Quantifying e-Commerce Risk David Fishbaum, FSA Chuck McClenahan, FCAS MMC ENTERPRISE RISK CAS Seminar on Ratemaking - Mar...
The Problem <ul><li>You’re the risk manager of a financial institution with a new web site </li></ul><ul><li>Your insuranc...
Background <ul><li>The financial institution provides community banks with a product portfolio of ancillary products such ...
What are the risks? <ul><li>Failure of the web site </li></ul><ul><ul><li>problems with the surroundings, power failure, f...
Resultant damages are also varied <ul><li>Delay in performing a service </li></ul><ul><li>Loss of brand value due to unrel...
Background:  E-commerce insurance coverage <ul><li>There is an intensive application </li></ul><ul><ul><li>the problem is ...
How do you insure the high P/E ratio <ul><li>Its 1999 and the price/earnings ratio of the e-commerce function seems to hav...
Why bring in Actuaries? <ul><li>Looking for someone to quantify the risk </li></ul><ul><li>We brought a multidisciplinary ...
Methodology <ul><li>Model the web site </li></ul><ul><li>Stochastic testing </li></ul><ul><li>Scenario testing </li></ul>
Model <ul><li>MMC ER developed a computer program to model the economic performance of the e-commerce infrastructure </li>...
Application Server/Firewall/Proxy Layer ISP Provider In our estimation of the probability of failure at the application ho...
Assumptions <ul><li>Visits per week </li></ul><ul><li>Usage over the week </li></ul><ul><li>Revenue </li></ul><ul><li>Cust...
Results-Base Case
The Scenarios <ul><li>Denial of service </li></ul><ul><li>Physical damage to hardware location </li></ul><ul><li>New virus...
The Scenarios <ul><li>Attack causes a degradation of performance or loss of service to web site </li></ul><ul><li>Not cove...
The Scenarios <ul><li>Location of where hardware is kept is disabled </li></ul><ul><li>Covered under current insurance </l...
The Scenarios <ul><li>Not covered under current coverage </li></ul><ul><li>Model assumption:  system down for 2 days </li>...
The Scenarios <ul><li>Destruction of important data or programs </li></ul><ul><li>Cost of recovery process covered under c...
The Scenarios <ul><li>Threat to commit a computer crime or to use information gained from a computer crime in exchange for...
The Scenarios <ul><li>CD universe and Salesgate (e-mall) </li></ul><ul><li>No credit card numbers are stored </li></ul>The...
Results of analysis <ul><li>Biggest risk business interruption </li></ul><ul><li>Third party loss is minimal at this time ...
Conclusions <ul><li>Better quantification of risks </li></ul><ul><li>Better able to make a purchase decision </li></ul><ul...
Postscript <ul><li>The website is still in operation </li></ul><ul><li>Strategy has been proven successful </li></ul>
e-Commerce Risk <ul><li>Bruce Schneier -  Secrets and Lies     (Wiley Computer Publishing, 2000) </li></ul><ul><ul><li>“ T...
e-Commerce Risk <ul><li>Bruce Schneier -  Secrets and Lies     (Wiley Computer Publishing, 2000) </li></ul><ul><ul><li>“ O...
e-Commerce Risk <ul><li>Pricing e-Commerce Risk </li></ul><ul><ul><li>Determine Strategy </li></ul></ul><ul><ul><li>Identi...
e-Commerce Risk <ul><li>Determine Strategy </li></ul><ul><ul><li>“Guess and Confess” </li></ul></ul><ul><ul><li>Loss Leade...
e-Commerce Risk <ul><li>Determine Strategy - “Guess and Confess” </li></ul><ul><ul><li>Insurer uses best available judgmen...
e-Commerce Risk <ul><li>Determine Strategy - Loss Leader </li></ul><ul><ul><li>Aptly named, this strategy is based upon th...
e-Commerce Risk <ul><li>Determine Strategy - Self-Supporting </li></ul><ul><ul><li>Goal is to cover losses and expenses, i...
e-Commerce Risk <ul><li>Determine Strategy - Franklin Approach </li></ul><ul><ul><li>Focuses on loss avoidance </li></ul><...
e-Commerce Risk <ul><li>Identify the Risks </li></ul><ul><ul><li>We have a good track record here </li></ul></ul><ul><ul><...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon </li></ul></ul><ul><ul><li>Data mining </l...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon  - a structured background process  </li><...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>Luhn formula </li></ul><ul><ul><li>(1) Start with penultimate digit and, moving left, double the v...
e-Commerce Risk <ul><li>Luhn formula </li></ul><ul><ul><li>1234 567890 12347 </li></ul></ul><ul><ul><li>1 4 3 8  5 3 7 7 9...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process  </li></...
e-Commerce Risk <ul><li>Ingram Micro Inc. vs. American Guarantee & Liability Insurance Company </li></ul><ul><ul><li>“ The...
e-Commerce Risk <ul><li>Ingram Micro Inc. vs. American Guarantee & Liability Insurance Company </li></ul><ul><ul><li>“ Res...
e-Commerce Risk <ul><li>TD Waterhouse fined $225,000 for repeated outages which left customers unable to trade </li></ul><...
e-Commerce Risk <ul><li>Collect Available Data </li></ul><ul><ul><li>Exposure base not well-defined </li></ul></ul><ul><ul...
e-Commerce Risk <ul><li>Collect Available Data </li></ul><ul><ul><li>Remember, “Lloyd’s List” was started in 1696 but it w...
e-Commerce Risk <ul><li>Develop Model </li></ul><ul><ul><li>Identify major processes </li></ul></ul><ul><ul><li>Identify m...
e-Commerce Risk <ul><li>Example - Distributed Denial of Service (DDoS) </li></ul>
e-Commerce Risk <ul><ul><li>“ Attack of the Zombies” - February,2000 </li></ul></ul><ul><ul><ul><li>Monday, February 7 </l...
e-Commerce Risk <ul><li>How DDoS Works </li></ul><ul><ul><li>Goal is to render system inoperable </li></ul></ul><ul><ul><l...
e-Commerce Risk USER PCs HACKER UNWITTING HOST “ ZOMBIE” OTHER NETWORK COMPUTERS VICTIM’S SERVER
 
 
e-Commerce Risk <ul><li>Price According to Strategy </li></ul><ul><ul><li>Frequency will vary with </li></ul></ul><ul><ul>...
e-Commerce Risk <ul><li>Price According to Strategy </li></ul><ul><ul><li>Severity will vary </li></ul></ul><ul><ul><ul><l...
e-Commerce Risk <ul><li>“ You gotta be careful if you don’t know where you’re going ‘cause you might not get there. ”   </...
Upcoming SlideShare
Loading in …5
×

Ecommerce(2)

560 views

Published on

Published in: Education, Business, Technology
1 Comment
1 Like
Statistics
Notes
  • thanks for sharing information about environmental insurance, For more information visit this link http://www.heliosprotection.com/environmental-insurance-coverage
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
560
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
39
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Ecommerce(2)

  1. 1. Quantifying e-Commerce Risk David Fishbaum, FSA Chuck McClenahan, FCAS MMC ENTERPRISE RISK CAS Seminar on Ratemaking - March, 2001
  2. 2. The Problem <ul><li>You’re the risk manager of a financial institution with a new web site </li></ul><ul><li>Your insurance broker has provided you a quote for new e-commerce risk insurance coverage: $350,000 - $450,000 with low limits </li></ul><ul><li>Your not exactly sure what the risks of the web site are </li></ul><ul><li>What to do? </li></ul>
  3. 3. Background <ul><li>The financial institution provides community banks with a product portfolio of ancillary products such as: </li></ul><ul><ul><li>investments (mutual funds and stock trading) </li></ul></ul><ul><ul><li>insurance </li></ul></ul><ul><ul><li>other banking services </li></ul></ul><ul><li>You provide web sites for these community banks for investments, insurance and lending </li></ul>
  4. 4. What are the risks? <ul><li>Failure of the web site </li></ul><ul><ul><li>problems with the surroundings, power failure, fire or flooding </li></ul></ul><ul><ul><li>failure of the hardware </li></ul></ul><ul><ul><li>failure of the software </li></ul></ul><ul><ul><li>attack through virus or computer hacker </li></ul></ul>
  5. 5. Resultant damages are also varied <ul><li>Delay in performing a service </li></ul><ul><li>Loss of brand value due to unreliability of service or transmission of computer virus </li></ul><ul><li>loss of value through failure to deliver </li></ul><ul><ul><li>for example, an uncompleted stock trade </li></ul></ul>
  6. 6. Background: E-commerce insurance coverage <ul><li>There is an intensive application </li></ul><ul><ul><li>the problem is that you can’t figure out how complex or risky a web site you are running </li></ul></ul><ul><li>A system audit is part of the insurance coverage </li></ul><ul><ul><li>there is a bias to find fault </li></ul></ul>
  7. 7. How do you insure the high P/E ratio <ul><li>Its 1999 and the price/earnings ratio of the e-commerce function seems to have broken down </li></ul><ul><li>The unspoken issue is how do you insure the value lost if something happens to the web site? </li></ul><ul><li>Not sure this is an issue today </li></ul>
  8. 8. Why bring in Actuaries? <ul><li>Looking for someone to quantify the risk </li></ul><ul><li>We brought a multidisciplinary team of actuaries, economists and policy expert </li></ul><ul><li>The actuaries provided the quantification and modeling skill sets </li></ul>
  9. 9. Methodology <ul><li>Model the web site </li></ul><ul><li>Stochastic testing </li></ul><ul><li>Scenario testing </li></ul>
  10. 10. Model <ul><li>MMC ER developed a computer program to model the economic performance of the e-commerce infrastructure </li></ul><ul><li>Used company’s performance statistics </li></ul><ul><li>Used a Monte Carlo simulation to produce expected revenue and branding values </li></ul><ul><li>Based on this quantification, valued the potential losses of a series of scenarios </li></ul>
  11. 11. Application Server/Firewall/Proxy Layer ISP Provider In our estimation of the probability of failure at the application host level, elements such as software outage, hardware outage, data base performance etc were considered. Flow of Information and quantification of failure probabilities
  12. 12. Assumptions <ul><li>Visits per week </li></ul><ul><li>Usage over the week </li></ul><ul><li>Revenue </li></ul><ul><li>Customer value </li></ul><ul><li>Application acceptance </li></ul><ul><li>Downtime </li></ul>
  13. 13. Results-Base Case
  14. 14. The Scenarios <ul><li>Denial of service </li></ul><ul><li>Physical damage to hardware location </li></ul><ul><li>New virus brings down complete system </li></ul><ul><li>Malicious employee </li></ul><ul><li>Threats/extortion </li></ul><ul><li>Theft of credit card numbers </li></ul>
  15. 15. The Scenarios <ul><li>Attack causes a degradation of performance or loss of service to web site </li></ul><ul><li>Not covered under current coverage </li></ul><ul><li>Modeling assumption: site down for 3 hours </li></ul><ul><li>Income loss/Customer value loss </li></ul>Denial of service
  16. 16. The Scenarios <ul><li>Location of where hardware is kept is disabled </li></ul><ul><li>Covered under current insurance </li></ul><ul><li>Modeling assumption: site down for 10 days </li></ul><ul><li>Income loss/Customer value loss </li></ul><ul><li>Client bank’s lost revenue </li></ul>Physical damage to hardware location
  17. 17. The Scenarios <ul><li>Not covered under current coverage </li></ul><ul><li>Model assumption: system down for 2 days </li></ul><ul><li>Income loss/Customer loss </li></ul>New virus brings down complete system
  18. 18. The Scenarios <ul><li>Destruction of important data or programs </li></ul><ul><li>Cost of recovery process covered under current coverage </li></ul><ul><li>Not modeled </li></ul><ul><li>Theft of policyholder info or other intangible property </li></ul><ul><li>Not covered under current coverage </li></ul>Malicious Employee
  19. 19. The Scenarios <ul><li>Threat to commit a computer crime or to use information gained from a computer crime in exchange for money, personal gain or to embarrass the company </li></ul><ul><li>Would be covered under current kidnap and ransom policies </li></ul>Threats/extortion
  20. 20. The Scenarios <ul><li>CD universe and Salesgate (e-mall) </li></ul><ul><li>No credit card numbers are stored </li></ul>Theft of credit card numbers
  21. 21. Results of analysis <ul><li>Biggest risk business interruption </li></ul><ul><li>Third party loss is minimal at this time though in time the Internet will affect its client relationship </li></ul>
  22. 22. Conclusions <ul><li>Better quantification of risks </li></ul><ul><li>Better able to make a purchase decision </li></ul><ul><li>Other risk management decisions </li></ul><ul><li>What isn’t at risk is also important </li></ul>
  23. 23. Postscript <ul><li>The website is still in operation </li></ul><ul><li>Strategy has been proven successful </li></ul>
  24. 24. e-Commerce Risk <ul><li>Bruce Schneier - Secrets and Lies (Wiley Computer Publishing, 2000) </li></ul><ul><ul><li>“ The insurance industry does this kind of thing all the time; it’s how they calculate premiums. They figure out the annual loss expectancy for a given risk, tack on some extra for their operational costs plus some profit and use the result” </li></ul></ul>
  25. 25. e-Commerce Risk <ul><li>Bruce Schneier - Secrets and Lies (Wiley Computer Publishing, 2000) </li></ul><ul><ul><li>“ Of course there’s going to be a lot of guesswork in any of these; the particular risks we’re talking about are just too new and too poorly understood to be better quantized (sic).” </li></ul></ul>
  26. 26. e-Commerce Risk <ul><li>Pricing e-Commerce Risk </li></ul><ul><ul><li>Determine Strategy </li></ul></ul><ul><ul><li>Identify the Risks </li></ul></ul><ul><ul><li>Collect Available Data </li></ul></ul><ul><ul><li>Develop Model </li></ul></ul><ul><ul><li>Price According to Strategy </li></ul></ul>
  27. 27. e-Commerce Risk <ul><li>Determine Strategy </li></ul><ul><ul><li>“Guess and Confess” </li></ul></ul><ul><ul><li>Loss Leader </li></ul></ul><ul><ul><li>Self-Supporting </li></ul></ul><ul><ul><li>Franklin Approach </li></ul></ul>
  28. 28. e-Commerce Risk <ul><li>Determine Strategy - “Guess and Confess” </li></ul><ul><ul><li>Insurer uses best available judgment (usually discovered deep in the bowels of the marketing department) as to the proper rate </li></ul></ul><ul><ul><li>Alternatively, rely on advice of career agents </li></ul></ul>
  29. 29. e-Commerce Risk <ul><li>Determine Strategy - Loss Leader </li></ul><ul><ul><li>Aptly named, this strategy is based upon the assumption that the best way to develop experience and expertise is to write a lot of exposure </li></ul></ul>
  30. 30. e-Commerce Risk <ul><li>Determine Strategy - Self-Supporting </li></ul><ul><ul><li>Goal is to cover losses and expenses, including start-up expenses, over some reasonable period of time. This is a radical strategy and has rarely been adopted in the property-casualty industry. </li></ul></ul>
  31. 31. e-Commerce Risk <ul><li>Determine Strategy - Franklin Approach </li></ul><ul><ul><li>Focuses on loss avoidance </li></ul></ul><ul><ul><li>Underwrites against “undesirable” hazards, e.g. </li></ul></ul><ul><ul><ul><li>large user base </li></ul></ul></ul><ul><ul><ul><li>large asset base </li></ul></ul></ul><ul><ul><ul><li>high public profile </li></ul></ul></ul>
  32. 32. e-Commerce Risk <ul><li>Identify the Risks </li></ul><ul><ul><li>We have a good track record here </li></ul></ul><ul><ul><ul><li>Medical Malpractice </li></ul></ul></ul><ul><ul><ul><li>Computer Leasing </li></ul></ul></ul><ul><ul><ul><li>Asbestos and Environmental </li></ul></ul></ul>
  33. 33. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon </li></ul></ul><ul><ul><li>Data mining </li></ul></ul><ul><ul><li>Digital wallet </li></ul></ul><ul><ul><li>Extranet </li></ul></ul><ul><ul><li>Luhn formula </li></ul></ul><ul><ul><li>Smart card </li></ul></ul><ul><ul><li>Thin client </li></ul></ul>
  34. 34. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul>
  35. 35. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul>
  36. 36. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul><ul><ul><li>Digital wallet - encryption software, user ID </li></ul></ul>
  37. 37. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul><ul><ul><li>Digital wallet - encryption software, user ID </li></ul></ul><ul><ul><li>Extranet - authorized outsider-available intranet </li></ul></ul>
  38. 38. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul><ul><ul><li>Digital wallet - encryption software, user ID </li></ul></ul><ul><ul><li>Extranet - authorized outsider-available intranet </li></ul></ul><ul><ul><li>Luhn formula - credit card verifying algorithm </li></ul></ul>
  39. 39. e-Commerce Risk <ul><li>Luhn formula </li></ul><ul><ul><li>(1) Start with penultimate digit and, moving left, double the value of each alternating digit. If you get a two digit number, add the two digits. </li></ul></ul><ul><ul><li>(2) Add up all digits. Result must be zero mod 10 </li></ul></ul>
  40. 40. e-Commerce Risk <ul><li>Luhn formula </li></ul><ul><ul><li>1234 567890 12347 </li></ul></ul><ul><ul><li>1 4 3 8 5 3 7 7 9 0 1 4 3 8 7 </li></ul></ul><ul><ul><li>1+4+3+8+5+3+7+7+9+0+1+4+3+8+7=70 </li></ul></ul>
  41. 41. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul><ul><ul><li>Digital wallet - encryption software, user ID </li></ul></ul><ul><ul><li>Extranet - authorized outsider-available intranet </li></ul></ul><ul><ul><li>Luhn formula - credit card verifying algorithm </li></ul></ul><ul><ul><li>Smart card - personal electronic memory card </li></ul></ul>
  42. 42. e-Commerce Risk <ul><li>How many do you recognize? </li></ul><ul><ul><li>Daemon - a structured background process </li></ul></ul><ul><ul><li>Data mining - looking for hidden data patterns </li></ul></ul><ul><ul><li>Digital wallet - encryption software, user ID </li></ul></ul><ul><ul><li>Extranet - authorized outsider-available intranet </li></ul></ul><ul><ul><li>Luhn formula - credit card verifying algorithm </li></ul></ul><ul><ul><li>Smart card - personal electronic memory card </li></ul></ul><ul><ul><li>Thin client - network computer w/o hard drive </li></ul></ul>
  43. 43. e-Commerce Risk <ul><li>Ingram Micro Inc. vs. American Guarantee & Liability Insurance Company </li></ul><ul><ul><li>“ The court finds that ‘physical damage’ is not restricted to the physical destruction or harm of computer circuitry, but includes loss of access, loss of use and loss of functionality .” </li></ul></ul>
  44. 44. e-Commerce Risk <ul><li>Ingram Micro Inc. vs. American Guarantee & Liability Insurance Company </li></ul><ul><ul><li>“ Restricting the policy’s language to that proposed by American [i.e.that contained in the policy] would be archaic .” </li></ul></ul>
  45. 45. e-Commerce Risk <ul><li>TD Waterhouse fined $225,000 for repeated outages which left customers unable to trade </li></ul><ul><li>11 online brokers reported 88 outages for 1st 9 months 1999 (12th firm reported so many outages it didn’t keep track). </li></ul>
  46. 46. e-Commerce Risk <ul><li>Collect Available Data </li></ul><ul><ul><li>Exposure base not well-defined </li></ul></ul><ul><ul><li>Economic costs of losses not disclosed </li></ul></ul><ul><ul><li>Industry is young and evolving </li></ul></ul><ul><ul><li>Threat base is also evolving </li></ul></ul>
  47. 47. e-Commerce Risk <ul><li>Collect Available Data </li></ul><ul><ul><li>Remember, “Lloyd’s List” was started in 1696 but it wasn’t until 75 years later that the Society of Lloyd’s was formed </li></ul></ul>
  48. 48. e-Commerce Risk <ul><li>Develop Model </li></ul><ul><ul><li>Identify major processes </li></ul></ul><ul><ul><li>Identify major threats </li></ul></ul><ul><ul><li>Relate threats to processes </li></ul></ul><ul><ul><li>Determine (or guess at) parameters </li></ul></ul>
  49. 49. e-Commerce Risk <ul><li>Example - Distributed Denial of Service (DDoS) </li></ul>
  50. 50. e-Commerce Risk <ul><ul><li>“ Attack of the Zombies” - February,2000 </li></ul></ul><ul><ul><ul><li>Monday, February 7 </li></ul></ul></ul><ul><ul><ul><ul><li>Yahoo! portal rendered inaccessible for 3 hours </li></ul></ul></ul></ul><ul><ul><ul><li>Tuesday, February 8 </li></ul></ul></ul><ul><ul><ul><ul><li>Buy.com 90% inaccessible </li></ul></ul></ul></ul><ul><ul><ul><ul><li>eBay incapacitated </li></ul></ul></ul></ul><ul><ul><ul><ul><li>CNN 95% inaccessible </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Amazon.com slowed to 5 minute access time </li></ul></ul></ul></ul><ul><ul><ul><li>Wednesday, February 9 </li></ul></ul></ul><ul><ul><ul><ul><li>ZDNet.com unreachable </li></ul></ul></ul></ul><ul><ul><ul><ul><li>E*Trade slowed “to a crawl” </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Excite 60% inaccessible </li></ul></ul></ul></ul>
  51. 51. e-Commerce Risk <ul><li>How DDoS Works </li></ul><ul><ul><li>Goal is to render system inoperable </li></ul></ul><ul><ul><li>One attacker controls multiple servers </li></ul></ul><ul><ul><li>Method: Break into numerous sites, install “attack script” and orchestrate coordinated attack </li></ul></ul>
  52. 52. e-Commerce Risk USER PCs HACKER UNWITTING HOST “ ZOMBIE” OTHER NETWORK COMPUTERS VICTIM’S SERVER
  53. 55. e-Commerce Risk <ul><li>Price According to Strategy </li></ul><ul><ul><li>Frequency will vary with </li></ul></ul><ul><ul><ul><li>Popularity </li></ul></ul></ul><ul><ul><ul><li>Profile </li></ul></ul></ul><ul><ul><ul><li>Potential </li></ul></ul></ul>
  54. 56. e-Commerce Risk <ul><li>Price According to Strategy </li></ul><ul><ul><li>Severity will vary </li></ul></ul><ul><ul><ul><li>eToys v. E*Trade </li></ul></ul></ul>
  55. 57. e-Commerce Risk <ul><li>“ You gotta be careful if you don’t know where you’re going ‘cause you might not get there. ” </li></ul><ul><li>- Yogi Berra </li></ul>

×