THE NEED FOR CYBER LAWS

There are seven billion people in this world. Approximately 50% are internet user, i.e. 3.5 billion people on the
internet. And the number just keeps increasing exponentially. The 21st century can very easily be called the
‘internet century.’ Our worlds revolve around our smart devices. Which in turn revolves around the internet. We
cannot even imagine the world where Facebook or Snapchat or PayTM doesn’t exist. Gone are the days of
standing in lines to pay your bills. Today’s generation doesn’t know what a line is. Or for that matter, what
patience is. World connectivity has brought about such a revolution that the post-net and pre-net worlds are
entirely unrecognizable. Our lifestyle and culture have changed. Our priorities have changed. And so have our
problems.

The Internet has immense power. Power to make or break someone. Power to impact world policies and
decisions. To change the world. With the increasing popularity of online activities, the rate of online crimes has
also increased exponentially. While the extent and impact of these crimes vary greatly from the Occident to the
Orient, it has become a global menace. From crimes like cyber bullying to cyber terrorism, these new age
phenomena have evolved and are evolving constantly. Cyber-crimes are still not explicitly defined. While most
countries have laws in place to deal with such issues, the underlying crime itself varies from case to case.
Moreover, cyber activities are not governed by geographical borders. Which makes dealing with such crimes all
the more confusing and complex. As a result of which, a lot of cyber-crimes either go unreported or simply
unconvicted.

Cybercrime is an endless well of new ways to commit crimes. These may be as simple as extortion to complex
crimes and conspiracies affecting world politics. The latest examples being the WannaCry ransomware attack in
terms of extortion. And the alleged notorious involvement of Russia in the US presidential elections in terms of
politics. While this is a new territory for both the offenders and victims, the world cyber laws still have a long
way to go. Both in terms of prevention and conviction of attacks.
CYBER LAWS AROUND THE WORLD

 THE UNITED STATES OF AMERICA

The USA is the world leader in cyber crimes. It has been the top affected country of the world in terms of
internet related crimes with 23% of world cyber crime rate. However, it is also the country with strongest cyber
laws in place. About 60% of the cyber cases registered, end in conviction and prison sentences.
The first effective law against such crimes was first established in 1984 termed as The Computer Fraud and
Abuse Act (CFAA). However, the act did not include a provision for intentional harming of devices by using
malicious code. Or in lay man language, for viruses. To improve the act, The National Information
Infrastructure Protection Act (NIIA) was introduced. The act included previous espionage laws and made it
illegal to view computer information without authorisation. Over and beyond these laws, USA has established
strict definitions and punishments for cyber crimes. From penalties like expulsion to criminal misdemeanour to
felony in cyber bullying. To penalty of 15 years imprisonment and fines for identity theft. To penalty of six to
twenty years prison time for hacking and damage to computer properties. USA has quite a stronghold on cyber
laws.
At the end of 2015, the United States Congress approved what is known as the Cybersecurity Act of 2015 to
protect the country from cyberattacks responsibly and promptly, through a framework promoting the exchange
of information between the private sector and the government about computer threats. Under the act,
information about a threat found on a system may be shared with the aim of preventing attacks or mitigating
risks that may affect other companies, agencies or users. Through the use of information gathering, security
checks and other protective measures, organizations and governments are able to coordinate intelligence and
defensive actions.

 LATIN AMERICA
In a recent report, a model was applied to determine cybersecurity capacity in Latin America and the Caribbean.
This document highlights the importance of responsible disclosure of information in public and private sector
organizations when a vulnerability is identified. It also emphasizes the importance of legislative frameworks,
investigation, the processing of electronic evidence, and the training of judges and prosecutors in the field of
cybersecurity. Adherence to international conventions, such as the Budapest Convention, and being a signatory
to cross-border agreements for cooperation, are other decisive factors. Similarly, adoption of best practices
along with the use of security technologies are considered, for the formation of a “resilient cyber society”.

 EUROPEAN UNION
The EU recently adopted the NIS Directive for the security of information networks and systems, seeking the
promotion of legislation encouraging member countries to be equipped and prepared to respond to incidents, by
having a Computer Security Incident Response Team (CSIRT) and a national authority competent in this area.
The creation of a CSIRT network is intended to promote rapid and effective cooperation, the exchange of risk-
related information, and the development of a culture of security among sectors vital to Europe’s economy and
society, such as energy, transport, finance, health, and digital infrastructure. The new laws are aimed at
encouraging the homogeneous development of cybersecurity capacities and at preventing incidents that threaten
economic activities, infrastructure, the confidence of users, and the operation of systems and networks critical to
each country.
 CHINA
China has always set the precedent in cyber laws. While its laws may appear dictatorial to external forces, they
are essential to the Chinese government. The recognition and penalizing of cyber crimes began in 1997 with the
‘Computer Information Network and Internet Security, Protection and Management Regulations’ codified by
the State Council. As per the criminal law, acts like hacking, sabotaging data or creating and propagating digital
viruses lead to a minimum of three years imprisonment. The sentence is increased phenomenally in graver
cases, involving sensitive data. After 2010, the law also states, ‘within Chinese territory, the internet is under
the sovereignty of China.’ Which translates to, the government has utter and complete control over the internet
within their borders. As such, many of the world’s most popular websites are banned in China. For instance,
Google. While this may appear preposterous to us, it has proved beneficial for indigenous e-commerce and
digital companies of China. The latest in China’s law is the Cybersecurity Law that came into effect this June.
The law requires all foreign companies to store their essential data of use within the country itself. As well as
allow the government to conduct check’s on the company network’s and data.

 The UNITED ARAB EMIRATES

Among the middle-eastern countries, UAE has the most comprehensive and strong law against cyber criminals.
UAE faces a meager 5% of the world’s cyber threats. However, being the financial capital of the Gulf Regions,
it has strong laws to protect its businesses from attacks. The nation has very clearly defined each offense as well
as the penalty associated with each. From a penalty of maximum two-year imprisonment or 250-000-500,000
AED (Arab Emirates Dirham) for the basic crime of cyber stalking and harassment. To imprisonment and fine
of up to 2,000,000 AED for forgery. To life imprisonment for cyber terrorism. UAE has clear-cut, stringent laws
in place for any cyber threat.

 AUSTRALIA
Australia’s law enforcement and intelligence agencies are empowered to compel carriers to preserve the
communication records of persons suspected of cyber-based crimes. Australian cybercrime law also extends the
geographic reach of the provisions to criminal activity which occurs wholly or partly in Australia, on board an
Australian aircraft or ship, and in certain circumstances to the conduct of Australian nationals abroad. April
2016 the Australian Prime Minister, in his forward to the nation’s Cyber Security Strategy, wrote: “…
cyberspace cannot be allowed to become a lawless domain.” In respect to high tech crime or cybercrime of
national significance, the responsibility of investigation and response is with the Australian Federal Police
(AFP). They also have jurisdiction over cybercrimes involving online fraud affecting a government department. 
CYBER CRIMES AND LAWS IN INDIA
The Indian Law does not define the term ‘cybercrime’. It is neither defined in the Information Technology Act,
2000 nor in the I.T. Amendment Act, 2008 nor in any other legislation of India. In fact, the Indian Penal Code
still does not use the term ‘cybercrime’ even after its amendment by the Information Technology (Amendment)
Act, 2008. However, cybercrime can be defined as any criminal activity directly related to the use of computers
and the internet, such as illegal trespass into the computer system or database of another, manipulation or theft
of stored or online data, hacking, phishing, cyber warfare, spreading computer viruses etc. In simple words, any
offence or crime in which a computer is used for committing that crime. Coming to cyber law, it can be defined
as the law which governs Cyberspace and protects from cyber crimes and lays down punishments for its
violation. Cyberlaw is a common term which refers to legal jurisdiction and regulation of various aspects of the
internet and computer security.

In India, cyber laws are regulated by the Information Technology Act, 2000. The main object of this Act is to
provide legal recognition to e-commerce and electronic formats and to facilitate the filing of electronic records
with the Government. This legislation lays down rules and regulations related to cybercrimes, electronic
information and formats, electronic authentication and digital signatures, and liability of network service
providers. The I.T. Act is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL
Model) recommended by the General Assembly of the United Nations by a resolution dated 30 January 1997.

The Indian Cyber Law covers these major aspects of Cyberspace and cybercrime:
 The Indian Cyber Law makes every format in electronic form legal, which means anything that you write,
share and publish electronically is now considered legal.
 It also makes all electronic contracts legal, which means that an offer can be electronically made and
accepted, and it would amount to a valid and binding electronic contract.
 The Indian Cyber Law recognizes and legalizes the concept of digital signatures and electronic
authentications.
 Indian Cyber Law covers almost all kinds of cybercrimes and provides punishment for the same.
 It also punishes the people of other nationalities, provided their crimes involve any computer or network
situated in India.
 Legalization of everything in electronic format, such as publications, communications, signatures and
authorization, means that it is all now valid and can be used in any proceedings.

PROS OF THE IT ACT, 2000

Before the enactment of the I.T. Act, 2000, the usual means of communication such as emails and texts were not
considered as a legal form of communication and due to this, they were not admissible as evidence in a court of
law. But after the enactment of I.T. Act, 2000 electronic formats and communication got legal recognition, and
now they are admissible as evidence in a court of law. Digital signatures and authentications have been legalized
after the I.T. Act, 2000, which is a great assistance to carry out transactions online as they help in verifying the
identity of an individual on the internet. The I.T. Act, 2000, provides for corporate to have statutory remedies if
anyone hacks and breaks into their computer systems or networks and causes any kind of damages. The I.T.
Act, 2000 provides for monetary damages, by the way, compensation, as a remedy for such crimes. The I.T.
Act, 2000 has defined, recognized and penalized various cyber crimes such as hacking, spamming, identity
theft, phishing and many more. Prior to this Act, cybercrimes were not included in any legislation, and there
was no legal remedy for such crimes.
CONS OF THE IT ACT, 2000
India faces a meager 3% of the world’s total cyber-attacks. However, it also has only one strong law in place to
tackle them. The Information Technology Act of 200 and its consequent amendments is the only legislative law
governing cyber threats in India. While the law encompasses various crimes such as violation of privacy,
identity theft, sending obscene material and cyber terrorism. It lacks on various fronts such as cyber bullying,
forgery, piracy etc. From penalties of up to two lakh rupees and imprisonment for privacy violation. To a fine
of up to ten lakh rupees and up to five years in prison, to lifelong imprisonment for cyber terrorism. The laws
that India has in place are quite strict but there are still a lot of loopholes to cover.
The I.T. Act, 2000 may cause a conflict of jurisdiction as electronic commerce is based on the system of domain
names. The I.T. Act, 2000 does not address the issues relating to domain names, rights and liabilities of domain
owners. It also does not provide for the protection of Intellectual Property Rights as issues regarding
copyrights and patents are very common in relation to computer programs and networks. The offences
covered and defined under the I.T. Act, 2000 are not exhaustive in nature. Since, with the advancements in
technologies, computer programs and networks are constantly changing and evolving, and with this
advancement, the nature of cybercrimes is also evolving. This Act does not cover various kinds of cybercrimes
such as cyberstalking, cyber fraud, chat room abuse, theft of internet hours and many more. It has not
addressed issues like privacy and content regulation, which is very necessary, considering the vulnerability
internet poses. Lastly, the main issue with this Act is its implementation. The I.T. Act, 2000 does not lay down
any parameters for its implementation and regulations.
SECURITY ISSUES RELATED TO E-COMMERCE

E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers to the
commercial transactions which are conducted online. E-commerce can be drawn on many technologies such as
mobile commerce, Internet marketing, online transaction processing, electronic funds transfer, supply chain
management, electronic data interchange (EDI), inventory management systems, and automated data collection
systems. E-commerce threat is occurring by using the internet for unfair means with the intention of stealing,
fraud and security breach. There are various types of e-commerce threats. Some are accidental, some are
purposeful, and some of them are due to human error. The most common security threats are an electronic
payments system, e-cash, data misuse, credit/debit card frauds, etc.

1. Electronic payments system:

With the rapid development of the computer, mobile, and network technology, e-commerce has become a
routine part of human life. In e-commerce, the customer can order products at home and save time for doing
other things. There is no need of visiting a store or a shop. The customer can select different stores on the
Internet in a very short time and compare the products with different characteristics such as price, colour, and
quality. The electronic payment systems have a very important role in e-commerce. E-commerce organizations
use electronic payment systems that refer to paperless monetary transactions. It revolutionized the business
processing by reducing paperwork, transaction costs, and labour cost. E-commerce processing is user-friendly
and less time consuming than manual processing. Electronic commerce helps a business organization expand its
market reach expansion. There is a certain risk with the electronic payments system. Some of them are:

2. The Risk of Fraud

An electronic payment system has a huge risk of fraud. The computing devices use an identity of the person for
authorizing a payment such as passwords and security questions. These authentications are not full proof in
determining the identity of a person. If the password and the answers to the security questions are matched, the
system doesn't care who is on the other side. If someone has access to our password or the answers to our
security question, he will gain access to our money and can steal it from us.

3. The Risk of Tax Evasion

The Internal Revenue Service law requires that every business declare their financial transactions and provide
paper records so that tax compliance can be verified. The problem with electronic systems is that they don't
provide cleanly into this paradigm. It makes the process of tax collection very frustrating for the Internal
Revenue Service. It is at the business's choice to disclose payments received or made via electronic payment
systems. The IRS has no way to know that it is telling the truth or not that makes it easy to evade taxation.

4. The Risk of Payment Conflicts

In electronic payment systems, the payments are handled by an automated electronic system, not by humans.
The system is prone to errors when it handles large amounts of payments on a frequent basis with more than one
recipients involved. It is essential to continually check our pay slip after every pay period ends in order to
ensure everything makes sense. If it is a failure to do this, may result in conflicts of payment caused by technical
glitches and anomalies.
5. E-cash
E-cash is a paperless cash system which facilitates the transfer of funds anonymously. E-cash is free to the user
while the sellers have paid a fee for this. The e-cash fund can be either stored on a card itself or in an account
which is associated with the card. The most common examples of e-cash system are transit card, PayPal,
GooglePay, Paytm, etc. E-cash has four major components-
 Issuers - They can be banks or a non-bank institution.
 Customers - They are the users who spend the e-cash.
 Merchants or Traders - They are the vendors who receive e-cash.
 Regulators - They are related to authorities or state tax agencies.
In e-cash, we stored financial information on the computer, electronic device or on the internet which is
vulnerable to the hackers. Some of the major threats related to e-cash system are-

6. Backdoors Attacks
It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the normal
authentication mechanisms. It works in the background and hides itself from the user that makes it difficult to
detect and remove.

7. Denial of service attacks

A denial-of-service attack (DoS attack) is a security attack in which the attacker takes action that prevents the
legitimate (correct) users from accessing the electronic devices. It makes a network resource unavailable to its
intended users by temporarily disrupting services of a host connected to the Internet.

8. Direct Access Attacks

Direct access attack is an attack in which an intruder gains physical access to the computer to perform an
unauthorized activity and installing various types of software to compromise security. These types of software
loaded with worms and download a huge amount of sensitive data from the target victims.

9. Eavesdropping
This is an unauthorized way of listening to private communication over the network. It does not interfere with
the normal operations of the targeting system so that the sender and the recipient of the messages are not aware
that their conversation is tracking.

10. Credit/Debit card fraud

A credit card allows us to borrow money from a recipient bank to make purchases. The issuer of the credit card
has the condition that the cardholder will pay back the borrowed money with an additional agreed-upon charge.
A debit card is of a plastic card which issued by the financial organization to account holder who has a savings
deposit account that can be used instead of cash to make purchases. The debit card can be used only when the
fund is available in the account.
Some of the important threats associated with the debit/credit card are-
1. ATM (Automated Teller Machine)-
It is the favourite place of the fraudster from there they can steal our card details. Some of the important
techniques which the criminals opt for getting hold of our card information is:

2. Skimming
It is the process of attaching a data-skimming device in the card reader of the ATM. When the customer swipes
their card in the ATM card reader, the information is copied from the magnetic strip to the device. By doing
this, the criminals get to know the details of the Card number, name, CVV number, expiry date of the card and
other details.

3. Unwanted Presence
It is a rule that not more than one user should use the ATM at a time. If we find more than one people lurking
around together, the intention behind this is to overlook our card details while we were making our transaction.

4. Vishing/Phishing
Phishing is an activity in which an intruder obtained the sensitive information of a user such as password,
usernames, and credit card details, often for malicious reasons, etc. Vishing is an activity in which an intruder
obtained the sensitive information of a user via sending SMS on mobiles. These SMS and Call appears to be
from a reliable source, but in real they are fake. The main objective of vishing and phishing is to get the
customer's PIN, account details, and passwords.

5. Online Transaction
Online transaction can be made by the customer to do shopping and pay their bills over the internet. It is as easy
as for the customer, also easy for the customer to hack into our system and steal our sensitive information. Some
important ways to steal our confidential information during an online transaction are-
 By downloading software which scans our keystroke and steals our password and card details.
 By redirecting a customer to a fake website which looks like original and steals our sensitive information.
 By using public Wi-Fi

6. POS Theft
It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson takes the
customer card for processing payment and illegally copies the card details for later use.
Legal Issues Relating To E-Commerce
The power of the Web to reach the world carries with it a variety of legal issues, often related to intellectual
property concerns, copyright, trademark, privacy, etc., particularly in the context of doing business on the
Internet. Authorities seeking to apply their laws in traditional ways or to expand legal control over international
links face many challenges due to the global nature of the Internet. Liability, data protection and fraud
management can present significant legal challenges. The e-commerce ecosystem has become one of the most
crowded startup spaces over the past few years. In the period between 2012 and 2016, ecommerce startups raked
in over $46 billion in funding, with many startups easily closing over $100 million worth of deals. And even
after a lackluster funding phase in 2016, funding for ecommerce startups has been on an upward trend since
2017, with only fintech startups creating a bigger buzz within that period. That growth, however, hasn't come
without its challenges. The e-commerce industry, just like every other niche within the tech industry, has had to
adapt to an increasingly demanding legal and regulatory environment that has often led to lawsuits, product
recalls and even closures in some parts of the world. For entrepreneurs running e-commerce startups, legal
infractions can come in many forms, with each infraction presenting a different challenge for the business. As
such, it is vital for every e-commerce outfit to stay ahead of the game when it comes to individual legal
responsibilities.
E-commerce presents a world of opportunity for doing businesses, reaching global markets and purchasing
without leaving the home or office. E-commerce can provide opportunities to improve business processes, just
as phones, faxes and mobile communications have in the past. However, just as any new business tool has
associated issues and risks so does e-commerce. It's important to understand the legal issues and potential risks
to ensure a safe, secure environment for trading with customers and other businesses. The issue of law on the
Internet is a complex one. Between the two all-or-nothing extremes lies a broad spectrum of possibilities. Many
people revel in the freedom to express themselves and the freedom from prohibitions such as zoning restrictions
that the Internet apparently affords. With no law at all, however, the Internet would be no place to conduct
business or pleasure.

1. Liability and contractual information

Amazon, easily the most recognizable face of the e-commerce industry, has had to navigate the treacherous
world of regulation for years. Last year, the company survived a $2 million-dollar lawsuit after a U.S. District
Court ruled that the company was not liable for products sold on its website after an online buyer sued the
company for injuries sustained by a defective coffeemaker bought from Amazon.com. For the average e-
commerce startup, the Amazon ruling illustrates just how important it is to clearly define product liabilities and
warranties, especially if you deal with third-party vendors. You can easily get sued by customers for product
defects that have nothing to do with your business, which might see you spending unnecessarily on legal fees
while damaging your business's reputation. As a first step, always ensure your terms of use section is as detailed
as possible, making sure customers understand, among other things, your relationship with vendors on the site.
Also, ensure you’ve defined all the technical means available to customers in case they want to cancel or return
purchases and make sure you have a mechanism of notifying customers of their purchases within 24 hours of
the purchase.

2. Data protection and privacy

Most e-commerce platforms are reservoirs of sensitive customer information, which is often collected via
contact forms, customer registration, and during payment for purchases. In many regions around the globe, e-
commerce platforms are obliged to protect their customers' data as a requirement for legal compliance.
In the EU, for instance, e-commerce websites are required by the General Data Protection Regulation (GDPR)
to notify their visitors when they gather user information and also seek explicit consent before collecting or
reusing personal data. Some states in the U.S. require website owners to assign at least one employee to manage
internal data protection programs. To ensure your e-commerce website is compliant with data protection rules,
start by creating a comprehensive data protection policy in addition to your cookies policy. The links to both
these policies should be clearly visible on your website and should give your visitors information about whose
responsible for storing their data and how they can access, cancel, or modify any of their information. While
shopping on the Internet, most people typically do not think about what is happening in the background. Web
shopping is generally very easy. We click on a related site, go into that site, buy the required merchandise by
adding it to our cart, enter our credit card details and then expect delivery within a couple of days. This entire
process looks very simple but a developer or businessmen knows exactly how many hurdles need to be jumped
to complete the order. Customer information has to pass through several hands so security and privacy of the
information are a major concern. The safety and security of a customer's personal information lies within the
hands of the business. Therefore businesses have to give the customer first their guarantee, and second peace of
mind, that the information passed over is of no risk to any invading eyes. In traditional and online trading
environments, consumers are entitled to have their privacy respected. Websites should provide the customers
with choices regarding the use of their personal information, and incorporate security procedures to limit access
to customer information by unauthorised parties. Privacy policies and procedures should be clearly explained to
customers. Although respecting consumer privacy rights is a legal requirement, it also represents good business
practice. If customers trust a site and business then they are more likely to trade with it. Many people are not
willing to disclose their personal information on the Web. It is up to individuals to decide how much personal
information they are willing to disclose and how it might be used. Interestingly, one survey found that many
people who disclose personal information do so in hope of financial benefit, such as winning a sweepstakes.

3. Managing fraud and securing electronic transactions

Payments fraud and other issues related to online security have become quite popular over the past few years,
coinciding with the growth of the ecommerce industry. One report projected that card-not-present (CNP) fraud
will grow by 14 percent annually up to 2023, which is a significant figure for e-commerce platforms that accept
on--site payments. So, in addition to protecting customers' information on your site, it is important to go deeper
into the inner workings of your e-commerce site to prevent fraud. Many countries require businesses to report
any breach to the public, especially one that deals with personal and sensitive user data. In the U.S., for instance,
most states will require businesses to report any data breach to its residents within 45 days, though this varies
from state to state Some federal, state and territory governments encourage the adoption of electronic commerce
by enacting and enabling legalisation. In Australia many bills and acts have been passed to resolve legal issues
and make electronic transaction more authenticated, such as the Electronic Transaction Act (ETA). ETA enables
contractual dealings, such as offers, acceptances and invitations, to be conducted electronically, and also allows
people to use an electronic signature to satisfy any legal requirement. This may reduce administrative duties,
storage and operational costs for businesses. New legislation brings some questions such as, For how long will
these acts be valid? What are the boundaries of these acts? Who should be forced to follow the rules? Most of
these questions are unanswerable today. Global companies have the responsibility to deal with some of the legal
issues such as how to form contracts, abide by consumer protection laws, create privacy policies and protect
databases. How will legal structure affect international transactions on the Internet? Will it restrict the potential
growth of the Internet prematurely? Rapid changes in technology do not allow enforcement of specific laws in
cyberspace. For now many organizations are promoting global coordination of legal structures .
4.Copyright & Trademark
Many attempts have been made to address the issues related to copyrights on digital content. E-commerce has a
tremendous impact on copyright and related issues, and the scope of copyrights is affecting how e-commerce
evolves. It is essential that legal rules are set and applied appropriately to ensure that digital technology does not
undermine the basic doctrine of copyright and related rights. From one perspective, the Internet has been
described as "the world's biggest copy machine" . Older technologies such as photocopying, recording and
taping are bound by rules and regulations regarding quantity, content, quality and time constraints. In contrast,
on the Internet one person can send millions of copies all over the world. Generally, a trademark can be owned
by an individual, a company, or any sort of legal entity. When someone else tries to use that trademark (e.g.,
your distinctive name or logo) without authorisation, it could be considered an illegal dilution of the distinctive
trademark. If someone uses a trademark in such a way as to dilute the distinctive quality of the mark or trade on
the owner's reputation, the trademark owner may seek damages. Some Web-based applications have enabled
large-scale exploitation of music samples and audio formats. Software that is available free of cost on the Net
allows the transfer of songs and videos without the authorization of rights holders (e.g. Napster, MP3
Providers). Moreover, CD burners and portable MP3 players allow copyright violations to occur rather easily. A
number of important recent developments have occurred in the field of copyright and related issues that have
far-reaching implications for the industry, and are being addressed in legislatures, judiciaries and international
forums. During the last couple of years, new laws have passed in some countries to ensure effective protection
and enforcement of rights in the digital era. At the same time, copyright industries are also adapting their
business methods and uses of technology to exploit digital opportunities, while guarding against new risks.
"Ultimately, the music industry's war on illegal downloading can never be won" says Charles Shoniregun.

5. Online Terms, Conditions, Policies and Laws

Most online privacy policies are produced by private businesses for individual companies. Governments are
developing legislation to support and strengthen the privacy protection measures of many businesses. These
initiatives are aimed at regulating the storage, use and disclosure by businesses of personal information. Privacy
legislation is designed to protect a person's personal information. The privacy laws of their host country affect
overseas companies. Every organisation should be very careful while applying terms and conditions for the
electronic transaction for Internet users. Privacy and security policies not only reflect the organizations practice
but also the rules and regulations for doing business with the company. Major issues regarding the legalization
of electronic transactions include the following.
 Ensure proper online contracts.
 Record retention obligations.
 Original documentation, in terms of TAX and VAT requirements.
 Import/export regulations. -- Exchange control regulation.
 Foreign data protection law.

6. Legislation Dilemma
Electronic transactions separate e-business from traditional types of businesses. When a transaction takes place,
Who has jurisdiction? Who has the authority to apply law over the transaction? For example, if you buy a laptop
in your local computer store, you know your legal rights. If the computer does not work when you take it home,
and the store refuses to settle up, then you can probably take the dispute to your local small claims court. But if
you buy the same computer online, from a vendor on the other side of the world, perhaps through a dealer based
in yet a third country, then your rights are a lot less clear. Which country's protection laws apply: yours, those in
the vendor's home country, or those of the intermediary?
Without knowing which particular set of laws apply, it's impossible to know whom to sue. A little legislation
can go a long way toward helping parties to establish better boundaries to work within. When a transaction that
takes place between two different parties located in two different countries goes wrong then a number of
complex questions arise.

7. E-Business and Legal Issues

The technological basis of e-commerce is basically Web client/server middleware, or what is called three-tier
architectures. The client tier is the Web browser involving some type of form processing. The middle tier is the
Web server, often with transaction processing. The Web server in turn links to the third tier, a database
processing the order information. Some of the issues are strictly Internet-related, such as domain names and
trademarks, linking and framing, clickware (and shrinkware), and metatag use. Others are traditional issues
applied to the Internet, such as copyright, contracts, consumer protection, privacy, taxation, regulated industries
and jurisdiction. E-commerce site development, its advertising, electronic transaction, money transactions and
such involve many legal issues, which need to be taken into account step by step. Before developing an e-
commerce site a registered domain and a registered trademark should be established. There must be some
copyright protection on the site. The business must ensure that it displays the terms and condition/policies
within its site. Security involving the privacy of a user's data is always one of the main concerns while doing
business online. Defining rules and regulations for the advertisement of the site by placing banners on other
known sites is another. It is of great value when dealing with such complex issues to consult an attorney who
specializes in the issues of cyberspace.

Most of the legal issues surrounding electronic commerce are not new. Lawyers should, however, be able to
recognise the increased significance of certain legal issues to the online environment. In understanding the
technical, contractual, intellectual property and regulatory issues, which have enhanced importance in the new
economy, the lawyer is well placed to assist clients in pro-actively minimising their exposure to legal liability.
Before allocating resources to the initiative it must be determined whether it is legally possible to perform the
business process or transaction electronically. For example, the Electronic Communication and Transaction
(ECT) Act facilitates the conclusion of most transactions and communications electronically by placing such
transactions on an equal footing with traditional transactions or communications. The popular view of the
Internet as an unregulated medium is not true. The laws of the world's jurisdiction still apply when you surf the
Net: the only difference is that the way they might apply. The colonisation of cyberspace is both technology and
opportunity driven. Indeed technology is at the same time both a threat as well as a solution, because on the one
hand it challenges existing legal and regulatory infrastructures and yet offers the solution to many of those
threats, including security, integrity and authenticity.
BUSINESS MODELS OF E-COMMERCE

1) Business-To-Business (B2B)
As the name suggests, the business-to-business model of eCommerce is one where the exchange of good or
service takes place between corporations instead of individuals. It is usually a situation whereby one company
provide goods or services online with other companies as its target audience. Example- When a mobile app
development company is offering its IT solutions to some real estate companies seeking to build an app for their
client base, in this situation, the mobile app company advertises its service on their website while real estate
companies that are interested can request a price quotation through the same channel. A cybersecurity firm is
offering its online security software that mitigates credit card fraud to an eCommerce company.

 Pros- The B2B market is predictable as well as stable. There is greater customer loyalty than in other models
of eCommerce. B2B features lower operating costs after the initial setup since most processes are automated
and valid for a long time.You can generate a sustainable and reasonably high-profit margin from repeat
clients.
 Cons- B2B eCommerce often requires substantial capital to set up. Costs include business registration,
branding and setting up a physical or virtual office. There is a smaller pool of customers when compared to
other models. Since B2B marketing targets businesses, sales are a little hard to come by because firms take a
longer time to make decisions. Where firms ask for huge discounts because of their bulk purchase, it could
eat into the profit of the seller.

2) Business-To-Consumer (B2C)
The B2C eCommerce business model is what usually comes to people’s mind when they hear the word “e-
commerce.” It is perhaps this popularity that is also responsible for the increased activity in this field. B2C
eCommerce refers to the distribution of goods and services from business to members of the public who are its
customers. It is one of the earliest forms of eCommerce and has grown massively in the last two decades as
observed from retail giants Amazon. According to Statista, B2C eCommerce sales globally reached $1.2 trillion
in 2013 with the number of online buyers surpassing 1 billion in the same year. In 2018, that figure became
more than double with retail sales hitting the $2.6 trillion mark. Examples- All major online retail stores like
Amazon and payment processors like PayPal or a traveling agency that provides ticket and travel insurance
policies to clients.

 Pros- It requires a reasonably low startup capital when compared to other eCommerce models. For instance,
drop shipping allows selling products without you having to manage an inventory or delivery. Anyone with
a basic knowledge of the internet can set up and manage a B2C eCommerce store under little supervision. It
is also easy to scale a B2C eCommerce venture. It involves selling to a wide range of audience with already
known purchase patterns and behavior. It allows for flexibility since the platform is the channel for
efficiently collating market demand in real-time.
 Cons- The B2C space is highly competitive with most firms already boasting a majority of the market share.
Shipping products across borders can be a massive challenge if you mistakenly land the wrong shipping
company. Many buyers still prefer making purchases in-store rather than online. There is little difficulty in
sourcing for hot and cheap products to list on your eCommerce store throughout the year. The market is
continually evolving and requires upgrades more frequently than in other models.
 3) Consumer-To-Business (C2B)
The C2B eCommerce model is the opposite of B2C meaning that in this case, would be consumers are now the
ones offering goods and services to business operators. Interestingly, the C2B industry is arguably the most
significant employment channel other than paid office jobs, because the transactions are borderless. We divide
C2B eCommerce owners into two categories:
 Independent workers — These set of people offer products or services on a website they created for this
purpose. The approach allows them to interact with clients directly and negotiate deals on their terms.
 Freelancers — Majority of C2B eCommerce owners under this channel are service providers and product sellers
on freelancing sites such as Fiverr and Upwork.
Businesses go to these platforms to search for skilled service providers who display their gigs and ends up
hiring anyone that matches their ambition. The platform, in turn, charges commissions for connecting
businesses with these service providers. The C2B industry also has a different revenue model to B2C because
service providers and their clients can define parameters such as how often to collect payment, duration of a
project, product supply dates and more.

 Pros- C2B provides a channel for companies to source and hire a variety of service talents and products
from around the globe.It also provides an opportunity for companies to prioritize hiring from regions where
the standard of living is low, thus, reducing what figure goes on the paycheck. It also allows service
providers to gain work experience across multiple projects and get paid well for doing so. Freelancers also
enjoy relative freedom and flexibility in terms of working hours.
 Cons- A high level of communication skills is required to convey project ideas. Companies that hire
freelancers could face a challenge in sending payment to freelancers in some parts of the world. The
possibility of outsourcing means the freelancer paid for the job may not even be the one doing it. This
situation could put themployer at a disadvantage as he gets a substandard service than what he originally
paid.

4) Consumer-To-Consumer (C2C)
Under the C2C eCommerce business model, consumers sell to consumers usually through a third-party website
or an independent online platform that they created for this purpose. Generally, all peer-to-peer transaction of
goods and services carried out online falls into the C2C e-commerce business model. It requires a high level of
trust between the customers and not necessarily on the platform on which the trade is carried out.

 Pros- There are usually no upfront costs to get yourself of product listed on a third-party C2C website.
With C2C, the products gallery is unlimited since different customers are on board and selling various items
scattered across different niches. C2C facilitates the sale of used items as opposed to B2C where a majority
of the products are new.It often serves as a black market for businesses to purchase items without going
through the primary market.
 Cons- The cost charged for each sale using the C2C eCommerce model on a third-party site like eBay may
eat into the profit of the merchant. C2C poses a high level of risk in terms of product quality than other
eCommerce business models. Under C2C, most transactions require that both parties trust it each other. For
auction sites, users may end up buying goods at inflated prices which is not a good economic decision.
5) Business-To-Government (B2G)
As the name rightly suggests, the B2G eCommerce model is one where a business sells its product or service to
the government of either the area where its operations are based or elsewhere. In most case, businesses under
this umbrella have these government or public administrative offices as their only clients and receive contracts
on a long-term basis. Such a situation makes it possible for them to easily calculate profits and manage funds
effectively while delivering their solution to a wide audience. Sadly, though, their business could also be
negatively affected if there is a change in government and the new authority refuses to honor the already
existing contract.

 Pros- It features a high-profit margin and longevity than most other eCommerce business models. B2G
businesses can enjoy tax benefits not common to other eCommerce merchants. It increases flexibility and
efficiency in public administration.
 Cons- A change in government could adversely affect a B2G product or service provider It often requires
huge capital to set up. It could also confine a business to operate within a specific geographical location,
thus removing the primary purpose of eCommerce transactions which is borderless product and service
delivery.

6) Consumer-To-Government (C2G)
C2G is just the opposite of the last eCommerce business model albeit a little difference; this time it is the
consumers or members of the public that offer value to the government or public administrative agencies.
However, it is still the public administration or government that initiates the transactions, often as a way to ease
its operations and relieve the citizenry of some burdens. The public does not bear any responsibility whatsoever
if the platform conducting the C2G transactions goes offline or fails to deliver.

 Pros- It makes public administration more flexible and efficient. It encourages public knowledge of internet-
based technology. There is enormous profit potential for third parties contracted to handle C2G transactions.
 Cons- A lack of internet service in some regions could restrict the performance of C2G eCommerce. Public
awareness and education programmes may be needed to introduce the populace to such systems.
ADVANTAGES OF E-COMMERCE

The internet might be the single most important facet of modern society. It plays a primary role in everything
from political discourse and higher education to the way we conduct ourselves and our businesses. It's no
wonder, then, that switching to an e-commerce model comes with significant advantages.

-E-commerce eliminates the need for physical stores and allows businesses to expand their customer base. On
top of eliminating the possibility of long lines, e-commerce sites offer a huge advantage to both shoppers and
stores that aren't located in major urban areas. Even if you are located in a big city, e-commerce opens up new
markets, allowing you to develop a new business model geared toward your expanding consumer base. Many
businesses have found particular success in developing good e-commerce Search Engine Optimization, which
drives more traffic to the site.

-Businesses can also save money on rent,maintenance, and other costs associated with physical stores. An e-
commerce store can essentially remain open 24/7 without hiring employees to watch over the store and protect
items. Since you aren't confined to a set amount of shelf space, there is no limit to the number of items that can
be sold online, and your store's stock can expand exponentially. Physical products will still have to be stored
somewhere, but storage spaces are often cheaper than retail spaces, and you won't have to worry about factors
like foot traffic and parking spaces.

-Digital products can be sold online with little-to-no overhead cost. Thanks to e-commerce, consumers can
purchase music, videos, or books instantaneously. Stores can now sell unlimited copies of these digital items,
without having to worry about where they'll store the inventory.

-E-commerce also allows businesses to scale up easier than physical retailers. When a brick-and-mortar store
grows, it needs to consider how it will serve more customers in the same small space. More employees are
needed to expedite check-outs, more of the floor gets dedicated to forming lines, shoppers feel more crowded as
customer base and inventory grows. Of course, logistics always get tougher as a business grows, no matter how
the business operates. With the right choice of a third-party logistics provider, however, e-commerce companies
can manage this growth without worrying about the physical store aspects.

-Keeping in contact with customers is often easier for e-commerce businesses. Since the e commerce merchant
captures contact information in the form of email, sending out both automated and customized emails is simple.
Let customers know about a sale, promote a new product, or just check in with customers for a personal touch—
all with minimal effort. Additionally, web tools like cookies allow for superior store customization and
consumer behavior analysis.

-The benefits consumers enjoy are shared by e-commerce companies when it comes to the supply chain. 
Consumers like online shopping because they don't have to deal with cash, worry about schedules, or wait in
long lines. Those benefits also apply to entire supply chains interlinked with business-to-business e-
commerce systems. Procurement becomes faster, transparent, and there's no need to handle currency notes or
cash. The result is cheaper, easier transactions with fewer opportunities for accounting errors.

-Finally, e-commerce allows any business to track logistics, which is key to a successful e-commerce
company. Having everything digitized makes it easier to automatically collect data and crunch numbers. While
you can benefit from knowing what's selling best, you can also afford to take more risks on low-volume goods.
The conventional retail strategy focuses on stocking fast-moving goods, but the economics of e-
commerce permits slow-moving and even obsolete products to be included in the catalog. Storage is less
expensive, and displaying the product is as easy as adding another item page to your site.
DISADVANTAGES OF E-COMMERCE

While it may initially seem like e-commerce will solve all your business problems, there are disadvantages to
switching from a physical location to an online store.

-Many consumers still prefer the personal touch and relationships formed at a brick-and-mortar shop. This can
be especially valuable to customers shopping for specialized products, as they may want to consult an expert
about the best product for their needs. A solid customer service hotline can't replace face-to-face interaction
with a specialized sales rep. Additionally, many customers want to experience the product before purchase, like
when shopping for clothes.

-Security and credit card fraud are also huge risks when dealing with online shopping. Consumers run the risk of
identity fraud and similar hazards every time they enter their details into a site. If your site doesn't convince
shoppers that the check-out process is secure, they could get scared out of buying. On the other hand, businesses
run the risk of phishing attacks and other forms of cyberattacks. If one of your employees opens just one
malicious link, it could compromise your website functionality, financial information—or worst of all, your
customers' information.

-If shopping is about instant gratification, then consumers are left empty-handed. They often have to either pay
more for expedited shipping or wait for several days until the product arrives. The wait could drive away
customers. For businesses, the shipping becomes extra complicated when a customer wants a refund. Growing
e-commerce businesses need to expand their reverse logistics functions, meaning the shipping back of goods
and refunding of costs.

-Speaking of costs, there's a multiplicity of regulations and taxes that come with opening an e-commerce shop
(and a fair amount of confusion, as well). On June 21, 2018, the U.S. Supreme Court ruled that states can charge
sales tax on e-commerce transactions. But the Supreme Court left it up to states to decide what size of online
retailers must pay sales tax, and what that tax rate will be. That's just one example of the regulatory confusion
that has stemmed from e-commerce's rapid growth, and it doesn't even touch on international trade laws. The
result is a regulatory patchwork that retailers are responsible for learning, no matter how complicated.

Some aspects of e-commerce don't fit nicely into just the pro or con side of the argument. Unique issues present
an advantage to shoppers while adding difficulty for businesses. Customers might be buying, but the business
could suffer in other ways.

-Price comparison is a major advantage for online shoppers that can restrict businesses. Consumers can compare
prices with a simple click, rather than crossing town to check another store. Many shoppers will search for the
absolute lowest price, and if you can't offer it, you will probably lose the sale.

-Even if you can offer lower prices, businesses who compete in these price wars will see their profits
decline. Though there is nothing about e-commerce that's intrinsically tied to discounts, the way online
business has evolved has led to lower prices. Buyers love the lower prices, but sellers—not so much.

-Shipping is convenient for consumers, but it adds inconvenience to the business. Shoppers love having things
delivered right to their doorstep, but the logistics of delivery adds substantial strain to the e-commerce business
operation. The more you ship, the bigger the burden becomes. Logistics and management can become a
nightmare, even as the business enjoys steady profit growth and customer retention.
INRODUCTION TO E-COMMERCE

E-commerce or electronic commerce can be defined as a term which describes the selling and purchasing of any
good over the Internet, like, buying the clothes, shoes, apparel or anything on an online platform, in simple
words, e-commerce is a process where the businesses and the consumers sell and purchase goods via an
electronic medium. E-commerce includes online marketing, supply chain system, online transactions, mobile
marketing and so many transfers of data through an electronic path which helps the business to run and grow.
Ecommerce has erased the limitation of time and distance to buy or sell the goods without facing any part of
problem permanently. The availability of Internet has led to the development of E-Commerce (Electronic
commerce), in which business transactions take place via telecommunication networks. E-Commerce has two
major aspects: economical and technological.
New standards and new facilities are constantly emerging and their proper understanding is essential for the
success of an operation and especially for those who are assigned a duty to select, establish, and maintain the
necessary infrastructure.

E-Commerce systems include commercial transactions on the Internet but their scope is much wider than this;
they can be classified by application type:

 Electronic Markets: The principle function of an electronic market is to facilitate the search for the required
product or service. Airline booking systems are an example of an electronic market.

 Electronic Data Interchange (EDI): Electronic Data Interchange (EDI) is the electronic exchange of business
documents in a standard, computer processable, universally accepted format between-trading partners.EDI is
quite different from sending electronic mail, messages or sharing files through a network. In EDI, the
computer application of both the sender and the receiver, referred to as Trading Partners (TPs) have to agree
upon the format of the business document which is sent as a data file over electronic messaging services.
Trading partners normally consists of an organization’s principal suppliers and wholesale customers. Since
large retail stores transact business with a large number of suppliers they were among the early supporters of
EDI. In the manufacturing sector, EDI has enabled the concept of Just-In-Time inventory to be
implemented. JIT reduces inventory and operating capital requirements. EDI provides for the efficient
transaction of recurrent trade exchanges between commercial organizations. EDI is widely used by, for
example, large retail groups and vehicle assemblers when trading with their suppliers.

 Internet Commerce: The Internet (and similar network facilities) can be used for advertising goods and
services and transacting one-off deals. Internet commerce has application for both business to- business and
business to consumer transactions.
BRIEF HISTORY OF E-COMMERCE
History of ecommerce dates back to the invention of the very old notion of "sell and buy", electricity, cables,
computers, modems, and the Internet. Ecommerce became possible in 1991 when the Internet was opened to
commercial use. Since that date thousands of businesses have taken up residence at web sites. At first, the term
ecommerce meant the process of execution of commercial transactions electronically with the help of the
leading technologies such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT) which
gave an opportunity for users to exchange business information and do electronic transactions. The ability to use
these technologies appeared in the late 1970s and allowed business companies and organizations to send
commercial documentation electronically.

Although the Internet began to advance in popularity among the general public in 1994, it took approximately
four years to develop the security protocols (for example, HTTP) and DSL which allowed rapid access and a
persistent connection to the Internet. In 2000 a great number of business companies in the United States and
Western Europe represented their services in the World Wide Web. At this time the meaning of the word
ecommerce was changed. People began to define the term ecommerce as the process of purchasing of available
goods and services over the Internet using secure connections and electronic payment services. Although the
dot-com collapse in 2000 led to unfortunate results and many of ecommerce companies disappeared, the "brick
and mortar" retailers recognized the advantages of electronic commerce and began to add such capabilities to
their web sites (e.g., after the online grocery store Webvan came to ruin, two supermarket chains, Albertsons
and Safeway, began to use ecommerce to enable their customers to buy groceries online). By the end of 2001,
the largest form of ecommerce, Business-to-Business (B2B) model, had around $700 billion in transactions.

Ecommerce has a great deal of advantages over "brick and mortar" stores and mail order catalogs. Consumers
can easily search through a large database of products and services. They can see actual prices, build an order
over several days and email it as a "wish list" hoping that someone will pay for their selected goods. Customers
can compare prices with a click of the mouse and buy the selected product at best prices. Online vendors, in
their turn, also get distinct advantages. The web and its search engines provide a way to be found by customers
without expensive advertising campaign. Even small online shops can reach global markets. Web technology
also allows to track customer preferences and to deliver individually-tailored marketing. History of ecommerce
is unthinkable without Amazon and Ebay which were among the first Internet companies to allow electronic
transactions. Thanks to their founders we now have a handsome ecommerce sector and enjoy the buying and
selling advantages of the Internet. Currently there are 5 largest and most famous worldwide Internet retailers:
Amazon, Dell, Staples, Office Depot and Hewlett Packard. According to statistics, the most popular categories
of products sold in the World Wide Web are music, books, computers, office supplies and other consumer
electronics. Amazon.com, Inc. is one of the most famous ecommerce companies and is located in Seattle,
Washington (USA). It was founded in 1994 by Jeff Bezos and was one of the first American ecommerce
companies to sell products over the Internet. After the dot-com collapse Amazon lost its position as a successful
business model, however, in 2003 the company made its first annual profit which was the first step to the further
development.
History of ecommerce is a history of a new, virtual world which is evolving according to the customer
advantage. It is a world which we are all building together brick by brick, laying a secure foundation for the
future generations.
SECURITY TOOLS AND SYSTEMS IN E-COMMERCE
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her
faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −
 Confidentiality − Information should not be accessible to an unauthorized person. It should not be
intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over the network.
 Availability − Information should be available wherever and whenever required within a time limit
specified.
 Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
 Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender
sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of
message should not be able to deny the receipt.
 Encryption − Information should be encrypted and decrypted only by an authorized user.
 Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.

The various security systems for E-Commerce operations are-

1. Penetration testing
Penetration testing tools simulate real-world attack scenarios to discover and exploit security gaps that could
lead to stolen records, compromised credentials, intellectual property, personally identifiable information (PII),
cardholder data, personal, protected health information, data ransom, or other harmful business outcomes. Pen
Testing can be accomplished either through manual or automated processes. Tests can be divided in a few
categories. Depending on the scope, they could be targeted towards either network equipment (Servers, Network
endpoints, Wireless networks, Network security devices, Mobile devices) or software applications and the code
behind it (including Web, Mobile or Desktop applications).

2. Vulnerability scanning
Vulnerability analysis, also known as vulnerability assessment, is the process of identification and classification
of security holes (vulnerabilities) in a computer, network, or communications’ infrastructure. In addition,
vulnerability analysis can forecast the effectiveness of the proposed countermeasures and evaluate their actual
effectiveness after they are put into use. They are usually conducted using mainly automated tools. Unlike the
penetration testing, vulnerability assessment does not try to exploit the identified vulnerabilities in order to
prove their truthfulness and impact on the business.

3. Network firewalls
Firewall is a must in large corporations, as usually complex solutions are in place to protect their extensive
networks. Firewalls can be configured to prevent access to certain websites (like social media or sites for online
gambling) or they can be configured to prevent employees from sending certain types of files or emails or they
can be caught when transmitting sensitive data outside of the company network. Their second purpose is to
prevent outside users from accessing systems inside the network. A company might choose to implement a
single file sharing server on the network and restrict all other computers. Extensive and complex configurations
require strict handling and they need to be maintained by highly trained Network Security specialists.
4.  WAF
A web application firewall (WAF) applies a set of rules to an HTTP communication. It is referred to as firewall
that protects web applications. It relies on rules that cover common web application attacks such as SQL
injection, cross-site scripting (XSS) and more. In comparison with the proxies, which are used to protect clients,
WAFs could be considered as reverse proxies, used to protect servers. WAFs may come in the form of an
appliance, server plug-in, or filter, and may be customized to a specific application. As well as the network
firewall, WAF also requires serious customization and needs to be maintained as the application is modified.

5. IPS/IDS devices
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are among the most sophisticated
network security devices in use today. Their job is to carefully inspect network packets, block the ones with
malicious content and alert administrators about attack attempts. These systems’ logs contain valuable
information about attack types, network threats, targeted devices, and more. IPS logs should be extracted and
carefully analyzed to prevent future attack attempts.

6. SIEM and SOC

A SIEM (Security Information and Event Management) is a technology which provides network security
visibility by indicating suspicious and non-legitimate activity through predefined rules and correlation
intelligence. SIEM solutions allow security analysts to investigate suspected threats.  They collect and
normalize logs in order to be tested against a set of correlation rules that when triggered are expected to create
events which could be later analyzed by security analysts. A SOC (Security Operations Centre) encompasses the
People, Processes, as well as Technology involved in protectively-monitoring a network. SOC team is a
centralized unit of security analysts and other security experts that deals with security issues, using a variety of
tools. They are responsible to react to security incidents and actively research known or 0-day threats. One of
the main tools used by security analysts is a SIEM.

The basic tools for security measures are-

1. Encryption – One of the most important methods to provide security is by converting readable into encoded
text, especially for end-to-end protection of data transmitted across networks.

2. Digital signature – Those are electronic “fingerprints” in the form of a coded message. The digital signature
securely associates a signer with a document in a recorded transaction using PKI.

3. Security certificates – SSL Certificates digitally bind a cryptographic key to an organization’s details. After
installation on a web server it activates the padlock and the https protocol to provide secure connections.
Typically, SSL or TLS is used to secure data transfers, logins and credit card transactions.

4. MFA – It uses several different factors to verify a person’s identity and authenticate them to access specific
software, system or the residing data. MFA systems use two or more ways to authenticate individuals.

5. SSO – A user authenticates him at the beginning of their work using a master sign-on. In case that they
require to authenticate into another system or software, the SSO solution logs in on their behalf.

6. Payment gateway server – A payment gateway is a merchant service provided by an E-commerce application
service provider, used to authorize credit card or direct payments processing for e-businesses and online
retailers.