Professional Documents
Culture Documents
VI semester BBM
E-Business
E-BUSINESS
Introduction:
In the present day, electronic business has become the order of the day with the presence of internet and web Page | 1
technologies in business. E-business is the conduct of business on the Internet, not only buying and selling but
also servicing customers and collaborating with business partners.
Histroy of E-commerce:
In 1960 Electronic Data Interchage(EDI) relpaced the traditional mailing and faxing of documents. Further,
teleshopping was introduced which was widely used upto 1982. In 1982, minitel with the help of videotex
terminal was introduced and was used upto 1991. In the year 1990 web server and web browser was
developed. Internet was introduced in 1991 for trading purpose and many business entities started to operate
online. Further google and yahoo seach engines popularised online activities. After the year 2000, security
reforms took place for online activities which increased the volume of e-business and at present it is continuing
with the use of internet in smart phones, tablets, etc.
Meaning:
E-business generally refers to buying and selling of goods or services through internet. E-business involves the
use of information and communication technologies to facilitate and support processes and activities of
business. In other words, E-business is the conduct of business on the internet, not only buying and selling of
goods but also servicing customers and collaborating with business partners.
E-commerce is where business transactions take place via telecommunication networks like internet. In other
words, it refers to conduct of business or financial transcations by electronic means.
Components of E-Business:
1. Cutomer Relationship management 4. E-commerce
2. Supply chain management 5. Business intelligence
3. Enterprise Resource Planning 6. Online activities
E-commerce Transaction:
1. Electronic Data Interchange (EDI) 4. Electronic Fund Transfer (EFT)
2. E-mail 5. Other network based technologies
3. Electronic Bulletine Boards
Impact of E-Commerce:
1. Marketing 4. Economics
2. Computer science 5. Production and operations management
3. Finance and Accounting 6. Manufacturing
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
7. Management information System (MIS) 9. Law and ethics
8. Human resource management
Benefits of E-Commerce:
A. To Business:
1. Global reach
2. Cost effective
3. New customers with search engine visibility
4. It reduces the paper costs
5. Reduction in Inventories
6. Mass customization and competitive advantage
7. No middlemen
8. Reduced production lead time
9. Improved customer relationship
10. Lower sale and marketing costs
11. Lower telecommunication costs
12. New found business partners
13. Increased supply chain efficiencies
14. Digitization of products and processes
15. Information sharing
B. To Consumers:
1. Gives freedom to make choices
2. Increase in variety of goods
3. It gives more choice and alternatives
4. Convenience of Shopping at Home
5. Ensure secrecy
6. More competitive prices and increased price comparison capabilities
7. Access to greater amounts of information on demand
8. Time compression
9. Quick delivery of digitized products/services
10. Provide comparison shopping
11. E-payment system
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
C. To Society:
1. Enables More Flexible Working Practices
2. Connects People
3. Facilitates Delivery of Public Services
Page | 3
Disadvantages of E-Commerce:
1. E-commerce lacks personal touch
2. System and data integrity
3. E-commerce delays goods
4. System scalability
5. Dependent on internet
6. Many goods cannot be purchased online
7. People won't buy online products very often
8. E-commerce does not allow experiencing the product before purchase
9. Loyal customers
10. Shopping is social experience
11. Anyone one can set up an E-commerce website
12. Too Many Competitors
13. Security
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
which manufacturers or retailers sell their products to consumers over the Internet. B2C-Represents the vast
majority of e-Commerce web sites online.
Page | 5
1) For Business
a. worldwide market reach
b. Display of product information with colourful advertisement.
c. Easy order processing
d. Low or no overhead
Disadvantages of B2C:
1) To Business
a. Many websites offering same product
b. Technological problems in website
c. Lack of security norms
2) To consumer
a. Lack of security norms
b. Unsatisfied customers
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
2. Anyone can now sell and advertise a product in the convenience of one's home.
3. Sellers can reach both national and international customers and greatly increase their market.
4. Feedback on the purchased product helps both the seller and potential customers.
5. The transactions occur at a swift rate with the use of online payment systems such as PayPal
5. Peer-to-Peer (P2P)
P2P is not only an E-commerce type but also a technology that allows people to share computer files and
computer resources without going through a central web server. The required software should be installed by
both sides so that they can communicate on the common platform.
As from the beginning this type of e-commerce has been launched to the free usage, it has quite low revenue.
It consists in mutual help of consumers. The main disadvantage of this model of transaction often entangles
cyber laws.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
VIRTUAL COMMUNITIES :
A virtual community is a community of people sharing common interests, ideas, and feelings over the internet
or other collaborative networks. In a virtual community group of individuals interact through specific social
media, potentially crossing geographical and political boundaries in order to pursue mutual interests or goals.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
WEB PORTAL:
A web portal is specially-designed Web page at a website which brings information together from diverse
sources in a uniform way. A Web portal refers to a Web site or service that offers a broad array of resources
and services, such as e-mail, forums, search engines, links to other sites, and online shopping malls.
The first Web portals were online services, such as AOL, that provided access to the Web, but by now most of
Page | 9
the traditional search engines have transformed themselves into Web portals to attract and keep a larger
audience. Examples: AOL, Excite, Netvibes, iGoogle, MSN, Naver, India times, Rediff, Sify and Yahoo!.
2) Horizontal Portals
These are web portals which focus on a wide array of interests and topics. They focus on general audience and
try to present something for everybody. Horizontal portals try act as an entry point of a web surfer into the
internet, providing content on the topic of interest and guiding towards the right direction to fetch more
related resources and information.
3) Enterprise Portals
These are portals developed and maintained for use by members of the intranet or the enterprise network.
The most common implementation of enterprise portals focus on providing employees with this information
on a regularly updated manner along with document management system, availability of applications on
demand, online training courses and web casts etc along with communication in the form of emails,
messaging, web meetings etc.
4) Knowledge Portals
Knowledge portals increase the effectiveness of knowledge workers by providing easy access to information
that is necessary or helpful to them in one or more specific roles. Knowledge portals are not mere intranet
portals since the former are supposed to provide extra functionality such as collaboration services,
sophisticated information discovery services and
a knowledge map.
5) Corporate Portals
A corporate portal provides personalized access to an appropriate range of information about a particular
company. As opposed to public web portals, corporate portals aim at providing a virtual workplace for each
individual using them - executives, employees, suppliers, customers, third-party service providers.
7) Search portals
Search portals aggregate results from several search engines into one page.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Introduction to E-Business
VI semester BBM
E-Business
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
Working of E-Commerce:
E-commerce works like conventional commerce with the same process of selling and purchasing goods or
services for a price. The difference is that goods and services in e-commerce are bought and sold over the
Internet wherein consumer visits website and thereby selects the product or service. Payment is made using
a credit card or debit card or using the internet banking over a secure connection which is deposited in
merchant bank account. The seller makes arrangement for delivery of product. Transactions can be done Page | 12
globally 24 hours a day and 7 days a week, unlike conventional commerce. There are no weekly holidays or
closing time as with conventional stores.
http
Request
clien
t
Server
httpresponse
Some common Internet protocols
HTTP (Hypertext transfer Protocol): This protocol is used on the World Wide Web (WWW) for
transferring web pages and files contained in web pages.
FTP (File Transfer protocol): This protocol is used for transferring files from one machine to the other.
SMTP (Simple Mail Transport Protocol): This protocol is used for email communication.
IMAP(Internet message access protocol)
POP(Post office Protocol)
Https(Secure HTTP or Http over SSL)
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
5) Financial Infrastructure
High availability telecommunication network
Good integrated banking software for back office and front office data processing
Use of WAN and Internet for banking operations
Availability of Electronic fund transfer System
Availability of Electronic Clearing System
Availability of Public Key based Encryption System
Availability of Credit Card System both for local and international payment
Availability of Foreign Exchange Remittance Mechanism over the Internet
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
E-Commerce Software
Components of e-commerce software
a. Catalogue Display: A small commerce site can have static catalogue whereas larger commerce sites use
a dynamic catalogue. A catalogue is a listing of goods and services. A static catalogue is a simple list written
in HTML that appears on a Web page or a series of Web pages. To add an item delete an item or change an Page | 14
item's listing, the company must edit the HTML of one or more pages. A dynamic catalogue stores the
information about items in a database, usually on a separate computer that is accessible to the server that
is running the Web site itself. Further, it features multiple photos of each item, detailed descriptions, and
a search feature that, allows customers to search for an item and determine its availability.
b. Shopping Cart: A shopping cart is a piece of e-commerce software on a web server that allows visitors to
select items in the website for online purchase. A shopping cart is used by E-commerce web sites to track
the items that are selected for purchase; the shopping cart allows customers to view all the items selected
by them.
c. Transaction Processing: Transaction processing occurs when the shopper proceeds to the virtual
checkout counter by clicking a checkout button. Then the electronic commerce software performs any
necessary calculations, such as volume discounts, sales tax, and shipping costs. At checkout, the customer's
Web browser software and the seller's Web server software both switch into a secure state of
communication. Transaction processing can be the most complex part of the online sale. Computing taxes
and shipping costs are important parts of this process, and site administrators must continually check tax
rates and shipping tables to make sure they are current. Some software enables the Web server to obtain
updated shipping rates by connecting directly to shipping companies to retrieve information.
d. Middleware: Larger companies usually establish the connections between their electronic commerce
software and their existing accounting system by using a type of, software called middleware. Some large
companies that have sufficient IT staff write their own middleware; however, most companies purchase
middleware that is customized for their businesses by the middleware vendor or a consulting firm. Thus,
most of the cost of middleware is not the software itself, but the consulting fees needed to make the
software work in a given company. Making a company's information systems work together is called
interoperability and is an important goal of companies when they install middleware.
e. Enterprise Application Integration with Databases: A program that performs a specific function,
such as creating invoices, calculating payroll, or processing payments received from customers, is called an
application program, application software or, more simply, an application. An application server is a
computer that takes the request messages received by the Web server and runs application programs that
perform some kind of action based on the contents of the request messages. The actions that the
application server software performs are determined by the rules used in the business. These rules are
called business logic. An example of a business rule is: When a customer logs in, check the password
entered against the password file in the database. Application servers are usually grouped into two types:
page-based and component-based systems. Page-based application systems return pages generated by
scripts that include the rules for presenting data on the Web page with the business logic. Larger businesses
often prefer to use a component-based application system that separates the presentation logic from the
business logic. Each component of logic is created in its own module.
f. Web Services: Companies are beginning to extend the idea of application server systems so that these
programs can communicate across organizational boundaries. Although a generally many IT professionals
define Web services as a combination of software tools that let application software in one organization
communicate with server applications over a network by using a specific set of standard protocols known
by their acronyms: SOAP, UDDI and WSDL.
g. Integration with ERP Systems: Many B2B Web sites must be able to connect to existing information
systems such as enterprise resource planning software. Enterprise resource planning (ERP) software
packages are business systems that integrate all facets of a business, including accounting, logistics,
manufacturing, marketing, planning, project management, and treasury functions. The major ERP vendors
include Baan, Oracle, PeopleSoft, and SAP.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
Web Browsers:
A Web Browser is a software application used to locate and display Web pages. It is able to retrieve, find, view,
and send information over the internet. It formats the documents such that it is understandable by the user.
A web browser is also called as a client that connects to a server; using HTTP.Some of the popular web
browsers are Internet Explorer, Google Chrome, Netscape Navigator, Mozilla Firefox, Opera, Safari
Page | 15
Primary functions of Web Browser:
a) To give user's access to the World Wide Web, the browser understands the programming languages used
to write web pages and convert them to readable and viewable documents.
b) A Web browser knows how to go to a Web server on the Internet and request a page, so that the browser
can pull the page through the network and present it to the user in understandable manner.
c) A Web browser knows how to interpret the set of HTML tags within the page in order to display the page
on the screen.
d) To play games through the browser, use chat rooms and use more interactive websites.
Software is the main component that implements the E-commerce services and functionality. Web Server
software is piece of software that is installed and runs on the server platform (Microsoft Xp, Microsoft NT,
UNIX or some other operating system). When the user clicks a hyperlink on a Web page, a request is sent to
the Web server for the page associated with the link. It is the HTTP protocol that responds to the request and
sends the results to the client machine.
Web server software is required in addition to the Web server operating system software. It is used to
implement some extra functionality such as security and identification and retrieval and sending of Web pages.
Web server software creates a Web log file that identifies things such as the URL of the visitor, the length of
the visit and the search engine and the key words used to find the site. Web server software includes website
development tools such as HTML editor and Web page upload support. Choosing Web server software is not
an easy task. There are many products available, with many different features, and the only way to choose the
right one is to actually evaluate the software. For example, we desire to trade over the Internet, like an on-
line shop, we will need software that provides on-line transaction functionality or want to provide referencing
capabilities, for which we will require a built-in search engine.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
Popular web server software used in e-commerce Apache HTTP Server, Microsoft Internet Information
Services (lIS), nginx, and Google Web server are the most popular web servers used as of today.
E-Commerce Hardware
Page | 16
Web Server Hardware
Web server hardware is a computer that is used to host an e-commerce website. All html files, databases and
image files that make up the entire content of the web site are stored on the server. Web servers will run on
a Windows or Linux or any other operating system and will use web server software to manage access requests
to the website. A web server is similar to a Personal Computer but will have faster processors and more
memory making it much mo - powerful Depending upon the traffic and e-commerce application, the hardware
should selected If the number of hits per second is too heavy, then we should select a power computer for
server.
A company that wants to host an e-commerce website can maintain the site on their own web server or pay
a hosting company to provide space on a secure web server that hosts the site. Managing and maintaining a
web server is a very important and hence most of the small and medium sized business companies will pay for
hosting instead of maintaining their own server. Web server hardware is one of the major components of the
E-commerce infrastructure which the performance of the whole E-commerce application depends.
Web Server Hardware Requirements of B2B and B2C commerce sites include:
a. They must be available 24 hours a day,7 days a d. Efficient and easily upgraded software
week e. Security software
b. Reliable servers f. Database connectivity
c. Backup servers for high availability
The following parts of the computer make bigger impact on the performance of the e- Commerce-
a) Network card c) Server Memory
b) Server Processor d) Hard Drives
WEB HOSTING
Web hosting is a service that allows organizations and individuals to publish or upload a website or web page
on to the Internet. A web host or web hosting service provider, is a business that provides the technologies
and services needed for the website or webpage to be viewed in the Internet. Websites are hosted, or stored,
on special computers called web servers. A few web hosting service providers Godaddy, iPage, justHost.com,
web.com, blueHost.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
1. Finger utilities are used to find information about the users that are on the network. This can include
who is on the network and when they last logged in. Many companies have disabled this feature so that
they can maintain network security and privacy.
2. Packet Internet Groper utility (ping) is useful for making sure the connection on the network
is working or not to find out what is causing the connection problems. Ping is used to test the connectivity Page | 18
between two computers connected to the Internet.
3. Route-tracing programs (traceroute) are used to determine the amount of time it takes for a
message sent from one computer to another and back. When we enter an address and use the traceroute
program, it will show the route taken by data sent between client and the server. We can use this to
troubleshoot connection problems by finding out the point where the data is being blocked We can also
use it when we are downloading a file and have multiple download mirrors in different locations to choose
from. Just type the addresses of the mirrors into traceroute and we can get a good idea of which mirror is
fastest.
4. Telnet allows users to log on to a computer that is connected to the Internet. Telnet is a program that
allows for users to perform tasks on the Internet without using a Web browser. Telnet use is decreasing
due to so many users having the technology that allows for much more efficient means of Internet access.
5. FTP(File transfer Protocol) allows to transfer files between two computers on the Internet. is a
simple network protocol based on Internet Protocol and also a term used when referring to the process
of copying files when using FTP technology. To transfer files with FTP, we use a program often called the
client. An FTP client program initiates a connection to a remote computer running FTP server software.
After the connection is established, the client can choose to send and/or receive copies of files, singly or
in groups.
6. Data Analysis: Webmasters website administrator can use data analysis programs to determine what
types of users are visiting the site as well as other information of those viewing the site.
7. Link-checking is the process of a program going through all the links on a site and determining if
there are any links that do not work This allows for the website administator to make sure that all links
are working and that if there are any links that are not working, to figure out what needs to be changed.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
The procedure for online purchase using shopping cart software is shown in the below diagram
Page | 19
The customers can add new items and remove the previously selected items from the shopping cart. The
software allows online shopping customers to accumulate a list of items for purchase. Upon checkout, the
software typically calculates a total for the order, including shipping and handling (i.e. postage and packing)
charges and the associated taxes, as applicable.
These applications typically provide a means of capturing a client's payment information, but in the case of a
credit card they rely on the software module of the secure gateway provider, in junction with the secure
payment gateway, in order to conduct secure credit card transactions online.
Although the simplest shopping carts strictly allow for an item to be added to a basket to start a checkout
process (e.g. the free Pay Pal shopping cart), most shopping cart software provides additional features that an
Internet merchant uses to fully manage an online store. Data regarding the products, categories, discounts,
orders, customers are normally stored in a database and accessed in real time by the software.
Shopping Cart Software is also known as e-commerce software, e-store software, online store software or
storefront software and online shop.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Hardware and Software for E-Business
VI semester BBM
E-Business
5. Enterprise-Class Electronic Commerce Software
6. Customer Relationship Management Software
7. Supply Chain Management Software
8. Content Management Software
9. Knowledge Management Software
Page | 20
E-Business Terminologies:
1. Domain Name: A domain name is a textual representation of a numeric number (IP address) used to
locate specific areas of the Internet. It is easier to remember a name than a series of numbers. Domain
names are used in various networking contexts and application-specific naming and addressing purposes.
2. HTTP: Hypertext Transfer Protocol is a simple application protocol working under-a client/server
computing environment. Basically, a client issues a request to a server and then the server returns the
response. The request is specified in text (ASCII) format; whereas the response is specified in Multipurpose
Internet Mail Extensions (MIME) format, which defines different types of content types such as text, image
and audio.
3. URL: A uniform resource locator, abbreviated URL, also known as web address, is a specific character
string that constitutes a reference to a resource. In most web browsers, the URL of a web page is displayed
on top inside of an address bar. An example of a typical URL would be "http//en.example.org/wik/Main
_Page". An URL is technically a type of Uniform Resource Identifier (URT), but in many technical documents
and verbal discussions, URL is often used as a synonym for URF.
4. Web Browser: A web browser (commonly referred to as a browser) is a software application World
Wide Web. An in- formation resource is identified by a Uniform Resource Identifier 3 Hyperlinks browsers.
Although browsers are primarily intended to use the World Wide Web, they can also be used to access
information provided by web servers private networks or files in file systems. The major web browsers are
Chrome, Firefox, Internet Explorer, Opera, and Safari.
5. Web Client: A Client and a Server are two parts of a connection. In a web environment, these are two
distinct machines. A Client is any machine that requests information, and the Server is the machine to
which the client makes the request to. So a Web Server is basically a PC that is designed to accept requests
from remote computers and send on the information requested. A Web client is actually the browser. It
is the browser on the PC/Mac that makes the requests to the remote server. A PC/Mac that uses a web
(Client) browser is referred to as a Client Machine.
6. Web Page: A web page or webpage is a web document or other web resource that is suitable for the
World. Wide Web and can be accessed through a web browser and displayed on a monitor or mobile
device. This information is usually in HTML or XHTML format, and may provide navigation to other web
pages. Web pages may be retrieved from a local computer or from a remote web server.
7. Web Site: A website, also written as Website, Form a single web domain. A website is hosted on at least
one web server, accessible via a network such as the Internet or a private local area network through an
Internet address known as a Uniform Resource Locator. All publicly accessible websites collectively
constitute World Wide Web.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
1. Authentication: This refers to the verification of the authenticity of either a person or of data. It
enforces that you are the only one allowed to logon to your Internet account.
2. Authorization: The process whereby a person approves a specific event or action. Allows only
authorized persons to manipulate your resources in specific ways. This prevents you from increasing
the balance of your account or deleting a bill.
3. Encryption: The process by which data are temporarily re-arranged into an unreadable or
unintelligible form for confidentiality, transmission, or other security purposes. It ensures you cannot
spy on others during Internet banking transactions. It deals with information hiding.
4. Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought specific
merchandise.
5. Integrity: prevention against unauthorized data modification
6. Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
7. Availability: prevention against data delays or removal.
8. Confidentiality: Ensures that messages and data are available only to those who are authorized to
view them.
9. Privacy: Ability of an user to control use of information a customer provides about himself to
merchant.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
E-commerce threats
1. Tricking the Shopper
These attacks involve surveillance of the shopper's behavior, gathering information to use against the
shopper.A common scenario is that the attacker calls the shopper, pretending to be a representative from a
site visited, and extracts information.
4. Guessing Passwords
Another common attack is to guess a user's password. This style of attack is manual or automated. Manual
attacks are laborious, and only successful if the attacker knows something about the shopper. For example, if
the shopper uses their child's name as the password. Automated attacks have a higher likelihood of success.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an
entire network, a component of a given network any system component.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
Page | 23
9. SQL Injection
SQL Injection is an attack method using the application vulnerability. If the attacker has filled the data that
include the vicious SQL query instruction in the web page form, these query instruction together with HTML
file will drill through the firewall and arrive to web server. Once they are run at web server, the important
information will be revealed or modified.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
10. Price Manipulation
This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. In
the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in
a hidden HTML field of a dynamically generated web page. An attacker can use a web application proxy such
as Achilles to simply modify the amount that is payable, when this information flows from the user's browser
to the web server. The final payable price can be manipulated by the attacker to a value of his choice. Page | 24
13. Viruses: Have ability to replicate and spread to other files infecting them; most also deliver a “payload”
of some sort include macro viruses, file-infecting viruses, and script viruses
14. Worms: Designed to spread from computer to computer and occupies free space.
15. Trojan horse: Appears to be benign, but then does something other than expected.
16. Bots: Can be covertly installed on computer; responds to external commands sent by the attacker.
17. EXE file: some times webmaster or system admin may forget to delete shopping cart exe file which
may detect by the attackers and if they are able to run exe file the entire file would deleted from
e- Commerce system.
18. Browser parasites: Can monitor and change settings of a user’s browser: Adware- Calls for unwanted
pop-up ads and Spyware- Can be use to obtain information, such as a user’s keystrokes, e- mail, IMs,
etc.
19. Spyware: Spyware is software that aims to gather information about a person or organization without
their knowledge and that may send such information to another entity without the consumer's consent,
or that asserts control over a computer without the consumer's knowledge.
2. Antivirus Software
It is a computer software used to prevent, detect and remove malicious software like virus and worms.
3. Anti-Spyware Software
Anti-spyware software programs can be used solely for detection and removal of spyware
4. Data Back-up
process of backing up, refers to the copying and archiving of computer data so it may be used to restore the
original after a data loss event.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
5. Encryption
Encryption is the process of encoding messages or information in such a way that only authorized parties can
read it.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
Types ofEncryption
1. Symmetric Key Encryption :
Symmetric key encryption involves using a single key to encrypt and decrypt data. A secret key, which can be
a number, a word, or just a string of random letters, is applied to the text of a message to change the content
in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As
long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use
this key.
For example, suppose that you took a document and placed it in a file cabinet and then locked the cabinet
with a key. For you or anyone else to access the document, you'd need the key to the file cabinet.
Advantages
Symmetric encryption is the oldest and best-known technique.
Symmetric key encryption is fast and secure.
symmetric key encryption works well locally.
Disadvantages
It doesn't work very well across networks. In order for the receiver of the encrypted packets to be able
to decrypt the packets, they must use the key. Needless to say, this means that you must send them
that key along with the message.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
The other problem is that the physical medium you're sending the packets across is insecure. If it were
secure, there would be no reason to encrypt the message in the first place. Anyone who might be
monitoring the network could steal the encrypted packets and the key necessary for decrypting them.
Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted
by applying the same algorithm, but by using the matching private key.
Advantages
Asymmetric key encryption is most secure.
It work very well across all networks.
Disadvantages
Asymmetric key encryption is very slow.
Asymmetric key encryption is resource intensive.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
Hashing: The signing software crunches the data using
one-way hashing formula. This process is called as
hashing.
Digital certificate
An attachment to an electronic message used for security purposes. The most common use of a digital
certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver
with the means to encode a reply.
An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority
(CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other
identification information. The CA makes its own public key readily available through print publicity or perhaps
on the Internet.
The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to
the message, verifies it as issued by the CA and then obtains the sender's public key and identification
information held within the certificate. With this information, the recipient can send an encrypted reply.
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to
be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving
you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and
a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case,
the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted
connection. The certificate also contains what is called the “subject,” which is the identity of the
certificate/website owner.
To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This process creates a
private key and public key on your server. The CSR data file that you send to the SSL Certificate issuer (called Page | 29
a Certificate Authority or CA) contains the public key. The CA uses the CSR data file to create a data structure
to match your private key without compromising the key itself. The CA never sees the private key.
An SSL Certificate issued by a CA to an organization and its domain/website verifies that a trusted third party
has authenticated that organization’s identity. Since the browser trusts the CA, the browser now trusts that
organization’s identity too. The browser lets the user know that the website is secure, and the user can feel
safe browsing the site and even entering their confidential information.
How Does the SSL Certificate Create a Secure Connection Or how does it work?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish
an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL
Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything
encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only
used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the
session key is used to encrypt all transmitted data.
1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the
server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired,
unrevoked, and that its common name is valid for the website that it is connecting to. If the browser
trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s
public key.
4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement
encrypted with the session key to start the encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
Firewalls
Meaning:
Firewall is a network security system that controls the incoming and outgoing network traffic based on an
applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another
network (e.g., the Internet) that is assumed not to be secure and trusted.[1] Firewalls exist both as software Page | 30
to run on general purpose hardware and as a hardware appliance.
Types of Firewall
1. Network layer or packet filters
Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP
protocol stack, not allowing packets to pass through the firewall unless they match the established
rule set. The firewall administrator may define the rules; or default rules may apply.
3. Proxy server
A proxy server (running either on dedicated hardware or as software on a general-purpose machine)
may act as a firewall by responding to input packets (connection requests, for example) in the manner
of an application, while blocking other packets.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Security for E-Business
VI semester BBM
E-Business
A security policy goes far beyond the simple idea of "keep the bad guys out". It's a very complex document, Page | 31
meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and
more. It specifies these rules for individuals or groups of individuals throughout the company.
Security policy should keep the malicious users out and also exert control over potential risky users within
your organization.
Second step: The security policy should dictate a hierarchy of access permissions; that is, grant users access
only to what is necessary for the completion of their work.
Third Step: The policies could be expressed as a set of instructions that could be understood by special
purpose network hardware dedicated for securing the network.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
E-Payment
Generic E-Payment System
Page | 32
1. Entities
Electronic payments involve a payer and a payee.
Typically, financial institution participates in payment protocols in two roles: as an issuer (interacting with
the payer) and as an acquirer (interacting with the payee). The issuer is responsible for validating the
payer during account registrations and holds the payer’s account and assets. The acquirer holds the
payee’s account and assets. The payee deposits the payments received during a transaction with the
acquirer. The acquirer and the issuer then proceed to perform an inter-banking transaction for clearance
of funds. It is possible for the issuer and the acquirer to be from the same financial institution.
d) Trusstee: Other parties that may be present in a payment protocol include a Trustee (arbiter) who is an
entity that is independent from all parties. All entities in a protocol unconditionally trust the Trustee who
is called to adjudicate any disputes between the payer and the payee. Certain payment systems might
involve more players like Payment Gateways (PG) who are entities that act as a medium for transaction
processing between other entities (e.g. MasterCard, Visa) and Certification Authorities (CA) who are
necessary if the e-payment systems involve PKI’s. They issue public key certificates to entities involved in
a payment protocol so that their authenticity can be publicly verified. Figure 1 illustrates the participating
entities in an e-payment system.
2. Phases in E-Payment
An electronic payment typically involves the following phases:
1. Registration: This phase involves the registration of the payer and the payee with the issuer and acquirer
respectively. Most electronic payments designed require registration of payers and payees with their
corresponding banks so there is a link between their identities and their accounts held at the bank.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
2. Invoicing: In this phase, the payee obtains an invoice for payment from the payee. This is accomplished
by either browsing and selecting products for purchase from the merchant’s (payee’s) website in case of
purchases made through the internet or obtaining an electronic invoice using other electronic
communication medium like e-mail.
3. Payment selection and processing: In this phase the payer selects type of payment, (card based, e-
cash, e-cheque, etc.,) based on the type of payment the payee accepts. Based on the selection, the payer Page | 33
then sends the relevant payment details like account number, unique identifiers of the payer to the payee
along with accepted amount based on the invoice.
4. Payment authorisation and confirmation: In this phase, the acquirer on receiving payment details
from the payee authorises the payment and issues a receipt containing the success or failure of the
payment to the payee. The payee based on the message may also issue a receipt of payment to the payer.
1) On the basis of Payment instruments: There are three common electronic payment
instruments, namely cash, cheque and card.
a) Cash payment systems consist of self-authenticating divisible tokens that can be processed offline.
b) Cheque payment system is typically linked to a payer’s account and payment is indivisible.
c) Card payment schemes provide a payment mechanism through the existing credit card payment
infrastructure.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
Basic model of e-cash system: An anonymous off-line e-cash consists of the following:
i. probabilistic, polynomially-bounded parties:
bank payee
payer Page | 34
ii. main sub protocols:
withdrawal deposit
payment
Payer and payee maintain their accounts with the bank. The payer withdraws electronic coins
from their account with the bank, by performing a withdrawal protocol over an authenticated
channel. The payer spends coins by participating in a payment protocol with the payee over
an anonymous channel. In effect, the payee performs a deposit protocol, to deposit the coins
into their account. The e-cash system also includes setup protocols: system setup, payer
setup and payee setup which performs system initialisation functions, namely creating and
publishing public keys and opening payer and payee bank accounts.
b) Pay-now system: In pay-now system, when an electronic transaction is processed, the payer’s
account is debited and the payee’s account is credited with the payment amount. Even though
availability of funds depends on the time when inter-bank settlements are carried out, the payer’s
and payee’s account are updated to show the debited and credited balances immediately after an
transaction is carried out. Credit card based system, like Secure Electronic Transaction (SET) [11],
Verified by Visa (VBV), MasterCard secure-code fall into this category.
i. Secure Transaction Technology (STT): In 1995, Visa and Microsoft developed a card
based system called as Secure Transaction Technology (STT). It featured strong, export-
approved DES encryption of financial information, RSA encryption of bank account numbers,
RC4 encryption of the purchasing order contents and receipts, and mandatory authentication
of all participants.
ii. Secure Electronic Payment Protocol (SEPP): During the same time the IBM Research
group proposed the Internet Keyed Payment Protocol (iKP) , which later became a part of
MasterCard’s Secure Electronic Payment Protocol (SEPP) proposal.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
iii. Secure Electronic Transaction (SET): Due to the limited popularity of both STT and SEPP
proposals, MasterCard and Visa in a joint effort proposed Secure Electronic Transaction (SET)
system that would take advantage of the combined customer and merchant base. SET was
published as an open specification for the industry and the development of the payment
system included major companies like GTE, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and
VeriSign. It incorporates digital signatures for not only authenticating customer but also Page | 35
merchants and banks.
Dual Signatures:SET also included a unique concept known as dual signatures. The main goal
of dual signatures is to protect the customer’s account information from the merchant and
purchase information from the banks. Dual signatures link purchase information (like order
message) sent to the merchant with the payment information (like account information) sent
to the acquirer. When the merchant sends an authorisation request to the acquirer, it
includes the payment information sent to it by the cardholder (customer) and the message
digest of the purchase information. The acquirer uses the message digest from the merchant
and computes the message digest of the payment information to check the dual signature.
Today there are two major proposals for secure electronic payment over the Internet. They
are Visa 3-D Secure (Verified by Visa - VBV) and MasterCard SecureCode. Both protocols rely
on SSL /TLS to encrypt communication over the Internet. SSL is a client-server protocol that
uses public key cryptography and has become the de facto standard for encrypted
communication over the Internet. In SSL, only servers (merchants) have public key certificates
and clients (buyers) remain anonymous to the servers. Because of the lightweight nature and
an existing wider deployment base of SSL protocol, MasterCard and Visa have implemented a
standard that would allow merchant to incorporate the proposed security features into their
payment acceptance structure.
c) Post-pay systems: In post-pay systems the payer’s account is debited only when the payee’s makes
a request for payment settlement with the acquirer. Most cheque based systems fall into this
category.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
Pay later or Cheque based system
Customers generally tend to use credit card payment methods for low and middle value payments,
whereas, cheque is the preferred method for large value payments. Various electronic cheque (e-
cheque) protocols have been proposed over the years. Systems like FSTC’s eCheck, NetCheque and
MANDATE II are based on methods used in traditional paper based checking protocols. Systems like
NetBill, ECheque and PayNow by CyberCash use a central server. Other e-checking systems are based Page | 36
on modified versions of e-cash protocols [21]. But most promising of all e-cheque system that has the
support of major financial institutions and government agencies has been the FSTC’s eCheck system.
The problem of double spending: Double spending occurs when the payer spends the same
electronic money multiple times. In a digital system the payer could make a backup of
electronic money before each payment and reset his system to this backup after the payment.
In this way, an arbitrary number of payments to different recipients are possible with the
“same” money.Typically, double spending is prevented with the use of tamper-resistant
hardware e.g. a smart card.
b) On-line system:In an on-line system, the payee typically connects to the bank to obtain a payment
authorisation, thus increasing the communication requirements for the payment system. The
advantage is, the payee obtains a guarantee on the payment, as the bank is able to authorise and
check for availability of funds in the payer’s account.
4) Other Classifications:
a) Micropayments:
Micro payments can be seen as a solution to allow low-value payments for purchasing news articles,
stock quotes, index queries, per-click purchase and other services over the Internet. Various micro
payment protocols (micromint and payword, netbill, cybercoin by cybercash, millicent by compaq,
NetPay , and miKP) have been proposed over the years.
b) Mobile Payments
Due to the phenomenal success of mobile communicational devices, there has been increasing effort
to used mobile devices as “electronic wallets” to store payment and account information. Currently
two main wireless protocols are used for mobile commerce.
i. WAP (Wireless Application Protocol): WAP developed by WAP forum (consolidated into
the Open Mobile Alliance) WAP is an open and global specification that helps mobile devices
with WAP enabled browsers to access information and services. WAP specifications include
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
an XML-type markup language known as Wireless Markup Language (WML) for displaying
information on to a mobile device browser.
ii. iMode: Developed by NTT DoCoMo, Japan. I-mode is a proprietary protocol developed by
NTT DoCoMo and uses Personal Digital Cellular-Packet (PDC-P) to provide network services.
Imode allows efficient network usage by using packet switching technology for wireless
communication and TCP/IP for wired communications. I-mode uses c-HTML (compact-HTML) Page | 37
to display content on mobile devices. I-mode enabled devices are also view HTML web pages
as the structure of c-HTML is similar to HTML as compared to WAP where HTML needs to be
converted to WML for display.
c) Polling Schemes:
Schemes where users register by giving a first payment, which is a signed note including a bank
certificate and subsequent payments sent by users are received by the vendor and probabilistically
sent to the bank for deposit at the time of the transaction.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
Corporate customer to have multiple
subscriptions (e.g., a data center may
bill the same customer in arrears
monthly for data storage, and quarterly
Multiple
for pre-paid colocation space.) The Consumer based subscriptions usually
Concurrent
billing engine needs to handle the added involve a single monthly bill
Subscriptions Page | 38
complexity around processing payments
on invoice due dates, sending overdue
notices, reporting, ageing, combined
payments, etc.
Negotiated pricing: Corporate Fixed pricing: Consumers usually cannot
Bargain customers negotiate price as they buy in negotiate price and pay the fixed price
bulk because the buy less quantities.
Higher order values: B2B AOV (average
Higher traffic volumes: B2C, high levels of
Volumes and order value) is much larger and products
traffic may not result in equally high profits.
values are often brought collectively. This
results in lower traffic, but a bigger sale,
Pay later: In B2B, the person browsing
may not be the person actually buying –
the actual purchasing may be done by Pay now: In B2c, the person browsing is
the procurement department, or head usually the person actually buying. And
buyer. Once the B2B order has been more often, products are paid for at the
placed, shipping and delivery is point of sale via credit card or PayPal, like a
Payment time arranged, and the buyers receive an B2C site.
invoice which they will clear based on
the agreed payment terms. The logistics
channels too differ: it’s not always
FedEx and UPS! A shipment of boilers,
for example, would need a large freight
carrier.
Marketing
and social
B2B experts are more into LinkedIn B2C marketers focus more on Facebook
networking
site
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
The card issuer bank - card holder's bank
The acquirer bank - the merchant's bank
The card brand - for example, Visa or Master Card.
Step Description
Step 1 Bank issues and activates a credit card to.customer on hislher request.
Customer presents credit card information to merchant site or to
Step 2
merchant from whom he/she want to purchase a product/service.
Merchant validates customer's identity by asking for approval from card
Step 3
brand company.
Card brand company authenticates the credit card and paid the
Step 4
transaction by credit. Merchant keeps the sales slip.
Merchant submits the sales slip to acquirer banks and gets the service
Step 5
chargers paid to himlher.
Acquirer bank requests the card brand company to clear the credit
Step 6
amount and gets the payment.
Now card brand company asks to clear amount from the issuer bank and
Step 7
amount gets transferred to card brand company.
b) Travel and Entertainment Cards (T&E Cards) are commercial cards commonly used by Employees
to pay expenses jelated to travel, including hotel, restaurant, airfare and other business related
entertainment expenses such as business lunches ordinners. T &E Cards are sometimes referred to as
Corporate Cards.
c) Business Cards are multi-function cards that are commonly used by smaller companies for both
procurement and travel and entertainment expenses .
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
b) Incentives: Some providers will offer incentives for using your plastic, such as loyalty points, cashback
or donations to charity.
c) Flexible credit: Most cards offer an interest-free period. They offer flexibility and convenience,
allowing the customer to make emergency purchases or pay for more expensive items by instalments.
Debit cards free customer to carry cash, cheques and even merchants accepts debit card more readily. Having
restriction on amount being in bank account also helps customer to keep a cheque on his/her spending's.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
Many vendors are involved in micro-payment systems, as it can be used for transactions by
A stored-value card is a payment card with a monetary value stored on the card itself, not in an external
account maintained by a financial institution and differs from debit cards where money is on deposit with the
issuer. Another difference between stored-value cards and debit cards is that debit cards are usually issued in
the name of individual account holders, while stored-value cards are usually anonymous.
The term stored-value card means the funds and or data are metaphorically 'physically' stored on the card, in
the form of binary-coded data. With prepaid cards the data is maintained on the card issuer's computers. The
value associated with the card can be accessed using a magnetic stripe embedded on the card, on which the
card number is encoded; using radio-frequency identification (RFID); or by entering a code number, printed
on the 'card, into a telephone or other numeric keypad.
Uses
a) Stored-value cards are most commonly used for low-value transactions, such as telephone prepaid
calling cards, cafeterias, or for micropayments in shops or vending machines.
b) They are used as payroll cards, rebate cards, gift cards, cafeteria cards and travel cards
Benefits
a) SVC are easy to use, low-cost and easy to issue.
b) They are easy to convert cash and paper transactions to electronic.
c) They reduce the cost of securing, transporting and accounting for cash,
d) They are used to accelerate transactions at the point-of-sale (PaS).
e) They are used to get rid of intensive back-end processes like vouchers, meal tickets, money orders,
traveller's cheques or other payment methods.
f) They decrease the extent of theft or loss.
g) They are easy to procure as no personal information is needed.
Disadvantages
a) Stored-value cards can be used for money laundering, that is, moving offshore funds derived from
criminal activities such as drug trafficking,
b) There is lack of relevant information about the card holder.
c) They can often have various restrictions on the maximum or minimum value that may be loaded on
to a card.
d) There is no fraud protection from the card issuer.
e) The user will not earn interest on the pre-loaded money.
f) There is restricted usage, i.e., the card cannot be used in planes or trains.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
5) Digital Cash
Digital cash is a form of electronic currency. It functions similarly to a debit card. Customers can transfer money
from sa vings and checking accounts into an online cash account, from which they withdraw to make purchases
over the Internet. This form of payment is particularly well suited to purchases of small, low-cost items, In
addition, it offers consumers the benefit of anonymity in their purchases, similar to using real cash. The basic
technology involved in digital cash transactions is public-key encryption. Digital signatures are used to Page | 42
authenticate the bank issuing the note and the individual computer user who is spending the money.
The digital cash numbers are unique. Each one is issued by a bank and represents a specified sum of real
money. One of the key features of digital cash is that like real cash, it is anonymous and reusable. That is, when
a digital cash amount is sent from a buyer to a vendor, (here is no way to obtain information about the buyer.
This is one of the key differences between digital cash and credit card systems. Another key difference is that
a digital cash certificate can be reused Digital cash is not constrained by national borders. Those using digital
cash can purchase services and goods from any site anywhere on the Internet. Banks issuing digital cash can
do so relative to any stable, real currency.
6) Digital Wallet
A digital wallet refers to an electronic device that allows an individual to make electronic commerce
transactions. This can include purchasing items on-line with a computer or using a smartphone to purchase
something at a store. Increasingly, digital wallets are being made not just for basic financial transactions but
to also authenticate the holder's credentials. For example, a digital-wallet could potentially verify the age of
the buyer to the store while purchasing alcohol.
It is useful to approach the term "digital wallet" not as a singular technology but as three major parts:
An individual's bank account can also be linked to the digital wallet. They might also have their driver's license,
health card, loyalty card(s) and other ID documents stored on the phone. The credentials can be passed to a
merchant's terminal wirelessly via near field communication (NFC).
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
Certain sources are speculating that these srnartphone "digital wallets" will eventually replace physical
wallets.
Advantages
a) The e-wallet makes online shopping easier as it fills an online order form automatically.
b) E-wallets allow users to keep track of their payments as they save digital receipts which can later be Page | 43
printed off for the user's records.
c) As e-wallet is an online pre-paid account, consumers can buy a range of products without swiping
debit/credit cards.
Disadvantages
a) There is no facility of refund; the amount is only redeemable against a purchase.
b) If password is revealed, it can lead to theft.
7) Agile Wallet
Agile is relating to or denoting method of project management, used especially for software development
that is-characterized by the division of tasks into short phases of work and frequent reassessment and
adaptation of plans. Agile methods replace high-level design with frequent redesign.
Agile principles
The Agile Manifesto is based on 12 principles:
i. Customer satisfaction by rapid delivery of useful software.
ii. Welcome changing requirements, even late in development.
iii. Working software is delivered frequently.
iv. Close daily cooperation between business people and developers.
v. Projects are built around motivated individuals, who should be trusted.
vi. Face-to-face conversation is the best form of communication (eo-location),
vii. Working software is the principal measure of progress'.
viii. Sustainable development, able to maintain a constant pace.
ix. Continuous attention to technical excellence and good design.
x. Simplicity the art of maximizing the amount of work not done is essential.
xi. Self-organizing teams.
xii. Regular adaptation to changing circumstances.
Meaning of Wallet
A wallet is a small software program used for online purchase transactions. Many payment solution
companies, such as Cyber Case, offer free Wallet software that allows several methods of payment to be
defined within the wallet (for example, several different credit cards).
Working of Wallet
The working of wallet is as follows:
a) When you order something, the order is sent to the merchant. The merchant (actually, the merchant's
server) sends back an invoice and asks the consumer to launch the. Wallet in his computer (or to
download it 'quickly if the consumer doesn't have it yet).
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
b) When the consumer selects "Pay," the Cyber Cash software on the merchant server sends a message
back to the consumer's PC that activates the "Wallet" software. The consumer selects one of the
cards -. defined in the Wallet and clicks.
c) The transaction includes real-time credit card authorization.
d) Cyber Cash says" Soon we will incorporate an electronic "Cash" and "Coin" system to use for
transactions that are considered small for credit cards. Page | 44
8) Smart Card
A smart card, chip card or integrated circuit card (lCC) is any pocket-sized card with embedded integrated
circuits. Smart cards are made of plastic, generally polyvinyl chloride. Smart card is similar to credit card and
debit card in appearance but it has a small microprocessor chip embedded in it. It has the capacity to store
customer work related/personal information; -Smart card is also used to store money which is reduced as per
usage.
Smart card can be accessed only using a PIN of customer. Smart cards are secure as they stores information in
encrypted-format and are less expensive/provides faster processing. Mondex and Visa Cash cards are
examples of smart cards. Smart cards serve as credit or ATM cards fuel cards, mobile phone SIMs,
authorization cards for pay television, household utility pre-payment cards, high-security identification and
access-control cards, and public transport and public phone payment cards.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
d) Prevents Fraud: Other benefits of using smart cards for identification can be used by governments
to prevent benefits and social welfare fraud to' ensure the right person is receiving the welfare benefit.
Some countries are using the smart cards to identify temporary workers who have been given work
permits. This has the potential to reduce immigration fraud.
e) Safe to Transport: Another advantage to having a smart card is their use in the banking industry.
These cards give the holder freedom to carry large sums of money around without feeling anxious Page | 45
about having the money stolen. In this regard, they are also safe because the cards can be easily
replaced, and the person would have to know the pin number to access its stored value. This takes
care of the problem with cash; once it is stolen it is nearly impossible to trace and recover it.
An electronic cheque, also known as an e-cheque, works in much the same way as a regular cheque in that it's
drafted against your bank account. Electronic cheques are a more convenient, safer alternative to paper
cheques when paying for goods and services and paying bills. It is a form of payment made via the internet
that is designed to perform the same function as a conventional paper cheque. Because the cheques in an
electronic format, it can be processed in fewer steps and has more security features than a standard paper
cheque
Security
An electronic cheque has more security features than traditional paper cheques. The encryption feature of an
electronic cheque verifies your account number and the dollar amount, and your digital signature is checked
against the name on the bank account. These measures help prevent fraud and identity theft. Other security
features provided by electronic cheques include authentication public key cryptography and digital signatures.
Advantages
a) The biggest benefits of using an electronic cheque are speed and convenience as the payment is
immediately processed.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
b) It is well suited for clearing micro payments. Ccnventional cryptography of e-cheques makes them
easier to process than systems based on public key cryptography (like digital cash).
c) They can serve corporate markets. Firms can use them in more cost-effective manner.
d) They create float and the availability of float is an important requirement of Commerce.
e) They are similar to traditional cheques. This eliminates the need for customer education.
f) Since Electronic cheques use conventionalencryption than Public and private keys as in e-Cash, Page | 46
Electronic cheques are much faster.
g) The risk is taken care of by the accounting server, which will guarantee that the cheque would be
honored.
h) The time frame in which an electronic cheque clears varies. Depending on the financial institutions
involved and the timing of the transaction, it can clear immediately or take up to three days to post to
your account. Electronic cheques presented over the weekend take longer to process, because most
financial institutions are closed.
10) E-Money
E-Money transactions refers to situation where payment is done over the network and amount gets
transferred from one financial body to another financial body without any involvement of a middleman.
Esmoney transactions are faster, convenient and saves a lot of time. Online payments done via credit card,
debit card or smart card are examples of e-rnoney transactions. In case of e-rnoney, both customer and
merchant both have to sign up with the bank or company issuing e-rnoney.
Advantages of e-money
a) It is safe and convenient.
b) For the e-rnoney providers, it enhances the ability to reach new clients.
c) Lower operating costs for e-money providers.
Now a day, internet based EFT is getting popularity. In this case, customer uses website provided by the bank.
Customer logins to the bank's website and registers another bank account. He/she then places a request to
transfer certain amount to that account. Customer's bank transfers amount to other account if it is in same
bank otherwise transfer request is forwarded to ACH (Automated Clearing House) to transfer amount to other
account and amount is deducted from customer's account. Once amount is transferred to other account,
customer is notified of the fund transfer by the bank.
12) PAYPAL
PayPal is a global e-cornrnerce business allowing payments and money transfers to be made through the
Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods,
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
such as cheques and money orders. Pay Pal is an acquirer, a performing payment processing for online
vendors. auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for
receiving money. proportional to the amount received. The fees depend on the currency used, the payment
option used, the country of the sender. the country of the recipient, the amount sent and the recipient's
account type. In addition, eBay purchases made by credit card through Pay Pal may incur extra fees if the
buyer and seller use different currencies. Page | 47
Key Features
To meet the business requirements. SET incorporates the following features:
SET Transaction
The sequence of events required for a transaction is as follows:
a) The customer obtains a credit card account with a bank that supports electronic payment and SET.
b) The customer receives a X.509v3 digital certificate signed by the bank.
c) Merchants have their own certificates The customer places an order with the merchant.
d) The merchant sends the customer his public key and a copy of his certificate so that the customer
can verify that it's a valid store.
e) The customer sends the merchant:
His certificate.
His order details .. uncncrypted.
His bank account details encrypted with the bank's public key.
Note that the merchant doesn't know the client's payment and bank account details.
a) The bank sends the merchant a confirmation encrypted with the merchant's public key.
b) The merchant sends the client the bank's response encryptcd with the client's public key.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E-Payment
VI semester BBM
E-Business
c) The merchant ships the goods or provides the service to the customer.
d) The merchant sends the bank a transaction request cncryptcd with thc bank's public key.
e) The bank transfers the payment to the merchant.
Advantages of SET
a) It is secure enough to protect user's credit-card numbers and personal information from attacks. Page | 48
b) The hardware independent.
c) It is used world-wide.
d) It provides confidentiality of information.
e) It provides integrity of data.
f) It provides for cardholder account authentication.
g) It also provides for merchant authentication.
Disadvantages of SET
a) User must have credit card
b) It is not cost-effective when the payment is small.
c) None of anonymity and it is traceable.
d) Network effect - need to install client.software (an e-wallet).
e) Cost and complexity for merchants to offer support, contrasted with the comparatively low cost and
simplicity of the existing SSL based alternative.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
B To C Marketing Characteristics
1. Decision making: Consumers make buying decisions based on status, security, comfort and quality.
2. Short sales cycles-days or even minutes for impulse buys: In B to C marketing the consumers
make emotional purchase decisions and buy many a times things they need and don't need at the spur
of the movement. Therefore sellers have to understand the customer and their marketing pitch has to
appeal to the emotions of the customer.
3. Brand is built through advertising and referrals: Advertising plays a very important role in creating
awareness of a product, explaining the features of the product and attracting them to purchase the
product by giving those reasons as to how the product is going to be useful to him. Referrals from peer
groups also plays a major role in purchase decisions.
4. Customer service is core to sales: To have customer loyalty marketing doesn't end with sales. After
sales customer service becomes a very important part of B to C transactions.
5. Social media: Social media gives greater aceess to customers, opening up huge opportunities for
advertising, customer service, and building of customer loyalty .
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Cookies
Meaning: Cookies are created when a user's browser loads a particular website that uses cookies to keep
track of your movements within the site, help you resume where you left off, remember your registered login,
theme selection, preferences, and other customization functions. Cookies are small, often encrypted text files,
located in browser directories.
The website sends information to the browser which then creates a text file. Every time the user goes back to
the same website, the browser retrieves and sends this file to the website's server. Computer Cookies are
created not just by the website the user is browsing but also by other websites that run ads, widgets, or other
elements on the page being loaded. These cookies regulate how the ads appear or how the widgets and other
elements function on the page
Cookies are often indispensable for websites that have huge databases, need logins, have customizable
themes, other advanced features.
Uses of Cookies
a) Session Management
Cookies may be used to maintain data related to the user during navigation, possibly across multiple visits.
Allowing users to log into a website is a frequent use of cookies. Typically the web server will first send a
cookie containing a unique session identifier. Users then submit their credentials and the web application
authenticates the session and allows the user access to services. Cookies provide a quick and convenient
means of client/server interaction.
b) Personalisation
Cookies may be used to remember the information about the user who has visited a website in order to
show relevant content in the future.
c) Tracking
Tracking cookies may be used to track internet users' web browsing. This can also be done in part by using
the IP address of the computer requesting the page or the referrer field of the IITTP request header.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Types of Cookies
a) Session cookie: A session cookie, also known as an in-memory cookie or transient cookie, exists
only in temporary memory while the user navigates the website. Web browsers normally delete
session cookies when the user closes the browser.
b) Persistent cookie: Instead of expiring when the web browser is closed as session cookies do,
persistent cookies expire at a specific date or after a specific length of time which can be as long or Page | 51
as short as its creators want
c) Secure cookie: A secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
d) Http Only cookie: HttpOnly cookies can only be used when transmitted via HTTP (or HTTPS). They
are not accessible through non-HTTP APIs such as JavaScript.
e) Third-party cookie: Normally, a cookie's domain name will match the domain name that is shown
in the web browser's address bar. This is called a first-party cookie. Third-party cookies, however,
belong to domains different from the one shown in the address bar. These sorts of cookies typically
appear when web pages feature content, such as banner advertisements, from external websites.
f) Supercookie: Supercookies can be a potential security concern and are therefore often blocked by
web browsers. If unblocked by the client computer, an attacker in control of a malicious website
could set a supercookie and potentially disrupt or impersonate legitimate user requests to another
website.
g) Zombie cookie: Zombie cookies are cookies that are automatically recreated after being deleted.
Cookie threat
a) Cookie poisoning: Cookie poisoning is the modification of a cookie (personal information in a Web
user's computer) by an attacker to gain unauthorized information about the user for purposes such
as identity theft.
b) Cookie theft: Cookie theft occurs when a third party copies unencrypted session data and uses it to
impersonate the real user
c) Cookie hijacking(Session hijacking): Cookie hijacking is the exploitation of a valid computer
session sometimes also called a session key to gain unauthorized access to information or services in
a computer system.
Shopping Cart
Meaning: A shopping cart is a piece of e-commerce software on a web server that allows visitors to select
items in the website for online purchase. A shopping cart is used by E-commerce web sites to track the items
that are selected for purchase; the shopping cart allows customers to view all the items selected by them.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Popular data bases
a) MySQL: This is the most popular. It's a fast and powerful database with excellent integration with
PHP. It is a free source software.
b) Microsoft Access: This is also a very popular Microsoft database. The advantage of access is that it's
very easy to deploy and to use. The limitation of this is that if there are a lot of visitors to a shopping
cart (thousands a day) it might not handle it so well. Page | 52
c) SQL Server: This is Microsoft's high end database, used to power some of the busiest websites in
the world .. This can handle a lot of visitor's traffic. SQL is a good choice for heavy duty web sites.
The major issues and challenges of designing a database for e-commerce environments:
b) Translation of paper catalog into a standard unified format and cleansing the data
Companies generally will have a catalog printed in the physical form for different product ranges and
different customer categories. When creating a database for e commerce it has to be organized and
integrated into a standard unified format. Repetitions have to be avoided and at the same time all the
products should get covered in the website,
d) Schema evolution
An E commerce database has to be designed in such a manner that classification of products is user
friendly, exhaustive and easy to understand. It should display the various products available for sale
of the seller along with their quantities. It is important to highlight new products along with their
prices and discounts. It should also integrate browsing, order and stock position in such a manner'
that sold out products are clearly mentioned in order to ensure thiWsold' out products are not offered
for sale.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
g) Capturing data for customization and personalisation such as navigation data within the
context
A database should be so designed that when a user starts using 'and navigating a website it should be
capable of incorporating in its design the ability to capture dataduring navigation' for effective
personalisation to provide easier usage.
Page | 53
Characteristics of DBMS
1. To incorporate the requirements of the organization, system should be designed for easy maintenance.
2. Information systems should allow interactive access to data to obtain new information without
writing fresh programs.
2. System should be designed to co-relate different data to meet new requirements.
3. An independent central repository, which gives information and meaning of available data is required.
4. Integrated database will help in understanding the inter-relationships between data stored in different
applications.
5. The stored data should be made available for access by different users simultaneously.
6. Automatic recovery feature has to be provided to overcome the problems with processing system failure.
Advantages of DBMS
Due to its centralized nature, the database system can overcome the disadvantages of the file system-based
system
a. Data independency: Application program should not be exposed to details of data representation
and storage. DBMS provides the abstract view that hides these details.
b. Efficient data access: DBMS utilizes a variety of sophisticated techniques to store and retrieve data
efficiently.
c. Data integrity and security: Data is accessed through DBMS, it can enforce integrity constraints. E.g.:
Inserting salary information for an employee.
d. Data Administration: When users share data, centralizing the data is an important task, Experience
professionals can minimize data redundancy and perform fine tuning which reduces retrieval time.
e. Concurrent access and Crash recovery: DBMS schedules concurrent access to the data. DBMS
protects user from the effects of system failure.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
f. Reduced application development time: DBMS supports important functions that are common to
many applications.
Disadvantages of DBMS
a. Higher data processing cost
b. Increasing hardware and software costs Page | 54
c. Insufficient database expertise
Users of DBMS
Typically there are three types of users for a DBMS:
a. The END User who uses the application: Ultimately he is the one who actually puts the data into the
system into use in business.
b. The Application Programmer who develops the application programs: He/She has more
knowledge about the data and its structure. He/she can manipulate the data using his/her programs.
He/she also need not have access and knowledge of the complete data in the system.
c. The Data base Administrator (DBA) who is like the super-user of the system.
Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL
Server, Access, Ingres, etc.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
your database should there be a system crash or other problem. Often the transaction log is also used by
developers to ensure that a series of related changes to a database take place together or not at all.
In the event of a system or disk crash you may use the transaction log to revert the database to its previous
state. The database would be restored to the most recent full backup (made daily), then all the changes
recorded in the transaction log since that backup would be applied. Page | 55
Data Mining
Generally, data mining (sometimes called data or knowledge discovery) is the process of analyzing data from
different perspectives and summarizing it into useful information - information that can be used to increase
revenue, cuts costs, or both.
Data mining software is one of a number of analytical tools for analyzing data. It allows users to analyze data
from many different dimensions or angles, categorize it, and summarize the relationships identified.
Although data mining is a relatively new term, the technology is not. Companies have used powerful
Data Warehouses
Data warehousing is defined as a process of centralized data management and retrieval.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Characteristics of CRM
a) Relationship management is a customer-oriented feature with service response based on
customer input, one-to-one solutions to customers’ requirements, direct online communications with
customer and customer service centers that help customers solve their issues.
b) Sales force automation: This function can implement sales promotion analysis, automate tracking
of a client’s account history for repeated sales or future sales, and also сoordinate sales, marketing, Page | 56
call centers, and retail outlets in order to realize the salesforce automation.
c) Use of technology: This feature is about following the technology trends and skills of value delivering
using technology to make “up-to-the-second” customer data available. It applies data warehouse
technology in order to aggregate transaction information, to merge the information with CRM
products, and to provide KPI (key performance indicators).
d) Opportunity management: This feature helps the company to manage unpredictable growth and
demand and implement a good forecasting model to integrate sales history with sales projections.
Features of CCRM
a) tailored marketing, e) providing information customers actually
b) one-to-one customer service, want,
c) retaining customers, f) subscription billing,
d) building brand loyalty, g) rewards.
Marketing
Marketing primarily deals with providing functionalities of Long term planning and Short term execution of
marketing related Activities within an organization.
Sales
The sales functionalities of the CRM - Customer relationship management software are focused on helping the
Sales team to execute and manage the presales process better and in an organized manner. When opportunity
management reaches a “Quotation phase”, a quotation is generated which if “won” gets converted into a
sales order. The sales order then flow in to the Back end (ERP) system for further execution and Delivery
Service
Service related functionalities are focused on:
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Advantages
a) Departmental Integration: If a customer calls and speaks on one matter to someone in the sales
department and moments later speaks to the billing department, departmental integration reduces
the chance a customer is put on hold while the departments speak to each other.
b) Enhanced Customer Service: CRMs are a great tool for auditing, training and tracking information
such as complaint calls. They are useful in identifying a customer’s needs. Page | 57
c) Improved Sales and Marketing Tactics: With a CRM, an organization's sales team can work more
efficiently. They can monitor their pipeline and track the lead-to-sale process, review each other's
notes on customers and share product and contract information.
d) Gaining customer loyalty: As stated above, loyalty is less costly for a company and the loyal
customer becomes a professional recommendation of the company and its services.
e) Good view over the list of customers and prospects: CRM helps a company to know where it
stands with relationship management, when to contact them again, etc.
f) Enhanced productivity: By fostering customer's loyalty, the company spends less time acquiring
new customers and saves then time on other projects.
Disadvantages
a) System Integration: CRM software may not integrate well with other email and accounting systems.
Resentment :CRM software's biggest disadvantage is the resentment employees may feel toward the
software. Many employees disagree with change.
b) Learning Curve: Either implementing a CRM for the first time or upgrading an older version will
require employees to take the time out to learn the system.
c) A mistaken tool choice may make CRM more complicated:This is why you need to consider in
advance what kind of tools would be appropriate to your structure in order to follow its relationship
with its customers and prospects.
d) Choice of tools: CRM is not easy to put in place, attention must be given to the choice of tools, but
also to the effective implementation of CRM process that will be undertaken by the company.
Affiliate marketing
Affiliate marketing is a type of performance-based marketing in which a business rewards one or more
affiliates for each visitor or customer brought by the affiliate's own marketing efforts. Affiliate marketing is
one of the oldest forms of marketing wherein you refer someone to any online product and when that person
buys the product based on your recommendation, you receive a commission.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
E- Business Marketing Technologies
VI semester BBM
E-Business
Page | 58
Viral Marketing
Viral marketing, viral advertising, or marketing buzz are buzzwords referring to marketing techniques that use
pre-existing social networking services and other technologies to try to produce increases in brand awareness
or to achieve other marketing objectives (such as product sales) through self-replicating viral processes,
analogous to the spread of viruses or computer viruses. It can be delivered by word of mouth or enhanced by
the network effects of the Internet and mobile networks. Viral advertising is personal and, while coming from
an identified sponsor, it does not mean businesses pay for its distribution.
Email was the original viral marketing strategy because the media encourages forwarding messages to more
people.But today facebook, Youtube etc are popular.
Permission Marketing
Permission marketing is a relatively new term, which was coined and developed by the entrepreneur, Seth
Godin.Permission marketing is an approach to selling goods and services in which a prospect explicitly agrees
in advance to receive marketing information. Opt-in e-mail, where Internet users sign up in advance for
information about certain product categories, is a good example of permission marketing. Advocates of
permission marketing argue that it is effective because the prospect is more receptive to a message that has
been requested in advance and more cost-efficient because the prospect is already identified and targetted.
In a world of information overload, automated telemarketing, and spam, most people welcome the idea of
permission marketing.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
1. In India we have a detailed and well defined legal system and numerous laws have been enacted and
implemented and the foremost amongst them is the Constitution of India. The arrival of Internet signaled
the beginning of the rise of new and complex legal issues. As such, the coming of the Internet led to the
emergence of numerous ticklish legal issues and problems which necessitated the enactment of Cyber
Laws.
2. The existing laws were to be interpreted in the scenario of emerging cyberspace, without enacting new
cyber laws. As such, there was a need for enactment of relevant cyber laws.
3. The existing laws didn’t gave any legal validity or sanction to the activities in cyberspace. Courts and
judiciary in our country have been reluctant to grant judicial recognition to the legality of email in the
absence of any specific law having been enacted by the parliament. This arise the need for Cyber law.
4. Internet requires an enabling and supportive legal infrastructure in tune with the times. This legal
infrastructure can only be given by the enactment of the relevant Cyber Laws.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
A simple yet study definition of Cyber Crime would be “unlawful acts wherein the computer is either a tool or Page | 60
a target or both”. Or
Cyber Crime defined as “Any crime with the help of computer and telecommunication technology”, with the
purpose of influencing the functioning of computer or the computer systems.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
and labeled which enables a computer to determine whether a packet is intended for it. A packet
snifter can provide its users with meaningful and often sensitive information such as user account
names and passwords.
5. Internet Protocol Spoofing: An IP attack occurs when an attacker outside the network pretends to
be a trusted computer either by using an IP address that is within its range or by using an external IP
address that you trust and to which you wish to provide access to specified resources on your network. Page | 61
Normally an IP spoofing attack is limited to the injection of data or commands into an existing stream
of data passed between clients and server application or a peer to peer network connection.
6. Password attacks: Password attacks can be implemented using several different methods like the
brute force attacks, Trojan horse programmes. IP spoofing can yield user accounts and passwords.
Password attacks usually refer to repeated attempts to identify a user password or account. This
attack requires that the attacker have access to network packets that come across the networks.
7. Fraud on the Internet: This is a form of white collar crime. Internet fraud is a common type of crime
whose growth has been proportionate to the growth of internet itself. The internet provides
companies and individuals with the opportunities of marketing their products on the net. It is easy for
people with fraudulent intention to make their messages look real and credible.
8. Online Investment newsletters: Many newsletters on the internet provide the investors with free
advice recommending stocks where they should invest. Sometimes these recommendations are
totally bogus and cause loss to the investors.
9. Bulletin Boards: This is a forum for sharing investor information and often fraud is perpetrated in
this zone causing loss of millions who bank on them.
10. E-mail scans: Since junk mail (E-mail which contains useless materials) is easy to create, fraudsters
often find it easy to spread bogus investment schemes or spread false information about a company.
11. Credit card fraud: With the electronic commerce rapidly becoming a major force in national
economies it offers rich pickings for criminals prepared to undertake fraudulent activities. Sometimes
like a half a billion dollars is lost to consumers in card fraud alone.
12. Publishing of false digital signature: According to sec 73 of the I.T. Act 2000, if a person knows
that a digital signature certificate is erroneous in certain particulars and still goes ahead and publishes
it, is guilty of having contravened the Act. He is punishable with imprisonment for a term that may
extend to two years or with fine of a lakh rupee or with both.
13. Making available digital signature for fraudulent purpose: This is an offence punishable under
sec 74 of the above mentioned act, with imprisonment for a term that may extend to two years or
with fine of two lakh rupees or with both.
14. Alteration and destruction of digital information: The corruption and destruction of digital
information is the single largest menace facing the world of computers. Virus just as a virus can infect
the human immunity system there exist programmes, which can, destroy or hamper computer system.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
Definitions:
1. “Access” with its grammatical variations and cognate expressions means gaining entry into, instructing
or communicating with the logical, arithmetical, or memory function resources of a computer,
computer system or computer network.
2. “Addressee” means a person who is intended by the originator to receive the electronic record but
does not include any intermediary.
3. “Affixing digital signature” with its grammatical variations and cognate expressions means adoption
of any methodology or procedure by a person for the purpose of authenticating an electronic record
by means of digital signature.
4. “Appropriate Government” means the Central Government except in the following two cases where
it means the state government: a) in matters enumerated in List II of the Seventh Schedule to the
Constitution; b) relating to any state law enacted under list III of the seventh schedule to the
Constitution.
5. “Asymmetric crypto system” means a system key pair consisting of a private key for creating a digital
signature and a public key to verify the digital signature.
6. “Computer” means any electronic magnetic, optical or other high-speed data processing device or
system which performs logical, arithmetic, and memory function by manipulations of electronic,
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
magnetic or optical impulses, and includes all input output, processing, storage, or communication
facilities which are connected or related to the computer in a computer system.
7. “Computer Network” means the interconnection of one or more computers through- a) the use of
the satellite, microwave, terrestrial line or other communication media; b) terminals or a complex
consisting of two or more interconnected computers whether or not the interconnection is
continuously maintained. Page | 63
8. “Computer Resource” means computer, computer system, computer network, data, computer data
base or software.
9. “Computer system” means a device or collection of devices, including input and output support
devices and excluding calculators which are not programmable and capable of being used in
conjunction with external files, which contain computer programmes, electronic instructions, input
data and output data, that performs logic, arithmetic, data storage and retrieval, communication
control and other functions.
10. “Data” means a representation of information, knowledge, facts, concepts or instructions which are
being prepared or have been prepared in a formalized manner, and is intended to be processed, is being
processed or has been processed in a computer system and may be in any form.
11. “Digital signature” means authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of Section 3.
12. “Electronic form” with reference to information means of any information generated, sent, received
or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche
or similar device.
13. “Electronic Record” means data, record or data generated, image or sound stored, received or sent
in an electronic form or micro film or computer generated micro fiche.
14. “Function” in relation to a computer, includes logic, control arithmetical process, deletion, storage
and retrieval and communication or telecommunication from or within a computer.
15. “Information” includes data, text, images, sound, voices, codes, computer programmes, software
and database or micro film or computer generated micro fiche.
16. “Intermediary” with respect to any particular electro message means any person who on behalf of
another person receives stores or transmits that message or provides any service with respect of that
message.
17. “Key pair” in any asymmetric crypto system, means a private key and its mathematically related
public key, which are so related that the public key can verify a digital signature created by the private
key.
18. “Orignator” means a person who sends, generates, stores or transmits any electronic message or
causes any electronic message to be sent, generated, stored or transmitted to any other person but
does not include an intermediary.
19. “Prescribed” means prescribed by rules made under this act.
20. “Private Key” means the key of a key pair used to create a digital signature.
21. “Public key” means the key of a key pair used to verify a digital signature and listed in the digital
signature certificate.
22. “Secure System” means computer hardware, software, and procedure that-
are reasonably secure form unauthorized access and misuse.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
Provide a reasonable level of reliability and correct operation.
Are reasonably suited to performing the intended functions and
Adhere to generally accepted security procedures.
23. “Verify” in relation to a digital signature, electronic record or public key, with its grammatical
variations and cognate expressions means to determine whether:
The initial electronic record was affixed, with the digital signature by the use of private key Page | 64
Corresponding to the public key of the subscriber.
The initial electronic record is retained intact or has been altered since such electronic
record was so affixed with the digital signature.
a. The applicant holds the private key corresponding to the public key to be listed in the Digital
Signature Certificate.
b. The applicant holds a private key,, which he is capable of creating a digital signature.
c. The public key to be listed in the certificate can be used to verity a digital signature affixed by the
private key held by the applicant.
However, no application shall be rejected unless the applicant has been given a reasonable opportunity of
showing cause against the proposed rejection.
While issuing a digital signature certificate the certifying authority should certify that it has complied with
provisions of the Act, the rules and regulations made there under and also with other conditions mentioned
in the Digital Signature Certificate.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
the signature of any person, then, not withstanding anything contained to such law, such requirement
shall be deemed to have been satisfied.
e. Certifying digital signature: the digital signature will be certified by certifying authority. The
certifying authority will be licensed, supervision and controlled by certifying authorities.
Page | 65
Penalties and Adjudication Sec 43-47:
The Act provides for awarding compensation or damage for certain types of computer frauds. It is also provides
for the appointment of Adjudicating Officer for holding an inquiry in relation to certain computer crimes and
for awarding compensation.
Types of Penalties:
A. Penalty for damage to computer, computer system or network like:
1. Securing access to the computer, computer system or computer network.
2. Downloading or extracting any data, computer database of information from such computer
system or those stored in any removable storage medium.
3. Introducing any computer contaminant or computer virus into any computer, computer system
or network.
4. Damaging any computer, computer system or network or any computer data, database or
Programmes.
5. Disrupting any computer, computer system or network.
6. Denying access to any person Authorised to access any computer, computer system or network.
7. Providing assistance to any person to access any computer, computer system or network in
contravention of any person by tampering with or manipulating any computer, computer system
or network.
B. Penalty for misrepresentation Sec 71: provides that any person found misrepresenting or
suppressing any material fact from the controller or the certifying authority shall be punished with
imprisonment for a term which may extend to two years or with fine which may extend to Rs 1 lakh
or with both.
C. Penalty for publishing false digital signature certificate Sec 73: provides punishment for
publishing a digital signature certificate false in material particulars or otherwise making it available
to any person with imprisonment for a term which may extend to two years or with fine which may
extend to Rs 1 lakh or with both.
D. Penalty for fraudulent publication Sec 74: provides for punishment with imprisonment for a term
which may extend to two years or with fine which may extend to Rs 1 lakh or with both to a person
whoever knowingly publishing for fraudulent purpose any digital signature certificate.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
Cyber Laws
VI semester BBM
E-Business
Offences:
1) Tampering with computer source documents Sec 65: This section provides for punishment with
imprisonment upto three years or with a fine which may extend to Rs 2 Lakhs or with imprisonment
upto 3 years, or with both.
2) Hacking with computer system Sec 66: Hacking is a term used to describe the act of destroying
Page | 66
or deleting or altering any information residing in a computer resource or diminishing its value or
utility, or affecting it injuriously in spite of knowing that such action is likely to cause wrongful loss or
damage to the public or that person. Sec 66 provides that a person who commits hacking shall be
punished with a fine upto Rs 2 lakhs or with imprisonment upto 3 years, or with bond.
3) Publishing of information which is obscene in electronic form: sec 67 provides for punishment
to whoever transmits or publishes or causes to be published or transmitted, any material which is
obscene in electronic form with imprisonment for a term which may extended to five years and with
fine which may extended to Rs 1 lakh or first conviction. In the event of second or subsequent
conviction the imprisonment would be for a term which may extend to ten years and fine which may
extend to Rs 2 lakhs.
3. Sec 70 empowers the appropriate government to declare by notification any computer, computer
system or computer network to be protected system. Any unauthorized access of such systems will be
punishable with imprisonment which may extend to ten years or with fine.
The Adjudicating Officer so appointed shall be responsible for holding an inquiry in the prescrived manner
after giving reasonable opportunity of being heard and thereafter, imposing penalty where required.
Sec 47 provides that while deciding upon the quantum of compensation, the adjudicating officer shall have
due regard to the amount of gain of unfair advantage and the amount of loss caused to any person as well as
the respective nature of the default.
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com