EC Module 4 Part A

1) how should merchants promote their ecommerce sites?

Ans: Customers aren’t always easy to engage — the average cart

abandonment rate is 69.2%.

It takes persistence and a variety of marketing strategies to reach

your audience and increase sales

Any merchant can promote their store without an expensive

agency. The Following marketing techniques are easy to do
yourself on any budget, regardless of whether you’re a small or
large business.

1) Spread the word on Social Media:

Social media marketing is all about consistency — posting
regularly at times that fit with your customers’ schedules
allows you to frequently reach and engage buyers.

2) Utilize PPC Advertising:

PPC stands for pay-per-click, a type of marketing where

companies pay for every click that their ad receives.

PPC advertising enables you to measure whether

campaigns are cost-effective by comparing the ad costs to
the amount of traffic and sales generated by the ad.

3) Form Strategic Partnerships:

Generate buzz around your store by networking with major

players in your industry.

Contact blogs to see if they’d be happy to review your

products or website in a post.
 By having your website featured in a post on a popular
site, you can drive thousands of targeted visitors to your
ecommerce site.

4) Launch Podcast ads:

Marketing doesn’t always need to be visual. Podcast ads
are a great way to reach your targeted audiences since
shows are typically geared towards specific groups

Reach out to podcasts related to your industry to discuss

fees and explain your brand’s value

5) Multichannel:
Expand the reach of your brand by selling on multiple
channels, like Amazon, eBay, or even niche venues like
Etsy

Because marketplaces tend to gain higher amounts of

traffic than a single online store, selling on multiple venues
increases the visibility of your online store and brand

6) Create a Blog:
You don’t need to be a crafter or foodie to engage in
content marketing.

Companies across all industries have launched blogs to

provide their buyers with valuable content and build trust
in their brand.

Promotion via blogging is ongoing as content can be

posted and shared on social media and drive traffic
through search engines.

7) Encourage Product Reviews:

Reviews are a critical way of building trust around your
online store and products.

Online buyers can’t see merchants or their items in-

person, so they make purchasing decisions through the
 phenomenon of social proof — determining what is correct
behaviour by looking to others.

Store visitors read the product reviews of past customers

and use the feedback to decide whether they should buy
your product.

Product reviews sway customers when:

• there are plenty of them

• they are mainly positive (4 to 5 stars, on average)

2) What Security Risk does E-Commerce Involve?

Ans:

E-commerce security threats are causing havoc in online trading. The

industry experiences up to 32.4% of all successful threats annually.

Hackers usually target e-commerce store admins, users, and employees

using a myriad of malicious techniques

1. Financial frauds

Ever since the first online businesses entered the world of the internet,
financial fraudsters have been giving businesses a headache. There are
various kinds of financial frauds prevalent in the e-commerce industry

a. Credit Card Fraud

It happens when a cybercriminal uses stolen credit card data to buy

products on your e-commerce store. Usually, in such cases, the shipping
and billing addresses vary
 b. Fake Return & Refund Fraud

The bad players perform unauthorized transactions and clear the trail,
causing businesses great losses. Some hackers also engage in refund
frauds, where they file fake requests for returns.

2. Phishing

Several e-commerce shops have received reports of their customers

receiving messages or emails from hackers masquerading to be the
legitimate store owners. Such fraudsters present fake copies of your website
pages or another reputable website to trick the users into believing them.

3. Spamming

Some bad players can send infected links via email or social media inboxes.
They can also leave these links in their comments or messages on blog
posts and contact forms. Once you click on such links, they will direct you to
their spam websites, where you may end up being a victim.

4. DoS & DDoS Attacks

Many e-commerce websites have incurred losses due to disruptions in their

website and overall sales because of DDoS (Distributed Denial of
Service) attacks. What happens is that your servers receive a deluge of
requests from many untraceable IP addresses causing it to crash and
making unavailable to your store visitors.

5. Malware

Hackers may design a malicious software and install on your IT and

computer systems without your knowledge. These malicious programs
include spyware, viruses, trojan, and ransomware.
6. Exploitation of Known Vulnerabilities

Attackers are on the lookout for certain vulnerabilities that might be existing
in your e-commerce store.
Often an e-commerce store is vulnerable to SQL injection (SQLi) and Cross-
site Scripting (XSS).

a. SQL Injection

It is a malicious technique where a hacker attacks your query submission

forms to be able to access your backend database. They corrupt your
database with an infectious code, collect data, and later wipe out the trail.

b. Cross-Site Scripting (XSS)

The attackers can plant a malicious JavaScript snippet on your e-commerce

store to target your online visitors and customers. Such codes can access
your customers’ cookies and compute. You can implement the Content
Security Policy (CSP) to prevent such attacks.

7. Bots

Some attackers develop special bots that can scrape your website to get
information about inventory and prices. Such hackers, usually your
competitors, can then use the data to lower or modify the prices in their
websites in an attempt to lower your sales and revenue.

8. e-Skimming

E-skimming involves infecting a website’s checkout pages with malicious

software. The intention is to steal the clients’ personal and payment details.
 3) How can you take credit cards payments across
the net?
Ans:
Remitting credit card bills through internet banking is preferred over other
means of payments in several ways. It is simple and convenient.

Payments through internet banking can be through mobile banking, auto-debit,

electronic bill payments, debit cards, national automated clearing house, RTGS,
IMPS, and NEFT. Each of these online payment options has its own advantages.

Methods to Pay Credit Card Payment Online

The Internet has simplified the way we bank. Almost all banks in India have the
facility of Internet Banking and some others are taking help of third-party bill
payment services to provide online payment channels.
Listed below are various options through which you can pay your credit card bill
online.
• Through internet banking:
One of the simplest methods to make credit card bill payment online is to
use your net banking account. If you have a savings account with the credit card
issuer, your job becomes much easier as you simply need to register your credit
card in your existing net banking account and make the payment directly.
Even when you don't have savings account with the card issuer, you can
open an internet banking account for your credit card and make payments
directly from the online account.

• NEFT/RTGS online funds transfer:

Through NEFT, you can pay credit card bills of a bank using any other
bank's internet banking account. The facility allows you to transfer funds from
your savings account to the credit card account online.
However, before initiating NEFT funds transfer to your credit card, you
need to add your credit card, towards which you're making the payment, as a
'Biller or Beneficiary'.

• IMPS Method:
The first step is to download the mobile application of your banking
institution. For instance, you have to download the mobile application of HDFC
Bank if you hold a bank account with this banking entity.
Once you download the mobile application, you have to login to mobile
banking using credentials.
Click the ‘Bank Account’ button. You shall be provided with a link for the
IMPS payment option.
Click the ‘IMPS’ button and choose the ‘Merchant Payment’ button.
 • Through BillDesk:
BillDesk is an online payment platform which allows you make credit card
bill payments without having any online account.
Many banks and credit card issuers use the platform to offer easy and
convenient bill payment services for their customers not using the net banking
facility.
Through BillDesk, you can pay credit card bills of any bank using a debit
card or net banking account of partner banks.

• Mobile wallets and payment systems:

The recent entrants in the industry, mobile wallets and payment systems,
started offering credit card bill payment option on their platforms.
Paytm, Mobikwik, PhonePe, BHIM/UPI, etc., are some mobile payment
platforms that provide credit card bill payment facility.
No separate registration is required on these platforms to make payments.
You just need to download the app, link your debit card or savings account,
recharge the wallet, enter your credit card details and make the payment.

4) Explain Key things to turn Browsers into Buyers.

Ans:
1. Create optimized landing pages:
Having optimized (ideally locally optimized) landing pages for
products that searchers are landing on your site for is ideal.

Having a landing page gives customers instant information

about whatever products you are selling and gives them an
easy layout to click through to the specific product they may
need.

Landing pages are great for shoppers who are looking for
general items within a specific category but like to have some
additional information before they purchase.
2.Always show reviews on your products:
From personal experience, buying an item that has great reviews or
between and stars out of stars makes the product more appealing
and trustworthy as it has been used and enjoyed by fellow
shoppers.

Having customer reviews visible on your product pages also

creates unique user-generated content for your site free of charge,
making your product pages easier to land on through Google
searches.
3.Have an easy to use checkout system.
It is important to limit the amount of steps between a customer
adding a product to their cart and buying that product.

Having features like PayPal makes checking out easier for millions
of potential customers, and having an easy to use checkout system
where you can enter your billing and shipping information (on the
same page is ideal) to purchase the product will also give customers
less time to change their mind.

4.Invest in a redesign.

If your site structure is intact but your front-end could use a facelift,
invest the money into a properly redesigned site.

The importance of a responsive site has already been outlined by us

and many others, but having an easy to navigate site that is keeping up
with current online trends is equally as important.
People will usually pass up your site if it looks like it was created and
designed in 1998 (Ewwww).
It is time to get rid of the small animated GIFs of trucks delivering
products and spinning money signs and bring your site into the 21st
century.

5.Use feedback forms.

It is sometimes difficult to think of your business as anything other

than your business. It is important to collect customer feedback so you
can begin thinking like a customer in regards to your business again.
 Once you have collected enough comments from customers you
can begin to identify what parts of your site or processes need
work and which to focus more energy on.

6.Always give the customer choices.

On a product page, list similar products in case the page they are
on does not meet their needs. Having another option to look at is better
than being stuck at a dead end and potentially losing your customer and a
possible sale.
By showing similar products, the customer may decide to go for a
more expensive product that is similar to what they originally wanted due
to reviews or ratings

7.Help make buying choices.

Always keep your customers from just browsing and “shopping”
without any direction. Always make suggestions and offer deals to direct
the customer towards making a purchase. Without direction many
shoppers will simply leave your site or question their decisions

8.Target the right customer.

If you understand your main customer base then you already have
a leg up on the competition. It is crucial to research and truly understand
who your target market is so you can effectively construct marketing
campaigns that will entice your potential customers.

You can easily look at your customer’s demographics using tools

like Google Analytics to gain a better understanding of who you are
selling your products to.

Q5) Give the Workflow of Intra Organizational

Commerce?
Ans:
When e-commerce exchange does not include numerous
organizations, at that point, it is also named as Intra-business e-
commerce. Intra-business e-commerce is another kind of e-commerce
business plan.
It is a developing field that encourages data gathering and exchange
within an organization for a quick review of complaints of common
people.

Intra-business eCommerce is where parties involved with the electronic

exchanges are from within a given business firm, thus, the name intra-
business e-commerce.

As noted before as well, one basic distinction between eCommerce

business and intra-business eCommerce is that e-commerce business
includes a business organization’s collaboration with its providers,
wholesalers, and different business firms.

Workflow:

The key to successful intra-business e-commerce is improving value

chain efficiency. From a business point of view, you need to be looking
at an e-commerce business plan that combines various industry and
business applications to collaborate in synchronization, like-

1. Management Function.
2. Business Function.
3. IT functions.
4. Mobile Functions.
5. Outsource vendor’s functions
 Q6) In what way public key encryption is different from
Private Key Encryption. Why is it Important in E-
Commerce?

Ans:

Public key
It is an encryption technique that uses a pair of keys (public and private key) for secure
data communication. In the pair of keys, the public key is for encrypting the plain text
to convert it into ciphertext, and the private key is used for decrypting the ciphertext
to read the message.

The private key is given to the receiver while the public key is provided to the public.
Public Key Cryptography is also known as asymmetric cryptography.

The public key can be shared without compromising the security of the private one.
All asymmetric key pairs are unique, so a message encrypted with a public key can only
be read by the person who has the corresponding private key. The keys in the pair
have much longer than those used in symmetric cryptography. So, it is hard to decipher
the private key from its public counterpart. Many of us, heard about RSA, which is the
most common algorithm for asymmetric encryption in use today.

Public-key encryption is slower than secret-key encryption. In secret key encryption, a

single shared key is used to encrypt and decrypt the message, while in public-key encryption,
different two keys are used, both related to each other by a complex mathematical process.
Therefore, we can say that encryption and decryption take more time in public-key
encryption.

In symmetric (shared key) cryptography, both communicating parties share the same
key, which they use for both encryption and decryption.

As in an open environment it is difficult (if at all possible) to have an indefinite

number of parties agree upon and share a secret key, the inevitable option for use in e-
commerce applications is asymmetric, alias public key cryptography.

In this kind of cryptography, a pair of keys is used instead: a public key, which is
widely available and a different, private key, which is only known to the entity that owns the
pair.

Using public key cryptography, an entity (person, service or application) may encrypt
information, prior to transmitting it to another entity, with the receiving entity’s public key.
The message can then be decrypted only by the receiving entity owning the corresponding
private key, thus ensuring confidentiality of the transmitted information.
 Q7) What is DES? Explain what DES does when the following hexadecimal
plain text is input to a DES hardware. A1907FBCD986543201
FED14E890ABCA5

Ans:
Data Encryption Standard (DES) is a block cipher and encrypts data in
blocks of size of 64 bits each, which means 64 bits of plain text goes as
the input to DES, which produces 64 bits of ciphertext.

The same algorithm and key are used for encryption and decryption, with
minor differences. The key length is 56 bits. The basic idea is shown in
the figure.

We have mentioned that DES uses a 56-bit key. Actually, the initial key
consists of 64 bits. However, before the DES process even starts, every 8th
bit of the key is discarded to produce a 56-bit key. That is bit positions 8, 16,
24, 32, 40, 48, 56, and 64 are discarded.

Thus, the discarding of every 8th bit of the key produces a 56-bit key from
the original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution
(also called confusion) and transposition (also called diffusion). DES consists
of 16 steps, each of which is called a round. Each round performs the steps
of substitution and transposition. Let us now discuss the broad-level steps in
DES.
1. In the first step, the 64-bit plain text block is handed over to an
initial Permutation (IP) function.
2. The initial permutation is performed on plain text.
3. Next, the initial permutation (IP) produces two halves of the
permuted block; says Left Plain Text (LPT) and Right Plain Text
(RPT).
4. Now each LPT and RPT go through 16 rounds of the encryption
process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP)
is performed on the combined block
6. The result of this process produces 64-bit ciphertext.

Q8) Given a plain text: THIS IS A SAMPLE SENTENCE FOR ENCRYPTION.

Apply the permutation (231564) and the substitution: (letter -. letter + 6 )
and obtain the cipher text.

Ans: THIS IS A SAMPLE SENTENCE FOR ENCRYPTION

Apply the permutation (231564) and the substitution: (letter = letter + 6 ) and obtain the cipher
text.

Step 1: write the message in block of 6 characters :

THISIS ASAMPL ESENTE NCEFOR ENCRYP TION

 Step 2: follow permutation(231564)

HITISS SAAPLM SEETEN CENORF NCEYPR TION

Step 3: make substitution (Letter = Letter + 6)

NOZOYY YGGVRS YKKZKT IKTUXL TIKEVXZOUT

Q9) In what way hardened firewall host different from proxy application
gateway?

Ans:
Host Hardening:
limiting network access to a system by the traditional method of
turning off unnecessary network services, by firewalling, or by enforcing
authentication to use a service.
Almost everyone who has installed recent versions of Microsoft
Windows has been exposed to a rudimentary firewall system. An easy-
to-use firewall is also built into Mac OS X

Host hardening can also mean that existing services are

available only to certain users at certain times. This can mean that a
user will operate under a lower privilege and be granted higher-level
privileges as the need arises

Proxy Application Gateway:

An application gateway or application-level gateway (ALG) is a
firewall proxy which provides network security.

It filters incoming node traffic to certain specifications which mean

that only transmitted network application data is filtered.

Such network applications include File Transfer Protocol (FTP),

Telnet, Real Time Streaming Protocol (RTSP) and BitTorrent

Application gateways provide high-level secure network system

communication. For example, when a client requests access to server
resources such as files, Web pages and databases, the client first
connects with the proxy server, which then establishes a connection with
the main server.
 The application gateway resides on the client and server firewall.
The proxy server hides Internet Protocol (IP) addresses and other secure
information on the client’s behalf. A computer’s internal system may
communicate with an external computer using firewall protection

10) Why is security important in E-Commerce?

Ans:
eCommerce security refers to the cybersecurity concepts that allow
for secure electronic transactions online. eCommerce security allows
people to buy and sell products and services on the Internet with a
framework in place that provides security for all the parties involved.

It’s become increasingly important for merchants and shoppers

alike in recent years.

eCommerce site security is critical for a number of reasons,

specifically when it comes to protecting the privacy and sensitive data of
customers on a website, safeguarding the finances of an online
business, preventing fraud and financial scams and defending the
reputation of an online store as a safe place to conduct transactions.

When the necessary security features aren’t implemented on a

website, both online merchants and customers alike are at serious risk
for payment fraud, scams, data breaches and other major threats.

One of the benefits of implementing security for eCommerce is

that you’re able to better gain the trust of your customers, as they feel
safe buying from you while also protecting the sensitive data of both
them and your online store.

When the right security measures are put in place in your website,
it also ensures customers’ privacy and integrity, being that none of the
information they share online will be used in any way without their
knowledge or approval.

Additionally, apart from the fact that eCommerce site

security breaches negatively impact on the finances of a business, it also
impacts on the site’s reputation.
 No matter how loyal a business’ customers might be, they won’t be
willing to recommend your store to others if their privacy and sensitive
data is at risk.