Electronic Payment System

Dr Sudhir Bisht
• What is RuPay Card, VISA Card, MasterCard
.mp4
• What is NEFT, RTGS, IMPS, UPI .mp4
• How Electronic Payments Work.mp4
• A Complete Guide to Mobile Wallets _
Payment Banks _ Top 5 Digital Wallets.mp4
• NPCI_Architect of Cashless India.mp4
 Digital Payment Requirements
• In order to implement versatile solutions, a payment protocol
Terminology E-commerce.pptx and storage mechanism, for digital
currency, need to be implemented and followed by all the parties
involved in the transaction.
• In case of any breach, the system should be capable of providing
safeguards to prevent frauds.
• Security remains a paramount concern in an electronic payment system.
• As the payment systems involve direct financial transaction, dealing with
the movement of actual money, they become prime targets for
defrauders all over the world.
• Digital money is represented in bits and bytes, thus, unlike minted
money it is far easier to replicate, at almost zero cost.
• Even though they can be in a secure format locally, the very nature of
electronic commerce requires its movement over the network. The open
environment of the internet makes it susceptible to interception,
duplication, and manipulation.
• Thus, the issue of ensuring integrity (innocence, blamelessness, chastity,
purity), confidentiality and non-refutability acquire an added
significance.
 ACID properties of digital financial transactions
• In computer science, ACID (Atomicity, Consistency, Isolation, Durability) is a set of properties
of database transactions intended to guarantee validity even in the event of errors, power
failures, etc.
• In the context of databases, a sequence of database operations that satisfies the ACID
properties (and these can be perceived as a single logical operation on the data) is called a
transaction.
• For example, a transfer of funds from one bank account to another, even involving multiple
changes such as debiting one account and crediting another, is a single transaction.
• E transactions have to exhibit the Atomicity, Consistency, Isolation, and Durability (ACID)
properties.
• Atomicity. In a transaction involving two or more discrete pieces of information, either all of
the pieces are committed or none are.
• An example of an atomic transaction is a monetary transfer from bank account A to account
B.
• It consists of two operations, withdrawing the money from account A and saving it to
account B. Performing these operations in an atomic transaction ensures that the database
remains in a consistent state, that is, money is neither lost nor created if either of those two
operations fail
• Consistency. A transaction either creates a new and valid state of data, or, if any failure
occurs, returns all data to its state before the transaction was started.
• Consistency in database systems refers to the requirement that any given database
transaction must change affected data only in allowed ways. Any data written to the
database must be valid according to all defined rules, including constraints, cascades,
triggers, and any combination thereof.
 ACID properties contd.
• Isolation. A transaction in process and not yet
committed must remain isolated from any
other transaction.

• Durability. Committed data is saved by the

system such that, even in the event of a failure
and system restart, the data is available in its
correct state.
 Basic requirements
• Irrespective of the type of payment mechanism
adopted, digital payment mechanisms have to
exhibit certain characteristics, to meet the basic
requirements becoming a viable alternative to
traditional payment mechanisms.
• These requirements include broad acceptability
of the digital currency across the commercial
world, anonymity, untraceability(?), reliability,
scalability, convertibility, and efficiency.
 Basic requirements
• The important basic requirements are discussed as
follows:
• Acceptability: The payment infrastructure should not
only be robust, but also available and accessible to a
wide range of consumers and sellers of goods and
services. The value stored in the digital cash should
be honoured and accepted by other banks and
financial institutions for reconciliation.
• Convertibility: The electronic currency should be
interoperable and exchangeable with the other
forms of electronic cash, paper currencies, deposits
in bank accounts, bank notes or any other financial
instrument.
 Basic requirements
• Flexibility: Payment systems should be in a position to accept several
forms of payments rather than limiting the users to a single single form
of currency.
• Reliability: The payment system should ensure and infuse confidence in
users. The users should be completely shielded from systemic or a
single point failure.
• Efficiency: Efficiency here refers mainly to the cost overheads involved
in the operation of digital payments. The cost of payment per
transaction should be ideally close to zero. This assumes added
significance in the case of micro payments that are typically in the range
of fraction of a currency unit.
• Security: Digital currency should be stored in a form that is resistant to
replication, double-spending, and tampering. At the same time, it
should offer protection from the intruders trying to tap it and put it to
unauthorized use, when transmitted over the internet.
• Usability: The user of the payment mechanism should be able to use it
as easily as real currency. This requires that the payment system should
be well integrated with the existing applications and processes that
acquire the role of transacting parties in electronic commerce.
 Basic requirements
• Scalability: The payment system should offer
scalable solutions, i.e., it should be able to offer the
same performance and cost per transactions
overheads with a growing number of customers and
transactions.
• Although, ideally a payment system’s scalability
should range from micro payments to business
payments, the differing nature of demands placed
by these two ranges are difficult to reconcile in a
single payment system.
• In the case of micro payments it is the overhead cost
per transaction that is of paramount importance,
while in business payments it is security that
requires the highest level of effort.
• Multi-currency Support: Since electronic commerce has a
global reach, a single national currency support impedes
worldwide acceptance. Hence, the payment system
should support multiple currencies and a reasonable
mechanism for converting one currency into another. Of
course, this requirement is not very easy to implement,
given the volatility in exchange rates and
limited/restricted convertibility of many currencies
around the world.
• Exchangeability: It should be possible for electronic
payments of one digital payment system to be exchanged
for payments of another digital payment system, or for
any other bankable instrument.
• Portability: Security and usability of a payment system
should not be dependent on a certain physical location,
e.g., on a particular computer. The owner of the digital
currency should be able to spend it from any location,
even when on move.
 Concept of interoperability
The interoperability of the payment systems refers to its ability to
operate in multiple online as well as offline payment environments.
The various issues involved under interoperability are:
• Divisibility: Money should allow for both low value and high value
transactions. Hence, it should be possible for users to replace a single
high denomination transaction by several low denomination
transactions as and when desired.
• Bi-directionality: The payment system should not only allow the
regular merchants to receive payments, but also customers to
receive refunds. The payment instrument should work both ways,
without either party being required to attain registered merchant
status.
• Re-spendibility: The receiver or the owner, of digital money should
be able to transfer it to any other person as in the case of normal
cash, without the intervention of a third party.
• Acceptability: In interest of long term viability, the payment system
should not be restricted to any particular financial institution. All
institutions and banks should also accept the electronic cash issued
by an institution.
 Concept of e-money
• What is Electronic Money
Electronic money is money which exists in
banking computer systems and is available for
transactions through electronic systems. Its
value is backed by fiat currency and it can be
exchanged into physical form. However its uses
are often more convenient electronically.
Fiat money = money or currency that has no
intrinsic value of its own but is made a legal
tender by the order of the government. So
Rupee (INR), USD, Euro currency are all fiat
money.
 Types of E-payment systems
• When you purchase goods and services online, you pay
for them using an electronic medium. This mode of
payment, without using cash or cheque, is called an e-
commerce payment system and is also known as online
or electronic payment systems.
The growing use of internet-based banking and shopping
has seen the growth of various e-commerce payment
systems and technology has been developed to increase,
improve and provide secure e-payment transactions.
Paperless e-commerce payments have revolutionized the
payment processing by reducing paper work, transaction
costs, and personnel cost. The systems are user-friendly
and consume less time than manual processing and help
businesses extend their market reach.
 1- Credit card
• Credit Card
The most popular form of payment for e-commerce
transactions is through credit cards. It is simple to use; the
customer has to just enter their credit card number and
date of expiry in the appropriate area on the seller’s web
page.
• To improve the security system, increased security
measures, such as the use of a card verification number
(CVN), have been introduced to on-line credit card
payments. The CVN system helps detect fraud by
comparing the CVN number with the cardholder's
information.
• OTP concept for double security
 CVV/ CVN explained
The three digit security code is known as the CVV
(Card Verification Value) or CVN (Card
Verification Number). It is a number that is
printed, not imprinted, on your Visa,
Mastercard or Bankcard. This number is never
transferred during card swipes and should only
be known by the cardholder, the person holding
the card in their hand.
 2- Debit card
• Debit Card
Debit cards are the second largest e-commerce
payment medium in India. Customers who want to
spend online within their financial limits prefer to pay
with their Debit cards.
• With the debit card, the customer can only pay for
purchased goods with the money that is already there
in his/her bank account as opposed to the credit card
where the amounts that the buyer spends are billed to
him/her and payments are made at the end of the
billing period.
 3- Smart Card
• Smart Card
It is a plastic card embedded with a
microprocessor that has the customer’s
personal information stored in it and can be
loaded with funds to make online transactions
and instant payment of bills. The money that
is loaded in the smart card reduces as per the
usage by the customer and has to be reloaded
from his/her bank account.
 4- Netbanking
• Netbanking
This is another popular way of making e-commerce
payments. It is a simple way of paying for online
purchases directly from the customer’s bank. It uses a
similar method to the debit card of paying money that
is already there in the customer’s bank.
• Net banking does not require the user to have a card
for payment purposes but the user needs to register
with his/her bank for the net banking facility. While
completing the purchase the customer just needs to
put in their net banking id and pin
 4- E-wallet
• E-Wallet
E-Wallet is a prepaid account that allows the
customer to store multiple credit cards, debit
card and bank account numbers in a secure
environment.
• This eliminates the need to key in account
information every time while making
payments. Once the customer has registered
and created E-Wallet profile, he/she can make
payments faster.10 Digital Wallets in India.pdf
Digital Wallet V E-wallet
 5- Mobile Payment
• Mobile Payment
One of the latest ways of making online payments are
through mobile phones. Instead of using a credit card
or cash, all the customer has to do is send a payment
request to his/her service provider via text message;
the customer’s mobile account or credit card is charged
for the purchase.
• To set up the mobile payment system, the customer
just has to download a software from his/her service
provider’s website and then link the credit card or
mobile billing information to the software.
 Going Digital: Advantages & Disadvantages
• Convenience: The ease of conducting financial transactions is probably the biggest
motivator to go digital. You will no longer need to carry wads of cash, plastic cards, or
even queue up for ATM withdrawals. It’s also a safer and easier spending option when
you are travelling. It will be especially useful in case of emergencies, say, in hospitals.
• Discounts : Toll plaza discounts up to 10% etc, Fuel 0.75%
• Tracking spends: If all transactions are on record, it will be very easy for people to keep
track of their spending. It will also help while filing income tax returns and, in case of a
scrutiny, people will find it easy to explain their spends.
• Budget discipline: The written record will help you keep tabs on your spending and
this will result in better budgeting. Various apps and tools will help people analyse
their spending patterns and throw up good insights over a couple of years.
• Lower risk: If stolen, it is easy to block a credit card or mobile wallet remotely, but it’s
impossible to get your cash back. In that sense, the digital option offers limited
security. This is especially true while travelling, especially abroad, where loss of cash
can cause great inconvenience. Besides, if the futuristic cards evolve to use biometric
ID (finger prints, eye scan, etc), it can be extremely difficult to copy, making it a very
safe option.
• Small gains
It may not seem like much of an advantage, but being cashless makes it easy to ward
off borrowers. Another plus is that you can pay the exact amount without worrying
about not having change or getting it back from shopkeepers.
 Disadvantages
• Higher risk of identity theft: The biggest fear is the risk of identity theft.
Since we are culturally not attuned to digital transactions, even well-
educated people run the risk of falling into phishing traps. With the rising
incidence of online fraud, the risk of hacking will only grow as more people
hop on to the digital platform.
• Losing phone Since you will be dependent on your phone for all your
transactions on the move, losing it can prove to be a double whammy. It can
not only make you susceptible to identity theft, but you could also be
rendered helpless in the absence of physical cash or any other payment
option.
• Difficult for tech-unsavvy India has a low Internet penetration of
34.8%(2016), according to the Internet Live Stats, and only 26.3% of all
mobile phone users have a smartphone (2015), as per Statista figures.
Besides the practical difficulty of going digital, a bigger block is the
psychological shift. You are suddenly jumping three generations to the
digital medium.
• Overspending While there is no denying the convenience of card or mobile
wallet transactions, it could open a spending trap for an unsuspecting
population. According to behavioural finance theorists, the pain of parting
with money is felt more acutely if you use physical cash instead of a card.
Hence, using cash instead of cards or mobile wallet acts as a natural
bulwark for people who find it difficult to control their spending.
Following are the major types of risks that you should be aware of:
• Malware: These are specifically designed applications and programs that
compromise the security of mobile phones and computers. It gives cyber
criminals access to devices, and hence also to sensitive consumer data.
Therefore, download and install applications only from authentic sources
and that too from developers having a good reputation.
• Phishing: In this case, the user is trapped using fake emails or websites and
is made to enter account-related sensitive information. Those who are new
to the world of electronic transactions are more prone to such traps. Do not
click on attractive or suspicious links that you get through SMSs or emails.
• Public networks: Using a public network can expose your mobile device and
information to cyber criminals. Avoid doing digital transactions on public
computers and networks like a cyber cafe or a public Wi-Fi hotspot.
• Ransomware: In this security issue, the hacker gains remote access to the
device as well as the data of the victims, and can block access to the device
until a sum of money is received.

There are also other forms of cyber attacks where cyber criminals look for
vulnerabilities within a technology and turn it to their advantage. “Some of
these security breaches are much harder to detect and can only be
identified using advanced security systems," said Rajat Mohanty, chief
executive officer, Paladion Networks, a cyber security firm.
 Minimizing risks in e payment- what cos can do
• “There is nothing called 100% secure. Anyone who says that their
system is 100% watertight neither understands technology nor risk
management.
• You can only manage and minimize the risk," experts say.
• At the institutional level, mechanisms have been put in place for
constant monitoring of the systems. Certainly, more needs to be
done. “When a customer makes a purchase (online), the business
loses control of a large portion of the transaction interaction as
customers use a variety of devices, operating systems and browsers
to access e-commerce sites," said Rana Gupta, vice-president, Asia-
Pacific, identity and data protection, Gemalto, a digital security firm.
• Gupta said that mobile e-wallet companies must look at a layered
approach to data security that provides protection at every stage of
the payment and business service ecosystem, such as: better access
control techniques, stronger authentication measures and use of
end-to-end encryption and proper key management.
Minimizing risks in e-payment- what customers should
do
• If you end up being a victim of cyber fraud, immediately get in touch with
the bank or e-wallet company.
• If reported in time, the damage can be minimized. According to RBI, banks
are responsible for security of the debit cards they issue and hence, in case
of any monetary loss on account of breach or failure of security, the bank is
liable to bear the loss. However, if a fraud takes place and “customer
reports beyond 7 working days, customer liability will be determined based
on bank’s Board approved policy," RBI had said in a circular.
• That being said, basic cyber hygiene helps in keeping trouble at bay. You
must never share passwords with others nor should you save them on
public computers.
• Use security measures such as receiving a one-time password (OTP) for
every transaction.
• This adds another layer of much-needed protection to the entire
transaction process. Do not click on links that come through SMSs or emails
as these may lead to inadvertent downloading of malware programs that
can steal sensitive data from your mobile device or computer. Malware
attacks can also be avoided by steering clear of untrustworthy websites and
unverified apps.
• how to create one time usable virtual credit card for online shopping.mp4
 As per Axis bank website

• Keep these tips in mind while banking online

• Avoid using Internet Banking on shared computers and public places like Cafés,
Libraries.
• Always remember to Log off on Internet Banking and close your browser when you
have finished your online banking.
• Disable the 'AutoComplete' function within your browser
• Install firewall and anti-virus software and keep it up to date to help detect and
disable malicious software
• Make sure your account information is safe
• Change your Internet Banking password regularly and never disclose it to anyone
• Always use strong password with alphanumeric passwords which cannot be
guessed easily and for multiple accounts, use different passwords
• Do not write them down
• Do not give your account information to telemarketers or to callers claiming to
confirm or verify your account information
 Infrastructure issues & risks in EPS
• Cyber security experts are of the opinion that
with the use of online payment platforms, the
fraudulent use of payment networks and data
theft has also gone up.
• “While people are getting comfortable with
mobile wallets and banking through apps and
smartphones, Wi-Fi networks continue to have
major security flaws that can make it very
dangerous to conduct transactions using mobile
devices," said Amit Nath, head of Asia-Pacific
(corporate business) F-Secure, a cyber security
company.
What is an electronic funds transfer?
• An electronic funds transfer (EFT) is the
electronic transfer of money over an online
network.
• Electronic funds transfers can be performed
between the same bank or a different one, and
can be accomplished with several different
types of payment systems.
• An EFT can be initiated by a person or by an
institution like a business and often doesn’t
require much more than a bank account in good
standing.
•An electronic funds transfer is a widely used method for moving funds from one
account to another using a computer network. Electronic funds transfers replace
paper-based transfers and human intermediaries, but provide the customer with
the convenience of doing her own banking.

•Every time a banking customer uses her credit or debit card , whether at a physical
point-of-sale or online, she’s engaging in an electronic funds transfer. Any
preauthorized charges, such as direct deposits or utility bills, also utilize an EFT.

•Certain services use EFTs to create a peer-to-peer payment environment. In such a

situation, the sender simply uses an app or website to indicate that she wants to
send money to a recipient. Often, this means sending money from a bank account
to another bank account, but it can sometimes mean transferring it to the service
itself, from where the recipient can withdraw the funds into her bank account
manually.

•Electronic funds transfers are secured by a personal identification number (PIN) or

the login information that unlocks the customer’s online banking service.

•An automated clearing house (ACH) processes the payment.

•With online banking, you can make your own EFTs.

Security Issues in E-commerce

Dr Sudhir Bisht
 Security: Essential requirement for e-payment
Security is an essential part of any transaction that takes place over the
internet. Customers will lose his/her faith in e-business if its security is
compromised. Following are the essential requirements for safe e-
payments/transactions −
• Confidentiality − Information should not be accessible to an unauthorized
person. It should not be intercepted during the transmission.
• Integrity − Information should not be altered during its transmission over
the network.
• Availability − Information should be available wherever and whenever
required within a time limit specified.
• Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
• Non-Repudiability − It is the protection against the denial of order or
denial of payment. Once a sender sends a message, the sender should not
be able to deny sending the message. Similarly, the recipient of message
should not be able to deny the receipt.
• Encryption − Information should be encrypted and decrypted only by an
authorized user.
• Auditability − Data should be recorded in such a way that it can be audited
for integrity requirements.
 Essential features of security of payment systems
The payment system should be secure enough to offer the following:
• Fraud Protection: Digital payment systems must be tamper resistant
and should have built-in mechanisms to prevent illegal use of digital
cash. At the very least, the digital payment systems must provide the
means for detection and punishment of misuse, after the fraud.
• No Double Spending: Since digital cash is represented by bytes that
can be easily copied and respent, the digital payment system should
safeguard against reuse of currency. This type of fraud can be initiated
not only by customers who might reuse digital money for several
purchases, but also by merchants who could attempt to resubmit
digital money for redemption.
• No Counterfeiting: The system should be able to detect fake currency.
It should be easy to distinguish between legal money tokens and
unauthorized illegal money.
• No Overspending: The system should have the means to ensure that
the user is unable to spend beyond the money represented by token,
or held in the purse. Prevention of customer overspending, i.e.,
exceeding spending limits, is another fraud protection issue,
especially in account based systems.
• Non-refutability: The parties involved should be able to verify that the payment
transaction has taken place, along with the amount and the purpose of
transaction. A record of the transaction should be produced, on demand, incase
of dispute, though it may have implications on the control of privacy.
• Hardware Tamper Resistance: Some digital payment systems rely on tamper
resistant hardware like smart cards to prevent double spending and forgery, and
can be used offline. However breaking-in of the hardware would leave the users
open to frauds. Reliability of the hardware used should be certified.
• Unauthorized Use: The tokens stored in soft format/digital data are easy to steal,
a good payment system should prevent the stealer from being able to spend the
tokens. In the case of device dependent payment systems, it should not be easy
to steal the payment device, and unauthorized owners should not be able to use
the payment device.
• Privacy Control: The payment system should make it possible for customers to
keep their spending habits private from observers, merchants, and banks.
• Confidentiality: The grants of confidentiality by the payment system are essential
to the user. In an ideal situation, the payment transaction should be carried out
in such a manner that it maintains confidentiality of all the intermediate
information and yet ensures the value transfer.
• Non-traceability: Payment systems should ensure ruling out any possibility of
two different payments, by the same user, being linked together. The transaction
should also maintain anonymity and non-traceability, similar to cash payments in
a shop.
 Measures to ensure Security
Major security measures are following −
• Encryption − It is a very effective and practical way to
safeguard the data being transmitted over the
network. Sender of the information encrypts the data
using a secret code and only the specified receiver can
decrypt the data using the same or a different secret
code.
• Digital Signature − Digital signature ensures the
authenticity of the information. A digital signature is an
e-signature authenticated through encryption and
password.
• Security Certificates − Security certificate is a unique
digital id used to verify the identity of an individual
website or user.
 Videos
• What is Encryption.mp4

• Digital Signatures Explained - Keep your's

Safe!!!.mp4

• HTTP Vs HTTPS .mp4

 Some Definitions
What is cryptography in ecommerce?
Cryptography is the practice of encrypting data into an unreadable format, known
as cypher text. Typically used to protect data, payment information or emails,
only those who possess a secure key can decrypt the messages into plain text.

What is SET protocol in ecommerce?

Secure Electronic Transaction Protocol (SET) is a three-way transaction between
the user, merchant and bank using specific protocols.
What is encryption in ecommerce?

Encryption is the practice of encoding data to ensure the data can be securely
relayed over the internet. It acts as one of the most effective methods in
mitigating ecommerce security risks to safeguard data integrity.
What is an SSL certificate?

SSL certificates use small data files to secure a cryptographic key to a company’s
file. When an SSL certificate is installed on a web server, it uses specific protocols
to facilitate a secure connection from the server to a browser.
 What is PCI Compliance
Payment card industry (PCI) compliance refers to the technical and operational
standards that businesses must follow to ensure that credit card data provided
by cardholders is protected.

PCI compliance is enforced by the PCI Standards Council, and all businesses
that store, process or transmit credit card data electronically are required to
follow the compliance guidelines.

BREAKING DOWN PCI Compliance

Payment card industry (PCI) compliance standards require merchants and
other businesses to handle credit card information in a secure manner that
helps reduce the likelihood that cardholders would have sensitive financial
data stolen.

If merchants do not handle credit card information properly, the card

information could be hacked and used to make fraudulent purchases.
Additionally, sensitive information about the cardholder could be used in
identity fraud.
Being PCI compliant means consistently adhering to a set of guidelines set forth by
companies that issue credit cards. The guidelines outline a series of steps that credit
card processors must continually follow.
Companies are first asked to assess their information technology infrastructure,
business processes and credit card handling procedures to help identify potential
threats that may compromise credit card data.
Companies are then asked to address any gaps in security, and to avoid storing
sensitive cardholder information, such as social security and driver’s-license
numbers, whenever possible.
Companies are required to provide compliance reports to the card brands that they
work with, such as American Express and VISA.

All companies that process credit card information are required to maintain PCI
compliance, regardless of their size or the number of credit card transactions they
process. All companies are broken into merchant levels based upon the number of
transactions that are processed during a specified period. PCI compliance is
governed by the Payment Card Industry Security Standards Council, an organization
formed in 2006 for the purpose of managing the security of credit cards.

The requirements, known as the Payment Card Industry Data Security Standards
(PCI DSS), are managed by the major credit card companies, including VISA,
American Express, Discover and MasterCard, among others.
 Basics of Encryption & Decryption
• What is Encryption?
• Encryption is a process that changes the nature of
information so it can't easily be employed by a third
party.
• It uses a mathematical transformation, and a key (an
external piece of information), to perform the intended
change. Simplistic version of encryption.xlsx
• This introduces a random element that increases its
ability to resist attacks. Sometimes, the calculations
transforming the information are complex, at others,
they are not. It is also reversible, meaning that it can be
undone. Encryption is an integral part of many operations
including, banking transactions, Internet purchases, and
password protection. Most of the time, you won't even
know it is there
What Is Symmetric Encryption?
Symmetric encryption is an encryption methodology that uses a single key to
encrypt (encode) and decrypt (decode) data. It is the oldest and most well-
known technique for encryption.

The secret key can be a word, a number, or a string of letters, and it's applied
to a message.

The message is changed following the rules in the key. Sender and receiver
know the key, and can thus code and decode any message that would use that
specific key.

There are five main components of a symmetric encryption system:

•Plaintext,
•encryption algorithm,
•secret key,
•ciphertext,
and
•the decryption algorithm.
Plaintext
The term plaintext refers to the original message that is created and sent into the
encryption method; since you're bothering to encrypt it, the plaintext most likely
contains sensitive data that should not be seen by prying eyes.
Encryption Algorithm
The algorithm takes the plaintext and converts it into an unreadable format. A simple
example of an encryption algorithm would be changing all Ns to a 3, or all Zs to a 1.
The routine may perform several passes and changes, called permutations, on the
plaintext. Once it's encrypted, you'll need a key to unlock it.
Key
Think of the key as a decoder ring: the secret of the scrambled text cannot be read
without the key. The key holds the information on all the switches and substitutions
made to the original plain text.
In symmetric encryption, the key is actually bundled with the algorithm; in this sense,
the decoder ring is not universal. The changes and substitutions depend on the key,
and vice versa because the sender and recipient share the key.
Ciphertext
The ciphertext is the text that is now scrambled and ready to be sent. It may look like a
random stream of data, and is unreadable.

Decryption Algorithm
In the decryption algorithm, the secret key (the decoder ring) is applied to the
ciphertext. It converts it back to plaintext, basically performing the encryption in
reverse.
 What Is a Programming Algorithm?
You can think of a programming algorithm as a recipe that describes the exact
steps needed for the computer to solve a problem or reach a goal.

Food recipes - they list the ingredients needed and a set of steps for how to make
the described meal.
In computer lingo recipe = procedure AND ingredients = input

Your computer looks at your procedure, follows it to the letter, and you get to see
the results, which are called outputs.
A programming algorithm describes how to do something, and your computer
will do it exactly that way every time. Well, it will once you convert your
algorithm into a language it understands!

However, it's important to note that a programming algorithm is not computer

code. It's written in simple English

you will probably label the first step 'start' and the last step 'end.' It includes only
what you need to carry out the task. It does not include anything unclear, often
called ambiguous in computer lingo, that someone reading it might wonder
about.
Algorithm can be defined as "A sequence of steps to
be carried out for a required output from a certain
given input".
There are 3 main features of algorithm from its
definition:
1- The essential aim of an algorithm is to get a
specific output,
2- An algorithm involves with several continuous
steps,
3- The output comes after the algorithm finished the
whole process.
 HTTP vs HTTPS
HTTP and HTTPS are the two protocols used to transmit data across
the internet and between websites.
HTTP stands for Hypertext Transfer Protocol, while the addition of the
'S' in HTTPS means it's a secure connection.
Although it isn't a security provision in its own right, it indicates that
the transmission of data happens securely using a Secure Socket Layer
(SSL) (also known as a security certificate) so anything sent over the
network is done so securely.

Both HTTP and HTTPS ensure that the data presented to the end user
is secured. But data could be intercepted by the hackers

Having an SSL certificate means data transferred between a website

and a user is encrypted, while also displaying correctly to them.

Working with an SSL certificate, which certifies that the data

transmission is secure, it means that the website is *probably* more
secure than a website operating without the HTTPS protocol.
What are the benefits of HTTPS over HTTP?
One analogy that can be used to describe how an SSL certificate protects data is
using a cash point.
A website without security is like putting your PIN number into the machine while
someone's looking over your shoulder. They can memorize your security and use it
to launch an attack on your money.
Adding the 'S' is the equivalent to putting your hand over the keypad when entering
the PIN number and the person behind wearing a blindfold. There's not much for
them to see with a double-layer of protection.
There is a range of features that HTTPS boasts to make it far superior to it's older
sibling. One is that to have a website with HTTPS, the domain must be verified to
check that it belongs to the website owner and in some cases, legal certificates must
be presented to verify everything is in order.
HTTPS will also improve a website's ranking on Google, only the best and most
secure get to feature on the first page and statistics show that 84% of shopper will
abandon a purchase if they don't see the little green padlock next to the URL.
How does HTTP work?
If you don't have an SSL certificate installed, data is transmitted in plain text,
which means if it's intercepted by a hacker, they are easily able to steal and
use that data without much work.

Adding an SSL certificate means these communications are secured using

encryption, so even if hackers do manage to intercept the information, it’s
very hard to unscramble to data into any sensical insight.
An SSL works using an 'asymmetric' Public Key Infrastructure (PKI) system,
using two keys to encrypt communications. One is a public key and the other
is a private key.
They can only be unencrypted by each other. The private key is kept safe by
the website owner and the public key is available to anyone. This means
anyone trying to access the website’s data only has half of the tools it needs
to decrypt the information.
When you request information from a secured website (HTTPS), the website
will send the SSL certificate to your browser so it can check the certificate is
valid and will protect your data. The website you’re accessing and your
browser will then generate a secure connection between your browser and
the website.