solution to the IT issue selected for this project.

The implication of IT security for online retailers is fundamental to ensuring consumer confidence and trust (Streeter, 2009). Moreover, online consumers are far less forgiving of IT security failures than they were just a few years ago based on their positive online experiences with other secure sites (Streeter, 2009). Lapses in IT security can also cause a loss of business and a diminution of any consumer goodwill that has been accumulated over the years, resulting in a loss of competitive advantage (Mishra, 2009). For companies such as Zappos where the consumers’ perception of the “look and feel” of their product line is limited by the online retailing experience, ensuring the security of transactions is a paramount consideration. In this regard, Mishra emphasizes that, “Unfortunately, the Internet in its current technological form is a poor service delivery medium because it lacks the capacity for direct personal interaction enjoyed by the most noninternet-based services” (2009, p. 128).

In fact, when any condition adversely affects consumers’ online shopping experience, it is reasonable to suggest that it will have a corresponding impact on their propensity to complete a retail transaction or to engage in repeat business. As Mishra points out, “Various researchers have reported poor perception of e-service and many blunders seem to occur because e -companies fail to deliver real added value services to the customers and to meet their expectations” (2009, p. 129). Taken together, it is also reasonable to suggest that it is vitally important for online retailers such as Zappos to have timely and effective IT security policies and procedures in effect for its personnel organization-wide, and these issues are discussed further below.

IT security strategy divisions

Individual. The company employs approximately 1,500 individuals, with about one-third of these employees located in their help desk and order fulfillment centers (Looking ahead, 2014). The computer servers at Zappos.com are all protected by Secure Sockets Layer (SSL) and secure firewalls that are specifically designed to maintain the security of all digital information and to ensure its access only by authorized Internet users (Protecting your personal information, 2015). The SSL protocol is used to manage the security of data transmission on the Internet (Kanabar & Kanabar, 2009). Web pages that are prefaced with HTTPS rather than HTTP are protected by SSL (Kanabar & Kanabar, 2009).

There is a potential for social engineering to defeat these security protocols, though. Help desk and call center employees at Zappos are encouraged to be friendly, cordial, and humorous and are even advised to “be a little weird” in communicating with customers. For example, in response to an inquiry concerning the fact that the company’s Trustwave seal was not operational, a company representative responded as follows:

Hello! Thank you for contacting the Zappos.com Customer Loyalty Team. My name is Heidi.

I hope you are having a great day so far! It is beautiful and sunny day here in Vegas today! I hope you are getting some sunshine where you are at as well. I am sorry for any confusion regarding our security policy here at Zappos.com. I would be more than happy to look into this further for you. I want to assure you that Zappos.com is a secure site. I have included a link below for your convenience that explains how we protect your personal information: http://vip.zappos.com/protecting-your-personal-information

Also, please keep in mind, we are here 24-7 if you have more questions or need further clarification. Feel free to contact us anytime by phone, live chat or simply respond to this email.

I love this time of year and always look forward to picking out a Christmas tree, hot chocolate by the fire and more than anything, scarf and sweater shopping! I hope you and your family had a wonderful holiday season! Please let us know if there is anything else we can do for you, we’re here 24/7. Thank you for being such a great customer. Have a wonderful day! Thanks! Heidi

This response failed to address the original question as to why the Trustwave protection was not in place and a subsequent email to this effect met with this response:

Thank you for contacting the Zappos Customer Loyalty Team. My name is Heather and I’m happy to help you today. I hope the weather where you are wasn’t too cold today! It’s finally getting chilly here in Las Vegas, and we cannot believe that holidays are over! I apologize that your previous email was misread. I did go to our safety page, and you are correct; Trustwave, for some reason, is not recognizing our website, despite the many articles/web searches that link us with them. I have forwarded this information on so that this may be corrected. Thank you for bringing this matter to our attention. The security of your personal information is our number one priority, which is why we are consistently ranked among the top websites for positive and safe online transactions. If you are not comfortable purchasing from on our website due to this error, we apologize and hope that you are able to find what you are looking for elsewhere. If we can be of any assistance, even to shop on other websites for you, we are here 24/7 to do so. Please let us know if there is anything else we can do for you. Have a wonderful day! Thanks! Heather M.

A recent visit to the personal protection page at Zappos reveals that the Trustwave protection seal has been removed. Nevertheless, these exchanges underscore the fact that in their zeal to fulfill their goals of being friendly, cordial and “even a little weird.” It is possible that Zappos employees could unwittingly divulge proprietary information concerning the company or provide unauthorized access to other customer data.

Traditional and virtual teams. The company places a high priority on the effective collaboration of its teams irrespective of the format in which they meet (Zappos Family Core Values, 2015). It is therefore vitally important to ensure the security of the proprietary information that is shared between members of these teams and the teams themselves, as well as the company’s individual departments as noted below.

Department. Zappos currently operates the following departments:

Facilities (this department is responsible for stocking the free food and beverages the company provide to all employees as well as shipping and receiving, office supplies and maintenance, and cleaning).

Finance, Treasury and Accounting (this department is responsible for all financial issues, including payroll processing).

Help Desk (this department is tasked with the provision of online and telephonic customer support services).

Human Resources (this department provides all of the conventional human resource services, including administering employee benefit programs).

Information Technology (this department is responsible for implementing, maintaining and upgrading the company’s IT systems).

Legal (this department is responsible for the legal aspects of doing business including the protection of the company’s intellectual property) (Zappos.com Inc., 2015).

Interdepartmental communications should be protected using a secure company intranet that is not linked to the Internet. In addition, all communications and collaborations between these departments must be conducted with a view towards an organization-wide culture of IT security as discussed further below.

Organization. The company is PCI compliant and encrypts all of its organizational connections using SSL technology. This is just a minimum standard, though, for companies doing business online. In this regard, Hammermaster (2010) reports that, “Payment Card Industry (or PCI) compliance is a requirement of all businesses that interact with credit or debit cards. PCI compliance ensures that your clients are up-to-date on the latest best practices to protect their business and their customers from card payment fraud” (p. 22). In addition, Zappos also encrypts payment information that is transmitted within the organization as well. In addition, according to Zappos, “All payment information is encrypted while in storage within a network that is firewalled off from the rest of the company and the internet” (Protecting your personal information, 2015, para. 2). This type of end-to-end encryption is also widely regarded as a minimum standard of protection for retailers doing business online. For instance, Hammermaster (2010) reports that, “End-to-end encryption (E2EE) starts with payment capture devices, and goes all the way to the transaction’s being authorized. E2EE prevents the card account data from being stolen electronically, and lessens the cost and impact to become a PCI-compliant business” (p. 22).

Notwithstanding these protections, the organization’s reliance on a Web hub for its central core business means that everyone must be committed to IT security in order for these protections to be effective (Foster, 2001). As Foster emphasizes, “In the end, company owners and managers must realize that Internet security is a cultural and human resources issue that cannot be solved by technology or policy alone. Instilling a positive organizational culture is the only sure way to guarantee that your employees will be productive and that your company’s goals will be met” (2001, p. 34). Although the company emphasizes that its fraud rate is lower than the industry standard, it also concedes that Zappos’ IT team remains hard at work in minimizing fraudulent activity on its Web site.

Interorganization. At present, it is unclear whether the company uses SSL encryption in its online communications with other organizations, but this should be a condition of doing business with Zappos for organizations that access and process sensitive information.

Partnership. The company maintains business partnerships with more than one thousand brands and a wide array of supply chain partners. Transactional data is therefore exchanged with hundreds of other businesses thousands of time every day. Based on the company’s meteoric success to date, it is reasonable to conclude that it has managed this aspect of its IT security effectively.

Global. Because it operates a commercial Web site, Zappos customer base extends globally, and the same IT security protections that are required at the individual, team, department and organization level are required for its global transactions.

References

Foster, M. (2001, September). Create a positive organizational culture to reduce Internet misuse.

The National Public Accountant, 46(7), 34.

Hammermaster, G. (2010, August). Payment processing tips for small businesses. Journal of Accountancy, 210(2), 22-25.

Kanabar, D. & Kanabar, V. (2009, May). A quick guide to basic network security terms.

Computers in Libraries, 23(5), 24-31.

Looking ahead. (2014). Zappos. Retrieved from http://about.zappos.com/zappos-story/looking-ahead-let-there-be-anything-and-everything.

Mishra, S. (2009, December). A conceptual framework for creating customer value in E-retailing in India. South Asian Journal of Management, 16(4), 127-133.

Protecting your personal information. (2015). Zappos. Retrieved from http://www.zappos.com / protecting-your-personal-information.

Streeter, B. (2009, September). Sobering views from the E-commerce “space.” ABA Banking

Journal, 91(9), 7.

Zappos.com Inc. (2015). Zappos. Retrieved from http://about.zappos.com/meet-zappos-family/zapposcom-inc.

Zappos Family Core Values. (2015). Zappos. Retrieved from http://about.zappos.com/our-unique-culture/zappos-core-values/build-positive-team-and-family-spirit.