Chapter 5: Overview of Retail Models

What’s New in Online Retail?

1. Retail Mobile E-commerce is Booming
● Mobile Focus: Unlike before when we primarily used laptops for online shopping,
today’s generation heavily relies on smartphones and mobile devices for e-commerce
activities such as shopping in Shopee, Lazada or Zalora. Many retailers such as JD or
FootLocker have also shifted more towards mobile commerce operations, improving
their application experience by including app-only promotions or exclusive deals that
customer’s can’t get in-store.
2. Social Networks and Social E-commerce
● Social Media Integration: Platforms like Facebook, Instagram, and TikTok are
experimenting with ways to enable shopping directly through their apps. This trend
allows businesses to communicate directly with customers, governments, and other
companies through social media. Social media is a powerful tool nowadays as
technological advancement has transformed it into a central hub for marketing, customer
engagement, and direct sales, making it an essential component of modern business
strategies.
3. Online Retail Growth
● Fastest-Growing Channel: Online retail remains the fastest-growing sector in retail.
The variety of products available online continues to expand, including luxury items.
4. Product Comparison and Consumer Behavior
● Customer Choice: With the wide range of products available, consumers often compare
different options before making a purchase. If a retailer doesn't have what the customer
wants, the customer will easily find another product or company that does.

5. Specialty Retail Sites

● Niche Markets: Specialty sites focusing on specific product categories, like sportswear
(e.g., Nike, Adidas, Under Armour), are experiencing rapid growth. Or smartphone
technologies (e.g., Apple, Samsung, Huawei).
Examples:
● Unexpected Needs: If you unexpectedly find cockroaches in your house, you
will quickly search for and call a pest control service.
● Specialized Retailers: Brands like Nike, Adidas, and Under Armour specialize in
sportswear, offering a focused selection to their customers.
6. Subscription-Based Models
● New Business Models: Online retail is increasingly adopting subscription-based
models. This includes services like Chat GPT (AI assistant), Netflix (entertainment),
online learning platforms, consultancy services, and music streaming.
7. Big Data and Predictive Marketing
● Data Utilization: Businesses use big data to understand customer preferences and
predict future demand. They collect customer details and use this information to market
their products directly to their audiences.
○ Personalized Marketing: For instance, businesses might send personalized
emails highlighting your name and offering products that match your past
behavior and preferences, such as Nike sending an email of 15% voucher “We
miss you! Grab your equipment now!” with terms and conditions applied.
○ Predictive Marketing: By analyzing trends and data, companies can forecast
future demand for their products, allowing them to better cater to customer
needs.

The Vision
Vision: a company’s long-term achievement; a plan for the business’s future involving
significant improvements and goals.
The Vision includes:
1. Reduced search and transaction costs; customers able to find the lowest price
● Ease of Finding Deals: E-commerce reduces the effort and cost of searching
for products. Customers can easily find the lowest prices available. (Pet
grooming company got food, accessories etc)
● Cost-Effective Shopping: Whether customers want something expensive or
cheap, online platforms provide a flexible selection, allowing them to choose
based on their budget.
2. Low Barrier Market Entry and Low Operating Costs
● Access for All: E-commerce has low barriers for entering the market. Anyone
can start selling products online without the high costs associated with traditional
brick-and-mortar stores.
● High Efficiency: Online businesses often operate at lower costs and higher
efficiency compared to physical stores.

3. Omni-Channel and Pure-Play Merchants

● New Business Models: The internet has created opportunities for omni-channel
firms (those that operate both physical and online stores) and supported some
businesses that operate exclusively online (pure-play merchants).
● For instance, Omni-channel merchants like Aeon and Lotus, while Pure-PLay
merchants are Shopee and Lazada.
4. Omni-Channel Approach:
● Integration: Combining physical stores with e-commerce allows businesses to
cater to different customer preferences. For example, a customer might prefer to
browse online but pick up the item in a physical store like ZUS Coffee.
 ● Human Touch: Despite the growth of e-commerce, human interaction remains
important. An omni-channel strategy ensures that businesses can provide the
personal touch that customers still value.

Challenges (online retailers)

Key industry strategic factors
1. Barriers to Entry (Low/High)
● Generally, starting an online retail business is relatively easy and inexpensive
compared to opening a physical store. However, barriers are low unless specific
government regulations exist.
● Example: Some countries may ban platforms like Facebook or TikTok, creating a
higher barrier for social media-based e-commerce in those regions.
2. Power of Suppliers
● Low Supplier Power: When there are many suppliers to choose from, the
retailer has more options and bargaining power.
● High Supplier Power: If a supplier is a pioneer or the most recognized in the
market, they can exert more influence over terms and conditions.
3. Power of Customers (Satisfaction)
● High Customer Power: Customers have significant power because they have
many options available and can easily compare products from different retailers.
This means online retailers must work hard to attract and retain customers by
offering better prices, quality, and service.
4. Existence of substitute products
● There are often many alternative products available online. For example, tablets
like the iPad can replace traditional paper and pen, making it crucial for retailers
to innovate and differentiate their products to stay competitive.
● Example: Streaming Services vs. Traditional Media: Online streaming platforms
like Netflix and Spotify have become substitutes for traditional media such as
cable TV and physical music CDs. Consumers can now access a vast library of
movies, TV shows, and music on demand, leading to a significant shift in how
entertainment is consumed. This forces traditional media providers to adapt by
offering online services or risk losing market share.
5. Industry value chain
● Value Chain (Internal Focus): The value chain refers to the different
departments and activities within a company that add value to the product or
service, such as marketing, IT, finance, and accounting.
● Example: A company might have a marketing department responsible for
promoting products, a finance department for managing funds, and an
accounting department for keeping track of transactions.
● Supply Chain (External Focus): The supply chain involves external partners
that help produce and distribute the product, including manufacturers, producers,
retailers, and distributors.
● Example: A manufacturer produces the goods, which are then distributed to
retailers who sell them to consumers.
 ●Outsourcing in E-Commerce: E-commerce companies can outsource certain
functions to external partners to focus on their core competencies such as
marketing, graphic design or software development.
● Example: A company might outsource its marketing activities to a specialized
marketing agency instead of handling themselves.
6. Nature of intra-industry competition
● Related Products: Intra-industry competition involves companies offering related
products and services that can complement or compete with each other.
● Example: In the pet industry, companies might offer pet food, grooming services,
veterinary clinics, and boarding facilities. These services can be integrated to
provide a comprehensive offering to customers.
● Example: In the smartphone industry, like Apple with its iPhone, offer a variety of
related products and services that enhance the smartphone experience. The core
product, such as the iPhone, is complemented by accessories like AirPods,
Apple Watch, protective cases, and fast chargers. The App Store provides a
platform for numerous applications, enhancing the phone’s capabilities, while
iCloud offers storage solutions and data synchronization across devices.
Streaming services such as Apple Music, Apple TV, and Apple Arcade provide
entertainment options. Additionally, AppleCare offers warranty and support
services for hardware, creating a comprehensive ecosystem that enhances user
experience and drives customer loyalty.

Online Service Sectors (Features)

Different services have different intensity in terms of interactions, integrations and human
physical touch (experiences).
Types of Service Sectors
a) Professional Services: Includes fields like lawyers, doctors, accountants, and business
consultants, where expertise and personalized advice are critical.
b) Finance Services: Services like banking and credit card management require significant
interaction for issues such as reporting a lost card, necessitating human touch to resolve
problems efficiently. For instance, calling the bank or heading to the bank physically for
large transactions.
c) Insurance Services: Often needs more interaction physically to explain policies,
process claims, and provide support so customers can understand better increasing
satisfaction.
d) Real Estate Services: Involves physical interaction and human touch for tasks like
property viewing, negotiations, and closing deals. For instance, a potential buyer will
meet up with an agent to discuss property viewing, floor plan, and important documents
such as Sales and Purchase agreement etc.
e) Travel Services: Normally has lower interaction intensity; once tickets are booked
online, customers can proceed independently with their travel plans.
Extra notes:
Online retailing is like direct selling (buy and sell process), the objective is to sell the
product or service.

Major features of Online Service sector:

(1) Product Information:
● Description and Details: Online platforms provide detailed descriptions of services and
products, including features, benefits, prices, and customer reviews.
● Visuals: High-quality images, videos, and sometimes virtual tours help customers
understand what they are purchasing.
● Comparisons: Many sites offer comparison tools to help users make informed decisions
by comparing different products or services side-by-side.
(2) Search Engine/Functions:
● Search Bar: Allows users to quickly find specific products or services by entering
keywords.
● Filters and Sorting: Users can filter search results by various criteria such as price,
popularity, rating, and more, making it easier to find exactly what they need.
● Personalized Recommendations: Advanced algorithms suggest products or services
based on user behavior and preferences, enhancing the shopping experience.
● Example: Many apps now include personalization options in their settings. For instance,
Instagram and TikTok allow users to see personalized content based on their behavior,
such as likes, shares, and the types of content they engage with most. This
personalization keeps users engaged and satisfied, as they continuously receive content
that matches their interests.

Challenges of Online Retail 2-3 Decades Ago

1) Low Price Leading to Low Profits
● Offering low prices often resulted in low profit margins unless the business could
significantly reduce costs.
● Example: Apple began manufacturing in countries like China and Indonesia, where
labor and production costs are lower, to maintain profitability despite low pricing
strategies.
2) Inefficient Business Processes
● Many businesses faced inefficiencies in their processes, leading to problems like
damaged or lost parcels and inadequate security controls.
● Example: Lalamove might have struggled with parcel damage, loss, and insufficient
security measures, impacting customer satisfaction and loyalty.
3) High Advertising and Promotion (A&P) Expenses
● Businesses had to invest heavily in advertising and promotion to attract customers,
which increases their operational costs.
● Example: Traditional marketing methods, such as TV and print ads, were expensive,
and without efficient digital marketing tools such as Instagram and Facebook,
businesses found it challenging to reach their target audience cost-effectively.
4. Less Traffic to Websites
● Many early websites were static, lacking interactivity and engagement, which led to low
traffic and poor customer retention.
● Example: A dull, non-interactive website failed to attract visitors and engage customers,
resulting in fewer sales and lower customer retention rates. Websites without features
like live chat, visually appealing product interface, personalized recommendations, or
engaging content struggled to keep users interested and returning.

Tutorial Questions
What is an omni-channel merchant? What advantages do they have? What challenges do
they face?
(Points) An omni-channel merchant integrates both online and physical retail experiences,
offering a seamless approach to cater to different customer preferences. This integration allows
businesses to leverage the advantages of both platforms. For example, ZUS Coffee provides a
personalized customer application that offers a seamless experience by allowing users to place
orders online and pick them up in-store. If a customer is rushing to work and doesn't have time
to wait at the outlet, they can use the app to place their order and receive a notification when
their drink is ready, saving time and enhancing convenience for both the business and the
consumer. (Elaboration) Omni-channel merchants benefit from increased customer satisfaction
and loyalty by providing flexible shopping options and consistent experiences across channels.
Additionally, despite the growth of e-commerce, human interaction remains important. An
omni-channel strategy ensures that businesses can provide the personal touch that some
customers still value, such as in-person assistance and the ability to physically inspect products
before purchase. (Oppose points) However, they also face challenges such as the need for
robust inventory management, the integration of online and offline data systems, and the
coordination of marketing and customer service efforts across multiple platforms. Despite these
challenges, the omni-channel approach allows businesses to reach a broader audience and
adapt to changing consumer behavior effectively.

Why are on-demand service companies viewed as being disruptive and controversial?
On-demand service companies like Grab and Netflix are viewed as disruptive and controversial
because they significantly alter traditional business models and market dynamics. By providing
transportation, entertainment, and accommodation services through their apps, these platforms
bypass traditional intermediaries, reducing costs and offering greater flexibility to users.
However, this disruption has led to controversies, such as regulatory challenges and labor
disputes. For example, in Malaysia, traditional taxi services have faced stiff competition from
Grab, leading to protests from taxi drivers and calls for stricter regulations. Taxi drivers argue
that Grab drivers are not subject to the same stringent licensing requirements and fees, creating
an uneven playing field and threatening their livelihoods. Similarly, Netflix has disrupted the
traditional television and film industries in Malaysia, affecting local broadcasters like Astro and
TV3. These traditional media companies have seen a decline in viewership and advertising
revenue as more people turn to on-demand streaming services. This shift has caused tension
within these industries, with calls for regulatory changes to ensure fair competition and protect
local production.
List and discuss the FOUR types of online retailing models
Retail mobile e-commerce is booming as today's generation relies heavily on smartphones for
shopping. Unlike the past when laptops were the primary tool for online shopping, mobile
devices now dominate e-commerce activities. Retailers such as Shopee, Lazada, JD, and
FootLocker have shifted their focus towards mobile commerce by improving their app
experiences. These improvements often include app-only promotions or exclusive deals that are
not available in physical stores, thus driving more traffic to their mobile platforms and enhancing
customer engagement.

Social networks and social e-commerce are transforming how businesses reach and interact
with customers. Platforms like Facebook, Instagram, and TikTok are integrating shopping
features directly into their apps, allowing users to make purchases without leaving the platform.
This integration makes social media a powerful tool for marketing, customer engagement, and
direct sales. For instance, brands can now run targeted ad campaigns, communicate with
customers in real-time, and sell products through social media channels, which has become an
essential component of modern business strategies.

Subscription-based models are a significant trend in online retail. This model involves offering
services that customers subscribe to on a recurring basis, such as AI assistants (Chat GPT),
entertainment platforms (Netflix), online learning (Coursera), consultancy services, and music
streaming (Spotify). Subscription models provide a steady revenue stream for businesses and
often result in higher customer loyalty. For example, Netflix offers unlimited access to its content
library for a monthly fee, providing convenience and value that encourage long-term customer
subscriptions. Additionally, Netflix's strategy of offering a free trial period encourages potential
customers to explore its content without any initial financial commitment. By requiring payment
details upfront and converting to a paid plan automatically if not canceled, Netflix attracts new
users and leverages convenience to retain them.

Big data and predictive marketing is revolutionizing how businesses understand and cater to
their customers. By collecting and analyzing customer data, companies can identify preferences
and predict future demand. This allows for highly personalized marketing strategies, such as
sending tailored emails with special offers based on past purchase behavior. For instance, Nike
might send a personalized email with a discount voucher to a customer who hasn't shopped in a
while, encouraging them to return and make a purchase. Predictive marketing helps businesses
anticipate customer needs and adjust their offerings accordingly, ensuring they stay ahead of
market trends.
Identify the key industry strategic factors and describe how they impact the viability of
firms operating within that industry.
Key industry strategic factors significantly impact the viability of firms operating within an
industry, influencing their ability to survive and thrive.

Barriers to entry are generally low in online retail, as starting a business online is often easier
and cheaper than establishing a physical store. However, government regulations can raise
these barriers, as seen in countries that ban platforms like Facebook or TikTok, complicating
social media-based e-commerce.

Power of suppliers also plays a crucial role. When suppliers are plentiful, retailers have more
options and bargaining power, but recognized and pioneer suppliers can exert significant
influence over terms and conditions.

High customer power, driven by the ability to easily compare products, forces retailers to
constantly innovate and improve their offerings to attract and retain customers. The existence of
substitute products, such as tablets replacing traditional paper, compels firms to differentiate
their products to maintain competitiveness. For example, streaming services like Netflix and
Spotify have disrupted traditional media, requiring these providers to adapt by offering online
services.

Value chain and supply chain are vital to operational efficiency, with internal departments
adding value through specialized functions and external partners facilitating production and
distribution. Companies often outsource functions like marketing to focus on core competencies.

Intra-industry competition involves related products and services that can either complement
or compete with each other, as seen in the pet industry or the smartphone ecosystem. Apple, for
instance, enhances the iPhone experience with accessories, apps, cloud services, and support,
creating a comprehensive ecosystem that boosts customer loyalty and drives profitability.
Chapter 9: E-commerce Security (Part 1)
Key security Risks arises in Online Businesses
Computer Risk and Risk Management
Asset protection from unauthorized access, use, alteration and destruction
● Physical security: Involves tangible measures to protect assets from unauthorized
access, use, alteration, and destruction. It includes devices and protocols such as CCTV
cameras, alarms, security guards, fireproof doors, security fences, safes, and bomb
proof buildings. It aims to protect the physical property and infrastructure of an
organization, ensuring that only authorized personnel can access critical information. For
example, securing an entire residential area (Taman Bunga) with a security group helps
prevent unauthorized access and potential physical threats to the area and its residents,
such as thieves and burglars.​Or in technology form, these security measures helps
prevent unauthorized access from hackers and IT threats.
● Logical security: This involves using non-physical means to protect digital assets,
including data and network systems. Logical security measures include implementing
strong passwords, encryption, firewalls, and access controls. Biometric systems,
such as fingerprint or facial recognition, are increasingly used for enhanced security.
Additionally, it focuses on maintaining data integrity (keeping the data accurate and
unaltered), secrecy (protecting data from unauthorized access), and availability
(making sure the data is accessible when needed). These practices help protect the data
from cyber threats like hackers, malware, and other IT-related risks.
Risk management model: Four general actions to address physical threats, which are
categorized based on their impact (cost) and probability.
● Eavesdropping: Refers to an unauthorized party, whether a person or a device, that
listens to and copies internet transmissions. This can happen through various means,
such as:
○ Man-in-the-middle attacks: Intercepting and potentially altering the
communication between two parties (a user and website) without their
knowledge. For example, a fake banking website may be used to capture
financial login information. The fake site is “in the middle” between the user and
the actual bank website. The goal of an attack is to steal personal information,
such as login credentials, account details and credit card numbers.
*Ignore the rest, FOCUS ON PREVENTING “High Probability & Impact”
● High probability: the probability that it will happen
● Low impact: Does not impact on your security that much.
High Probability & Low Impact
● In cybersecurity, even low-impact events can have serious repercussions. For instance,
if customers distrust an e-commerce platform due to perceived security weaknesses,
they may avoid making purchases, leading to revenue loss. Additionally, these
customers might share their negative experiences with friends and family, amplifying the
damage and causing a broader loss of potential customers.
● Frequent but minor issues can disrupt operations if not managed properly. Containing
and controlling them prevents small problems from becoming major ones. For instance,
Phishing Attempts. Phishing emails can be controlled through employee training and
email filtering software. While each attempt may not cause significant damage,
consistent vigilance prevents potential breaches.
High Probability, High Impact
● Prevent targets risks that are both highly probable and highly impactful. The goal is to
implement measures to prevent these risks from occurring in the first place. For
instance, Data Breaches. High-profile data breaches can result in significant financial
loss and reputational damage. Investing in strong cybersecurity measures, such as
firewalls, encryption, and regular security audits, is essential to prevent such incidents.
Elements of Computer Security

By maintaining data integrity (keeping the data accurate and unaltered), secrecy (protecting
data from unauthorized access), and availability (making sure the data is accessible when
needed), these practices will help protect the data from cyber threats like hackers, malware, and
other IT-related risks.
Secrecy
● Refers to protecting data against unauthorized access while ensuring data authenticity.
In e-commerce terms, it means safeguarding sensitive customer information, such as
personal details and payment data, from being accessed by unauthorized parties.
Customers are often reluctant to provide detailed information unless they are confident
that the platform can protect their privacy and data. For example, websites can use
encryption protocols like SSL/TLS to ensure that data transmitted between the user’s
browser and the website remains confidential. This means that even if data is
intercepted, it cannot be read without the correct decryption key.
Integrity
● Means that keeping the data accurate and unaltered. For instance, Man-in-the-Middle
(MITM) Attack: In a MITM attack, a hacker intercepts communication between a user
and a legitimate website. For instance, a fake banking website could be used to capture
financial login information. The fake site is "in the middle" between the user and the
actual bank website. The hacker’s goal is to steal personal information like login
credentials, account details, and credit card numbers. Some ways to prevent MITM
attacks are adopting secure channels, such as VPNs, firewalls, or encrypted
messaging services.
Necessity (Availability)
● Refers to ensuring that data and resources are accessible when needed. It involves
preventing delays or denials of data availability. For instance, a Distributed Denial of
Service (DDoS) attack overwhelms a website with traffic, causing it to slow down or
become unavailable. This can prevent users from accessing important data or services.

Establish a Security Policy

Determine Which Assets to Protect from Which Threats:
● The first step in creating a security policy is to identify the assets that need protection
such as data, hardware, software, and network infrastructure. It’s also crucial to
understand the threats that could compromise these assets, such as cyber-attacks,
data breaches, hackers, physical theft, or natural disasters. For example, companies
might identify its customer database as a critical asset that needs protection from
cyber-attacks and unauthorized access.
Determine Access Needs to Various System Parts:
● Evaluate who needs to access different parts of the system and why they need the
access. This involves defining user roles and permissions to ensure that only
authorized personnel can access sensitive information. For example, in a healthcare
organization like hospitals, only doctors and authorized medical staff should have access
to patient records, while administrative staff may only access non-sensitive information
such as doctor schedules and billing information.
Identify Resources to Protect Assets:
● Determine the tools, technologies, and strategies required to protect identified assets
from potential threats such as data breach or hackers. This can include firewalls,
encryption, intrusion detection systems, and security training for employees. For
example, a company might deploy an encryption solution or strong firewalls to protect
sensitive customer data stored in its database.
Develop a Written Security Policy:
● Document the security policy in writing, detailing the procedures and protocols for
protecting assets. This policy should outline the roles and responsibilities of employees,
the security measures in place, and the actions to be taken if there's a security breach.
For example, a company’s written security policy might include guidelines for password
management, such as requiring strong passwords and regular password changes.
○ Firewall policy describes the types of traffic that an organization’s firewall(s)
should allow or deny.
○ Remote access policy spells out how and when employees can remotely
access company resources.
Comprehensive Security Plan
A comprehensive security plan requires acceptable security measures, ensuring that all
critical data information aspects are covered.
Privacy: Protects data from unauthorized access and disclosure. This ensures that sensitive
information remains confidential. Encrypting data both in transit and at rest to prevent
unauthorized access.

Integrity: Ensures that data remains accurate and unaltered during storage and transmission.
Implementing checksums or hash functions to verify data integrity.

Availability: Ensures that data and systems are available to authorized users when needed.
Using redundancy and backup solutions to prevent downtime during hardware failures or
cyber-attacks.

User Authentication: Confirms the identity of users accessing the system to prevent
unauthorized access. Using multi-factor authentication (MFA) or two-factor authentication
(2FA) to add an extra layer of security beyond just passwords.

Examples:
A financial institution like banks that handles sensitive customer information should have a
strong security policy to protect against threats such as hacking and phishing attacks. By
implementing strong encryption, firewalls, user authentications, and employee training on
cybersecurity best practices, the institution can safeguard its assets and maintain customer
trust.

Cookies and Web Bugs

Internet connection between Web clients and servers is accomplished by multiple
independent transmissions → No continuous connection (open session)
Cookies
Refers to small text files that web servers place on web clients’ computers to identify returning
visitors. It makes browsing more convenient by remembering visitors’ preferences, login status,
and other settings. Visitors that revisit the website would not need to repeat security
identification measures like 2FA every time they visit.
● Session Cookies
○ Session cookies are temporary and are deleted once a visitor leaves the browser
or logs out, meaning no data will be saved between sessions.
● Persistent Cookies
○ Persistent cookies remain on your device for a set period, even after a visitor
closes the browser, allowing websites to remember your information over time
like 7 days or 30 days span, which can be useful for features like shopping carts
or saved settings.
● First-party cookies
 ○ First-party cookies are set by the website you're visiting, making them generally
safer and more secure. For example, if you’re visiting a shopping site, that site
might place a cookie on your computer to remember your login details or what
items you have in your cart. These cookies help improve your experience on that
specific site by remembering your preferences and settings.
● Third-party cookies
○ Third-party cookies come from other sites and can pose privacy risks, such as
tracking across multiple websites or middle man attacks like MITM. These
cookies are often used by advertisers or data analytics companies to track your
behavior across multiple sites. For example, if a different site displays ads from a
particular ad network, that network might place a cookie on your computer to
track which websites you visit and target ads accordingly. Third-party cookies can
raise privacy concerns because they can be used to build detailed profiles of your
browsing habits across different websites (personalized).
Disabling cookies entirely for protection
Disabling cookies can provide complete protection but may limit access to certain website
features. For instance, if you’re shopping online, cookies help remember the items in your cart
as you browse, but third-party cookies might be used by advertisers to track your behavior
across different sites.

Active Content
Active Content refers to the interactive elements embedded within web pages, enhancing user
experience by enabling dynamic features and real-time updates. For instance, animations,
videos, playing audio, and moving graphics. Active Content’s purpose is transforming a static
web page into a responsive and engaging platform. For example, platforms like Facebook and
Instagram use active content technologies to create personalized user experiences by using
algorithms that create a personalized feed based on user preferences and behavior such as
foodie, or car enthusiast will receive recommended contents respectively.

Active Content is safe when used correctly, there is a risk of malicious code being embedded in
some active elements. For instance, Crackers can embed malicious active contents like Trojan
Horse. It is a type of malicious software that disguises itself as a legitimate program or file.
Trojan cannot self-replicate but can mislead the users. It performs various malicious activities
such as stealing sensitive information like login credentials, financial data, and personal files.
For example, a user unknowingly downloading a Trojan from a fake Netflix plugin could have
their login details stolen. A zombie is a computer that has been secretly taken over by a hacker
and is used to perform malicious activities without the owner's knowledge. When a computer
becomes a zombie, it becomes part of a botnet (a network of infected computers) controlled by
the hacker. These botnets can be used to launch large-scale attacks, such as Distributed Denial
of Service (DDoS) attacks or spams. For instance, an Instagram user might click on a malicious
link, turning their device into a zombie that participates in a botnet used to launch DDoS attacks
against other websites. To mitigate these risks, web developers should follow best practices and
ensure that up-to-date security measures are in place, and users should only access websites
they trust.
Chapter 10: (Part 2)
Steganography
Steganography is the practice of hiding information within another piece of information, such as
embedding a secret file inside an image or audio file, to keep it hidden from normal users. This
technique is often used to hide encrypted data, ensuring that the hidden information remains
undetectable and secure. The process involves two key steps:
● First, the file is encrypted to protect its contents from being read
● Second, steganography is employed to embed this encrypted file within another file,
making it virtually invisible to anyone who might come across it.
This method is used by malicious actors to covertly transfer sensitive or illicit data such as
personal information, confidential business data and login credentials. For example, a
stenographer might hide an encrypted document within the pixels of a digital image; to a normal
user, the image would appear normal, but the hidden document could only be accessed with the
correct decryption key and steganographic technique.

Physical Security (Client device) & Client security (Mobile devices)

Computer devices
Physical security for client computers can include advanced technologies like face recognition,
fingerprint scanners, and other biometric systems, which offer a higher level of protection
compared to traditional passwords. These biometric methods utilize unique biological traits,
such as fingerprints, signatures, eye or palm scans, and vein patterns to authenticate users.
Mobile devices
For mobile devices, securing access with strong passwords is essential, and features like
remote wipe can be used to erase all personal data if the device is lost or stolen, either through
a dedicated app or email. Additionally, many users enhance their security by installing antivirus
software to protect against malicious threats. However, caution is needed with apps, as rogue
applications may contain malware or collect personal information to forward to malicious actors.

The main difference between these 3 different ‘Hat Hackers’ are their intentions and methods
when it comes to computer security.
Black Hat Hacker
Black hat hackers are cybercriminals that illegally crack systems with malicious intention. They
gain unauthorized access to computer systems by implanting a virus or other type of malware
such as a trojan. For instance, black hat hackers use ransomware attacks to extort financial
gains, hacking into a bank's network to steal customer data, including credit card information
and personal details, to commit fraud or sell the stolen information on the dark web.
Grey Hat Hacker
Grey hat hackers operate in a more ambiguous space; they may identify security weaknesses
without the consent/permission of the organization they hack into. However, they do not exploit
(utilize) these vulnerabilities for personal gain. Instead, they may disclose their findings to the
affected parties, sometimes seeking compensation or recognition. A researcher who discovers a
significant security flaw in a software but doesn't have permission to test it. They responsibly
disclose(reveal) the flaw to the software developer to address the issue before publicly revealing
it, but seeking a reward or recognition for their discovery.
White Hat Hacker
White hat hackers, known as ethical security hackers, identify and fix vulnerabilities. They hack
into systems with the permission of the organizations and try to uncover system weaknesses to
fix them and strengthen overall internet security of the organization. For instance, a
cybersecurity professional from a company like Google or Microsoft who is hired to conduct
penetration testing on their systems to find and fix security weaknesses to protect against
potential cyber attacks, ensuring the company's systems are secure.

Protecting an IP address (website) is crucial to ensure the security and privacy of your
network and systems. Users can safeguard their IP address using firewalls, keeping software
updated, using VPNs and enabling two-factor authentication.
Encryption Solutions and Encryption Algorithms !!
Encryption is the process of converting information into a coded format using a mathematical
algorithm and a secret key, making it unreadable to anyone who does not have the decryption
key. This technique is crucial for protecting sensitive data by transforming readable text
(plaintext) into an unreadable format (ciphertext). The main purpose of encryption is to enhance
data security. For example, when you make an online purchase, encryption ensures that your
credit card information is securely transmitted by converting it into a format that can only be
deciphered by the secure payment system, protecting it from unauthorized access or hackers.

Decryption is the process of converting encrypted data back into its original, readable format
from ciphertext to plaintext. It reverses the encryption process by using a specific algorithm and
a key to decode the ciphertext, making it understandable again. For example, when you receive
a secure email, the message is initially encrypted to protect it during transmission. Once you
enter the correct decryption key, the email is decoded and becomes readable, allowing you to
access its contents.

Asymmetric Encryption and Symmetric Encryption

Asymmetric encryption or Public-key encryption, is a method that uses two
mathematically related keys to secure communications, a public key and a private key. The
public key is widely distributed and used to encrypt messages, ensuring that only someone with
the corresponding private key can decrypt and read the message. This type of encryption is
widely used for secure communications over the internet, such as in email, online transactions,
and confidential data exchanges. Pretty Good Privacy (PGP) is a well-known example of
public-key encryption technology, which combines multiple encryption algorithms to protect data.
PGP is available for personal use at no cost and is sold to businesses for enhanced security.
For example, online banking. When you log into your bank account, your browser uses your
bank’s public key to encrypt your login credentials and other sensitive data before sending them
over the internet. Only your bank’s private key can decrypt this data, ensuring that your personal
information, like your bank username and password, remains secure and private while being
transmitted.

Symmetric Encryption or Private-key encryption, is a method of encryption where the same

key is used for both encoding and decoding data. This means that both the sender and the
receiver must have the same secret key to securely exchange information. However, it is less
practical for large-scale environments because managing and distributing the secret keys can
become complex. Each pair of communicating parties needs a unique key, which increases the
number of keys required as the number of participants grows. For example, when you make a
purchase from an online store like Lazada, symmetric encryption is used to securely transmit
your payment information. Both Lazada and your device use the same secret key to encrypt and
decrypt the data, ensuring that your payment details are kept confidential during the transaction.
Types of Malware

Worm
A worm is a type of malicious software designed to harm computers and networks. To initiate its
spread, a worm typically infects a computer through methods, such as being disguised as an
email attachment. The worm often appears as an important document, like an invoice, to lure
the victim into opening it. Once the victim opens the attachment, the worm executes its code,
allowing it to spread further and possibly infect more systems. A worm only needs to enter a
device, either through the internet, email, online message application or file sharing, then it will
automatically affect the programs. No execution needed.
● Internet Worms
● Instant Messaging Worms
● Email Worms
● File Sharing Worms
● Computer Worms
○ Morris Worm
○ Storm Worm

Worms can delete files, install backdoors, steal sensitive information, consume network
bandwidth, and install additional malware. To protect against worms, we can:
1) install reliable antivirus software and firewalls, and ensure regular scans are
performed to detect potential threats.
2) Next, we should be cautious with suspicious emails or messages and disable the
Windows Autorun feature to avoid automatic execution of malicious files.
3) Use strong passwords to enhance security, regularly backup to safeguard important
data, and utilize spam filters to block potentially harmful messages.
Virus (active execution)
Is a computer virus program where a code duplicates itself by copying its code into other
programs or files on a device, causing damage to the device. The host needs to initiate the virus
to begin the spread. For instance, it often activates when a file is opened, allowing the malicious
code to infect additional files. Once active, the virus can automatically damage or delete files.
Notable examples of computer viruses include Creeper, Blaster, and Slammer.

Ransomware 赎金 (continue your subscription after paying ransom)

Ransomware is a sub-type of malware from cryptovirology that blocks the system access unless
ransom is paid. Ransomware spread through phishing emails that contain malicious
attachments or web-based messaging applications. The only way to protect your system from
ransomware is to pay the ransom to the attackers. Examples of ransomware are Crypto and
Locker.

Trojan Horse Malware (external drive)

Trojans are executed through simple programs while hiding their true intent. It won’t
self-replicate but can mislead users. The rate of spreading is relatively slower than Worms.
Trojans’ goal is to lure users into installing them and steal confidential information and cause
damages.

Bot Programs (emails, go in link, gone)

Adware (Spam) (congratulation, you’ve won RM1 million ringgit)
Adware, commonly known as "spam," refers to malicious advertising that appears on a device.
Although adware is typically not harmful by itself, it can trouble you and negatively impact your
computer's performance. Additionally, clicking on these ads links can lead to unintentional
downloads of more dangerous viruses. To protect against adware, it is crucial to keep your
operating system, web browser, and email client updated, as this helps prevent known
attacks from installing.

Deep Fake
Deepfake technology poses a significant threat to the e-commerce sector by enabling criminals
to create convincing but fake identities for sellers or buyers. This can lead to fraudulent
transactions, putting both sellers and buyers at risk. The potential for deepfake can damage
consumer confidence and disrupt the integrity of online transactions.

Transport Layer Security (HTTPS) (more secured domain)

Transport Layer Security (TLS), commonly known as HTTPS when used in web addresses, is
designed to secure communications over a network. It protects users from man-in-the-middle
(MITM) attacks by encrypting the data exchanged between a user's browser and a
website. This encryption ensures that any intercepted data remains unreadable to unauthorized
parties. TLS also provides authentication, verifying that users are communicating with legitimate
sites rather than impostors, which helps prevent fraud and data breaches.

VPN (Virtual Private Network) (protection of network) INTI access taylors with INTI wifi
(blocked)
A VPN is a secure and private network connection established over the public internet or any
other unsecured network. VPNs use encryption to protect sensitive data from unauthorized
access and provide a secure connection, even over the internet. The main benefits of VPN are
increased privacy and security, as well as access to resources that may be restricted or
blocked in a user’s location. For example, with a VPN, a user in Malaysia can access Netflix
content available in other countries, such as the United States , where different shows and
movies are offered.

IPv4 vs IPv6
IPv4 and IPv6 are both protocols that govern how devices communicate over the internet, but
they differ significantly in their approach to security and malware protection. IPv4, or Internet
Protocol version 4, uses a 32-bit address system, offering around 4.3 billion unique addresses.
While it supports basic network operations, its security features are limited and often require
additional measures, such as firewall rules and VPNs, to protect against malware and cyber
threats. In contrast, IPv6, or Internet Protocol version 6, utilizes a 128-bit address space,
providing an almost infinite number of addresses and integrating security features directly into
the protocol, such as IPsec (Internet Protocol Security). IPsec offers end-to-end encryption and
authentication, making IPv6 inherently more secure and better suited for protecting sensitive
e-commerce transactions from interception and tampering.
For example, an e-commerce website using IPv6 can leverage its built-in encryption capabilities
to secure customer data and transactions more effectively than a website using IPv4. As the
number of connected devices and cyber threats grow, IPv6's enhanced security features and
expansive address range are crucial for safeguarding networks and ensuring the secure
exchange of information.

Chapter 6: Auctions, Interactive Bidding & Barter

Types of Auctions
Auction
An auction is a market mechanism where buyers make competitive bids and sellers make
offers, creating a dynamic process that determines the final price based on competition and
demand. This competitive environment ensures that prices are set according to what buyers are
willing to pay and sellers are willing to accept.

Electronic Auction (e-auction)

Electronic auctions are conducted online, allowing participants to bid on items via digital
platforms, thereby broadening the reach and efficiency of the auction process. By operating
on the internet, e-auctions break down geographical barriers, allowing participants from around
the world to engage in the bidding process. For instance, eBay provides a global marketplace
where users can bid on items anywhere at any time, making the process convenient and
accessible from anywhere. It also reduces costs related to physical venues and logistics, while
offering real-time updates and advanced features like automated bidding and bid increments.
These innovations make e-auctions more efficient, giving both buyers and sellers greater ease
and flexibility.

Dynamic pricing
Dynamic pricing involves adjusting prices based on real-time supply and demand conditions.
Sometimes really high prices and sometimes really low prices. This pricing strategy allows
businesses to optimize revenue by charging higher prices when demand is high or reducing
them when supply exceeds demand. For instance, airlines frequently use dynamic pricing to
adjust ticket prices based on factors such as booking time, seasonality, and demand
fluctuations.
Types of Auctions
Many buyers to one seller [Forward/Regular Auction]
An auction in which a seller offers a product to many potential buyers. For instance, an art
auction where collectors bid on paintings, with the highest bid winning the item, is a typical
example of a forward auction. There are different types of Auction including English Auction,
Yankee Auction and Dutch Auction.

● English Auction: also known as an ascending-price auction or open auction involves

bidders publicly announcing successively higher bids until no higher bid is forthcoming.
The item is sold to the highest bidder at their final bid price. The auction starts with a
minimum bid, which is the initial price set by the seller. If no bidders are willing to
surpass this minimum bid, the item remains unsold. Additionally, the seller may set a
reserve price, which is their minimum acceptable price. If the bidding does not reach this
reserve price, the item will not be sold. This type of auction relies on fluctuating prices
driven by demand, creating a dynamic environment where participants compete to
secure the item. For example, at a classic auction house like Sotheby’s, artworks are
auctioned using this method, with bids increasing as bidders compete, ultimately
achieving the highest possible price based on market interest.
● Yankee Auction: involves offering multiple units of an item for sale and allowing bidders
to specify the quantity they wish to purchase. In this auction format, the highest bidder is
allocated their requested quantity, and the remaining units are distributed to the next
highest bidders until all items are sold. However, all successful bidders pay the price set
by the lowest successful bidder. One key drawback for buyers is that they might end up
paying more than their private valuation, as they are tempted to bid aggressively due to
the competitive nature of the auction. For sellers, the challenge is that they may not
receive the highest possible price for their items, as bidders may bid less than their true
valuation, leading to lower overall returns. For example, if a company auctions off
multiple tickets to a highly sought-after event, bidders specify how many tickets they
want. The winning bidders pay the price of the lowest successful bid, which could be less
than their maximum willingness to pay. This auction format can lead to issues such as
the "winner's curse," where bidders overpay, and sellers may not achieve the highest
possible price for their goods.
● Dutch Auction: is a type of open auction where the initial price is set high and gradually
decreases until a bidder accepts the current price. This method is also known as a
descending-price auction. In a Dutch auction IPO, a company might offer 1 million
shares with a bidding range of $10 to $20 per share. Investors place bids indicating how
many shares they want and at what price. Once bidding closes, the company sets the
clearing price at the highest level where all offered shares can be sold, which in this case
is $14. All successful bidders, regardless of their initial bid amount, pay this clearing
price of $14 per share. For example, if an investor bid $18 for 10,000 shares, they will
still pay the $14 clearing price, ensuring fairness and broad distribution of shares while
reflecting true market demand. The price then drops at a predetermined rate until a
buyer agrees to purchase the item at the current price. The Dutch auction method helps
 to balance supply and demand while ensuring a more equitable pricing mechanism,
potentially avoiding the price volatility and underpricing associated with traditional IPOs.

Benefits of E-Auctions
● Benefits to Sellers:
○ E-auctions offer numerous advantages for sellers, including a broader market
reach and increased potential revenue. By utilizing online platforms, sellers
can access a global audience, which often translates to higher bids and better
prices for their items.
○ E-auctions also encourage optimal price setting by enabling competitive
bidding, thus securing the best possible price for goods.
○ Additionally, e-auctions eliminate costly intermediaries, reducing both
transaction and administrative costs.
○ This can make it easier for sellers to liquidate inventory quickly and efficiently.
○ Moreover, sellers benefit from improved customer relationships through direct
engagement with buyers, enhancing trust and fostering loyalty.

● Benefits to Buyers:
○ One major advantage for buyers is the ability to find unique items and
collectibles that may not be available through traditional retail channels.
E-auctions often feature rare or one-of-a-kind products, appealing to collectors
and enthusiasts.
○ Additionally, buyers can often secure lower prices due to the competitive nature
of bidding, which drives down costs.
○ The anonymity of e-auctions protects buyer identities, allowing for more
comfortable and private purchasing.
○ The convenience of online bidding eliminates the need to travel to physical
auction sites, and the competitive bidding process adds an element of
entertainment to the shopping experience.

● Benefits to E-Auctioneers:
○ For e-auctioneers, the platform provides substantial benefits including higher
repeat purchases and increased website engagement. Successful e-auctions
can drive repeat business as satisfied buyers return for future auctions. The
interactive and competitive nature of e-auctions also makes the website more
engaging, keeping users returning.
○ This sticky environment fosters a loyal user base and expands the auction
business.
○ As e-auction platforms grow in popularity, they can leverage their success to
attract more sellers and buyers, further enhancing their market presence and
auction business opportunities.
Limitations of E-Auctions
● Possibility of Fraud:
○ One of the primary limitations of e-auctions is the potential for fraud. Since
e-auctions operate online, they are vulnerable to various forms of fraud, such as
fake bids or misrepresented items. Fraudulent sellers might list non-existent or
counterfeit goods, while buyers might employ misleading tactics to drive down
prices. This risk underscores the need for robust verification processes and
secure payment methods to protect both parties involved. For instance, platforms
like eBay and Alibaba implement stringent verification procedures to minimize
fraudulent activities, but risks still persist, necessitating continuous vigilance and
improvement in security measures.

● Security and Auction Software:

○ Security is a significant concern in e-auctions, as both sellers and buyers face
potential threats from cyber attacks and data breaches. Effective auction
software is crucial for maintaining the integrity of the bidding process and
protecting sensitive information. Vulnerabilities in auction platforms can lead to
unauthorized access, data theft, or manipulation of bids. For example, a security
breach in an auction platform could compromise bidder information or alter
auction results. To mitigate these risks, auction platforms must invest in
advanced security technologies and regularly update their software to address
emerging threats, ensuring a secure and trustworthy auction environment.

● Long Cycle Time and Equipment for Buyers

○ E-auctions can also suffer from long cycle times, particularly if the bidding
process is extended or if there are technical issues. This can delay the
completion of sales and potentially frustrate participants. Additionally, buyers may
face challenges related to the equipment needed for participation. For example,
high-quality internet access and compatible devices are essential for effective
bidding, and not all participants may have access to these resources. These
limitations can restrict participation and impact the efficiency of the auction
process. To address these issues, e-auction platforms should streamline their
processes and ensure that their systems are accessible and user-friendly to
accommodate a wide range of participants.
● Limited Participation:
○ One of the limitations of e-auctions is the potential for limited participation, which
can affect the competitiveness of the auction and the final sale price. Factors
such as geographical restrictions, limited marketing, or low awareness about the
auction can restrict the number of participants. For example, if an auction is not
widely advertised or is only accessible in specific regions, it might not attract a
diverse and large pool of bidders. This limitation can be mitigated by leveraging
broader marketing strategies and expanding the reach of the auction through
digital channels and social media to engage a larger audience.
Types of E-Auctions Fraud
Bid Shielding
= Start at a very high price, then fake bidders disappear, manipulate actual bidders that the
goods aren’t that valuable as it is, then bidder less aggressive, end up below market value.
Bid shielding involves the use of phantom bidders (fake participants) who place exceptionally
high bids at the start of an auction. These fake participants withdraw their bids just before the
auction ends, allowing the real bidder, who had offered a significantly lower price to win the item.
This tactic misleads other bidders into thinking that the item is worth more than it actually is. For
example, in an online auction for a rare collectible, phantom bids might drive up the initial
bidding price, but when these bids are retracted, the true winning bid could be far below market
value (manipulation). This deceptive practice is employed to manipulate the perceived value of
an item and is typically used to benefit sellers who want to secure higher final prices through
misleading tactics.

Shilling
= Many bidders bid very high prices, then real bidders follow assuming goods have demand,
manipulate actual bidders that the goods are very valuable, then bid very aggressively, end up
overpaid the market value.
Shilling, or using shill bidders, involves artificially inflating the auction price by having
accomplices place bids on behalf of the seller. These fake bids create the illusion of high
demand and competition, leading genuine bidders to offer higher amounts than they initially
intended. For instance, in an auction for a high-end digital camera, a seller might employ shill
bidders to inflate the final sale price. For instance, shill bidders place high initial bids and raise
the price during the auction, prompting genuine bidders to increase their offers. As a result, the
camera sells for significantly more than its market value. This deceptive practice undermines
auction fairness, leading genuine bidders to pay more and damaging trust in the auction
platform. Shill bidding manipulates auction outcomes to benefit sellers or their accomplices.

Fake Photos and Misleading Descriptions

= Scammer (give fake details)
Fake photos and misleading descriptions are forms of e-auction fraud where sellers use
misleading visuals or fake item details to misrepresent their products. For example, sellers might
use deepfake technology to create realistic but fake images of an item to make it appear more
desirable than it actually is. Similarly, they may provide exaggerated or false descriptions to
mislead buyers about the item's condition or features. This form of fraud is particularly damaging
as it undermines buyer trust and leads to dissatisfaction when the item received does not match
the advertised portrayal.
Bid Siphoning
= trick bidders to a less reputable bidding website, mislead them to send money for fake
products/products that does not exists/may not be delivered
Bid siphoning is a fraudulent practice where sellers lure bidders away from legitimate auction
sites by offering similar items (which is fake) at lower prices on fake or less reputable platforms.
These fraudulent sellers aim to mislead consumers into sending money for items that do not
exist or are not delivered. For example, a scammer might advertise a high-demand product at a
significantly reduced price on a fake auction site, redirecting bidders from a trusted platform.
Once the payment is made, the seller disappears, leaving buyers with no recourse. This tactic
exploits the trust of buyers and undermines the integrity of legitimate auction sites by diverting
transactions to fraudulent operations.

Protect against E-Auction Fraud

1. User Identity Verification:
To safeguard against e-auction fraud, this process involves confirming that participants are who
they claim to be, often through identity documents, verification emails, or phone numbers. For
example, an auction platform may require users to submit a government-issued ID and proof of
address before participating. This measure helps prevent fraudulent activities by ensuring that
only legitimate and traceable individuals can place bids.

2. Authentication Service:
Authentication services enhance security by ensuring that users are genuinely who they claim to
be during the auction. Multi-factor authentication (MFA), such as requiring both a password and
a code sent to a mobile device, adds an extra layer of protection. For instance, an auction site
might use MFA to verify bidders' identities before they can place bids. This approach helps
prevent unauthorized access to accounts and reduces the risk of fraud.

3. Grading Services (Verified products):

Grading services assess and verify the quality and authenticity of auctioned items,
particularly in high-value markets like collectibles and antiques. These services provide detailed
reports and certifications that establish the legitimacy of items. For example, a grading service
might authenticate a rare coin before it is auctioned, ensuring that buyers receive genuine
products and reducing the chances of fraudulent listings (receiving fake products).

4. Insurance Policy:
Insurance policies offer financial protection against potential losses resulting from fraud or
disputes. Auction platforms or sellers might obtain insurance to cover losses from non-delivery,
misrepresentation, or other issues. For instance, if an item is falsely advertised and the buyer
suffers a financial loss, insurance can help cover the costs. This safeguard protects both buyers
and sellers and promotes trust in the auction process.
5. Escrow Services:
Escrow services act as a neutral intermediary that holds funds until both parties fulfill their
contractual obligations. In an auction context, the buyer's payment is held in escrow until the
item is delivered and verified. For example, a buyer's payment for a high-value item is secured
by an escrow service until the item is received and confirmed. This practice reduces the risk of
fraud by ensuring that the transaction is completed as agreed before funds are released.

6. Nonpayment Punishment:
Implementing penalties for nonpayment discourages bidders from defaulting on their
commitments. This can include fines, account suspension, or legal actions. For instance, an
auction platform might impose a fee or temporarily suspend accounts of bidders who fail to
complete their purchases. These measures ensure that bidders adhere to their commitments
and reduce the risk of fraud by holding participants accountable.

Chapter 7: Supply Chain Role & Importance

Outsourcing & Offshoring
Outsourcing
Outsourcing involves using other organizations to handle specific tasks or activities, often for
functions like manufacturing. This strategy allows companies to leverage external expertise and
resources to improve internal efficiency and reduce costs.
Offshoring
Offshoring, a subset of outsourcing, refers to delegating these tasks to organizations located in
other countries. This approach can include a range of business processes such as
procurement, research and development, record-keeping, and information management.
Offshoring is typically used to take advantage of lower labor costs, specialized skills, and
favorable economic conditions in different regions. For instance, Apple allocating its
manufacturing to China or Taiwan is an example of offshoring. Offshoring allows Apple to take
advantage of lower labor costs, specialized skills, or favorable economic conditions. By
establishing manufacturing facilities in China or Indonesia, Apple is outsourcing its production
activities to these countries, thereby optimizing its supply chain and reducing operational costs
while benefiting from the local expertise and resources available.

Procurement (management team)

Procurement encompasses all activities related to purchasing, from managing transactions
and overseeing supplier relationships to sourcing and evaluating suppliers. Often referred
to as supply chain management, procurement involves a deep understanding of products to
effectively identify and select suitable suppliers. For instance, in a company looking to source
raw materials, procurement staff would assess potential suppliers' qualifications, negotiate
terms, and ensure the materials meet quality standards. E-sourcing, the use of internet
technologies in these activities, further enhances efficiency by streamlining the supplier
selection process and facilitating better communication. This approach is crucial as it helps
companies optimize their purchasing decisions, reduce costs, and build strong, reliable supplier
relationships.

Direct & Indirect Materials Purchasing

Direct Material Purchasing
Direct materials purchasing involves buying the materials that are essential for the final product,
such as the raw materials used in manufacturing, and often involves long-term contracts to
ensure consistent supply and pricing. For example, a car manufacturer would engage in direct
material purchasing for steel and rubber components, negotiating contracts to secure these
essential materials at stable prices.

Indirect Material Purchasing

Indirect material purchasing covers all materials and supplies that support the operational
functions of the business but do not become part of the final product. For example,
maintenance, repair and operating items (MRO) like a manufacturing factory requires various
indirect materials such as lubricants for machinery, cleaning agents for maintenance and safety
equipment for employees. If a factory needs to replace a broken machinery or restock its supply
of safety gloves, these items are indirect material purchases. Similarly, office supplies like
computers, printers, and stationery are also classified as indirect materials. These purchases
are essential for smooth operation and maintenance. They do not directly contribute to the
production of final goods, but are crucial for maintaining productivity and efficiency in the
workplace.

While direct materials are critical for production and often involve strategic, long-term
procurement agreements, indirect materials are typically purchased on a recurring basis and
support the operational aspects of a business.

Logistic Activities
Logistics activities focus on ensuring that goods are delivered accurately and efficiently, aiming
to provide the right products in the correct quantities, at the appropriate location, and at the right
time. This involves managing materials, supplies, and finished goods throughout the supply
chain. For example, a company might engage a third-party logistics (3PL) provider to handle its
warehousing and transportation needs, leveraging GPS and portable computing technologies to
track and manage shipments in real time. These technologies help streamline operations,
reduce errors, and enhance overall efficiency by providing accurate data and timely updates,
ultimately improving customer satisfaction and operational effectiveness.
Business Processes Support Activities

Supply Web
A supply web is a modern evolution of the traditional supply chain, reflecting a shift from rigid
hierarchical structures to more flexible network structures. Supply webs consist of
interconnected parallel lines that create a complex network of relationships among suppliers,
manufacturers, and distributors. For example, consider a tech company like Apple, which uses a
supply web to manage its global production of iPhones. Apple sources various components
from a network of suppliers worldwide such as chips from Company A, displays from Company
B, and assembly services from Company C. Instead of relying on a linear (single) supply chain,
Apple's supply web connects these suppliers and manufacturers, allowing for real-time
adjustments and coordination. If a new component becomes available or a problem arises with
a supplier, Apple can quickly switch to alternative sources or modify production schedules to
maintain efficiency. This flexibility not only helps Apple respond quickly to market demands, but
also strengthens its ability to negotiate better terms and forge strategic partnerships, ultimately
resulting in a more stable and responsive manufacturing network.

In a supply web, technologies like the Internet of Things (IoT) and cloud storage play crucial
roles by enabling real-time data sharing and seamless access to information across different
parts of the network. IoT devices track and monitor inventory levels, shipment statuses, and
equipment conditions, enhancing operational efficiency. Cloud storage supports this by
providing a central repository for data, accessible from anywhere, which facilitates coordination
between various suppliers and manufacturers. Just-In-Time (JIT) inventory practices reduce
storage costs by ensuring that materials arrive only as needed, minimizing waste and optimizing
production schedules. Inter-firm trade agreements streamline procurement processes, while
automation tools increase productivity by reducing manual tasks and minimizing errors. These
technologies collectively enhance accuracy in order fulfillment and production planning, allowing
businesses to respond swiftly to market demands and maintain a competitive edge.

For example, Malaysian retailer Lotus leverages technologies like IoT, cloud storage, and
automation to streamline its supply web. By using IoT sensors to monitor inventory levels in
real-time and cloud storage for seamless data sharing, Aeon can efficiently manage stock
across its numerous locations. Just-In-Time (JIT) practices ensure that products arrive at stores
precisely when needed, reducing excess inventory and improving turnover. Inter-firm trade
partnerships enhance procurement efficiency, while automation boosts productivity and
accuracy in order fulfillment. This integrated approach helps Lotus maintain a responsive and
effective supply chain, ensuring timely delivery of products and optimizing overall performance.

Advantages Of Using Internet Technologies In Supply Chain

Management

Materials-Tracking Technology
EDI and RTLS
Materials-tracking technologies are essential for managing inventory flows and forecasting
material needs throughout the supply chain. One common method is Electronic Data
Interchange (EDI), which facilitates the electronic transfer of data between companies,
although it can be challenging to track materials in transit. Real-Time Location Systems
(RTLS), such as barcode tracking systems used in fulfillment centers, provide precise tracking
of materials as they move through the supply chain. For example, J&T Express Malaysia
employs Real-Time Location Systems (RTLS) to monitor the exact location of parcels within
its sorting hubs and warehouses. By using advanced barcode tracking and GPS technology,
J&T Express can trace each package's journey from the moment it arrives at the warehouse
until it is delivered to the customer. This system ensures that packages are sorted accurately
and routed efficiently, minimizing delays and reducing the risk of lost items. The real-time
visibility provided by RTLS allows J&T Express to quickly address any issues that arise,
streamline its operations, and better meet customer expectations for timely deliveries.
RFID (Active/Passive)
Radio Frequency Identification (RFID) is a technology that uses radio waves to identify and
track items through small chips embedded in tags. RFID tags come in two main types: active
and passive. Active RFID tags have their own power source, allowing them to transmit signals
over greater distances and with higher accuracy, making them ideal for tracking high-value
items or large shipments. Passive RFID tags are smaller, less expensive, and do not require a
power source; they rely on the reader’s signal to power up and transmit data, which makes them
suitable for tracking lower-value items or large quantities of goods. For example, a retail chain
might use passive RFID tags to monitor inventory levels on shelves, reducing stock outs and
lost sales by ensuring accurate and real-time stock information. Active RFID, such as that used
in high-security environments or logistics operations, enables precise tracking of valuable
assets across extensive distances, enhancing operational efficiency and minimizing losses.
● Benefit of RFID:
○ Real-Time Inventory Updates: RFID provides real-time data on inventory levels.
This ensures that stock levels are always current, which helps in managing
reorder points and avoiding stockouts.
○ Reduced Manual Checks: Traditional inventory methods often involve manual
stock counts, which are time-consuming and error-prone. RFID automates this
process, reducing the need for manual intervention and improving accuracy.
○ Improved Accuracy: RFID eliminates common errors associated with manual
entry or bar code scanning, providing precise information on product availability
and location.

Collaborative Planning, Forecasting, and Replenishment (CPFR)

Collaborative Planning, Forecasting, and Replenishment (CPFR) is a strategic approach
where suppliers and retailers work together to plan, forecast, and replenish inventory more
effectively. This collaboration aims to optimize the flow of materials along the supply chain by
sharing critical data and aligning supply and demand forecasts. For example, a retailer like
Lotus (Tesco) and its suppliers might use CPFR to jointly develop sales forecasts and inventory
plans, reducing stockouts and excess inventory. Integrating both CPFR with RFID technology,
which provides real-time tracking of inventory, both parties can improve accuracy in forecasting
and replenishment. RFID tags offer precise, up-to-date information on product availability, which
complements the collaborative insights gained from CPFR. This enables smoother inventory
management, reduced costs, and better alignment of supply chain activities, making
CPFR and RFID crucial enablers in modern supply chain management.

Building and Maintaining Trust in Supply Chain

Building and maintaining trust within a supply chain is essential for forming successful alliances
and ensuring smooth operations. Trust is developed through consistent communication and
transparent information sharing between all parties involved. For example, a company like
Samsung and its suppliers use online platforms to share real-time data on inventory levels,
production schedules, and delivery statuses. This openness helps build trust by providing each
party with reliable information and fostering a collaborative environment. The Internet and
web-based tools enhance this process by offering efficient channels for communication, allowing
for quick updates and feedback. This trust is crucial for reducing misunderstandings,
streamlining processes, and improving overall supply chain efficiency, as it ensures that all
stakeholders are aligned and can work together towards common goals.

Detail example:
For example, if Samsung experiences a surge in demand for the Samsung S22 Ultra, it can
immediately update their Samsung Supplier Portal with revised forecasts and expected delivery
dates. Suppliers can then adjust their production and logistics plans accordingly, ensuring timely
and accurate order fulfillment. This level of visibility helps to prevent delays and shortages as
suppliers are not left guessing about Samsung's needs. In addition, the portal includes features
to track shipments and address any issues that arise, further enhancing collaboration and trust.
This collaborative approach not only optimizes inventory management, but also strengthens the
partnership between Samsung and its suppliers, resulting in a more efficient and responsive
supply chain.