E-Commerce:

The term electronic commerce (ecommerce) refers to a business

model that allows companies and individuals to buy and sell goods and
services over the Internet. Ecommerce operates in four major market segments
and can be conducted over computers, tablets, smartphones, and other smart
devices. Nearly every imaginable product and service is available through
ecommerce transactions, including books, music, plane tickets, and financial
services such as stock investing and online banking

BUSINESS TRANSACTIONS ON WEB

A business transaction, in the context of electronic commerce, is any monetary

transaction that is made between consumers or businesses via the Internet.
Business transactions free up time when conducted online since each party does
not need to be physically present in order to make the transaction.

Features of Online Business

Some of the positive features of Online Business are as follows:

 It is easy to set up
 There are no geographical boundaries
 Much cheaper than traditional business.
 There are flexible business hours
 Marketing strategies cost less.
 Online business receives subsidies from the government.

There are a few security and integrity issues:

 There is no personal touch.

 Buyer and seller don’t meet.
 Delivery of products takes time.
 There is a transaction risk.
 Anyone can buy anything from anywhere at any time.
 The transaction risk is higher than traditional business.

Types of e-Commerce:

Now there are actually many types of e-Businesses. It all depends on who the final
consumer is. Some of the types of e-commerce are as follows:

Ecommerce operates in all four of the following major market segments. These
are:

 Business to business (B2B), which is the direct sale of goods and services
between businesses
 Business to consumer (B2C), which involves sales between businesses
and their customers
 Consumer to consumer, which allows individuals to sell to one another,
usually through a third-party site like eBay
 Consumer to business, which lets individuals sell to businesses, such as
an artist selling or licensing their artwork for use by a corporation1

i) Business-to-Consumer (B2C)
In a Business-to-Consumer E-commerce environment, companies sell their online
goods to consumers who are the end users of their products or services. Usually,
B2C E-commerce web shops have an open access for any visitor. Ex: Amazon
 ii) Business-to-Business (B2B)
In a Business-to-Business E-commerce environment, companies sell their online
goods to other companies without being engaged in sales to consumers. In most
B2B E-commerce environments entering the web shop will require a log in. B2B
web shop usually contains customer-specific pricing, customer-specific
assortments and customer-specific discounts. Ex: Alibaba

iii) Consumer-to-Business (C2B)

In a Consumer-to-Business E-commerce environment, consumers usually post
their products or services online on which companies can post their bids. A
consumer reviews the bids and selects the company that meets his price
expectations.

Ex: consumer to business model: Monster.com

iv) Consumer-to-Consumer (C2C)

In a Consumer-to-Consumer E-commerce environment consumers sell their online
goods to other consumers. A well-known example is eBay, OLX, Quikr
Advantages and Disadvantages of Ecommerce
E-commerce offers consumers the following advantages:

 Convenience: E-commerce can occur 24 hours a day, seven days a

week.
 Increased selection: Many stores offer a wider array of products online
than they carry in their brick-and-mortar counterparts. And many stores
that solely exist online may offer consumers exclusive inventory that is
unavailable elsewhere

But there are certain drawbacks that come with ecommerce sites, too. The
disadvantages include:

 Limited customer service: If you shop online for a computer, you cannot
simply ask an employee to demonstrate a particular model's features in
person. And although some websites let you chat online with a staff
member; this is not a typical practice.
 Lack of instant gratification: When you buy an item online, you must wait
for it to be shipped to your home or office. However, e-tailers like Amazon
make the waiting game a little bit less painful by offering same-day delivery
as a premium option for select products.
 Inability to touch products: Online images do not necessarily convey the
whole story about an item, and so e-commerce purchases can be
unsatisfying when the products received do not match consumer
expectations. Case in point: an item of clothing may be made from
shoddier fabric than its online image indicates.

E-Governance

http://www.vssut.ac.in/lecture_notes/lecture1428551057.pdf

E-governance is the application of information and communication technology

(ICT) for delivering government services, exchange of information
communication transactions, integration of various stand-alone systems and
services between government-to-customer (G2C), government-to-business (G2B),
government-to-government (G2G) as well as back-office processes and
interactions within the entire government framework. Through e-governance,
government services will be made available to citizens in a convenient,
efficient and transparent manner. The three main target groups that can be
distinguished in governance concepts are government, citizens and
businesses/interest groups. In e-governance there are no distinct boundaries.

Business - to - Government (B2G) B2G model is a variant of B2B model. Such

websites are used by government to trade and exchange information with
various business organizations. Such websites are accredited by the government
and provide a medium to businesses to submit application forms to the
government.

Business to Government-B2G e-commerce is commerce between Companies and

public sector. it refers to the use of the Internet for Public Procurement, licensing
procedure, and other government-related Operation

Government - to - Business (G2B) Government uses B2G model website to

approach business organizations. Such websites support auctions, tenders and
application submission functionalities.

Such websites support auctions, tenders and application submission

functionalities

Government - to - Citizen (G2C)

Government uses G2C model website to approach citizen in general. Such
websites support auctions of vehicles, machinery or any other material. Such
website also provides services like registration for birth, marriage or death
certificates. Main objectives of G2C website are to reduce average time for
fulfilling people requests for various government services

G2C (government-to-consumer or government-to-citizen). When the government

gives somebody a tax rebate, that is a G2C transaction.
https://marketbusinessnews.com/financial-glossary/b2g/#:~:text=In%20this%20model%2C
%20companies%20sell,that%20is%20a%20G2C%20transaction.

THREATS to E-COMMERCE:

http://www.vssut.ac.in/lecture_notes/lecture1428551057.pdf

 Hackers attempting to steal customer information or disrupt the site

 A server containing customer information is stolen.
 Imposters can mirror your ecommerce site to steal customer money
 Authorised administrators/users of an ecommerce website downloading hidden active
content that attacks the ecommerce system
 A disaffected employee disrupting the ecommerce system
 It is also worth considering where potential threats to your ecommerce site might come
from, as identifying potential threats will help you to protect your site. Consider:
o Who may want to access your ecommerce site to cause disruption or steal data;
for example, competitors, ex-employees, etc.?
o What level of expertise a potential hacker may possess; if you are a small
company that would not be likely to be considered a target for hackers then
expensive, complex security may not be needed.

Security Threats to e-commerce

https://www.getastra.com/blog/knowledge-base/ecommerce-security-threats/

https://www.javatpoint.com/security-threat-to-e-commerce

1. Financial Frauds:
a. Credit Card Fraud: It happens when a cybercriminal uses stolen credit card data to buy
products on your e-commerce store. Usually, in such cases, the shipping and billing addresses
vary. Another form of credit card fraud is when the fraudster steals your personal details and
identity to enable them to get a credit card.

b. Fake Return & Refund Fraud: The bad players perform unauthorized transactions and clear
the trail, causing businesses great losses. Some hackers also engage in refund frauds, where they
file fake requests for returns.

c. The Risk of Tax Evasion: The Internal Revenue Service law requires that every business
declare their financial transactions and provide paper records so that tax compliance can be
verified. The problem with electronic systems is that they don't provide cleanly into this
paradigm. It makes the process of tax collection very frustrating for the Internal Revenue Service.
It is at the business's choice to disclose payments received or made via electronic payment
systems. The IRS has no way to know that it is telling the truth or not that makes it easy to evade
taxation.

d. The Risk of Payment Conflicts: In electronic payment systems, the payments are handled by
an automated electronic system, not by humans. The system is prone to errors when it handles
large amounts of payments on a frequent basis with more than one recipient involved. It is
essential to continually check our pay slip after every pay period ends in order to ensure
everything makes sense. If it is a failure to do this, may result in conflicts of payment caused by
technical glitches and anomalies.

2. Phishing

Several e-commerce shops have received reports of their customers receiving messages or emails
from hackers masquerading to be the legitimate store owners. Such fraudsters present fake copies
of your website pages or another reputable website to trick the users into believing them.

3. Spamming

Some bad players can send infected links via email or social media inboxes. They can also leave
these links in their comments or messages on blog posts and contact forms. Once you click on
such links, they will direct you to their spam websites, where you may end up a victim.

4. DOS & DDoS Attacks

Many e-commerce websites have incurred losses due to disruptions in their website and overall
sales because of DDoS (Distributed Denial of Service) attacks. What happens is that your servers
receive a deluge of requests from many untraceable IP addresses causing it to crash.
5. Exploitation of Known Vulnerabilities

Attackers are on the lookout for certain vulnerabilities that might be existing in an e-commerce
store. Often an e-commerce store is vulnerable to SQL injection and Cross-site Scripting (XSS)

a. SQL Injection
It is a malicious technique where a hacker attacks your query submission forms to access your
database. They corrupt your database with an infectious code, collect data, and later wipe the
trail.

b. Cross-Site Scripting (XSS)

The attackers can plant a malicious JavaScript snippet on your e-commerce store to target your
online visitors and customers. Such codes can access your customers’ cookies and compute.

6. Bots

Some attackers develop special bots that can scrape your website to get information about
inventory and prices. Such hackers, usually your competitors, can then use the data to lower the
prices in their websites in an attempt to lower your sales and revenue.

7. e-Skimming

E-skimming involves infecting a website’s checkout pages with malicious software. The intention
is to steal the clients’ personal and payment details.

8. Password Breaches

One of the biggest e-commerce security threats is the password breach in which cybercriminals
hack into the databases of organizations and steal their sensitive information. The data is further
exposed to the public including account numbers, names, social security numbers, and almost
every personal information. According to a German research group, nearly 2.2 billion stolen emails
and passwords have surfaced online for the access of cybercriminals.

E-commerce security solutions that can ease your life

1. HTTPS and SSL certificates

HTTPs protocols not only keep your users’ sensitive data secure but also boost your website
rankings on Google search page. They do so by securing data transfer between the servers and the
users’ devices. Therefore, they prevent any interception. Do you know that some browsers will
block visitors’ access to your website if such protocols are not in place? You should also have an
updated SSL certificate from your host.

2. Anti-malware and Anti-virus software

An Anti-Malware is a software program that detects, removes, and prevents infectious software
(malware) from infecting the computer and IT systems. Since malware is the umbrella term for all
kinds of infections including worms, viruses, Trojans, etc getting an efficient Anti-Malware
would do the trick.

On the other hand, Anti-Virus is a software that was meant to keep viruses at bay. Although a lot
of Anti-virus software evolved to prevent infection from other malware as well. Securing your PC
and other complementary systems with an Anti-Virus keeps a check on these infections.

3. Securing the Admin Panel and Server

Always use complex passwords that are difficult to figure out, and make it a habit of changing
them frequently. It is also good to restrict user access and define user roles. Every user should
perform only up to their roles on the admin panel. Furthermore, make the panel to send you
notifications whenever a foreign IP tries to access it.

4. Securing Payment Gateway

Avoid storing the credit card information of your clients on your database. Instead, let a third
party such as PayPal and Stripe handle the payment transactions away from your website. This
ensures better safety for your customers’ personal and financial data.

5. Deploying Firewall

Effective firewalls keep away fishy networks, XSS, SQL injection, and other cyber-attacks that
are continuing to hit headlines. They also help in regulating traffic to and from your online store,
to ensure passage of only trusted traffic.

6. Educating Your Staff and Clients

Ensure your employees and customers get the latest knowledge concerning handling user data and
how to engage with your website securely. Expunge former employees’ details and revoke all
their access to your systems.
7. Additional security implementations

 Always scan your websites and other online resources for malware
 Back up your data. Most e-commerce stores also use multi-layer security to boost their
data protection.
 Update your systems frequently and employ effective e-commerce security plugins.
 Lastly, get a dedicated security platform that is secure from frequent cyber-attacks