Professional Documents
Culture Documents
There are seven billion people in this world. Approximately 50% are internet user, i.e. 3.5 billion people on the
internet. And the number just keeps increasing exponentially. The 21st century can very easily be called the
‘internet century.’ Our worlds revolve around our smart devices. Which in turn revolves around the internet. We
cannot even imagine the world where Facebook or Snapchat or PayTM doesn’t exist. Gone are the days of
standing in lines to pay your bills. Today’s generation doesn’t know what a line is. Or for that matter, what
patience is. World connectivity has brought about such a revolution that the post-net and pre-net worlds are
entirely unrecognizable. Our lifestyle and culture have changed. Our priorities have changed. And so have our
problems.
The Internet has immense power. Power to make or break someone. Power to impact world policies and
decisions. To change the world. With the increasing popularity of online activities, the rate of online crimes has
also increased exponentially. While the extent and impact of these crimes vary greatly from the Occident to the
Orient, it has become a global menace. From crimes like cyber bullying to cyber terrorism, these new age
phenomena have evolved and are evolving constantly. Cyber-crimes are still not explicitly defined. While most
countries have laws in place to deal with such issues, the underlying crime itself varies from case to case.
Moreover, cyber activities are not governed by geographical borders. Which makes dealing with such crimes all
the more confusing and complex. As a result of which, a lot of cyber-crimes either go unreported or simply
unconvicted.
Cybercrime is an endless well of new ways to commit crimes. These may be as simple as extortion to complex
crimes and conspiracies affecting world politics. The latest examples being the WannaCry ransomware attack in
terms of extortion. And the alleged notorious involvement of Russia in the US presidential elections in terms of
politics. While this is a new territory for both the offenders and victims, the world cyber laws still have a long
way to go. Both in terms of prevention and conviction of attacks.
CYBER LAWS AROUND THE WORLD
LATIN AMERICA
In a recent report, a model was applied to determine cybersecurity capacity in Latin America and the Caribbean.
This document highlights the importance of responsible disclosure of information in public and private sector
organizations when a vulnerability is identified. It also emphasizes the importance of legislative frameworks,
investigation, the processing of electronic evidence, and the training of judges and prosecutors in the field of
cybersecurity. Adherence to international conventions, such as the Budapest Convention, and being a signatory
to cross-border agreements for cooperation, are other decisive factors. Similarly, adoption of best practices
along with the use of security technologies are considered, for the formation of a “resilient cyber society”.
EUROPEAN UNION
The EU recently adopted the NIS Directive for the security of information networks and systems, seeking the
promotion of legislation encouraging member countries to be equipped and prepared to respond to incidents, by
having a Computer Security Incident Response Team (CSIRT) and a national authority competent in this area.
The creation of a CSIRT network is intended to promote rapid and effective cooperation, the exchange of risk-
related information, and the development of a culture of security among sectors vital to Europe’s economy and
society, such as energy, transport, finance, health, and digital infrastructure. The new laws are aimed at
encouraging the homogeneous development of cybersecurity capacities and at preventing incidents that threaten
economic activities, infrastructure, the confidence of users, and the operation of systems and networks critical to
each country.
CHINA
China has always set the precedent in cyber laws. While its laws may appear dictatorial to external forces, they
are essential to the Chinese government. The recognition and penalizing of cyber crimes began in 1997 with the
‘Computer Information Network and Internet Security, Protection and Management Regulations’ codified by
the State Council. As per the criminal law, acts like hacking, sabotaging data or creating and propagating digital
viruses lead to a minimum of three years imprisonment. The sentence is increased phenomenally in graver
cases, involving sensitive data. After 2010, the law also states, ‘within Chinese territory, the internet is under
the sovereignty of China.’ Which translates to, the government has utter and complete control over the internet
within their borders. As such, many of the world’s most popular websites are banned in China. For instance,
Google. While this may appear preposterous to us, it has proved beneficial for indigenous e-commerce and
digital companies of China. The latest in China’s law is the Cybersecurity Law that came into effect this June.
The law requires all foreign companies to store their essential data of use within the country itself. As well as
allow the government to conduct check’s on the company network’s and data.
AUSTRALIA
Australia’s law enforcement and intelligence agencies are empowered to compel carriers to preserve the
communication records of persons suspected of cyber-based crimes. Australian cybercrime law also extends the
geographic reach of the provisions to criminal activity which occurs wholly or partly in Australia, on board an
Australian aircraft or ship, and in certain circumstances to the conduct of Australian nationals abroad. April
2016 the Australian Prime Minister, in his forward to the nation’s Cyber Security Strategy, wrote: “…
cyberspace cannot be allowed to become a lawless domain.” In respect to high tech crime or cybercrime of
national significance, the responsibility of investigation and response is with the Australian Federal Police
(AFP). They also have jurisdiction over cybercrimes involving online fraud affecting a government department.
CYBER CRIMES AND LAWS IN INDIA
The Indian Law does not define the term ‘cybercrime’. It is neither defined in the Information Technology Act,
2000 nor in the I.T. Amendment Act, 2008 nor in any other legislation of India. In fact, the Indian Penal Code
still does not use the term ‘cybercrime’ even after its amendment by the Information Technology (Amendment)
Act, 2008. However, cybercrime can be defined as any criminal activity directly related to the use of computers
and the internet, such as illegal trespass into the computer system or database of another, manipulation or theft
of stored or online data, hacking, phishing, cyber warfare, spreading computer viruses etc. In simple words, any
offence or crime in which a computer is used for committing that crime. Coming to cyber law, it can be defined
as the law which governs Cyberspace and protects from cyber crimes and lays down punishments for its
violation. Cyberlaw is a common term which refers to legal jurisdiction and regulation of various aspects of the
internet and computer security.
In India, cyber laws are regulated by the Information Technology Act, 2000. The main object of this Act is to
provide legal recognition to e-commerce and electronic formats and to facilitate the filing of electronic records
with the Government. This legislation lays down rules and regulations related to cybercrimes, electronic
information and formats, electronic authentication and digital signatures, and liability of network service
providers. The I.T. Act is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL
Model) recommended by the General Assembly of the United Nations by a resolution dated 30 January 1997.
The Indian Cyber Law covers these major aspects of Cyberspace and cybercrime:
The Indian Cyber Law makes every format in electronic form legal, which means anything that you write,
share and publish electronically is now considered legal.
It also makes all electronic contracts legal, which means that an offer can be electronically made and
accepted, and it would amount to a valid and binding electronic contract.
The Indian Cyber Law recognizes and legalizes the concept of digital signatures and electronic
authentications.
Indian Cyber Law covers almost all kinds of cybercrimes and provides punishment for the same.
It also punishes the people of other nationalities, provided their crimes involve any computer or network
situated in India.
Legalization of everything in electronic format, such as publications, communications, signatures and
authorization, means that it is all now valid and can be used in any proceedings.
E-Commerce refers to the activity of buying and selling things over the internet. Simply, it refers to the
commercial transactions which are conducted online. E-commerce can be drawn on many technologies such as
mobile commerce, Internet marketing, online transaction processing, electronic funds transfer, supply chain
management, electronic data interchange (EDI), inventory management systems, and automated data collection
systems. E-commerce threat is occurring by using the internet for unfair means with the intention of stealing,
fraud and security breach. There are various types of e-commerce threats. Some are accidental, some are
purposeful, and some of them are due to human error. The most common security threats are an electronic
payments system, e-cash, data misuse, credit/debit card frauds, etc.
6. Backdoors Attacks
It is a type of attacks which gives an attacker to unauthorized access to a system by bypasses the normal
authentication mechanisms. It works in the background and hides itself from the user that makes it difficult to
detect and remove.
9. Eavesdropping
This is an unauthorized way of listening to private communication over the network. It does not interfere with
the normal operations of the targeting system so that the sender and the recipient of the messages are not aware
that their conversation is tracking.
2. Skimming
It is the process of attaching a data-skimming device in the card reader of the ATM. When the customer swipes
their card in the ATM card reader, the information is copied from the magnetic strip to the device. By doing
this, the criminals get to know the details of the Card number, name, CVV number, expiry date of the card and
other details.
3. Unwanted Presence
It is a rule that not more than one user should use the ATM at a time. If we find more than one people lurking
around together, the intention behind this is to overlook our card details while we were making our transaction.
4. Vishing/Phishing
Phishing is an activity in which an intruder obtained the sensitive information of a user such as password,
usernames, and credit card details, often for malicious reasons, etc. Vishing is an activity in which an intruder
obtained the sensitive information of a user via sending SMS on mobiles. These SMS and Call appears to be
from a reliable source, but in real they are fake. The main objective of vishing and phishing is to get the
customer's PIN, account details, and passwords.
5. Online Transaction
Online transaction can be made by the customer to do shopping and pay their bills over the internet. It is as easy
as for the customer, also easy for the customer to hack into our system and steal our sensitive information. Some
important ways to steal our confidential information during an online transaction are-
By downloading software which scans our keystroke and steals our password and card details.
By redirecting a customer to a fake website which looks like original and steals our sensitive information.
By using public Wi-Fi
6. POS Theft
It is commonly done at merchant stores at the time of POS transaction. In this, the salesperson takes the
customer card for processing payment and illegally copies the card details for later use.
Legal Issues Relating To E-Commerce
The power of the Web to reach the world carries with it a variety of legal issues, often related to intellectual
property concerns, copyright, trademark, privacy, etc., particularly in the context of doing business on the
Internet. Authorities seeking to apply their laws in traditional ways or to expand legal control over international
links face many challenges due to the global nature of the Internet. Liability, data protection and fraud
management can present significant legal challenges. The e-commerce ecosystem has become one of the most
crowded startup spaces over the past few years. In the period between 2012 and 2016, ecommerce startups raked
in over $46 billion in funding, with many startups easily closing over $100 million worth of deals. And even
after a lackluster funding phase in 2016, funding for ecommerce startups has been on an upward trend since
2017, with only fintech startups creating a bigger buzz within that period. That growth, however, hasn't come
without its challenges. The e-commerce industry, just like every other niche within the tech industry, has had to
adapt to an increasingly demanding legal and regulatory environment that has often led to lawsuits, product
recalls and even closures in some parts of the world. For entrepreneurs running e-commerce startups, legal
infractions can come in many forms, with each infraction presenting a different challenge for the business. As
such, it is vital for every e-commerce outfit to stay ahead of the game when it comes to individual legal
responsibilities.
E-commerce presents a world of opportunity for doing businesses, reaching global markets and purchasing
without leaving the home or office. E-commerce can provide opportunities to improve business processes, just
as phones, faxes and mobile communications have in the past. However, just as any new business tool has
associated issues and risks so does e-commerce. It's important to understand the legal issues and potential risks
to ensure a safe, secure environment for trading with customers and other businesses. The issue of law on the
Internet is a complex one. Between the two all-or-nothing extremes lies a broad spectrum of possibilities. Many
people revel in the freedom to express themselves and the freedom from prohibitions such as zoning restrictions
that the Internet apparently affords. With no law at all, however, the Internet would be no place to conduct
business or pleasure.
6. Legislation Dilemma
Electronic transactions separate e-business from traditional types of businesses. When a transaction takes place,
Who has jurisdiction? Who has the authority to apply law over the transaction? For example, if you buy a laptop
in your local computer store, you know your legal rights. If the computer does not work when you take it home,
and the store refuses to settle up, then you can probably take the dispute to your local small claims court. But if
you buy the same computer online, from a vendor on the other side of the world, perhaps through a dealer based
in yet a third country, then your rights are a lot less clear. Which country's protection laws apply: yours, those in
the vendor's home country, or those of the intermediary?
Without knowing which particular set of laws apply, it's impossible to know whom to sue. A little legislation
can go a long way toward helping parties to establish better boundaries to work within. When a transaction that
takes place between two different parties located in two different countries goes wrong then a number of
complex questions arise.
Most of the legal issues surrounding electronic commerce are not new. Lawyers should, however, be able to
recognise the increased significance of certain legal issues to the online environment. In understanding the
technical, contractual, intellectual property and regulatory issues, which have enhanced importance in the new
economy, the lawyer is well placed to assist clients in pro-actively minimising their exposure to legal liability.
Before allocating resources to the initiative it must be determined whether it is legally possible to perform the
business process or transaction electronically. For example, the Electronic Communication and Transaction
(ECT) Act facilitates the conclusion of most transactions and communications electronically by placing such
transactions on an equal footing with traditional transactions or communications. The popular view of the
Internet as an unregulated medium is not true. The laws of the world's jurisdiction still apply when you surf the
Net: the only difference is that the way they might apply. The colonisation of cyberspace is both technology and
opportunity driven. Indeed technology is at the same time both a threat as well as a solution, because on the one
hand it challenges existing legal and regulatory infrastructures and yet offers the solution to many of those
threats, including security, integrity and authenticity.
BUSINESS MODELS OF E-COMMERCE
1) Business-To-Business (B2B)
As the name suggests, the business-to-business model of eCommerce is one where the exchange of good or
service takes place between corporations instead of individuals. It is usually a situation whereby one company
provide goods or services online with other companies as its target audience. Example- When a mobile app
development company is offering its IT solutions to some real estate companies seeking to build an app for their
client base, in this situation, the mobile app company advertises its service on their website while real estate
companies that are interested can request a price quotation through the same channel. A cybersecurity firm is
offering its online security software that mitigates credit card fraud to an eCommerce company.
Pros- The B2B market is predictable as well as stable. There is greater customer loyalty than in other models
of eCommerce. B2B features lower operating costs after the initial setup since most processes are automated
and valid for a long time.You can generate a sustainable and reasonably high-profit margin from repeat
clients.
Cons- B2B eCommerce often requires substantial capital to set up. Costs include business registration,
branding and setting up a physical or virtual office. There is a smaller pool of customers when compared to
other models. Since B2B marketing targets businesses, sales are a little hard to come by because firms take a
longer time to make decisions. Where firms ask for huge discounts because of their bulk purchase, it could
eat into the profit of the seller.
2) Business-To-Consumer (B2C)
The B2C eCommerce business model is what usually comes to people’s mind when they hear the word “e-
commerce.” It is perhaps this popularity that is also responsible for the increased activity in this field. B2C
eCommerce refers to the distribution of goods and services from business to members of the public who are its
customers. It is one of the earliest forms of eCommerce and has grown massively in the last two decades as
observed from retail giants Amazon. According to Statista, B2C eCommerce sales globally reached $1.2 trillion
in 2013 with the number of online buyers surpassing 1 billion in the same year. In 2018, that figure became
more than double with retail sales hitting the $2.6 trillion mark. Examples- All major online retail stores like
Amazon and payment processors like PayPal or a traveling agency that provides ticket and travel insurance
policies to clients.
Pros- It requires a reasonably low startup capital when compared to other eCommerce models. For instance,
drop shipping allows selling products without you having to manage an inventory or delivery. Anyone with
a basic knowledge of the internet can set up and manage a B2C eCommerce store under little supervision. It
is also easy to scale a B2C eCommerce venture. It involves selling to a wide range of audience with already
known purchase patterns and behavior. It allows for flexibility since the platform is the channel for
efficiently collating market demand in real-time.
Cons- The B2C space is highly competitive with most firms already boasting a majority of the market share.
Shipping products across borders can be a massive challenge if you mistakenly land the wrong shipping
company. Many buyers still prefer making purchases in-store rather than online. There is little difficulty in
sourcing for hot and cheap products to list on your eCommerce store throughout the year. The market is
continually evolving and requires upgrades more frequently than in other models.
3) Consumer-To-Business (C2B)
The C2B eCommerce model is the opposite of B2C meaning that in this case, would be consumers are now the
ones offering goods and services to business operators. Interestingly, the C2B industry is arguably the most
significant employment channel other than paid office jobs, because the transactions are borderless. We divide
C2B eCommerce owners into two categories:
Independent workers — These set of people offer products or services on a website they created for this
purpose. The approach allows them to interact with clients directly and negotiate deals on their terms.
Freelancers — Majority of C2B eCommerce owners under this channel are service providers and product sellers
on freelancing sites such as Fiverr and Upwork.
Businesses go to these platforms to search for skilled service providers who display their gigs and ends up
hiring anyone that matches their ambition. The platform, in turn, charges commissions for connecting
businesses with these service providers. The C2B industry also has a different revenue model to B2C because
service providers and their clients can define parameters such as how often to collect payment, duration of a
project, product supply dates and more.
Pros- C2B provides a channel for companies to source and hire a variety of service talents and products
from around the globe.It also provides an opportunity for companies to prioritize hiring from regions where
the standard of living is low, thus, reducing what figure goes on the paycheck. It also allows service
providers to gain work experience across multiple projects and get paid well for doing so. Freelancers also
enjoy relative freedom and flexibility in terms of working hours.
Cons- A high level of communication skills is required to convey project ideas. Companies that hire
freelancers could face a challenge in sending payment to freelancers in some parts of the world. The
possibility of outsourcing means the freelancer paid for the job may not even be the one doing it. This
situation could put themployer at a disadvantage as he gets a substandard service than what he originally
paid.
4) Consumer-To-Consumer (C2C)
Under the C2C eCommerce business model, consumers sell to consumers usually through a third-party website
or an independent online platform that they created for this purpose. Generally, all peer-to-peer transaction of
goods and services carried out online falls into the C2C e-commerce business model. It requires a high level of
trust between the customers and not necessarily on the platform on which the trade is carried out.
Pros- There are usually no upfront costs to get yourself of product listed on a third-party C2C website.
With C2C, the products gallery is unlimited since different customers are on board and selling various items
scattered across different niches. C2C facilitates the sale of used items as opposed to B2C where a majority
of the products are new.It often serves as a black market for businesses to purchase items without going
through the primary market.
Cons- The cost charged for each sale using the C2C eCommerce model on a third-party site like eBay may
eat into the profit of the merchant. C2C poses a high level of risk in terms of product quality than other
eCommerce business models. Under C2C, most transactions require that both parties trust it each other. For
auction sites, users may end up buying goods at inflated prices which is not a good economic decision.
5) Business-To-Government (B2G)
As the name rightly suggests, the B2G eCommerce model is one where a business sells its product or service to
the government of either the area where its operations are based or elsewhere. In most case, businesses under
this umbrella have these government or public administrative offices as their only clients and receive contracts
on a long-term basis. Such a situation makes it possible for them to easily calculate profits and manage funds
effectively while delivering their solution to a wide audience. Sadly, though, their business could also be
negatively affected if there is a change in government and the new authority refuses to honor the already
existing contract.
Pros- It features a high-profit margin and longevity than most other eCommerce business models. B2G
businesses can enjoy tax benefits not common to other eCommerce merchants. It increases flexibility and
efficiency in public administration.
Cons- A change in government could adversely affect a B2G product or service provider It often requires
huge capital to set up. It could also confine a business to operate within a specific geographical location,
thus removing the primary purpose of eCommerce transactions which is borderless product and service
delivery.
6) Consumer-To-Government (C2G)
C2G is just the opposite of the last eCommerce business model albeit a little difference; this time it is the
consumers or members of the public that offer value to the government or public administrative agencies.
However, it is still the public administration or government that initiates the transactions, often as a way to ease
its operations and relieve the citizenry of some burdens. The public does not bear any responsibility whatsoever
if the platform conducting the C2G transactions goes offline or fails to deliver.
Pros- It makes public administration more flexible and efficient. It encourages public knowledge of internet-
based technology. There is enormous profit potential for third parties contracted to handle C2G transactions.
Cons- A lack of internet service in some regions could restrict the performance of C2G eCommerce. Public
awareness and education programmes may be needed to introduce the populace to such systems.
ADVANTAGES OF E-COMMERCE
The internet might be the single most important facet of modern society. It plays a primary role in everything
from political discourse and higher education to the way we conduct ourselves and our businesses. It's no
wonder, then, that switching to an e-commerce model comes with significant advantages.
-E-commerce eliminates the need for physical stores and allows businesses to expand their customer base. On
top of eliminating the possibility of long lines, e-commerce sites offer a huge advantage to both shoppers and
stores that aren't located in major urban areas. Even if you are located in a big city, e-commerce opens up new
markets, allowing you to develop a new business model geared toward your expanding consumer base. Many
businesses have found particular success in developing good e-commerce Search Engine Optimization, which
drives more traffic to the site.
-Businesses can also save money on rent,maintenance, and other costs associated with physical stores. An e-
commerce store can essentially remain open 24/7 without hiring employees to watch over the store and protect
items. Since you aren't confined to a set amount of shelf space, there is no limit to the number of items that can
be sold online, and your store's stock can expand exponentially. Physical products will still have to be stored
somewhere, but storage spaces are often cheaper than retail spaces, and you won't have to worry about factors
like foot traffic and parking spaces.
-Digital products can be sold online with little-to-no overhead cost. Thanks to e-commerce, consumers can
purchase music, videos, or books instantaneously. Stores can now sell unlimited copies of these digital items,
without having to worry about where they'll store the inventory.
-E-commerce also allows businesses to scale up easier than physical retailers. When a brick-and-mortar store
grows, it needs to consider how it will serve more customers in the same small space. More employees are
needed to expedite check-outs, more of the floor gets dedicated to forming lines, shoppers feel more crowded as
customer base and inventory grows. Of course, logistics always get tougher as a business grows, no matter how
the business operates. With the right choice of a third-party logistics provider, however, e-commerce companies
can manage this growth without worrying about the physical store aspects.
-Keeping in contact with customers is often easier for e-commerce businesses. Since the e commerce merchant
captures contact information in the form of email, sending out both automated and customized emails is simple.
Let customers know about a sale, promote a new product, or just check in with customers for a personal touch—
all with minimal effort. Additionally, web tools like cookies allow for superior store customization and
consumer behavior analysis.
-The benefits consumers enjoy are shared by e-commerce companies when it comes to the supply chain.
Consumers like online shopping because they don't have to deal with cash, worry about schedules, or wait in
long lines. Those benefits also apply to entire supply chains interlinked with business-to-business e-
commerce systems. Procurement becomes faster, transparent, and there's no need to handle currency notes or
cash. The result is cheaper, easier transactions with fewer opportunities for accounting errors.
-Finally, e-commerce allows any business to track logistics, which is key to a successful e-commerce
company. Having everything digitized makes it easier to automatically collect data and crunch numbers. While
you can benefit from knowing what's selling best, you can also afford to take more risks on low-volume goods.
The conventional retail strategy focuses on stocking fast-moving goods, but the economics of e-
commerce permits slow-moving and even obsolete products to be included in the catalog. Storage is less
expensive, and displaying the product is as easy as adding another item page to your site.
DISADVANTAGES OF E-COMMERCE
While it may initially seem like e-commerce will solve all your business problems, there are disadvantages to
switching from a physical location to an online store.
-Many consumers still prefer the personal touch and relationships formed at a brick-and-mortar shop. This can
be especially valuable to customers shopping for specialized products, as they may want to consult an expert
about the best product for their needs. A solid customer service hotline can't replace face-to-face interaction
with a specialized sales rep. Additionally, many customers want to experience the product before purchase, like
when shopping for clothes.
-Security and credit card fraud are also huge risks when dealing with online shopping. Consumers run the risk of
identity fraud and similar hazards every time they enter their details into a site. If your site doesn't convince
shoppers that the check-out process is secure, they could get scared out of buying. On the other hand, businesses
run the risk of phishing attacks and other forms of cyberattacks. If one of your employees opens just one
malicious link, it could compromise your website functionality, financial information—or worst of all, your
customers' information.
-If shopping is about instant gratification, then consumers are left empty-handed. They often have to either pay
more for expedited shipping or wait for several days until the product arrives. The wait could drive away
customers. For businesses, the shipping becomes extra complicated when a customer wants a refund. Growing
e-commerce businesses need to expand their reverse logistics functions, meaning the shipping back of goods
and refunding of costs.
-Speaking of costs, there's a multiplicity of regulations and taxes that come with opening an e-commerce shop
(and a fair amount of confusion, as well). On June 21, 2018, the U.S. Supreme Court ruled that states can charge
sales tax on e-commerce transactions. But the Supreme Court left it up to states to decide what size of online
retailers must pay sales tax, and what that tax rate will be. That's just one example of the regulatory confusion
that has stemmed from e-commerce's rapid growth, and it doesn't even touch on international trade laws. The
result is a regulatory patchwork that retailers are responsible for learning, no matter how complicated.
Some aspects of e-commerce don't fit nicely into just the pro or con side of the argument. Unique issues present
an advantage to shoppers while adding difficulty for businesses. Customers might be buying, but the business
could suffer in other ways.
-Price comparison is a major advantage for online shoppers that can restrict businesses. Consumers can compare
prices with a simple click, rather than crossing town to check another store. Many shoppers will search for the
absolute lowest price, and if you can't offer it, you will probably lose the sale.
-Even if you can offer lower prices, businesses who compete in these price wars will see their profits
decline. Though there is nothing about e-commerce that's intrinsically tied to discounts, the way online
business has evolved has led to lower prices. Buyers love the lower prices, but sellers—not so much.
-Shipping is convenient for consumers, but it adds inconvenience to the business. Shoppers love having things
delivered right to their doorstep, but the logistics of delivery adds substantial strain to the e-commerce business
operation. The more you ship, the bigger the burden becomes. Logistics and management can become a
nightmare, even as the business enjoys steady profit growth and customer retention.
INRODUCTION TO E-COMMERCE
E-commerce or electronic commerce can be defined as a term which describes the selling and purchasing of any
good over the Internet, like, buying the clothes, shoes, apparel or anything on an online platform, in simple
words, e-commerce is a process where the businesses and the consumers sell and purchase goods via an
electronic medium. E-commerce includes online marketing, supply chain system, online transactions, mobile
marketing and so many transfers of data through an electronic path which helps the business to run and grow.
Ecommerce has erased the limitation of time and distance to buy or sell the goods without facing any part of
problem permanently. The availability of Internet has led to the development of E-Commerce (Electronic
commerce), in which business transactions take place via telecommunication networks. E-Commerce has two
major aspects: economical and technological.
New standards and new facilities are constantly emerging and their proper understanding is essential for the
success of an operation and especially for those who are assigned a duty to select, establish, and maintain the
necessary infrastructure.
E-Commerce systems include commercial transactions on the Internet but their scope is much wider than this;
they can be classified by application type:
Electronic Markets: The principle function of an electronic market is to facilitate the search for the required
product or service. Airline booking systems are an example of an electronic market.
Electronic Data Interchange (EDI): Electronic Data Interchange (EDI) is the electronic exchange of business
documents in a standard, computer processable, universally accepted format between-trading partners.EDI is
quite different from sending electronic mail, messages or sharing files through a network. In EDI, the
computer application of both the sender and the receiver, referred to as Trading Partners (TPs) have to agree
upon the format of the business document which is sent as a data file over electronic messaging services.
Trading partners normally consists of an organization’s principal suppliers and wholesale customers. Since
large retail stores transact business with a large number of suppliers they were among the early supporters of
EDI. In the manufacturing sector, EDI has enabled the concept of Just-In-Time inventory to be
implemented. JIT reduces inventory and operating capital requirements. EDI provides for the efficient
transaction of recurrent trade exchanges between commercial organizations. EDI is widely used by, for
example, large retail groups and vehicle assemblers when trading with their suppliers.
Internet Commerce: The Internet (and similar network facilities) can be used for advertising goods and
services and transacting one-off deals. Internet commerce has application for both business to- business and
business to consumer transactions.
BRIEF HISTORY OF E-COMMERCE
History of ecommerce dates back to the invention of the very old notion of "sell and buy", electricity, cables,
computers, modems, and the Internet. Ecommerce became possible in 1991 when the Internet was opened to
commercial use. Since that date thousands of businesses have taken up residence at web sites. At first, the term
ecommerce meant the process of execution of commercial transactions electronically with the help of the
leading technologies such as Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT) which
gave an opportunity for users to exchange business information and do electronic transactions. The ability to use
these technologies appeared in the late 1970s and allowed business companies and organizations to send
commercial documentation electronically.
Although the Internet began to advance in popularity among the general public in 1994, it took approximately
four years to develop the security protocols (for example, HTTP) and DSL which allowed rapid access and a
persistent connection to the Internet. In 2000 a great number of business companies in the United States and
Western Europe represented their services in the World Wide Web. At this time the meaning of the word
ecommerce was changed. People began to define the term ecommerce as the process of purchasing of available
goods and services over the Internet using secure connections and electronic payment services. Although the
dot-com collapse in 2000 led to unfortunate results and many of ecommerce companies disappeared, the "brick
and mortar" retailers recognized the advantages of electronic commerce and began to add such capabilities to
their web sites (e.g., after the online grocery store Webvan came to ruin, two supermarket chains, Albertsons
and Safeway, began to use ecommerce to enable their customers to buy groceries online). By the end of 2001,
the largest form of ecommerce, Business-to-Business (B2B) model, had around $700 billion in transactions.
Ecommerce has a great deal of advantages over "brick and mortar" stores and mail order catalogs. Consumers
can easily search through a large database of products and services. They can see actual prices, build an order
over several days and email it as a "wish list" hoping that someone will pay for their selected goods. Customers
can compare prices with a click of the mouse and buy the selected product at best prices. Online vendors, in
their turn, also get distinct advantages. The web and its search engines provide a way to be found by customers
without expensive advertising campaign. Even small online shops can reach global markets. Web technology
also allows to track customer preferences and to deliver individually-tailored marketing. History of ecommerce
is unthinkable without Amazon and Ebay which were among the first Internet companies to allow electronic
transactions. Thanks to their founders we now have a handsome ecommerce sector and enjoy the buying and
selling advantages of the Internet. Currently there are 5 largest and most famous worldwide Internet retailers:
Amazon, Dell, Staples, Office Depot and Hewlett Packard. According to statistics, the most popular categories
of products sold in the World Wide Web are music, books, computers, office supplies and other consumer
electronics. Amazon.com, Inc. is one of the most famous ecommerce companies and is located in Seattle,
Washington (USA). It was founded in 1994 by Jeff Bezos and was one of the first American ecommerce
companies to sell products over the Internet. After the dot-com collapse Amazon lost its position as a successful
business model, however, in 2003 the company made its first annual profit which was the first step to the further
development.
History of ecommerce is a history of a new, virtual world which is evolving according to the customer
advantage. It is a world which we are all building together brick by brick, laying a secure foundation for the
future generations.
SECURITY TOOLS AND SYSTEMS IN E-COMMERCE
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her
faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −
Confidentiality − Information should not be accessible to an unauthorized person. It should not be
intercepted during the transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit
specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender
sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of
message should not be able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
1. Penetration testing
Penetration testing tools simulate real-world attack scenarios to discover and exploit security gaps that could
lead to stolen records, compromised credentials, intellectual property, personally identifiable information (PII),
cardholder data, personal, protected health information, data ransom, or other harmful business outcomes. Pen
Testing can be accomplished either through manual or automated processes. Tests can be divided in a few
categories. Depending on the scope, they could be targeted towards either network equipment (Servers, Network
endpoints, Wireless networks, Network security devices, Mobile devices) or software applications and the code
behind it (including Web, Mobile or Desktop applications).
2. Vulnerability scanning
Vulnerability analysis, also known as vulnerability assessment, is the process of identification and classification
of security holes (vulnerabilities) in a computer, network, or communications’ infrastructure. In addition,
vulnerability analysis can forecast the effectiveness of the proposed countermeasures and evaluate their actual
effectiveness after they are put into use. They are usually conducted using mainly automated tools. Unlike the
penetration testing, vulnerability assessment does not try to exploit the identified vulnerabilities in order to
prove their truthfulness and impact on the business.
3. Network firewalls
Firewall is a must in large corporations, as usually complex solutions are in place to protect their extensive
networks. Firewalls can be configured to prevent access to certain websites (like social media or sites for online
gambling) or they can be configured to prevent employees from sending certain types of files or emails or they
can be caught when transmitting sensitive data outside of the company network. Their second purpose is to
prevent outside users from accessing systems inside the network. A company might choose to implement a
single file sharing server on the network and restrict all other computers. Extensive and complex configurations
require strict handling and they need to be maintained by highly trained Network Security specialists.
4. WAF
A web application firewall (WAF) applies a set of rules to an HTTP communication. It is referred to as firewall
that protects web applications. It relies on rules that cover common web application attacks such as SQL
injection, cross-site scripting (XSS) and more. In comparison with the proxies, which are used to protect clients,
WAFs could be considered as reverse proxies, used to protect servers. WAFs may come in the form of an
appliance, server plug-in, or filter, and may be customized to a specific application. As well as the network
firewall, WAF also requires serious customization and needs to be maintained as the application is modified.
5. IPS/IDS devices
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are among the most sophisticated
network security devices in use today. Their job is to carefully inspect network packets, block the ones with
malicious content and alert administrators about attack attempts. These systems’ logs contain valuable
information about attack types, network threats, targeted devices, and more. IPS logs should be extracted and
carefully analyzed to prevent future attack attempts.
1. Encryption – One of the most important methods to provide security is by converting readable into encoded
text, especially for end-to-end protection of data transmitted across networks.
2. Digital signature – Those are electronic “fingerprints” in the form of a coded message. The digital signature
securely associates a signer with a document in a recorded transaction using PKI.
3. Security certificates – SSL Certificates digitally bind a cryptographic key to an organization’s details. After
installation on a web server it activates the padlock and the https protocol to provide secure connections.
Typically, SSL or TLS is used to secure data transfers, logins and credit card transactions.
4. MFA – It uses several different factors to verify a person’s identity and authenticate them to access specific
software, system or the residing data. MFA systems use two or more ways to authenticate individuals.
5. SSO – A user authenticates him at the beginning of their work using a master sign-on. In case that they
require to authenticate into another system or software, the SSO solution logs in on their behalf.
6. Payment gateway server – A payment gateway is a merchant service provided by an E-commerce application
service provider, used to authorize credit card or direct payments processing for e-businesses and online
retailers.