UNIT -4

ELECTRONIC PAYMENT SYSTEMS AND E-CRM

Overview:

This unit provides an overview of electronic payment systems and e-CRM in the context of e-commerce. It
covers the e-commerce security environment and the various security threats that businesses must guard
against, such as hacking, identity theft, and fraud. The unit also examines the role of encryption in securing
online transactions. Furthermore, the unit explores credit cards and e-wallets, which are two of the most
common electronic payment systems used in e-commerce. It discusses the advantages and disadvantages of
each system, as well as the risks associated with using them. Finally, the unit covers e-CRM, which stands for
electronic customer relationship management. This involves the use of technology to manage and improve
relationships with customers in e-commerce. The unit explores the various tools and techniques that
businesses can use to build and maintain customer loyalty, such as email marketing, social media
engagement, and personalized offers. Overall, this unit provides a comprehensive understanding of the
electronic payment systems and e-CRM in e-commerce, as well as the security threats and measures that
businesses need to be aware of.

Course Outcome:
ODM- 2007.4 Evaluate the potential of electronic payment systems for use as a customer payment method.

Topics to be covered
4.1 E-commerce security environment
4.2 Security threat in e-commerce environment
4.3 Encryption
4.4 Credit cards and E-wallets
4.5 E-CRM

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

4.1 E-commerce security environment

E-commerce security is a major concern for businesses and customers alike. It involves protecting data and
transactions from unauthorized access and malicious attacks. The most common threats are viruses, identity
theft, and phishing. To protect against these threats, businesses must establish a secure e-commerce
environment. This includes using secure web server software, encryption technology, secure data storage,
and user authentication systems. Businesses should also make sure that the most recent security fixes and
upgrades are constantly applied to their websites. This will shield their clients and company information
from possible assaults.

Analysing E-commerce security environment is necessary due to the following reasons:

1. As internet is the backbone of e-commerce, e-commerce security is a matter of concern for both
firms and customers: The internet is the primary means through which e-commerce transactions
occur, making it the backbone of e-commerce. Since the internet is inherently insecure, e-commerce
security becomes a matter of concern for both firms and customers. Firms must protect their data
and transactions, while customers must ensure that their personal and financial information remains
secure.

2. It safeguards data and transactions against hackers: E-commerce security measures are designed to
protect against various types of cyberattacks, such as hacking, phishing, and malware. These attacks
can compromise the integrity and confidentiality of data, resulting in financial losses and
reputational damage. E-commerce security measures such as encryption, firewalls, and two-factor
authentication help safeguard data and transactions against such attacks.

3. Businesses must safeguard e-commerce to avoid these dangers: E-commerce businesses must take
proactive measures to safeguard their e-commerce environment against potential threats. This
includes implementing robust security protocols, conducting regular security audits, and providing
ongoing employee training on security best practices.

4. Customer data is as important as firm’s data: Customer data is just as important as firm's data since
it contains sensitive personal and financial information. Customers trust e-commerce businesses to
protect their data and transactions, and failure to do so can result in financial losses and reputational
damage. Therefore, e-commerce businesses must ensure that they have strong security measures in
place to protect customer data.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

4.2 Security threats in e-commerce environment

E-commerce transactions have become an integral part of the global economy, offering convenience and
accessibility to customers while enabling businesses to reach new markets and customers. However, with
the increasing use of e-commerce transactions comes an increased risk of security threats. E-commerce
security threats can impact the confidentiality, integrity, and availability of customer data, which can result
in financial losses and reputational damage for both businesses and customers. In this essay, we will explore
some of the most common security threats for e-commerce transactions.

1. Phishing attacks: Phishing attacks are a type of social engineering attack in which an attacker sends
fraudulent messages or emails to a victim in order to trick them into divulging sensitive information,
such as login credentials or financial information.

Phishing attacks often take the form of emails that appear to be from legitimate sources, such as
banks, social media platforms, or other online services. The email typically contains a link that, when
clicked, takes the victim to a fake website that looks like the legitimate one. The victim is then
prompted to enter their login credentials or other sensitive information, which is then captured by
the attacker.

Phishing attacks can also take the form of phone calls, text messages, or even social media
messages. The goal of the attacker is to trick the victim into revealing their sensitive information or
to download malware onto their computer or device.

To protect against phishing attacks, it's important to be cautious when receiving unsolicited
messages or emails, especially if they contain a request for sensitive information or a sense of
urgency. Always verify the sender's email address or phone number, and never click on links or
download attachments from unknown or suspicious sources. In addition, use anti-phishing software
and keep your operating system and applications up to date to help protect against known
vulnerabilities.

2. Malware attacks:

Malware attacks are a type of cyber attack in which malicious software, or malware, is used to gain
unauthorized access to a computer system or to damage or disrupt its operations. Malware is often
spread through email attachments, malicious websites, or infected software downloads.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 There are many different types of malware attacks, including viruses, worms, Trojans, ransomware,
and spyware. Each type of malware has its own specific characteristics and methods of attack.
Viruses are self-replicating programs that attach themselves to other programs and infect them.
Worms are similar to viruses, but they spread through networks rather than through individual
programs. Trojans are malware that disguises itself as legitimate software in order to gain access to a
computer system. Ransomware is a type of malware that encrypts a victim's files and demands
payment in exchange for the decryption key. Spyware is a type of malware that secretly gathers
information about a user's activities and sends it back to the attacker.

Malware attacks can have serious consequences for businesses and individuals, including data loss,
financial losses, and damage to reputation. To protect against malware attacks, it's important to use
up-to-date antivirus and anti-malware software, keep operating systems and applications patched
with the latest security updates, avoid clicking on suspicious links or downloading unknown
software, and use caution when opening email attachments or responding to unsolicited emails.

3. Denial-of-service attacks:

A Denial of Service (DoS) attack is a type of cyber attack in which an attacker attempts to disrupt the
normal operations of a targeted computer system, network or website by overwhelming it with
traffic or other types of requests, making it unavailable to legitimate users.

In a typical DoS attack, the attacker sends a large number of requests or traffic to the targeted
system, often from multiple sources, in an attempt to exhaust its resources and cause it to become
unresponsive or crash. The attacker can also use various techniques, such as IP spoofing, to mask the
source of the attack and make it more difficult to block.

4. Distributed Denial of Service (DDoS) attack

A Distributed Denial of Service (DDoS) attack is a type of cyber attack in which a large number of
computers or devices are used to overwhelm a targeted website or network with traffic, causing it to
become unavailable to legitimate users. In a typical DDoS attack, the attacker takes control of a large
number of computers or devices, often by infecting them with malware or by exploiting
vulnerabilities in their software. These computers, known as "zombies" or "bots," are then used to
flood the targeted website or network with requests or data packets, overwhelming its capacity and
causing it to slow down or crash.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 DDoS attacks can be launched using a variety of techniques, including UDP flood, ICMP flood, SYN
flood, and HTTP flood. Attackers can also use sophisticated methods to disguise the origin of the
attack, making it difficult for defenders to block the traffic. DDoS attacks can have serious
consequences for businesses and organizations, causing disruption to their operations, financial
losses, and damage to their reputation.

To protect against DDoS attacks, organizations can implement various measures, such as using traffic
filtering and mitigation services, deploying intrusion detection and prevention systems, and
monitoring their network traffic for signs of an attack.

5. SQL injection attacks:

SQL injection attacks involve the insertion of malicious SQL code into a database query.
Cybercriminals use this attack to gain unauthorized access to sensitive information, such as customer
login credentials and credit card information. SQL injection attack is a type of cyber attack in which
an attacker exploits vulnerabilities in a web application's database management system (DBMS) to
manipulate or gain access to data stored in the database.

In a typical SQL injection attack, the attacker enters malicious SQL code into a web application's
input fields, such as search boxes or login fields, in an attempt to bypass authentication or extract
sensitive data. If the web application's code is vulnerable, the attacker's code can be executed by the
DBMS, allowing them to read, modify, or delete data in the database.

SQL injection attacks can have serious consequences, including data loss, financial losses, and
damage to reputation. They are particularly dangerous because they can be difficult to detect and
can exploit vulnerabilities in both the web application and the DBMS.

To protect against SQL injection attacks, it's important to use secure coding practices when
developing web applications, such as parameterized queries and input validation. Additionally,
regularly patching and updating the web application and the DBMS can help protect against known
vulnerabilities. It's also important to limit the access and privileges of users and applications to only
what is necessary to reduce the attack surface. Web application firewalls (WAFs) can also help detect
and block SQL injection attacks.

6. Man-in-the-middle attacks:

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 Man-in-the-middle (MITM) attacks involve intercepting communications between two parties.
Cybercriminals use this attack to capture sensitive information such as login credentials and credit
card information as it is being transmitted between the customer and the business.

A Man-in-the-Middle (MitM) attack is a type of cyber attack in which an attacker intercepts

communication between two parties, such as a client and server, to eavesdrop, manipulate, or steal
information. The attacker does this by inserting themselves between the two parties, posing as a
trusted third party, and intercepting the communication.

In a typical MitM attack, the attacker intercepts the communication between the two parties and
can manipulate or steal information, such as login credentials, financial information, or personal
data. The attacker can also modify the communication to inject malicious code or redirect the traffic
to a different destination.

MitM attacks can occur on both wired and wireless networks, and can be carried out through various
means, such as phishing emails, compromised software, or by exploiting vulnerabilities in network
protocols.

To protect against MitM attacks, it's important to use encryption and authentication mechanisms to
ensure the confidentiality and integrity of communication. For example, using HTTPS instead of HTTP
for web traffic encrypts communication between the client and server, making it difficult for an
attacker to intercept and read the traffic. Additionally, using secure protocols, such as SSH or VPNs,
can provide secure communication channels. It's also important to regularly update software and
devices with the latest security patches to reduce the attack surface.

7. Social engineering

Social engineering is a technique used by cybercriminals to manipulate individuals into divulging

sensitive information, such as login credentials, credit card information, or other personal data, or to
perform actions that may compromise the security of a system. Social engineering attacks are often
sophisticated and carefully planned, and they can be difficult to detect, as they rely on human
emotions and behaviour rather than technical exploits.

Social engineering can take many forms, including phishing, pretexting, baiting, and tailgating. In a
phishing attack, for example, a cybercriminal sends an email or message that appears to be from a
legitimate source, such as a bank or an online retailer, and asks the recipient to click on a link or
enter sensitive information. Pretexting, on the other hand, involves creating a false sense of trust by

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 impersonating a trusted individual, such as a colleague or a supervisor, and asking for sensitive
information or access to a system. Social engineering attacks are particularly dangerous because
they exploit human psychology, often using fear, urgency, or curiosity to compel the victim to act
quickly and without considering the consequences. These attacks can also be tailored to specific
individuals or organizations, using personal information obtained from social media or other sources
to make the attack more convincing.

8. Cyber fraud

Cyber fraud is a type of fraud that involves the use of the internet or other digital technologies to
deceive victims into giving away money, sensitive information, or access to a system. Social
engineering is often used in cyber fraud, as it is an effective way to manipulate victims into providing
sensitive information or transferring money. For example, in a business email compromise (BEC)
attack, a cybercriminal may use social engineering to impersonate a company executive or a vendor
and request a wire transfer or payment to a fraudulent account. In a tech support scam, a
cybercriminal may call a victim and claim to be from a reputable company, such as Microsoft or
Apple, and offer to fix a non-existent problem on the victim's computer in exchange for a fee.

9. Identity Theft

Identity theft occurs when someone steals or fraudulently obtains another person's personal
information and uses it for their own gain, often by accessing financial accounts, applying for loans
or credit cards, or even committing crimes in the victim's name.

The personal information that identity thieves typically look for can include the victim's name, date
of birth, Social Security number, bank account numbers, credit card numbers, and other sensitive
information.

Identity theft can have serious consequences for the victim, including damage to their credit score,
financial losses, and even legal problems if the thief uses their identity to commit crimes. It can take
a long time and a lot of effort to restore your identity and repair the damage caused by identity
theft.

To protect yourself from identity theft, it's important to safeguard your personal information, such
as by using strong passwords, being cautious when sharing personal information online or over the
phone, and monitoring your accounts regularly for any suspicious activity.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

To protect against social engineering attacks and cyber fraud, individuals and organizations can take several
precautions. These include:

1. Educating employees and customers about social engineering and the risks of cyber fraud.

2. Implementing strong authentication methods, such as two-factor authentication, to prevent

unauthorized access to systems and data.

3. Regularly updating and patching software and systems to address vulnerabilities that can be
exploited by cybercriminals.

4. Encouraging a culture of skepticism and caution when it comes to unsolicited requests for sensitive
information or money transfers.

5. Establishing clear policies and procedures for verifying requests for sensitive information or money
transfers, such as requiring a phone call or in-person meeting to confirm the request.

By educating employees and customers, implementing strong authentication methods, regularly updating
software and systems, and encouraging caution and skepticism, individuals and organizations can reduce the
risk of social engineering and cyber fraud.

4.2.1 Implications of Security threat in e-commerce environment

1. Loss of Customer Confidence: Security threats can lead to a loss of customer confidence in an e-commerce
environment, as customers become wary of the safety of their personal data. This can lead to a decrease in
sales and an overall decline in the business’s reputation.

2. Financial Loss: Security threats such as cyber-attacks can lead to a loss of financial resources, as businesses
are forced to spend money on security measures to protect their customers and their data.

3. Damage to Reputation: Security breaches can lead to a significant damage to reputation, as customers
may become mistrustful of a business’s ability to protect their data. This can lead to an overall decline in
sales and customer loyalty.

4. Regulatory Penalties: Security threats can lead to regulatory penalties, as businesses may be required to
pay fines if they fail to comply with security regulations. This can be a significant financial burden.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

5. Data Theft: Security threats can lead to data theft, as hackers may be able to access sensitive customer
data such as credit card numbers, passwords, and other personal information. This can lead to identity theft
and other serious financial crimes.

4.2.2 Hackers

Hackers are individuals who have technical skills and knowledge to exploit vulnerabilities in computer
systems and networks to gain unauthorized access or to cause damage. While the term hacker is often
associated with criminal activity, not all hackers are malicious. There are different types of hackers, and their
motivations, skills, and intentions vary.

Here are some of the most common types of hackers:

1. White hat hackers: Also known as ethical hackers, these hackers use their technical skills and
knowledge to find vulnerabilities in computer systems and networks to help organizations improve
their security. They are typically hired by companies to conduct security audits, penetration testing,
and vulnerability assessments.
2. Black hat hackers: These hackers are malicious and use their skills to gain unauthorized access to
computer systems and networks for personal gain or to cause damage. They may steal sensitive
information, install malware, or launch attacks to disrupt services.
3. Gray hat hackers: These hackers operate in a moral gray area, as they may use their skills to find
vulnerabilities in computer systems and networks without authorization, but they may also disclose
their findings to the affected organization.

4.3 Encryption

Encryption is a crucial aspect of e-commerce that ensures the security and confidentiality of sensitive
information, such as credit card details, personal information, and transaction data, during online
transactions. Encryption is the process of converting plain text into an unreadable format using algorithms,
which can only be decrypted with a key or password. This process ensures that only authorized parties can
access the sensitive information.

In e-commerce, encryption is used to protect the communication between the user's device and the server
that stores the website or online store. This protection is important because without encryption, hackers can

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

intercept and access this communication, potentially gaining access to sensitive information. The use of
encryption ensures that any intercepted information cannot be read or used by unauthorized parties.

The most commonly used encryption protocol in e-commerce is SSL (Secure Sockets Layer) or its successor,
TLS (Transport Layer Security). SSL and TLS use public-key cryptography, where the server holds a public key
that is used to encrypt data that is sent to it from the user's device. Once the encrypted data reaches the
server, it is decrypted using the server's private key.

SSL stands for Secure Sockets Layer, which is a security protocol used to establish an encrypted connection
between a web server and a client (such as a web browser). SSL provides a secure channel for sensitive
information to be transmitted between the web server and the client without the risk of eavesdropping or
tampering.

SSL uses a combination of public and private keys to encrypt data that is transmitted over the internet. When
a client connects to a website using SSL, the web server presents its SSL certificate to the client, which
contains the public key. The client uses this key to encrypt the data that it sends to the web server.

The web server then uses its private key to decrypt the encrypted data that it receives from the client. This
process ensures that the data being transmitted is kept confidential and cannot be intercepted or read by
unauthorized parties.

SSL is commonly used for secure online transactions, such as online banking, e-commerce, and other
sensitive information sharing. It helps to prevent identity theft, data theft, and other types of cyber attacks.
SSL has now been replaced by Transport Layer Security (TLS) which is an upgraded and more secure version
of SSL, but the term SSL is still commonly used to refer to TLS.

To ensure that encryption is properly implemented, e-commerce websites should use SSL/TLS encryption for
all pages that require users to enter sensitive information, including checkout pages and login pages.
Websites should also use strong encryption algorithms, such as AES (Advanced Encryption Standard), and
ensure that their SSL/TLS certificate is up-to-date and issued by a reputable certificate authority.

In summary, encryption is a critical component of e-commerce that protects sensitive information during
online transactions. By using SSL/TLS encryption and strong encryption algorithms, businesses can ensure
that their customers' information is secure and confidential, which can help build trust and confidence in

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

their brand. The act of converting information or data into a format that can only be read by those with
access to a unique key or password is known as encryption. It is a safe method of preventing unauthorised
people or organisations from accessing information. Encryption makes data unreadable without a key or
password. It secures data from unauthorized access. Encryption prevents data breaches and protects
sensitive data from attackers. Cybercriminals are always inventing new ways to overcome encryption and
access critical information. Encryption should be used alongside firewalls, intrusion detection systems, and
antivirus software to guard against cyber-attacks. Encrypted data becomes illegible ciphertext. Encryption
employs complicated mathematical techniques to jumble data, making it virtually hard to decode without
the key. Most of the Banks use 128 bit encryption 1 bit contains binary information ie. 0 or 1 When we say
128
128 bit it means it will take 1 out of 2 . Symmetric and asymmetric encryption techniques are available.
Asymmetric encryption employs two keys, one for encryption and one for decryption. Encrypted data
protects passwords, credit card details, and other personal data exchanged online.

4.4 Credit card transactions

Credit card transactions are payments made using a credit card. Credit card transactions involve the
exchange of money between a merchant and a consumer. Credit card transactions are usually
processed through a third-party payment processing system, such as a payment gateway or a
payment processor. The payment processor is responsible for verifying the consumer’s identity,
verifying the credit card information, and processing the transaction. Credit card transactions are
typically secure, with the consumer's data being encrypted for extra security. Credit card
transactions may involve additional fees, such as a merchant fee, an interchange fee, or a
transaction fee.

The credit card transaction process involves several steps, as outlined below:

1. Cardholder initiates a transaction: The transaction process begins when the cardholder presents
their credit card as a form of payment for goods or services.
2. Merchant captures transaction data: The merchant then captures the transaction data, including the
cardholder's name, card number, expiration date, and the amount of the transaction.
3. Merchant submits transaction data: The merchant then submits the transaction data to their
acquiring bank, which is the financial institution that processes credit card transactions on behalf of
the merchant.
4. Acquiring bank forwards transaction data: The acquiring bank then forwards the transaction data to
the issuing bank, which is the financial institution that issued the credit card to the cardholder.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 5. Issuing bank approves or declines transaction: The issuing bank reviews the transaction data and
determines whether to approve or decline the transaction. If the transaction is approved, the issuing
bank authorizes the transaction and sets aside funds to cover the purchase.
6. Acquiring bank receives approval: The acquiring bank then receives the approval from the issuing
bank and notifies the merchant that the transaction has been approved.
7. Merchant completes transaction: The merchant then completes the transaction by delivering the
goods or services to the cardholder.
8. Cardholder receives statement: The issuing bank sends the cardholder a statement at the end of the
billing cycle, which shows the transactions that were made using the credit card during that period.
9. Cardholder makes payment: The cardholder then makes a payment to the issuing bank to cover the
purchases made using the credit card.

Figure 4.1 Credit Card Transaction Process

(Source: https://www.cardknox.com/white-papers/payments-industry-landscape/)

In summary, credit card transactions involve several parties, including the cardholder, merchant, acquiring
bank, and issuing bank. The transaction process involves the capture and submission of transaction data,
approval or decline of the transaction, and completion of the transaction by the merchant. Cardholders then
receive a statement and make a payment to cover the purchases made using the credit card.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

4.4.1 E-wallets

E-wallets are digital wallets that allow users to store, send, and receive funds online. They can be used to
make purchases both online and in-store. E-wallets offer a secure and convenient way to transfer money,
often with lower fees than other payment methods. E-wallets are digital payment systems that store credit
and debit card information, as well as other payment methods, in a secure and convenient way. E-wallets
have gained popularity due to their fast, secure, and convenient attributes, among others. Let's examine
each of these attributes in more detail:

1. Fast: E-wallets are fast and efficient, as they allow users to make payments quickly and easily. With
just a few clicks, users can complete transactions in seconds, eliminating the need to wait in long
lines or fumble with cash or cards.
2. Secure: E-wallets are designed with strong security measures that safeguard users' personal and
financial information. The wallet is password-protected, and transactions require authentication,
reducing the risk of fraud and unauthorized access.
3. Convenient: E-wallets are convenient, allowing users to store multiple payment methods in one
place, eliminating the need to carry cash or cards. Users can make payments with just a few clicks,
from anywhere and at any time, making it easier to manage their finances.
4. Reduce risk of fraud: E-wallets offer a layer of security that reduces the risk of fraud. Transactions
are protected by encryption, and users can monitor their accounts for any unauthorized activity.
5. Managing finances is easy: E-wallets make managing finances easy, allowing users to track their
spending and monitor their accounts in real-time. Users can set spending limits, receive alerts, and
view transaction histories, making it easier to manage their money.
6. No need to carry physical wallet: E-wallets eliminate the need to carry a physical wallet, as users can
store their payment information in their digital wallet. This makes it easier to travel light and reduces
the risk of losing or misplacing credit cards.
7. Widely accepted: E-wallets are widely accepted by merchants, making it easier for users to make
payments online or in-store. With the growing popularity of e-wallets, more merchants are accepting
them as a form of payment, making it easier for users to make purchases.

Broadly there are 3 types of e-wallets as:

• Closed Wallet: Closed wallets are digital wallets that are created by companies that deal with products or
services, and allow users to transact only with the issuer of the wallet or other users of the same wallet.

E.g. Ola Money.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

• Semi-Closed Wallets: Semi-closed wallets are digital wallets that allow users to make transactions at listed
merchants and stores by making both online and offline payments. In order for merchants to accept
payments from these wallets, they must sign an onboarding agreement with the issuer of the wallet.

E.g.Paytm Wallet (You can’t withdraw cash with it )

• Open Wallets: Open wallets are digital wallets that can only be issued by banks or institutions partnered
with another major bank. These wallets allow users to make the same transactions as semi-closed wallets,
but also offer the additional feature of being able to withdraw money from ATMs.

E.g., mPesa by Vodafone

4.5 E-CRM

Customer relationship management goals

1.Customer relationship management (CRM) aims to enhance customer satisfaction by offering better
service and support. Understanding clients' demands and offering goods and services that surpass their
expectations helps accomplish this.

2. Build client loyalty: Excellent customer service is a CRM aim. Understanding client demands, reacting
rapidly to enquiries, and delivering customised goods and services helps achieve this.

3. Increase efficiency: A good CRM system helps simplify sales and support. This reduces mistakes, saves
time, and boosts customer happiness.

4. Boost sales: CRM helps organisations target clients with suitable offers by knowing their requirements and
preferences. This boosts sales and profits.

5. Retain customers: CRM's main goal is client retention. Businesses may build customer loyalty and prevent
churn by understanding customer demands and offering the correct goods and services.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

4.5.1 Customer retention

Client retention is crucial to every firm. It's keeping consumers happy so they keep buying. It entails
understanding consumer demands, offering exceptional goods and services, and building loyalty via great
service. Keeping customers maximises income, boosts customer happiness, and lowers client acquisition
expenses. Customer retention also boosts market share and competitiveness. Customer retention builds
brand loyalty and brand repute.

4.5.2 Importance of Customer Relationship Management

E-commerce success requires CRM. CRM helps companies discover consumer demands, create connections,
and customise customer experiences. It helps companies find sales and service possibilities. It enables them
target and categorise clients by purchasing behaviour. CRM may also monitor email, social media, and
website activity. Businesses can advertise to and retain consumers by studying customer behaviour. CRM
helps firms develop long-term client connections, which is crucial for e-commerce success.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 Case Study 4.1

Cyber Crime and a Financial Institution

Cyber crime is a pervasive threat to organizations across industries, including financial institutions. In this
case study, we will examine a hypothetical cyber attack on a financial institution, the impact it has on the
company, and the steps the organization could take to prevent similar incidents in the future.

The Attack In 2022, a large financial institution was targeted by a sophisticated cyber attack. The hackers
gained access to the institution's system through a phishing email that was sent to an unsuspecting
employee. The email contained a malicious link that, when clicked, installed malware on the employee's
computer. The malware allowed the hackers to access the financial institution's network and steal sensitive
data, including customer information and financial records.

Impact on the Financial Institution The cyber attack had a significant impact on the financial institution. The
company's reputation was severely damaged, and customers lost trust in the organization's ability to protect
their sensitive data. The institution faced numerous lawsuits from customers and regulatory fines, which ran
into the millions of dollars. Additionally, the company had to invest heavily in cybersecurity measures and
conduct a thorough investigation to determine the extent of the damage.

Preventing Cyber Crime To prevent similar incidents in the future, the financial institution took several
measures. Firstly, the organization increased its investment in cybersecurity measures, including firewalls,
intrusion detection systems, and encryption. Secondly, the company implemented mandatory cybersecurity
training for all employees, with a focus on identifying and preventing phishing attacks. Thirdly, the institution
conducted regular security audits to identify and address vulnerabilities in its systems.

Answer the following:

a. What was the reason behind the incident?

b. How the financial institution suffered from the crime?
c. Discuss the various measures the have taken.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 Case Study 4.2

ABC Corporation is a large multinational company that operates in various industries, including finance,
healthcare, and technology. ABC Corporation has a large amount of sensitive data, such as financial data,
personal information of employees and customers, and proprietary technology. As the company grows, it
becomes increasingly vulnerable to cyber attacks. To ensure the security of its data, ABC Corporation hires a
team of cybersecurity experts to develop and implement a comprehensive cybersecurity strategy.

The cybersecurity team begins by conducting a risk assessment, identifying potential vulnerabilities and
threats. They find that the company's outdated software, lack of employee awareness, and inadequate
security protocols are putting the company at risk. To address these issues, the team develops a plan to
implement new security measures.

The team recommends that the company upgrade its software and implement regular security updates.
They also propose implementing two-factor authentication for all employee logins, to prevent unauthorized
access. The team also develops a training program to educate employees on cybersecurity best practices,
such as avoiding phishing scams and using strong passwords.

ABC Corporation approves the plan and begins implementing the new security measures. The cybersecurity
team monitors the network for any suspicious activity and works to mitigate any threats that arise. As a
result of these efforts, the company experiences a significant decrease in the number of cyber attacks and
data breaches.

Questions:

1. Why is cybersecurity important for companies like ABC Corporation?

2. What are some potential vulnerabilities and threats to ABC Corporation's data?

3. What steps did the cybersecurity team take to improve ABC Corporation's security?

4. What are the benefits of implementing cybersecurity measures?

5. What challenges might ABC Corporation face in implementing and maintaining cybersecurity

measures?

6. How can ABC Corporation ensure that its cybersecurity measures stay up-to-date and effective over
time?

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

 Case Study 4.3

XYZ Company is a large e-commerce company that sells a variety of products online. To better serve its
customers, XYZ Company decides to implement an electronic customer relationship management (e-CRM)
system. The e-CRM system is designed to help the company manage customer relationships, streamline
customer service, and improve overall customer satisfaction.

The e-CRM system allows customers to create accounts, browse products, and make purchases online. The
system also provides customers with personalized recommendations based on their browsing and purchase
history. In addition, customers can track their orders and receive email notifications when their orders are
shipped.

The e-CRM system also provides customer service representatives with access to customer information, such
as order history and customer preferences. This allows representatives to provide personalized service and
resolve customer issues more efficiently.

As a result of implementing the e-CRM system, XYZ Company sees an increase in customer satisfaction and
loyalty. Customers appreciate the personalized service and convenience of the online shopping experience.
The company also benefits from increased efficiency and reduced costs associated with customer service.

Questions:

 What is e-CRM, and how can it benefit companies like XYZ Company?

 What features does XYZ Company's e-CRM system include?

 How does the e-CRM system improve customer satisfaction and loyalty?

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India

Summary

This unit provides a detailed overview of electronic payment systems and e-CRM in the context of e-
commerce. It covers the e-commerce security environment and the various security threats that businesses
need to consider when conducting transactions online. The unit also delves into encryption as a crucial
security measure to safeguard sensitive data.Moreover, the unit explores the most common electronic
payment systems, including credit cards and e-wallets, and the advantages and risks associated with each of
these systems. Finally, the unit covers e-CRM, which involves the use of technology to manage customer
relationships in e-commerce. Overall, the unit provides students with a comprehensive understanding of the
security threats and measures related to e-commerce transactions. It also covers the most popular electronic
payment systems and tools used for e-CRM, equipping students with a thorough understanding of these
essential components of e-commerce.

Self-Learning Material (ODM-2007) CDOE-Department of Business Studies, NCU, India