PREFACE
E-Commerce is an interesting and ever changing business tool, aiming to usher in a new, more competitive era. The book is based on the premise - ‘Why complicate things that can be presented in a simple way?’, and is an earnest attempt to give a comprehensive view of the concept of E-commerce, with an in-depth and illustrative analysis of the basic tenets, of this emerging discipline. The objective of the book is to equip the students to comprehend the process of e-commerce and go prepared to face the corporate world. The book covers the syllabus of B.Com (H) Semester III Paper 3.5.(a) Skill Enhancement Course (SEC-I) under Choice Based Credit System (CBCS), Delhi University. The book has been divided into eight chapters: Chapter 1 (Unit 1): Explains the Nature of E-Commerce, its Characteristics, advantages, disadvantages, limitations, Drivers of e-commerce, reasons of transacting online and categories of e-commerce. Chapter 2 (Unit 1) : Explains the concept of Internet and the World wide web, also the Life cycle approach of Launching an E-Commerce Website. Chapter 3 (Unit 2) : A comprehensive explanation of security threats and controls including encryption and Digital Signatures. Chapter 4 (Unit 3): Web Designing using Hyper text mark up language (HTML). Chapter 5 (Unit 4): Explains the Electronic Payment System (special reference to post demonetization). Chapter 6 (Unit 5): Online Business Transactions across various categories. I-7
PREFACE
I-8
Chapter 7 (Unit 6): Online Retailing. Chapter 8 (Unit 7): Security and Legal Aspects of E-Commerce with special reference to Information Technology Act 2000 and Information Technology Amendment Act 2008. An effort has been made in this book to equip the reader with ample skills to enhance their performance by analysing the current scenarios which have been exemplified with current examples. I have portrayed the various aspects of E-Commerce in a simplified manner, with pictorial, tabular representation, additional readings and to reinforce the understanding, summary at the end of each chapter followed by review questions have been given. Seen through the prism of this book, E-Commerce would surely appear a simple business tool, rather than a complicated one. I feel privileged to have freely drawn upon the publishing expertise of Taxmann Publishing staff. Thanks seem too small a word for the warm and supportive people around me and I am thankful to Almighty for his divine grace. I am thankful to my parents, my husband Nitesh and my kids Kaashvi and Kritin for providing me with an aura of strength wherever I might have faltered. I am deeply indebted to late Poonam didi (may her soul restin-peace) for her support through everything, ‘Then and Now’. Dr. Shivani Arora
SYLLABUS
B.Com. (Hons.): Semester – III Paper – BCH 3.5(a): E-COMMERCE Objective: To enable the student to become familiar with the mechanism for conducting business transactions through electronic means.
Unit I : Introduction Meaning, nature, concepts, advantages, disadvantages and reasons for transacting online, Types of E-Commerce, e-commerce business models (introduction, key elements of a business model and categorizing major E-commerce business models), forces behind e-commerce. Technology used in E-commerce: The dynamics of world wide web and internet (meaning, evolution and features); Designing, building and launching e-commerce website (A systematic approach involving decisions regarding selection of hardware, software, outsourcing vs. in-house development of a website).
Unit II : Security and Encryption Need and concepts, the e-commerce security environment: (dimension, definition and scope of e-security), security threats in the E-commerce environment (security intrusions and breaches, attacking methods like hacking, sniffing, cyber-vandalism etc.), technology solutions (Encryption, security channels of communication, protecting networks and protecting servers and clients).
I-9
I-10
SYLLABUS
Unit III : Website designing
Practical Lab
Introduction to HTML; tags and attributes: Text Formatting, Fonts, Hypertext Links, Tables, Images, Lists, Forms, Frames, Cascading Style Sheets.
Unit IV : E-payment System
Lectures/Practical Lab
Models and methods of e-payments (Debit Card, Credit Card, Smart Cards, e-money), digital signatures (procedure, working and legal position), payment gateways, online banking (meaning, concepts, importance, electronic fund transfer, automated clearing house, automated ledger posting), risks involved in e-payments.
Unit V : On-line Business Transactions
Lectures/Practical Lab
Meaning, purpose, advantages and disadvantages of transacting online, E-commerce applications in various industries like (banking, insurance, payment of utility bills, online marketing, e-tailing (popularity, benefits, problems and features), online services (financial, travel and career), auctions, online portal, online learning, publishing and entertainment) Online shopping (amazon, snapdeal, alibaba, flipkart, etc.)
Unit VI : Security and Legal Aspects of E-Commerce Threats in E-Commerce, Security of Clients and Service-Provider: Cyber Laws - Relevant provisions of Information Technology Act, 2000, offences, secure electronic records and digital signatures penalties and adjudication.
CONTENTS
PAGE
About the author
I-5
Preface
I-7
Syllabus
I-9
1 INTRODUCTION TO E-COMMERCE
1.0
Introduction to E-Commerce
1
1.1
Defining E-Commerce
2
1.2
Nature of E-Commerce
4
1.3
Characteristics of E-Commerce
5
1.4
Advantages of E-Commerce
6
1.5
Limitations of E-Commerce
12
1.6
Drivers of E-Commerce
16
1.7
Reasons for transacting online
20
1.8
Categories of E-Commerce
21
1.9
E-Commerce and E-Business
30
SUMMARY
32
QUESTIONS
33
2 TECHNOLOGY USED IN E-COMMERCE
2.0
Introduction
35
2.1
Internet
35
2.2
World Wide Web
41 I-11
CONTENTS
I-12 PAGE
2.3
Internet and WWW
44
2.4
Designing, Building and Launching E-Commerce Website
45
2.5
Pure Online vs. Brick and Click Business
61
SUMMARY
61B
QUESTIONS
62
3 E-COMMERCE SECURITY AND CONTROLS
3.0
Introduction
64
3.1
Dimension of E-Commerce Security
65
3.2
Security Threats in E-Commerce Environment
66
3.3
Need of E-Commerce Security
72
3.4
Security Controls
74
3.5
Encryption
75
3.6
Digital Signature
81
SUMMARY
87
QUESTIONS
88
4 WEB DESIGNING
4.1
Understanding HTML
90
4.2
A simple HTML document
91
4.3
Heading and Paragraph
92
4.4
Attributes
94
4.5
Fonts
95
4.6
Tables
98
4.7
Lists
99
4.8
Forms
102
4.9
Images
105
4.10
HR tag or horizontal rule
106
4.11
Link Tag
106
4.12
Frames
108
4.13
Stylesheet
110
EXAMPLES
116
EXERCISES
120
I-13
CONTENTS PAGE
5 E-PAYMENT
5.1
Understanding Electronic Payments
122
5.2
Modes of Payment
126
5.3
Payment Gateways
137
5.4
Online Banking
139
5.4A
Electronic Funds Transfer (EFT)
141
5.4B
Automated Clearing House (ACH)
146
5.4C
UPI (Unified Payment Interface)
147
5.5
Automated Ledger Postings
148
5.6
Risks involved in E-payment
149
5.7
Digital Signatures
151
SUMMARY
153
QUESTIONS
154
SOURCE
155
6 ONLINE BUSINESS TRANSACTIONS
6.0
Online Business Transactions
156
6.1
Understanding Online Business Transactions
156
6.2
E-Commerce Applications
161
6.3
Online Services
168
SUMMARY
188
QUESTIONS
189
7 E-RETAILING
7.1
Understanding E-retailing
191
7.2
Categories of E-retailing
192
7.3
How E-retailing takes place?
195
7.4
Popularity of E-retailing
196
7.5
Benefits of E-retailing
200
7.6
Disadvantages of E-retailing
202
SUMMARY
206
QUESTIONS
207
3
E-COMMERCE SECURITY AND CONTROLS
CHAPTER
THE CHAPTER DEALS IN: 3.1 Dimensions of E-Commerce Security
3.4 Security Controls
3.2 Security Threats in E-Commerce Environment
3.6 Digital Signature
3.5 Encryption
3.3 Need of E-Commerce Security
3.0 INTRODUCTION E-Commerce companies face peculiar threats to security, by virtue of being connected on the internet. Internet was meant to be used for military and academic purpose. It wasn’t meant to be open for all, when it was conceived, initially. But that is history, Internet has since being used to conduct business transactions online. The whole ambit of things, including data (business and customer data), business policies, integrity of the transactions, etc need to be secured in order for the e-commerce functioning being smooth. A cyber intruder doesn’t need to be physically present in the premises to cause disruption, he can remotely do it from a nearby building, city, country, rather from anywhere in the world. It may be days before the company gets to know that its system is being remotely manipulated. In simple words “E-commerce security threat refers to anything that has the potential to cause serious harm to a computer system and hence the whole set-up” The intent in case of security breach is mala fide and may lead to loss in revenue to the business, whose security is threatened. The purpose of this Chapter is to analyse the need and dimensions of security, analylze the 64 TAXMANN®
65
DIMENSION OF E-COMMERCE SECURITY
Para 3.1
threats surrounding it and provide solution for the same in terms of either encryption or laws in place.
3.1 DIMENSION OF E-COMMERCE SECURITY As discussed by Greenstein and Feinman in their book, “E-CommerceSecurity, Risk Management and control”, they’ve laid down four security concerns, which create the need for a stringent security system in place. a. Data Integrity : There is just too much data involved in any business transactions. EDI i.e. electronic data interchange has facilitated e-commerce transactions but at the same time, the data is vulnerable and can be stolen and misused to the disadvantage of the company. The company’s own internal data needs to be protected and at the same time, the website data needs security since that is the face of the business. b. Business Policies : The policies of the business are for internal use and some are for the references of the Business Partners (intranet and extranet). These policies, like bill payment and billing policies, shipping policies, return policies, etc. need to remain intact since if changed by unauthorized, person it would lead to chaos. Fig 3.1 Dimensions of E-Commerce Security
Data Integrity
Business Policies
Integrity of Transaction Processing
Privacy of data
Non-repudiation
Uninterrupted availability
c. Integrity of Transaction Processing : It is imperative that the transaction must happen the way, they are agreed upon. The system should be impeccable, so that the customers’ orders are taken well, processed and delivered on time. The compromise in the transaction processing may lead to misplaced orders to wrong orders being delivered. d. Privacy of data : Privacy policy should be stated and followed so that the customer or the visitor’s data is not used against their will. The stolen data of the customers or the visitors can lead to huge losses.
TAXMANN®
Para 3.2
66
E-COMMERCE SECURITY AND CONTROLS
e. Uninterrupted availability : A secured e-commerce system shall be able to provide uninterrupted availability to the customers, business partners and employees. f. Non-repudiation : E-commerce security makes sure that either of the party cannot deny the deals entered to, online.
3.2 SECURITY THREATS IN E-COMMERCE ENVIRONMENT Security threats in e-commerce have varied implications depending on the intentions of person or the organisation breaching the security. The following figure shows the various implications of Security breach. Security Breach
Information loss
Data Theft
Trade Secrets
Manipulation of system
Revenue Loss Figure 3.2 Some implications of Security Breach
The security breach is of various types like phishing, trojan horse, cyber squatting, etc (discussed below), but the reasons for the same are enlisted below: (i) Information loss : The security breach may be for the reason of causing harm to the business by deleting important information from the business. (ii) Data Theft : Stealing of customer data to target them one on one, may be one of the reasons. (iii) Trade Secrets : The intention of the breacher, may be to steal the trade secret and use it for his own benefit. (iv) Manipulation of the system : The system may be manipulated in such a way, that it keeps sending unsolicited and unplanned information to the users, or may not allow the site to function properly.
TAXMANN®
67
SECURITY THREATS IN E-COMMERCE ENVIRONMENT
Para 3.2
3.2.1 Threats in E-Commerce The threats in E-commerce are aplenty and can be categorised into the following categories: 3.2.1 (I) Client Threat 3.2.1 (II) Communication Channel Threat 3.2.1 (III) Server Threat 3.2.1 (IV) Miscellaneous Threats 3.2.1 (I) Client Threat Client threats are a result of dynamic webpages. When the webpages were static, the threats were less. But e-commerce is possible only due to the dynamism of the webpages, whether it is comparing prices or adding things to cart or making the payment. The following threats fall in the category of Client threats: a. Trojan Horse : A simple looking, harmless file may be downloaded, which would release innumerable viruses into the system. The virus may appear to be a harmless data file or an executable file, which once run may cause data theft or other harm to the system, where released. The malicious instructions in the Trojan horse threat remain hidden, but are being executed causing harm to the client system. b. Cookies : Cookies are amongst the biggest threat to the customer privacy. Cookies are small programs which are installed on the customers’ browser and record there browsing activities which include the logins, passwords, buying or viewing patterns. The companies rely on cookies to study the customers and target them accordingly but at the same time, each movement of the customer online is tracked and can be traced. Any malicious intent of using the cookies for ulterior motives can lead to huge losses for the customers. c. Virus : Threats from virus are real and affect the client system adversely. A computer Virus is a programme or a code that is loaded onto a computer without the knowledge of the user and run against the command of the user. Certain programmes can be downloaded online to run a certain application e.g. Java Script, Active X control; which may be a danger to the privacy and integrity of the system since they might be corrupted to act in a malicious way. 3.2.1 (II) Communication Channel Threat Communication online links the consumer with the e-commerce partners. The message takes the form of packets from one point of connection to TAXMANN®
Para 3.2
E-COMMERCE SECURITY AND CONTROLS
68
the other. The packets access different paths before getting sorted out and reaching the final destination. It is very difficult to guarantee that every computer on the Internet through which messages (packets) pass is safe, secure and non-hostile. In all likelihood, someone can reach the message rendering it incomprehensible or altering it to convey something else or completely eliminate the message. These threats are termed as Communication Channel Threats. The various threats under this category are: a. Threats from Sniffer Programs : A sniffer program monitors the data flowing on the internet, in real time. All sniffer programs are not bad, some are legal as well. Sniffer programs can read e-mail messages as well as any e-commerce communication. This illegal deciphering of messages may lead to huge corporate losses, when confidential information is being shared. b. Integrity threats : These threats are prevalent in the banking industry. The banking transaction information is not only deciphered but also altered online. For example, an amount of ` 5000 is being transferred online, the integrity threat implies that the amount may be changed to ` 50000, during the online payment process. c. Cyber Vandalism : ‘Vandalism’ refers to the act involving damaging or destruction of public or private property. Cyber Vandalism refers to the act of altering, deleting or adding content to someone else’s digital content or website. More often, cyber vandalism is not executed for financial purpose but to prove the programming superiority or just for fun. d. Spoofing : The creating of websites and getting a domain name, is the simplest of the things, related to e-commerce. Spoofing is the unethical art of sending communication from an unidentified source emulating the identity of another person. e.g. e-mail spoofing is easy to comprehend, an e-mail address to make people believe its a message from someone, it actually isn’t. e.g. getting a mail from a falsified account of a friend, asking to EFT some money, to them as they were in emergent need. And later getting a mail from a friend saying that they never sent any such mail. e. Necessity Threats : The necessity threat is the one in which the system is slowed down to such an extent that it doesn’t let the system operate properly. Slowing down of the whole process, drives the customers away e.g. if the payment process is slow, it would lead to unrest with the customer. TAXMANN®
69
SECURITY THREATS IN E-COMMERCE ENVIRONMENT
Para 3.2
3.2.1 (III) Server Threat Server is the connect between the Internet and the user. The server is vulnerable to threats, and if the security of the server is compromised, a lot of data can be misused. a. Web server threat : The most profound information in todays times of e-Commerce and e-payments are the usernames and the passwords. The web server threat may be extremely detrimental if the security of this privilege is breached. All the confidential and integral information needs to be protected at the web server end. It is known that if the Webserver software is complex, the probability of errors is higher and it gives easy access to the people with bad intent. b. Database Threats : The companies maintain a database of all the information including B2C information i.e. the product information, user information, orders and payment information, sales returns information, etc. E2E i.e. the communication amongst the employees of the company, etc. This database, if breached and shared unscrupulously would result in huge losses to the company in terms of customer data or confidential private data of the company. c. CGI Threats : Common gateway interface as the name suggests is an interface between the web browser and the web server. The request from the web browser is routed to the server through CGI, which sends out the output as per the input received. CGI is crucial for smooth and correct flow of information and it is under perpetual threat from the attackers. Once CGI is compromised, the request from the browser may not reach the web server or the web server’s output may be misdirected to some other browser. d. Website Masquerading : Masquerade is a disguise and the website which is disguised by unscrupulous users is a great threat. The unattended logged in websites can be hacked into and anyone can gain unauthorised access to the system. The unprotected system can become vulnerable to a masquerade attack from insider or an outsider. It all depends on the level of security and attentiveness on the part of the user. The attacker can have easy access to the point of entry due to weak authentication process. Once authorised for entry, the attacker would have full access to the data base and may deface the website, make it incomprehensible or changing the nature of the website or defaming the website by TAXMANN®
Para 3.2
70
E-COMMERCE SECURITY AND CONTROLS
putting detrimental slogans, etc. It may be able to modify and delete software and data, and make changes to network configuration and routing information. 3.2.1 (IV) Miscellaneous Threat a. Phishing : Phishing is a homophone of fishing. Just like fishing, the target is trapped or lured into sharing with fraudulent people. Phishing refers to the fraudulent practice of sending e-mails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. The e-mail seems to be from a legitimate person, thereby making the task of hacker easier, since the user may share the details without hesitation. The only purpose of phishing is to steal money. This is done by either making the user clicking on a link which installs a malicious software in the system. The other way is to seek personal information from the user. Here is an example of what a phishing scam in an e-mail message might look like. Hello! As part of our security measures, we regularly screen activity in the Facebook system. We recently contacted you after noticing an issue on your account. Spelling
Our system detected unusual Copyrights activity linked to your Facebook account, please follow the link bellow to fill the Copyright Law form: http://www.facebook.com/application_form
Links in email
Note: If you don’t fill the application your account will be permanently blocked
Threats
Regards Facebook Copyrights Department.
Popular company
Fig 3.3 Example of Phishing Source: https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms. aspx
The ways to spot a phishing threat is bad spellings and grammar, suspicious e-mail message, the link may also lead you to.exe files. These kinds of files are known to spread malicious software. Sometimes, the mail threatens to block either an e-mail account or social networking account. Sometimes, spoofing popular websites or companies to add credibility to the mail. TAXMANN®
71
SECURITY THREATS IN E-COMMERCE ENVIRONMENT
Para 3.2
b. Hacking : Hacking is defined as gaining of unauthorised access into the system or computer. It is an act of intrusion, which by term itself is unauthorised. The person who executes the task of hacking is termed as a “hacker”. Hacker are “clever programmers” who know how to get into a system without authorised access. The reasons for hacking may be to access information, change data, cause damage, prevent authorised access, etc. According to the reason, a person decides to hack they are categorised differently Sometimes, the professionals have to check the strength of security of their own systems, when they hack the system they are called White hat professionals. Hackers who undertake hacking for personal gains, to destroy steal or denying access they are termed as Black hat hackers. They can destroy, steal or even prevent authorised users from accessing the system. They do this by finding loopholes and weaknesses in the system. Some computer experts call them crackers instead of hackers. Grey hat hackers comprise curious people who have just about enough computer language skills to enable them to hack a system to locate potential loopholes in the network security system.* *(http://economictimes.indiatimes.com/definition/hacking) -
c. Cyber Squatting : Cyber Squatting is the process of registering the same or similar domain name of a reputed firm, with the intent of reselling the same at exorbitant price. It is also to confuse people into buying from them, thinking its a known brand. Its also known as domain squatting. The word squatting refers to the practice of inhabiting someone else’s property without their permission. ADDITIONAL READING Fig 3.4 Cyber Squatting
Arun Jaitley, Finance Minister of India, is the well known politician and leader of the BJP. He wished to register the domain www. arunjaitley.com but found that the domain had already been registered as of the year 2009. The motive is always ulterior, either to get people to buy from the same or misspelt name or to resell the domain name. The propagation of many top level domain names (TLD) like.com,.org,.net,.in, etc. makes it easier to copy the names or misspell them. d. Intellectual Property Threats : the ease with which data can simply be downloaded and stored without seeking the permission of TAXMANN®
Para 3.3
E-COMMERCE SECURITY AND CONTROLS
72
the Intellectual Property rights owner, has made it a big threat. e.g. Digital files, works, designs can be copied and disseminated, online or offline, with ease. 3.2.2 Why do web attackers breach E-Commerce Security? The attackers may have different motivations to breach the security of the system. It may range from mala fide intentions of data theft or monetary theft or just to show their technical superiority. The hacker may want to
access confidential information about the company and/or its users data.
corrupt the information on the website.
modify the system to work according to the hackers intent.
block access to the system at their discretion.
just to prove their technical superiority, without any mala fide intention.
3.3 NEED OF E-COMMERCE SECURITY The threats to security are a plenty and they involve high risk to the authenticity, integrity and privacy of the e-commerce companies. The detailed discussion on the need for E-commerce companies to invest in the security, is as follows: a. Confidentiality : The information shared on the internet (between business and the customers, extranet (amongst business partners) and intranet (amongst the employees) is all confidential and any access by the outside forces with mala fide intent can cause huge losses for the company. b. Virus Protection : The e-commerce systems are susceptible to many attacks, amongst those are the virus attacks which manipulate the system to act in a peculiar way and can spread on its way without further interference by the hacker. The reputation of an e-commerce company is harmed when the undesired actions are accomplished through the website e.g. repetitive e-mails which spam the system, etc. c. Integrity : The website is the face of the company. The users know the store as they see it. If the attacker changes or deletes the content of the website ; the users might be driven away from the e-commerce business. TAXMANN®
73
NEED OF E-COMMERCE SECURITY
Para 3.3
d. Availability : It requires tremendous effort on the part of the e-commerce organisation to get the customer to their website, therefore it is important that the website is available all the time. Interrupted availability or slow working website, due to some security breach would be detrimental to the success of the company. e. Non-repudiation : Online actions need a different level of security since there is no physical interaction amongst the parties. Online security ensures that neither of the parties can deny entering into the agreement and the terms remain the same. f. Digital India : Launched in 2014, Digital India initiative aims to make the transactions between the Government and the citizens online and electronic. Digilocker is also a part of Digital India, can be referred to, in order to explain the need for Digital Security. DigiLockers are supposed to store all the important documents, electronically. Unless, fully secured, this facility poses a great threat. g. Digital Convergence : Laptops, tablets, smart phones, some smart watches can be used for conducting e-commerce. The users keep themselves logged in to almost all the gadgets at all times, hence increasing the risk of threats and hence security. The security threats are across platforms and the needs are also across all of them. Fig 3.5 Need of E-Commerce Security
Confidentiality
Virus Protection
Integrity
Availability
Non-repudiation
Digital India
Digital Convergence
Too big, too soon
Evolving hackers
Internet Penetration
h. Too big, too soon : Webspace has expanded too soon and for all the loopholes to be plugged, it requires more time and better technology. i. Evolving attackers : The attackers are evolving with the evolving technologies. They need to be tackled by creating security control system that can out-smart them. TAXMANN®
Para 3.4
E-COMMERCE SECURITY AND CONTROLS
74
j. Internet penetration : The new segment of users are being added everyday. The unawareness of the security threats by the new users keeps the need for security.
3.4 SECURITY CONTROLS The analysis of various threats and the need for security, takes us to this point where the discussion on Security Controls ensues. The starting point would be the Threats and from there the controls required. The network security, client security, data security, all have been discussed above, need to have security controls for the smooth running of the e-commerce organisations. The security are discussed below: (i) Password : The alphanumeric characters that serve as passwords are a powerful way of security control. Passwords are unique to a machine or a website. This is the most commonly used security control system. To remain effective and relevant, the password should be of considerable strength i.e. not too simple to guess; and should be changed frequently. Fig 3.6 Security Controls
Passwords
Virus control
Biometric system
Firewall
Encryption (explained in 3.5)
Digital Signature (explained in 3.6)
(ii) Virus Control : Virus attacks are quite prevalent and since they replicate themselves, the virus control is required at all points of access. Virus attacks have been explained in Section 3.2.1 (I)(c). The e-commerce companies make efforts to mange the virus which may enter the clients system while downloading a file from the company’s website. The anti-virus are required to be used and updated regularly since newer viruses are being developed at a fast pace and in high numbers. Virus control is of paramount importance since the customers are very hard to get, they are not disillusioned due to virus infection. (iii) Biometric System : Using some body part, as a measure to allow access to the users/client’s website or machine is another good security control method. Finger prints, palm prints, voice recognition, TAXMANN®
75
Para 3.5
ENCRYPTION
retinal patter, etc. can be used to allow only the authentic user to access the system. E.g. BHIM Aadhaar app launched in India on April 14, 2017, uses the biometric system of thumb impression to transfer funds from the bank account. (iv) Firewall : Firewall is a system where the access is controlled between the two networks. To access the network protected by a firewall, the hacker has to penetrate the firewall with the help of user name and password. Hence the firewall keeps the unwanted access in check. Firewall is one of the most common ways to check the unauthorised entry into the system and is normally used during online payments. It is not easy to permeate a firewall since the firewall filters all messages coming in and going out. To enter a firewall, normally a user name and password combination is used. If the user name and passwords don’t match, the unwanted user and malicious codes are kept at bay. I am concerned about the - Fraud by hackers - Privacy i.e. personal information - Authenticity of the data, its integrity, etc - Financial information, etc
What if my website is hacked? I am concerned about the - Employee information - Tender information - Marketing information - Proprietary information, etc Online Business Man
Online Customer
Fig 3.7: Depicts the concern of a Businessman and a User
3.5 ENCRYPTION There was a time, when hard copy of all the documents, were either hand delivered or through the post but as discussed in the earlier section, the online content is exposed to a variety of threats, the technological solutions of the same. Online environments’ success depends on the fact that the transactions that take place are secure whether it is financial transactions, personal information, etc.. The major hiccup in the initial take-off of web was the fact that customers, businesses and users, all were apprehensive that the transactions on the web were not secured and could be tempered with. All the parties were concerned about the information important to them. For example: To help resolving the concerns of the customers as well as the business, encryption evolved. Encryption is a process of disguising data in such a form that it can be understood or is legible only to the parties concerned. Implying that the message that is encoded can be decoded only with the TAXMANN®
Para 3.5
E-COMMERCE SECURITY AND CONTROLS
76
help of a key. This technique dates back to the time immemorial when the transmission of confidential data was done by encrypting it. Any form of online transaction cannot be done without encryption. To simplify it, a business deal cannot be struck if both the parties, who are geographically apart, are not sure that the content is not meddled with during the transmission. It is also referred to as a basis of network security.
3.5.1 Understanding Encryption Encryption refers to the scrambled data (i.e. encoded data) which can be sorted (decoded) with the help of a key which is a series of electronic signals stored on the PC. Encryption is a mathematical procedure that scrambles data so that it is extremely difficult for any one than the authorized recipient to recover the original message. The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. Evidently, it involves two parties-one, which encodes the data and the other for whom it is meant for, i.e. the one who can decode it. Both the parties should be aware of the format followed. (Formats will be discussed later in the chapter).
3.5.2 Need of Encryption Encryption is done so that there is no violation of PAIN i.e. privacy, authentication (verification/validation), integrity (veracity/reliability) and non-repudiation (non-denial, non-negation/non-refutation). In simple words, whenever data is transmitted over the net it is important to protect it from falling into wrong hands and being corrupted during transmission and all the essentials of the transaction namely privacy, validity, reliability and non-refutation, remain intact. The detailed description is as follows:
Privacy: “Privacy is the condition of being concealed or hidden when the intention is to avoid any unauthorized disclosure of information.” The integral parts of privacy taken care of by encryption are Confidentiality and Anonymity.
TAXMANN®
E-COMMERCE AUTHOR PUBLISHER DATE OF PUBLICATION EDITION ISBN NO NO. OF PAGES BINDING TYPE
: : : : : : :
SHIVANI ARORA TAXMANN FEBRUARY 2024 Reprint 2024 Edition 9789357788458 248 PAPERBACK
Rs. 375 | USD 5
DESCRIPTION This book provides a comprehensive and accessible discussion on E-commerce, tailored for students preparing to navigate the corporate world. It enables the students to become familiar with the mechanism for conducting business transactions electronically. This book specifically caters to the syllabus of B.Com. (Hons) Semester III Paper BCH 3.5. (a) Skill Enhancement Course (SEC-I) and Choice Based Credit System (CBCS) Programme of various central universities throughout India. The Present Publication is the Reprint 2024 Edition, authored by Dr Shivani Arora, with the following noteworthy features: • [Simple and Systematic Explanation] Through this book, E-Commerce is presented as a straightforward and accessible business tool, aiming to simplify the subject for readers and students alike • [Additional Readings] are incorporated into the book to enhance the skills of the students • [Illustrations] The book utilizes a simplified approach, employing pictorial and tabular representations • [Coverage of Relevant Examples] on E-Commerce from Indian & Global Scenarios is incorporated in the book • [Chapter Summaries & Review Questions] are provided at the end of each chapter • [Past Exam Questions] of Delhi University have been given at the end of each chapter
ORDER NOW