely need to differentiate themselves on aspects other than price, such as providing agent-searchable product catalog data (e.g., price, availability, descriptions).13 Additionally, XML can facilitate instant information availability and data exchange, which can transform traditionally rigid supply chains into dynamic supply chain Webs where trading partners can rapidly establish market relationships that allow them to transact business at any time and any place.13 Similarly, XML can be a key enabling technology in building Internet portals that are opening new business markets and streamlining business processes through syndication, which is the capability of sharing portal content and components among companies. In this way, XML can dynamically leverage content and

SL3054_frame_C27 Page 473 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

473

TABLE 27.1 XML Benefits Applied to E-Business XML Benefit Open standard

Simple syntax Robust data structure Flexibility Data reuse

Views

Internet appliances

Self-describing Intelligent agents Applications integration Internet Portals

Why benefit is important to e-commerce and intracompany collaboration Need data interchange technologies that are cheap and widely available to all sizes of firms anywhere in the world. Having a technology supported by major industry rivals promotes fairness and an open playing field, where dominant vendors cannot wield monopolistic control. Easily understood and programmed. Allows for a diversity of possible implementations without unnecessary restrictions. Can represent any level of data simplicity or complexity depending on specific needs of a firm, its suppliers, or customers. More freedom from dogmatic vendor control and proprietary tools. Data can become extensible to changing applications and needs. Preserves and promotes strategic investment in firm’s data. Can provide greater levels of service and tighter integration by making more data available (e.g. not just prices, but past sales history, product availability, etc.). Facilitates portal syndication where data and components can be reused among several companies. Views allow firms to regain the advantage of universal access that is being lost to HTML, Active-X, Java Scripts, and other proprietary approaches that firms are currently using to provide data views and support for advanced GUI displays. Views and the separation of data from content allow firms to better support the exploding growth of Internet appliances (e.g. support automated sales force with intelligent cell phones). Providing metadata allows outside agents and applications to better understand and process XML data. Supports intelligent agents so that firms can garner competitive intelligence, broker transactions, provide 24-7 negotiation services, etc. Helps tie disparate applications and databases together, better enabling firms to automate their supply chains. XML is a key technology in the exploding Internet portal market, which is opening new business markets and streamlining business processes.

services to create virtual communities, virtual companies, new markets, and virtual trading communities.13 Table 27.1 summarizes XML’s benefits for e-business.

27.1.3 EXAMPLE BENEFITS

OF

XML

FOR

E-COMMERCE

Consider the following example of how XML can facilitate an e-commerce transaction through supporting the request for proposal (RFP) process: Automating the RFP process is an excellent opportunity, because RFPs currently represent an expensive, laborious, manual process for most firms.7 Firms can help automate the RFP process by using XML to establish standards on how RFPs should be structured and

SL3054_frame_C27 Page 474 Tuesday, November 20, 2001 9:46 AM

474

The E-Business Handbook

how the resulting proposals should be created, allowing many aspects of the process to be managed by agents or other automated processes.7 Other benefits to automating the RFP process using XML and agents include: • Creating dynamic views of collateral information for respondents • Automating data reuse for boilerplate contract specifications • Improving the timeliness and accuracy of vendor’s responses through the standardization of the RFP documents • Automating notification of events using integrated workflow assistance • Automating bidding on standard purchases through the use of system and process integration technologies7 While automating the RFP process provides a simple example of how XML can be used to automate e-commerce, it represents a relatively minor component of a fully automated supply chain. While a fully automated supply chain is far more complex, the benefits are correspondingly higher. Creating an electronic supply chain involves much more than simply creating electronic catalogs and ordering systems. A fully automated supply chain allows a buyer and supplier to track the purchase through its entire lifecycle, from the original purchase order through activities such as shipping, logistics, billing, collaborative planning, forecasting and replenishment. Many trading partners are creating online supply chains, such as the well-known UCCnet, hosted by consumer product marker leaders such as PepsiCo, RalstonPurina, Supervalu, and Proctor & Gamble. While hosted by major market makers, the strength of UCCnet is that it allows small companies to join the service for as little as $1500 a year. Considering access, scale and ease of use, this XML-based solution has allowed the participants to create a trading community far beyond the possibilities that would have been possible with technologies such as electronic data interchange (EDI).

27.2 FACTORS TO CONSIDER BEFORE ADOPTING AN XML SOLUTION The aforementioned example of automating RFPs and supply chains with XML suggests how XML can offer many benefits to firms implementing e-business initiatives. However, it is equally important to emphasize that many benefits of XML are largely theoretical — XML is a relatively young and still evolving set of technologies that is faced with considerable issues, including increased costs, incompleteness of solution, lack of object orientation, technical immaturity, and lack of refined standards. Increased Costs: Because XML is new and distinct from other data exchange technologies, it could have high adoption costs and a steep learning curve. As a result, IS organizations should consider opportunity costs carefully, as XML initiatives will likely reallocate resources for additional consulting and training from other existing initiatives. Moreover, before rushing to hire consultants, a firm should evaluate its potential consultants’ knowledge of the firm’s legacy data format. If sufficient legacy data knowledge cannot be found, organizations might be better off

SL3054_frame_C27 Page 475 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

475

training in-house employees, as it is sometimes more effective to develop an inhouse XML knowledge base rather training outside consultants on the intricacies of legacy data. Other costs associated with adopting XML may also include software upgrades (e.g. Microsoft IE5 supports XML, while IE4 does not), new development tools, and customizations to existing application logic. Even basic infrastructure systems may require upgrades, because XML files are represented using ASCII, not binary, potentially creating a need for compression software, additional storage space for expanded XML-based data structures, or higher performance network systems to address the increased data traffic. Incompleteness of Solution: While the non-technologically savvy members of an organization often see XML as the next silver bullet to solve all of their data exchange and collaboration issues, XML does not address security or performance optimization, nor does it directly capture business process rules. Thus, XML should not be seen as a full data exchange solution, but rather as a component in a firm’s overall data exchange strategy. In most cases, organizations use many complementary technologies (i.e., XHTML, Java, CORBA, and intelligent agents) to realize benefits from XML fully. (See Appendix 27.1 for a taxonomy of key XML technologies.) It is also important to recognize that organizations planning to adopt XMLbased solutions will need personnel with strong data modeling experience and wellengineered business processes. Without these skills, XML will produce few benefits and may only promote confusion and exacerbate existing problems of poor or incompatible data models and data management. In practice, XML offers few silver bullets; thus, many naive firms maybe mired in disappointment as their XML initiatives fall short of expectations, just as similar firms elusively chased the paperless office or tried to transform inferior business processes by installing ERP packages without process reengineering. Not Object Oriented: Because XML uses hierarchical data structures in tree-like constructs that naturally represent real-world objects, some practitioners erroneously consider XML to be object oriented. However, XML does not store methods with its underlying data; therefore, this lack of object orientation means that XML cannot support distributed functionality, inheritance, polymorphism, etc. For example, when dealing with data in distributed environments, XML data is always passed by value and cannot be passed by reference, which is a particular problem for database consistency in a distributed or parallel database environment. Additionally, XML is not a “plug-and-play” technology, nor does it support the distributed object model or CORBA-based architectures that support such models.15 Furthermore, the potential exists for an impedance mismatch with existing data models, which may limit the ability of a firm to utilize its existing object-oriented data stores without modification. Technological Immaturity: Clearly, XML is still an immature technology, as demonstrated by the endless barrage of XML-related technologies and proposals for “industry standards.” Because few vendors having significant XML expertise, firms that embrace XML often hope to capture a strategic first-mover advantage; however, their decisions are also fraught with risk of the unknown. For example, many of XML’s technology gaps are just starting to be addressed, as is illustrated by the evolution of XML schemas. Currently, developers define XML data formats using DTDs, which is not always a powerful way to define true schemas of real-world

SL3054_frame_C27 Page 476 Tuesday, November 20, 2001 9:46 AM

476

The E-Business Handbook

data. Moreover, no methods previously existed to define nontext data types within DTDs (e.g. integer, long); instead, all the underlying data is either a string or a tag (technological baggage inherited from SMGL’s focus on text processing). To address this gap, a new XML “standard” called Xschema, was proposed. As similar gaps are discovered, new technologies and standards will inevitably be proposed, creating a development environment that is not always certain or stable. Lack of XML Standards: XML is an immature technology that is applicationspecific; thus, XML standards are still emerging. This has caused the highly competitive software marketplace to actively debate the viability and benefits of many of the application-oriented XML standards. Because XML is not a “plugand-play” technology, business communities need to define standards for data exchange.13 In other words, because XML is just syntax for expressing data formats and not semantics, a proposal for an exchange format has no meaning unless other parties agree on the format. Thus, potential exists for the creation of many proprietary, and even useless, XML syntaxes. As such, fragmentation in the applications market could be the Achilles’ heel of XML. If vendors develop proprietary standards, the whole rationale of XML may be countermanded,13 resulting in unmanageable data exchange gridlock. Additionally, without standards, the protocol mismatches between participants’ commerce platforms can not only inhibit peer-to-peer trading partnerships, but could also undermine industry-wide e-commerce initiatives to automate supply-chains and increase market-efficiencies.14 The essential irony is that the flexibility of XML may permit too many protocols and choices, which may discourage the widespread adoption of XML solutions. In fact, many industries are already embroiled in heated standards wars over XML data exchanges, such as the ongoing debate on whether to include traditional EDI standards as part of XML data exchanges. In summary, the issues of XML may encourage potential adopters to consider alternatives to XML. For many firms, XML may be too costly (via increased training costs and tools), too incomplete, and too immature for early adoption. Additional nontechnical strategic considerations must also be considered: For example, if a firm’s IT capabilities are not considered a key strategic resource, older technologies such as HTML and EDI may be viable alternatives to XMLbased solutions. On the other hand, if a firm considers its IT capabilities as a strategic asset, if the system must be operational on a 24-7 basis, or if the firm must participate in e-commerce trading marketplaces, then XML projects should be part of the firm’s IT strategic plan.

27.3 APPROACHES TO XML DATA MEDIATION This section further explores the imbroglio over XML data exchange standards used to mediate exchanges between trading partners. Specifically, much of the debate has centered on whether EDI should be incorporated into new XML exchange standards or whether traditional EDI technology should be abandoned entirely. This debate is paramount because, despite the recent popularity of XML, as the technology upon which B2B exchange started, EDI is still heavily used today.

SL3054_frame_C27 Page 477 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

477

For more than 20 years, EDI has been the standard for legacy data interchange of B2B transactions. However, EDI uses a traditional approach to B2B integration that acts as a significant market barrier for many firms and suffers from many limitations, including the following: • EDI’s lack of flexible semantic rules promotes the erroneous underlying assumption that every organization implements the same business processes and scenarios.16 • EDI-based interfaces can be difficult to implement and maintain because of EDI’s arcane syntax, position-dependent field definitions with fixed formats. • Relatively few IT professionals have adequate experience with EDI to be able to use it. • Because a substantial commitment of resources is required to participate in an EDI trading group, only a small percentage of organizations have implemented EDI. (As noted in Metcalf’s law, the value of a networked system is proportional to the square of the attached nodes; therefore, this small community of users itself limits EDI’s appeal and utility). • Due to the implementation complexity and lack of trained personnel, EDI is frequently implemented using proprietary VANs (value-added networks), increasing the design and operational costs while reducing flexibility and network access. • Many EDI-based systems do not transfer information in real time, creating an inconsistent state between trading partners. Because many firms acknowledge the limitations of EDI and recognize the importance of XML, the question then becomes which strategy should be used for XML data mediation. In general, most companies adopt one of the following three approaches: 1. A hybrid approach that combines EDI with the flexible data structures of XML (XML/EDI) 2. A standards-based approach developed by a business consortium (or industry trade group) that creates entirely new XML-based data exchange standards (consortium) 3. A peer-to-peer approach where trading partners create proprietary interfaces, largely independent of existing EDI standards and business consortiums (custom solutions) In the following sections, the relative merits and shortcomings of these approaches will be considered.

27.3.1 APPROACH 1: XML/EDI INDUSTRY STANDARDS The XML/EDI Group (www.xmledi-group.org) is an ad hoc advocacy council established in July 1997 to promote the advantages of combining the strengths of XML

SL3054_frame_C27 Page 478 Tuesday, November 20, 2001 9:46 AM

478

The E-Business Handbook

and EDI for intracompany data exchange. The XML/EDI combined approach is based upon the use of five key technologies:1 1. XML constructs for defining data structures and delivery mechanisms 2. EDI methodologies to define and link business transactions and processes 3. XML repositories to store glossaries that define the information content used in specific business processes 4. Templates to manage the processing rules and information interrelationships and dependencies 5. Software agents to provide task control, process facilitation, and systems scalability Software agents are particularly important for XML/EDI to provide flexible, fault tolerant and scalable systems.16,17 The principal types of e-commerce agents are conversion agents and negotiation agents. Conversion agents focus tactically on issues of operational efficiency, while negotiation agents16 emphasize strategic opportunities for competitive advantage. A typical software agent includes four major components:16 1. 2. 3. 4.

A communication processor A local knowledge base Problem solving methodology An ontology (or a common communications protocol)

With its flexible syntax and grammar, XML is particularly useful in defining communications processing protocols and ontologies. Integrating these technologies to facilitate XML/EDI is not necessarily an easy task, but XML’s flexible data structures can make XML/EDI easier and cheaper than traditional EDI. Moreover, the standardization of XML/EDI will ultimately reduce barriers to entry, allowing more vendors to participate and helping to overcome the “pair-wise tyranny” caused by large companies imposing proprietary message formats on small companies.13 The process repositories incorporated into the XML/EDI approach will also ensure that when an event occurs, the information will automatically be propagated down the supply chain, triggering the appropriate business processes.13 Overall, most companies will find that XML/EDI messages will be more streamlined and economical, while still providing a framework that will be easier to validate and translate than traditional EDI messages.13,18 Other potential applications for the XML/EDI approach include support for mass customization of products and services, and the information and process exchange needs of distributed virtual organizations.16 For these and other reasons, XML/EDI is considered by many industry observers to have the potential to displace traditional EDI applications.13,18 Turning from the benefits of XML/EDI, this approach is also predictably coupled with several issues and risks. Perhaps the most common concern is that this initiative is too tightly coupled to the EDI concept of fixed transactions and will, therefore, discourage utilizing XML’s ability to implement more advanced and flexible methods.1

SL3054_frame_C27 Page 479 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

479

Another concern is that the multitude of complex XML/EDI interfaces being proposed for the numerous trading partner networks may ultimately prove to be unmanageable for even the most enthusiastic supporters of the approach.1

27.3.2 APPROACH 2: XML BUSINESS CONSORTIUMS For many companies, the potential risks and challenges of XML/EDI are so significant that they prefer to automate their supply chains and trading partner exchanges using XML-based solutions developed by industry consortiums. Not unlike the EDI/XML approach, the business consortium model offers companies a data exchange standard that has been based on specific industry-specific requirements. The key advantage of this approach is that is provides a refined interface derived from the domain-specific knowledge of all trading partners within a market segment. Examples of such initiatives include BizTalk, the United Nations UN/CEFACT-backed ebXML, RosettaNet, Open Travel Alliance (OTA), Interactive Financial Exchange, Open Buying Initiative (OBI), Open Trading Protocol (OTP), and eCo system. Overall, the most successful consortium to date has been BizTalk, which is led by Microsoft. The goals of BizTalk are to provide a medium by which any application-specific set of XML message formats can be defined2 and to promote data exchanges among BizTalk members by providing a public repository where BizTalkconformant XML message format sets can be validated, stored, and freely used. BizTalk’s public repository is an important contributor to its success, as it enables many small and mid-size companies that do not have the expertise or resources to build their own XML servers to participate. However, the primary flaw of BizTalk and similar open exchanges is the issue of trying to map the rapidly growing number of inconsistent message formats published within the exchanges. For example, if n different standard formats exist, a firm would require developing up to n (n1) translations to exchange information with every potential trading partner. While it is unlikely that a firm would attempt this task, even a small number of standards could become oppressive if the number of formats evolves rapidly.2 Interestingly, this raises a key strategic question of why a firm would make the significant investment to develop mappings to their trading partners but then freely provide this intellectual property to their competitors.2 Moreover, because information is increasingly a source of strategic advantage, would adopting similar data models result in a loss of product differentiation in the marketplace? In addition, because the information transferred between trading partners is often based on internal enterprise information systems, finding a consistent data model that will meet the diverse requirements of a diverse cross-section of industry and political constituencies makes this consensus approach even more challenging. Given these formidable issues, many experts believe such consortia will fail to provide significant long-term strategic advantage to its participants.

27.3.3 APPROACH 3: CUSTOM XML SOLUTIONS Given the apparent restrictions of the first approach to XML data mediation and the likely strategic failure of the second approach, many mid-size and large firms

SL3054_frame_C27 Page 480 Tuesday, November 20, 2001 9:46 AM

480

The E-Business Handbook

consider a third, more strategic, approach of forging their own XML data exchange solutions. This approach often reflects the dual belief that EDI/XML has too much EDI “baggage,” while XML consortium initiatives are an unfortunate compromise for small firms that do not have the time, energy, or savvy to do otherwise. Thus, executives who embrace building custom XML exchange standards tend to be strategic risk takers who want to use their data mediation strategy as a market differentiator – they do not want to wait to see if industry consortiums succeed, and they do not want to be reliant on industry rivals. In contrast, the EDI/XML approach is similar to extending legacy business applications with Java front-end GUIs; although the interfaces may be more intuitive, the underlying business process restrictions still exist. Likewise, many of those who rely on consortiums for data exchange standards are similar to firms that have installed ERP solutions without business process reengineering simply because competitors in the marketplace adopted ERP. In many cases, this approach also fails to deliver a competitive advantage because adopting firms case key market differentiators in service delivery and market intelligence. While the option of developing custom XML integration solutions is often limited to dominant players in the market, the rewards can be equally significant, including highly profitable and efficient trading exchanges that establish a de facto standard for industry best practices. While the three possible strategies discussed meld the strengths of EDI and XML technologies for B2B transactions, it should be clear that none of the proposed approaches is a panacea. Ironically, EDI and XML suffer from many of the same problems, that is, the challenge of B2B integration is not simply a matter of automation, but rather better understanding and improving underlying business processes to gain strategic advantage. To do so, businesses will need to determine the strategic value of their business information and develop comprehensive approaches to integrating their valuable knowledge assets, from existing legacy systems to emerging B2B e-business initiatives.

27.3.4 IMPLEMENTING CUSTOM XML DATA MEDIATION How does a firm forge its own XML data mediation strategy and take control of its data exchange destiny? As one might expect, the complexity of the approach a company selects will correspond directly to the complexity and heterogeneity of a firm’s data and processes. As the customization of the solutions increases, the implementation plan itself will require the firm to consider other strategic questions, such as how tightly legacy systems will be integrated and how quickly the strategy will be executed. Naturally, the complexity of the implementation tasks will be largely dependent on the format of the source data, the complexity of the interrelationships among the data sets, and the business processes that will access the information. Perhaps the simplest (almost trivial) implementation strategy for a firm would be one that simply publishes XML views of existing XML data.19,20 Beyond basic dynamic queries, this approach would also allow XML-based data sets to be managed as sets of objects through the addition of an intermediary XML “view

SL3054_frame_C27 Page 481 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

481

server.”19,20 Unfortunately, this approach would obviously not be applicable to most firms, because the majority of mission-critical data likely does not currently exist as XML-formatted data; however, these concepts do provide a useful model for somewhat more practical solutions, such as the approach proposed by Baru.20,21 In Baru’s approach, the XML views act as wrappers for semistructured data such as HTML pages, although the approach does not fully address how the semistructured data becomes wrapped by XML views. For that reason, firms with large amounts of growing, semistructured data should carefully consider developing a strategy of how to collect data through scrapping agents and wrap the data through wrapping agents. Building on this methodology, Petrou20,22 proposed a three-tier access scheme for heterogeneous data sources, where all databases are accessed via special spidering agents using ODBC and HTML interfaces.20,22 In addition to access, the spidering agents are also required to manage all the data conversions for both incoming and outgoing data exchange.20,22 Using Petrou’s approach as the base model, several improvements need to be made to make a three-tier access scheme more usable, including:20 • • • •

A data-independent SQL-like query language Support for additional database protocols Performance and indexing enhancements Data abstraction to shield users from the complexity of data sets

Table 27.2 provides an overview of various data mediation approaches.

TABLE 27.2 XML Data Mediation Approaches XML Data Mediation Approach

Who

Publish XML views of existing XML data sets Create XML wrappers of semistructured data

Abiteboul and Lowry19,20 Baru21

Create XML threetier access scheme Create optimized three-tier access scheme

Petrou22

Lowry20

Stage/Timeframe

Data Mapping Complexity, Strategic Risk

Shield Users from Complexity

Use for early prototype (0-3 months)

Lowest

Lowest

Postprototype, early production with nonstrategic data (4–6 months) Production with basic strategic systems (7–12 months) Advanced production with all systems (13 months +)

Moderate

Moderate

High

High

Highest

Highest

SL3054_frame_C27 Page 482 Tuesday, November 20, 2001 9:46 AM

482

The E-Business Handbook

Not surprisingly, creating any of these proposed XML data mediation approaches is not an easy task, because they require substantial data modeling expertise and business process expertise. The three-tier approach is the most intensive, requiring the need for extensive design activities, strong management support, and advanced design tools (e.g. CASE tools and repositories). Due to its resource-intensive nature, three-tier XML data mediation is generally appropriate only for firms that have the expertise and resources to commit to rigorous data mapping and extensive process reengineering. The three-tier approach also requires firms to have a thorough understanding of its data, processes, and customers, which often require additional investments in domain-specific expertise and knowledge management technology. To implement a three-tier XML data mediation strategy, the following activities should be iteratively applied until an effective solution has been developed: • A commitment from executives to pursue such a strategy • A prototype model of the firm’s data using a basic subset of nonstrategic information • A unified logical model of the native XML data • A functional prototype of the system that is reviewed and endorsed by key stakeholders in the project Despite the increased risk and effort required of the three-tier approach, the potential payoff is that this approach can create a sustainable competitive advantage for the firm over its competitors in the high-stakes game of global e-business. Table 27.3 provides a comparison of three alternative approaches for implementing XML. While the overall risks, costs, and rewards of adopting an XML-based strategy are fairly straightforward, choosing the right XML strategy and deciding how to incorporate it into corporate business planning is a far more challenging task. The strategic decision matrix shown in Table 27.4 provides managers with specific decision points that can be used to evaluate the approach their company should

TABLE 27.3 Comparison of Three XML-Based Trading Partner Solutions Solution

Risk

Build on EDI: XML/EDI Join a business consortium

Low to moderate Moderate to High

Build custom XML formats

High

Cost Moderate: least amount of expertise Moderate to high: still have to create many of your own mappings High: need dedicated resources, management commitment, technology investment, experts

Reward/Strategic Differentiation Low to moderate Low to moderate

Moderate to high

SL3054_frame_C27 Page 483 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

483

adopt, based on the business climate in which the company finds itself. The most important factor for a company to consider is whether its competitive strategy is that of a first mover or a fast follower. First-mover advantage27 is determined by a company’s strategic position in its market, and includes such characteristics as size, technological savvy, market position, and financial strength. As an alternative to a first-mover strategy, many corporations employ a strategy of being a fastfollower by rapidly adopting successful business practices of first movers. With respect to XML-based applications, first-mover advantage can provide a company with opportunity to shape standards or control the rate of adoption of XML technology into an industry segment. The second factor for a company to consider is the influence that the company is able to wield, which is largely based on its market dominance, as shown on the y-axis of the graphs in Table 27.4. Market dominance considers the ability of the firm to influence its marketplace and is described as Porter’s competitive forces model.23 In Porter’s model, industry rivalry, entry barriers, and buyer and supplier power are used to describe the forces that act to control a business’s behavior. When considering XML strategies, market dominance determines whether a firm can dictate de facto XML standards or build standards through consensus with other firms.

TABLE 27.4(A) Strategic XML Opportunities for First-Mover Corporations High Market Dominance

B Limit Expansion of Legacy Exchange Methods to Emerging Applications Support Industry-Specific XML Standardization Efforts Instead of Custom XML-Based Interfaces

Low Market Dominance

A Maintain Short-Term Market Dominance with legacy Exchange Methods Establish 12–36 Month Program to Create de facto XML standards

C

D

Encourage Continued Use of Legacy Methods

Encourage Market-Makers Use of Legacy Methods

Monitor Industry-Specific Standardization Efforts

Promote Industry-Specific XML Standardization Efforts

Explore VAR-based Translation Products

Selectively Implement Custom XML Interfaces

Low Strategic Importance

High Strategic Importance

SL3054_frame_C27 Page 484 Tuesday, November 20, 2001 9:46 AM

484

The E-Business Handbook

TABLE 27.4(B) Strategic XML Opportunities for Fast-Follower Corporations High Market Dominance

B Support XML Industry-Specific Standardization Include XML-based Methods in Strategic Planning

Low Market Dominance

A Participate in XML Industry-Specific Standardization Specify XML-Based Solutions for Exchanges with Trading Partners

C

D

Monitor Standards for Strategic Operations

Encourage Adoption of Broadly-Based Standards

Track Trading Partners

Development Custom XML-Based Solutions

Identify VARs for XML-based Solutions

Low Strategic Importance

High Strategic Importance

Even when a firm has a dominant role within the industry, a third factor should influence a company’s approach is the strategic importance of the XML-based application. While XML often serves only a supportive role in the delivery of products and services to customers, such as the traditional role served of EDI, XML is increasingly being incorporated into the products and services delivered directly to customers. Depending on which role XML serves, its strategic importance directly affects the approach to the adoption of XML-based applications a company should take. As an example of how a manager might use Table 27.4, consider the case of a small company with limited resources that has a key XML-based product. In this case, the company’s size, and corresponding relatively low market dominance, will probably limit its approach to being a fast-follower. But given the potential strategic importance of XML to this firm, which strategy should this company adopt? As shown in Quadrant D of Table 27.4(A), this company should adopt the dual strategy of encouraging the adoption of broadly based XML standards while, at the same time, creating competitive advantage through custom XML-based solutions. In this way, XML allows the company to maximize its market opportunities with its trading partners as well as maintain product differentiation.

SL3054_frame_C27 Page 485 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

485

27.4 CONCLUSION XML is a strategic technology that can enable firms to better pursue Internet-based e-business and intracompany collaboration. XML is positioned between the limited standard of HTML and the much more complex standard of SGML. XML’s middleof-the-road standard offers many practical advantages over HTML, SGML, and other data mediation approaches; including greater flexibility, greater extensibility, separation of data and display, and a superior internal data structure. Despite XML’s strengths, it is still a nascent technology where standards are not clearly defined and best practices are continually evolving. For example, the ongoing examination of alternatives on how to automate XML data exchanges among trading partners clearly demonstrates how even well-defined business processes can have a variety of XMLbased implementations and standards. This chapter examined three specific approaches to implementing XML in trading partner data exchanges: 1. Building on existing EDI standards 2. Joining a business consortium 3. Creating custom standards The decision of which XML-based approach to select for automating data exchanges among trading partners will have a significant impact on the value proposition of the outcome; thus, such a decision must consider a company’s strategies, executive commitment, legacy EDI entrenchment, competitor reaction, available resources, existing expertise, and its risk portfolio. Clear parallels exist between the decisions companies have made regarding the adoption of XML and their investments in ERP during the 1990s. While some firms will use XML to differentiate themselves in the marketplace and develop sustainable competitive advantage, others will simply spend a lot of resources playing “catch up” with their competitors or wasting resources automating inferior and poorly understood business processes. Even when optimal decisions are made regarding data mediation approaches, firms are still faced with high orders of complexity driven by the intricate, heterogeneous nature of their corporate knowledge bases. Thus, it is quixotic to believe this complexity battle will be won anytime in the near future; likewise, it is strategically dangerous to involve clients and vendors in any solution without a wellformulated strategy. Successful organizations will address the challenge of Internetbased data collaboration by choosing an XML mediation approach that is technically manageable and is aligned with the strategic goals of their entire supply chain. Meanwhile, IS researchers and industry leaders must continue to refine XML’s role within IT business strategy. As XML continues to expand its role in the IT mainstream, solutions will be needed for issues such as scalable XML architectures, security integration, automated portal services, impendence mismatch with OO data, workflow and process awareness, and robust development environments. As these and other challenges are met, XML will be able to achieve its promise of being the enabling data-mediation technology for global e-business solutions.

BTP

FPML

Industry Proposed XML Standard

Industry Proposed XML Standard Industry Proposed XML Standard

Industry Proposed XML Standard

Industry Proposed XML Standard

IFX

Interactive Financial Exchange. A framework for the exchange of financial data.

Software by Tibco to help automatically schedule exchanges of B2B transaction, and automatic conversion of XML documents to flat-files or relational formats. AuthXML is a specification for authentication and authorization information in XML. AuthXML is a transport-independent XML definition that allows security authorities in separate organizations to communicate about authentication, authorization, user profiles and authenticated user sessions in an open way. “Business transaction protocol,” competitor to emerging XAML. Allows complex XML messages transactions to be tracked and managed as loosely coupled messages amongst businesses. Financial Processing Markup Language. A language for describing financial derivatives. Financial Services Markup Language. A language used to implement e-checks and other financial documents.

Helps with large-scale content management and publishing, using XML.

Description

FPML.org http://www.fpml.org FSTC.org (Financial Services Technology consortium) http://www.fstc.org IFX (Interactive Financial Exchange) Forum www.ifxforum.org

BEA Systems http://www.bea.com/index.shtml

CheckPoint Software Technologies, Entrust, Novell, Securant Technologies, etc. http://www.authxml.org/

TIBCO http://www.tibco.com/

http://www.documentum.com/

Organization/Web site

Industry-specific

Industry-specific

Industry-specific

**

****

**

***

Potential strategic impact

486

FSML

Documentum 4i eBusiness Edition 4.0 TIB/Business Connect and Business Partner AuthXML

Applications using XML

Applications using XML

XML technology

XML Taxonomy

APPENDIX 27.1 Taxonomy of XML Technologies

SL3054_frame_C27 Page 486 Tuesday, November 20, 2001 9:46 AM

The E-Business Handbook

WSDL

Industry Proposed XML Standard Internet initiative using XML

Internet initiative using XML

XML trust services

Industry Proposed XML Standard

Microsoft .NET initiative

Biztalk

XML-RPC

SOAP

OFX

MCF

Industry Proposed XML Standard

Industry Proposed XML Standard Industry Proposed XML Standard Industry Proposed XML Standard

Set of Web-based technologies (smart devices, user experiences, Web services, development tools, and infrastructure) to build, deploy, operate, integrate, aggregate and consume Internet-based services. XML is used as the integration methodology for .NET.

Meta Content Framework. Provides a standard for describing files and collections of information.10 Open Financial Exchange. Standard for financial data exchange. Simple Object Access Protocol. A transport protocol designed to exchange information over the Web. Integrated with XML for the .NET initiative. XML Remote Procedure Call is a spec and a set of implementations that allow software running on disparate operating systems, running in different environments to make procedure calls over the Internet. Four major trust services to integrate into e-business: 1. XML Key management Specification (digital signatures and encryption) 2. Security Services Markup language (portable authentication and authorization) 3. XMLPay (secure e-commerce payment processing) 4. Extensible Provisioning Protocol (streamlines domain-name registration). Web Services Description Language. A language for describing Web-based business interfaces. Microsoft’s XML server platform for small to mediumsized businesses that need data mediation support. Microsoft http://www.biztalk.org/BizTalk/defa ult.asp Microsoft http://www.microsoft.com/net/

www.uddi.org

VeriSign http://www.verisign.com/developer/ xml/

XML-RPC Org www.xmlrpc.org

Netscape www.netscape.com CheckFree, Microsoft, Intuit www.ofx.net Msdn.Microsoft.com/soap

****

*

*

**

**

***

(continued)

Industry-specific

**

SL3054_frame_C27 Page 487 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business 487

UDDI

DOM

DTD

SGML XFDL

XHTML

XLink

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

XML technology

Internet initiative using XML

XML Taxonomy

APPENDIX 27.1 (CONTINUED) Taxonomy of XML Technologies

The DOM is a standard set of function calls to help manipulate XML from a programming language. Likely to be replaced with SAX APIs. DTD (document type definition), a collection of XML declarations that define the valid structure (elements and attributes) that can be used in a document that uses the DTD. Note: compliance is strictly enforced. XML is a subset of SGML. SGML is an older, far more complex markup language specification. XFDL is the Extensible Forms Description language, which will allow the creation of very complex forms, currently not supported by HTML. XHTML is an extended HTML 4.0 standard that is XMLbased; thus XHTML document are viewable, editable, and able to be validated through standard XML-based tools. Xlink provides a standard for adding hyperlinks to an XML file, but will be more advance than unidimensional HTML links.24

Universal Description Discovery and Integration. A framework to allow people and companies to find and transact business over the Web.

Description

Core component

Core component

Core component

Core component

Core component

Core component

****

Potential strategic impact

488

W3C http://www.w3.org/TR/xlink/

W3C http://www.w3.org/ W3C http://www.w3.org/TR/NOTEXFDL W3C http://www.w3.org/TR/xhtml1/

Universal Description, Discovery and Integration of Business for the Web. www.uddi.org W3C http://www.w3.org/TR/REC-DOMLevel-1/ W3C http://www.w3.org/

Organization/Web site

SL3054_frame_C27 Page 488 Tuesday, November 20, 2001 9:46 AM

The E-Business Handbook

XPath

XSLT

XML namespaces

XML Schema XPointer and Xfragments XML style sheets

XSL

Apache Xalan BeanML

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

W3C XML Standard

XML toolset

XML toolset

A language for creating or defining the semantics of XML documents. XPointer and Xfragments go beyond Xlink by allowing developers to point to data contained inside an XML document. Style sheets describe how documents are presented on screens or in print. By attaching style sheets to structured documents on the Web (e.g., HTML), authors and readers can influence the presentation of documents without sacrificing device independence or adding new HTML tags. XSL is an advanced language for expressing style sheets based on XSLT24, which will allow Developers to create style sheets that customize displays for different devices or users. A processor for transforming XML documents into other formats. JavaBean-centered XML development.

The primary purpose of XPath is to address parts of an XML document and provide basic facilities for manipulation of strings, numbers and Booleans. XSL Transformations (XSLT) is a language for transforming XML documents into other XML documents. It is for use as part of XSL (it is not a generalpurpose XML transformation language). Allows a developer to describe the association between XML tags and Internet URLs.

IBM www.alphaworks.ibm.com/

www.apache.org

W3C http://www.w3.org/Style/XSL/

W3C http://www.w3.org/Style/

W3C http://www.w3.org/TR/REC-xmlnames/ W3C http://www.w3.org/XML/Schema W3C http://www.w3.org/TR/xptr

W3C http://www.w3.org/TR/xslt

W3C http://www.w3.org/TR/xpath

*

*

(continued)

Core component

Core component

Core component

Core component

Core component

Core component

Core component

SL3054_frame_C27 Page 489 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business 489

WebSphere Commerce Suite 4.1 Pro Edition Xenon

XML Junction XwingML

XML toolset

XML toolset

XML toolset

XML toolset

XML toolset

Sequoia XML Portal Server WebDAV

XML technology

XML toolset

XML Taxonomy

APPENDIX 27.1 (CONTINUED) Taxonomy of XML Technologies

Xenon is the first complete architecture for XML applications and was designed specifically for the development of electronic business systems. It is based entirely on open standards, offering users and software providers a reliable, durable framework with interfaces for development, deployment and scalability of XML applications. Data conversion and data bridging tool, by Data Junction, that helps developers map source files to XML targets. Like BeanML, focusing on Swing GUIs.

World Wide Web Distributed Authoring and Versioning. Enhancements to HTTP to make it a better collaborative editing platform (including use of metadata and file locking) to improve Web site design and development, and integration with B2B applications. A comprehensive suite of tools to build largely scalable ecommerce suites.

Native XML portal server by Sequoia.

Description

*

**

***

**

*

*

Potential strategic impact

490

Data Junction Corporation http://www.xmljunction.net/ www.bluestone.com/

IBM http://www4.ibm.com/software/Webservers/co mmerce/wcs_pro/ Software AG www.softwareag.com/corporat/news /jan2000/XENON.htm

Sequoia Software http://www.sequoiasoftware.com/ WebDAV org http://www.Webdav.org/

Organization/Web site

SL3054_frame_C27 Page 490 Tuesday, November 20, 2001 9:46 AM

The E-Business Handbook

SL3054_frame_C27 Page 491 Tuesday, November 20, 2001 9:46 AM

XML, A Collaborative Enabler of E-Business

491

REFERENCES 1. A. Kotok and D. Webber, Less Is More In E-Business: The XML/EDI Group, vol. 2000: xml.com, 1999. 2. R. Worden, XML E-Business Standards: Promises and Pitfalls, xml.com, 2000. 3. A.C. Lear, XML seen as integral to application integration, IT Prof., vol. 1, pp. 1216, 1999. 4. J. Bosak, Media-independent publishing: four myths about XML, Computer, vol. 31, pp. 120-122, 1998. 5. B. Bos, XML in 10 points, W3C, 1999. 6. S. Widergren, A. deVos, and J. Zhu, XML for Data Exchange, presented at Power Engineering Society Summer Meeting, 1999. 7. F. Bapst and C. Vanoirbeek, XML Documents Production for an Electronic Platform of Requests for Proposals, presented at Reliable Distributed Systems, 1999. Proc. 18th IEEE Symp., 1999. 8. R. Khare and A. Rifkin, XML: a door to automated Web applications, IEEE Internet Comp., vol. 1, pp. 78-87, 1997. 9. H. WiumLie and J. Saarela, Multipurpose Web publishing using HTML, XML, and CSS, Comm. ACM, vol. 42, pp. 95-101, 1999. 10. T. Koch, XML in Practice: The Groupware Case, presented at Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999(WET ICE ‘99). 11. B. Dorshkind, WAP untethers the Web, UNIX Review’s Performance Computing, vol. 17, pp. 59-61, 1999. 12. S. Pemberton et al., XHTML 1.0: The Extensible HyperText Markup Language, vol. 2000: W3C, 2000. 13. R.J. Glushko, J.M. Tenenbaum, and B. Meltzer, An XML framework for agent-based e-commerce, Comm. ACM, vol. 42, pp. 106-114, 1999. 14. H. Smith and K. Poulter, Share the ontology in XML-based trading architectures, Comm. ACM, vol. 42, pp. 110-111, 1999. 15. G. Szentivanyi, The role of XML in generic and distributed multimedia management, presented at IEEE 8th Int. Workshops on Enabling Technol. Infrastructure for Collaborative Enterprises, 1999 (WET ICE ‘99). 16. K.J. Fellner and K. Turowski, Component Framework Supporting Inter-Company Cooperation, presented at Enterprise Distributed Object Computing Conference, 1999. EDOC '99, 1999. 17. A. Kotok and D. Webber, The XML/EDI Group’s XML for e-business initiative, vol. 2000: XML.com, 1999. 18. M. Laplante, Making EDI Accessible with XML, EC.COM, vol. 4, pp. 23-26, 1998. 19. S. Abiteboul, On Views and XML, presented at PODS’99, Philadelphia, PA, 1999. 20. P.B. Lowry, XML data mediation and collaboration: a proposed comprehensive architecture and query requirements for using XML to mediate heterogeneous data sources and targets, 34th Ann. Hawaii Int. Conf. On Sys. Sci. (HICSS), Maui, Hawaii, 2001. 21. C. Baru, XViews: XML views of relational schemas, 10th Int. Workshop on Database and Expert Sys. Appl., 1999. 22. C. Petrou, S. Hadjiefthymiades, and D. Martakos, An XML-based, 3-tier scheme for integrating heterogeneous information sources to the WWW, presented at 10th Int. Workshop on Database and Expert Sys. Appl, 1999. 23. M.E. Porter, How competitive forces shape strategy, Harvard Business Review, vol. 57, pp. 137-145, 1979.

SL3054_frame_C27 Page 492 Tuesday, November 20, 2001 9:46 AM

492

The E-Business Handbook

24. J. Tauber, XML after 1.0: you ain’t seen nothin’ yet, IEEE Int. Comp. vol. 3, pp. 100-102, 1999. 25. International Organization for Standardization (ISO), ISO 8879:1986 Information Processing — Text and Office Systems — Standard Generalized Markup Language (SGML), Geneva, Switzerland, 2001. 26 Wireless Application Protocol Forum, Ltd., Wireless Application Protocol Wireless Markup Language Specification, Version 1.3, WAP-191-WML, 19 February 2000. 27 M. Lieberman and D. Montgomery, First mover advantages, Strategic Mgmnt. J., vol. 9, pp. 41-58, 1988.

SL3054_frame_index Page 493 Tuesday, November 20, 2001 3:02 PM

INDEX A Absorptive capacity, 207 actBIG.com, 122 Active database technology, 397 Advisory boards, 216 AECT, 163 Aggregation data, 148 Amazon.com, 100 Analyzing a business model, 3 AOL, 14, 271 Time Warner, 340 Apollo computer, 280 Application Integration, 471 Architecture of Integrated Information Systems (ARIS), 306 Ascending English, 89 ASCP, 163 Asset Revaluation, 288 Auctions, 85 combinational, 91 discriminatory, 90 event-condition-auction (ECA), 398 generalized Vickery auction (GVA), 95 multidimensional, 92 multi-unit auctions, 89 non-traditional, 101 online, 85 reverse, 92 single-item, 87 traditional, 101

B Backup.com, 303, 304 Bazaar, 237 Benford, Frank, 334 Benford’s Law, 334 Beyond.com, 302, 303 Bidding strategies, 92 Biometrics, 325 BizTalk, 479 Borderless Internet transaction Grid, 262 Born Global, 264

Branding, 463 Business, 1 information age, 1 models, 2, 3, 99 Business-to-business (B2B), 39, 67, 86, 133, 168, 300,448,467 architecture, 451, 452 payment, 182 Business-to-consumer (B2C), 139, 229 models, 230 Buy chain, 5 Buyer-central exchange, 170

C California energy crisis, 340 Capitalization and bankruptcy, 274 Cataloging, 449 Caterpillar, 280 CBL, 185 Client proxy objects, 433 Clueless agents, 388 Code obfuscation, 389 signing, 387 Collaborative Architectures, 423 CMI collaborative server, 428 Combinational auctions, 91 Commercial protocols and services (COPS), 367, 370 Complementarities, 308 Component based design, 446 process architecture, 445 system, 445 Computer Viruses, 349 Confidentiality, 384 Consumer Behavior, 146 Consumer to consumer (C2C), 300 architectures, 453 Content restrictions, 274 Continuous replenishment planning (CRP), 81 493

SL3054_frame_index Page 494 Tuesday, November 20, 2001 3:02 PM

494

Control Activities, 324 CORBA, 399, 401, 424 Corporate Security policy, 359 CoShopper.com, 123 COTS, 444 C-Tribe.com, 123 Culture-sensitive e-commerce, 237 Currency flow, 283 Curriculum, 203 Customer impersonation, 323 information support (CSI), 451 relationship management (CRM), 73 Customizable products, 462 Cyber Attacks, 343 Cyber Offensives, 343

D Data, 476 mediation, 476 mining, 332 theft, 322 DEC, 281 Demandline.com, 124 Denial-of-services (DoS) Assaults, 348 Descending Dutch, 89 Detection of fraud, 328 Digital business infrastructure, 12 Digital divide, 250 Digital signatures, 325 Discovery sampling, 332 Discriminatory auction, 90 Distributed software, 395 Dynamic pricing, 100 mechanisms, 100 models, 101

E eBay, 86, 100 .com, 235 E-business, 17, 19 global, 261 infrastructure distributor, 25 models, 4, 19 focused distributor, 23 infrastructure distributor, 26 infrastructure portal, 27

The E-Business Handbook

infrastructure producer, 28 portal, 24 producer, 25 revenue and cost, 29 portals, 21 process design, 443 revenue and cost, 29 E-channel, 40 E-citizens, 249 Economies, 6 information age, 7 of scale, 5 of scope, 6 EDGAR, 279 Education curriculum, 203 e-business major, 209 internship program, 217 reinventing, 203 Efficient consumer response (ECR), 75 E-lancer Model, 265 electronic commerce (EC) embedding, 38 electronic commerce (EC) enterprise, 35 Electronic commerce, see e-commerce (EC), 33, 34, 45, 367, 379 embedding, 38 enterprise, 35 evolution, 229 hierarchical framework, 36 Electronic data interchange (EDI), 33, 76 XML/EDI, 477 Electronic, 244 democracy, 244 government (e-gov), 243, 245, 246 hubs (e-hubs), 171 market, 366 E-Marketplace, 37, 168 external, 169 internal, 169 Emusic.com, 303, 304 Encryption, 326 functions, 389 horizontal, 169 vertical, 169, 174 Enterprise JavaBeans (EJB), 396, 399, 400 server, 430 Enterprise Resource Planning (ERP), 301 E-procurement, 167 system, 168

SL3054_frame_index Page 495 Tuesday, November 20, 2001 3:02 PM

Index

E-services, 297, 298 European Information Society (EIS), 244 Evaluators, 93 Event-condition auction (ECA), 398 Evergreen evolution, 207 Exchanges, 168 private, 170, 172, 173, 176 public, 170, 172, 173, 174 Execution monitoring, 386 tracing, 390 Experiential products, 461 Exposure problem, 91 Extraversion, 193 Extraverts, 195

F False Web, 323 Falsifies Identity, 322 Fast-follower corporations, 484 Fault tolerance, 390 Firewalls, 437 First-mover corporation, 483 Foreign-currency, 280 Fraud, 316, 317 detection of, 328 motivations, 317 risks, 318 symptoms, 329

G Generalized Vickery Auction (GVA), 95 Global governance model, 265 Globalization, 282, 284 Government Accounting Office (GAO), 247 Group-buying, 99 mentality, 104 models, 101, 102 Web site, 106, 107

495

I In Situ products, 462 Independent private values (IPV), 87 Inductive fraud detection, 335 Information and communication technologies (ICTs), 228 Infrastructure, 24 distributor e-business models, 26 distributors, 21 portal e-business models, 27 portals, 21 producer e-business models, 28 producers, 22 Inside-Out Integration, 179 Institutional environment, 270 Integration Rules (IRules), 396 definition language (IRDL), 404 language, 408 project, 402 Integrity, 384 Intellectual property, 222, 273 Intelligent agents, 471 Internal e-marketplace, 170, 173 Internationalization, 284 Internet, 470 appliances, 470 evolution, 189 fraud, 346 Introverts, 195 Intuit, 10 IRules, 411–415

J Java virtual machine (JVM), 429 JavaBeans, 399, 400

K Knowledge management system (KMS), 304, 307

H

L

Hackers, 361, 362 Heterogeneous data, 467 Hierarchical framework, 36, 37 HomeNet, 190, 191 Horizontal e-marketplaces, 175

Large open distributed systems, 379 Lead-time gap, 73 Letsbuyit.com, 116 Localization, 282, 284 Locking, 437

SL3054_frame_index Page 496 Tuesday, November 20, 2001 3:02 PM

496

M Macro effects, 342 Malicious agents, 385, 388 Management, 38 Market efficiency, 140 exchange matching mechanism (MEM), 451 mechanisms, 103 Marketing, 449 Marketspace, 235 Mentoring, 218 Menu costs, 142 Mercata.com, 108, 129, 130 Metadata, 469 Microstructure, 100 Mobile agents, 381 Mobshop.com 111, 129, 130 Modeling security semantics of business processes (MoSSbp), 367 Models of governance, 267 Modularization, 301 MS Market, 180 Multichannel sales, 40 Multicurrency, 282, 289, 290 Multidimensional auctions, 92 Multinationalization, 282, 284, 290 Multi-Unit Auctions, 89

N National Emergency Management Information System (NEMIS), 244 NetDocuments, 213 Non-traditional Auctions, 101

O OBI, 185 OFX, 184 Oklahoma Investment Forum (OIF), 162 Online auctions, 85 markets, 249 trade fairs, 155 OnlineChoice.com, 124 Operational analysis, 82 Opportunists, 93 Order, 449

The E-Business Handbook

Order-cycle time, 73 OSD, 185 OTP, 184 Outside-In System Integration Policy, 175 Outsourced Solutions, 183

P Partial result encapsulation, 388 Participators, 93 Partnerships between business and academia, 213 Path histories, 387 Payments, 450 Pennwell Publishing’s Fire Department Instructors’ Conference (FDIC Online), 164 Performance gap analysis, 63 Personal fit products, 462 Personalization, 256 PointSpeed.com, 124 Portals, 19 Porter and Millar, 68 Price dispersion, 141 elasticity, 141 levels, 140 reduction models, 101 threshold effect, 104, 105 Pricing, 139, 449 Privacy, 252, 253, 349 Private exchanges, 170, 172, 173, 176 Private ExcLNLhange, 170 Procurement Marketplaces, 173 Producers, 20 Programming Frameworks, 425 Proof carrying code, 386 Property handles, 432 Public Exchanges, 172, 173, 174 Push and Pull Chain, 71

Q Quality Evaluation Method (QEM), 58 Questionable bidding behavior (QBB), 94 Quicken.com, 10

R Rapid application development (RAD), 425

SL3054_frame_index Page 497 Tuesday, November 20, 2001 3:02 PM

Index

REMAP, 307 Replication, 390 Representative government, 253 Request for proposal (RFP), 473 Requisition, 450 Retailer Behavior, 143 Reverse auctions, 92 Risk assessment, 321, 360 management, 287 Remote method invocation (RMI), 433 RossetaNet, 185

S Sand boxing, 386 Sealed-bid Multi-Round Auction Protocol (S-MAP), 95 Security, 252, 253, 339, 367, 437 audits, 353 cost paradox, 360 myths, 356 requirements, 369, 384 threats, 385 Seller-Centric exchange, 170 Service individualization, 299 Sessioning, 437 Sevice architecture, 298 Shipping, 450 SHOP2gether.com, 125 Shopbots, 147 Shopping mall, 230 Single-item auctions, 87 Sir Freddy Laker, 280 SmithKline, 281 Sniffing, 322 Social compensation, 193 impact, 189 support, 193, 196 Sponsorships, 219 Spoofing, 323 Stages of e-gov, 254 State appraisal, 387 Strategic Planning, 79 Supply and demand chain, 71 Supply chain, 5, 38 management (SCM), 67, 69, 171

497

T Tactical analysis, 81 TechnoXpo, 163 Third party exchange, 170 Threshold problems, 91 Time value of money (TVM), 280, 286 Trading partners, 467 Traditional auctions, 101 Transaction cost economics (TCE), 266 cost theory, 268 grid, 262 Trust, 463 management, 360 Trusted electronic, 365

U Ubiquitous computing, 41 Unauthorized Access, 322 Union Carbide, 281

V Value Chain, 68, 69 framework, 4 Value web, 9 Value-added networks (VAN), 76, 81 Value-creating activities, 5 Vendor-managed inventory, (VMI), 74 Vertical and Horizontal E-Marketplaces, 169 Vertical e-marketplaces, 174 Virtual private network (VPN), 81 reality (VR), 457, 458 technologies, 460 selling, 40 trade fairs, 153, 154 VolumeBuy.com, 125

W Web defacement, 348 development process, 50, 62 evaluation, 45, 46 approaches, 48 security audit services, 354 strategy Development, 50

SL3054_frame_index Page 498 Tuesday, November 20, 2001 3:02 PM

498

The E-Business Handbook

benefits of, 473 business consortiums, 479 custom, 479, 480 data mediation, 481 strategic Opportunities, 483 wireless access protocol (WAP), 471 wireless markup language (WML), 471 XML/EDI, 477

assessment, 57 Web-marts, 227, 231 WebQual, 57 Web-Visit Hijacking, 323 Wireless access protocol (WAP), 471 markup language (WML), 471 Worms, 349 WWW Consortium (W3C), 468

X XML, 184, 467

Z Zwirl.com, 126