Module 4

What is E-commerce?
 E-commerce (electronic commerce)is the activity of electronically buying or
selling products on online services or over the Internet.
 Electronic commerce or e-commerce is simply the buying and selling of goods and
services using the internet, when shopping online.

Components for E-Commerce:

 User
 E-commerce vendors
 Technology Infrastructure
 Internet/ Network
 Web Portal
 Payment Gateway

1. User:
 This may be individual / organization or anybody using the e-commerce platforms.

2. E-commerce Vendors:
 This is the organization/ entity providing the user, goods/ services.
E.g.: www.flipkart.com.
 E-commerce Vendors further needs to ensure following for better, effective and
efficient transaction.

3. Technology Infrastructure:
This includes Server computers apps etc.
 Computers, Servers and Database
These are the backbone for the success of the venture. They store the data/program used to run
the whole operation of the organization.
 Mobile Apps
 Smartphone’s and tablets have become a dominant form of computing, with many more
smartphones being sold than personal computers.
 Developing mobile app is expensive,and it will have to be developed on two major
platform i.e. iPhone and Android. Another option is to create a website that is mobile-
friendly.
 Digital Libraries: Digital libraries can vary immensely in size and scope, and can be
maintained by individuals, organizations, or affiliated with established physical library
buildings or institutions, or with academic institutions. The digital content may be stored
locally, or accessed remotely via computer networks.

4. Web portal:
 This shall provide the interface through which an individual/organization shall perform
e-commerce transactions.
 Web Portal is the application through which user interacts with the e- commerce
vendor. The front end through which user interacts for an e- commerce transaction.
 These web portals can be accessed through desktops/ laptops/PDA/hand- held
computing devices/ mobiles and now through smart TVs.

Divya k gfgc shivamogga Page 1

Module 4

5. Payment Gateway:
 The payment mode through which customers shall make payments. Payment
gateway represents the way e-commerce / m-commerce vendors collects their
payments. Examples are :
 Credit / Debit Card Payments, Online bank payments, Vendors own payment
wallet, Third Party Payment wallets, like SBI BUDDY or PAYTM, Cash on
Delivery (COD) and Unified Payments Interface (UPI).

Elements of E-Commerce - Security :

 Confidentiality − Information should not be accessible to an unauthorized person. It
should not be intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over the network.
 Availability − Information should be available wherever and whenever required within a
time limit specified.
 Authenticity − There should be a mechanism to authenticate a user before giving
him/her an access to the required information.
 Non-Repudiability − It is the protection against the denial of order or denial of payment.
Once a sender sends a message, the sender should not be able to deny sending the
message. Similarly, the recipient of message should not be able to deny the receipt.
 Encryption − Information should be encrypted and decrypted only by an authorized user.
 Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements.

Types of threats to E-commerce:

1.Financial fraud
 Financial fraud takes several forms. It involves hackers gaining access to your customer's
personal information or payment information, then selling that information on the black
market.
 It also involves fraudsters using stolen credit card information to make illegitimate
purchases from your e-commerce store.

2. Phishing
 Your customers are the target in a phishing scam, where a fraudster sends messages or
emails pretending to be you with the goal of obtaining their private information.
 These messages may contain logos, URLs, and other information that appears to be
legitimate, but it won't be you sending it.
 They'll ask customers to verify their account by logging in and then use the information
to steal personal data.

3. Spamming

 In an attempt to obtain personal information—or to affect your website's performance—

spammers may leave infected links in their comments or messages on your website, such
as on blog posts or contact forms.

Divya k gfgc shivamogga Page 2

Module 4

 If you click on the links, they can take you to a spam website that exposes you to
malware.

4. Malware
 Malware refers to malicious programs such as spyware, viruses, trojan horses, and
ransomware.
 Hackers install it on your computer system and spread it to your customers and
administrators, where it might swipe sensitive data on their systems and from your
website.
5. Bad bots
 People are generally aware that bots are all over the Internet, obtaining information about
our habits and behaviours.
 Your competition, however, could use bots to gather information about your inventory
and prices. They then use that information to change their prices.
 Or hackers can send malicious bots to e-commerce checkout pages to buy large amounts
of a product and scalp it for up to 10 times the list price.
6. Distributed denial of service (DDoS) attacks
 Distributed denial of service attacks happens when your servers receive an overwhelming
amount of requests from various IP addresses—usually untraceable—that cause your
server to crash.
 That means your e-commerce store isn't available to visitors, which disrupts your sales.
7. Fake return and refund fraud
 Fraudsters can obtain money from you by committing fake returns and refund fraud in
many ways.
 Some use a stolen credit card to purchase merchandise, then claim that the card is closed
and request a refund to another card. Others use counterfeit receipts to request refunds for
items they haven't purchased.

8. Man-in-the-middle attacks
 With technology evolving, so are hackers' schemes. Man-in-the-middle attacks allow the
hacker to listen in on the communications of e-commerce website users.
 These users are tricked into using a public wireless network, enabling hackers to access
their devices and see their browsing history.
 They can also access credit card information, passwords, and usernames.

e-commerce security:
Building e-commerce security consists of protocols safeguarding people who engage in online
transactions.

1.Privacy
 Privacy is the practice of restricting the sharing of consumer data with unauthorized third
parties.
 This means no one else should have access to a customer’s personal information or
account data besides the online retailer they have chosen.

Divya k gfgc shivamogga Page 3

Module 4

 When sellers allow outsiders access to such information, a breach of confidentiality

occurs.
 E-commerce should implement anti-virus, firewall, encryption, and other data security
measures.

2.Integrity:
 Another critical element in e-commerce security is integrity.
 The idea stipulates that the online business uses the information provided by the clients
precisely as it is.
 It entails ensuring that any information given by clients online remains unmodified.
 So any change to the data leads the customer to lose trust in the business’s security and
integrity.

3.Authentication:
 This concept of e-commerce security demands that both the supplier and the buyer be
genuine. They should be who they claim to be.
 The company should demonstrate that it is authentic, sells tangible goods or services, and
has a legitimate claim about the products.
 Clients should also provide evidence of identification for the seller to feel confident
about online transactions.

4.Non-repudiation:
 Non-repudiation is a legal concept that urges participants in a transaction not to deny
their acts.
 This means that the company and the buyer must complete the deal they began and
should finish the transaction as it is.
 As a result, a party in that transaction cannot refuse a signature, email, or purchase.

Advantages of E-commerce:
1. Availability –
 E-commerce provides the customer with flexible time. The services are available round-
the-clock for the customers to review the product, buy or return.
 Based on the reviews from customers, e-commerce will gain the benefit of getting the
most bought product and make others also buy the product based on good reviews

2. Payment Method –

 The methods for paying for the products have various choices like Cash on delivery,
Unified Payment Interface (UPI), etc.

Divya k gfgc shivamogga Page 4

Module 4

3. Limitation of Goods –

 The sellers will have only a certain quantity and are available to a minimum number of
customers in and around the particular area to buy the products.
 But in e-commerce, the customer can buy any products from anywhere and the goods at
wholesale price or at low price.

4. Product Price –

 In the Ecommerce sites we can see one product with different price ranges also based on
the brand. It makes the customer choose the one they want.

Disadvantages of e-commerce:
Apart from the major advantages, there are some disadvantages to be known,

1.Competitive − E-commerce has grown a lot and provided easy access to customers, so e-
commerce sites are emerging day by day.

2.Site crash − The customers cannot access the site when it is crashed by cyber-attacks.

Introduction to digital payments

Defining digital payments

 A digital payment, sometimes called an electronic payment, is the transfer of value from
one payment account to another using a digital device or channel.

 This definition may include payments made with bank transfers, mobile money, QR
codes, and payment instruments such as credit, debit, and prepaid cards. Digital payments
can be partially digital, primarily digital, or fully digital.

Components of digital payments:

1Commercial cards

Starting with the component that gives businesses the most return on the time and effort it takes
to migrate to e-payments, the core products that make up a commercial card program are each
useful for different reasons:

 A purchasing card (p-card) goes beyond a traditional business credit card with
advanced features like virtual card numbers (VCNs).
 These are single-use, unique credit card numbers generated in real time for a specific
purchase amount, date and supplier.

Divya k gfgc shivamogga Page 5

Module 4

 Travel and entertainment (T&E) cards are effective for companies that don't want
their employees to purchase items on their own credit cards or for employees who don't
want to worry about receiving timely reimbursement.
 ACH payments
 The automated clearinghouse (ACH) network was originally established in the 1970s to
provide an alternative to using paper checks.
 The ACH uses a batch process, in which the individual transactions are created/initiated
and then batched as one or many for release to the bank.
 These transactions typically take a few days to process. Today ACH payments are used
for large volumes of credit and debit batched transactions, including regular direct
deposit payroll and vendor payments.

3Bill payments

 A bill payments solution makes sense for regular or one-time small to mid-sized
payments managed and distributed online, including recurring expenses, such as rent and
equipment leases.

4Wire transfers

 Wire transfers are used to make domestic and international high value and rapid direct
bank-to-bank payments, including ad-hoc and one-time payments.
 Businesses typically use wire transfers to pay or receive funds same day—benefitting
from nearly immediate and guaranteed availability of funds via secure, non-reversible
transactions.

5The backend stuff

 Supporting all of these solutions are several essential backend systems, including an
automated payment platform that integrates bill payment and accounting systems, a
purchase control portal that securely generates virtual accounts for purchase requests, and
a direct file transmission platform that centralizes all payments processing and that
integrates with your ERP systems.

Digital Payment Methods/modes in India:

 After the launch of Cashless India, we currently have ten methods of digital payment
available in India. Some methods have been in use for more than a decade, some have
become popular recently, and others are relatively new.

#1: Banking Cards

 Indians widely use Banking cards, or debit/credit cards, or prepaid cards, as an alternative
to cash payments. Andhra Bank launched the first credit card in India in 1981.
 Cards are preferred because of multiple reasons, including, but not limited to,
convenience, portability, safety, and security.
 This is the only mode of digital payment that is popular in online transactions and
physical transactions alike.

Divya k gfgc shivamogga Page 6

Module 4

#2: Unstructured Supplementary Service Data(USSD)

 Under USSD, mobile banking transactions are possible without an internet connection by
simply dialing *99# on any essential feature phone.
 This number is operational across all Telecom Service Providers (TSPs) and allows
customers to avail of services including interbank account to account fund transfer,
balance inquiry, and availing mini statements.
 Around 51 leading banks offer USSD service in 12 different languages, including Hindi
& English.

#3: Aadhaar Enabled Payment System (AEPS)

 AEPS is a bank-led model for digital payments that was initiated to leverage the presence
and reach of Aadhar.
 Under this system, customers can use their Aadhaar-linked accounts to transfer money
between two Aadhaar linked Bank Accounts.
 AEPS doesn’t require any physical activity like visiting a branch, using debit or credit
cards or making a signature on a document.

#4: Unified Payments Interface (UPI)

 UPI is a payment system that culminates numerous bank accounts into a single
application, allowing the transfer of money easily between any two parties.
 As compared to NEFT, RTGS, and IMPS, UPI is far more well-defined and standardized
across banks.
 You can use UPI to initiate a bank transfer from anywhere in just a few clicks.
 The benefit of using UPI is that it allows you to pay directly from your bank account,
without the need to type in the card or bank details.

#5: Mobile Wallets

 Mobile Wallets, as the name suggests, are a type of wallet in which you can carry cash
but in a digital format.
 Often customers link their bank accounts or banking cards to the wallet to facilitate
secure digital transactions.
 Another way to use wallets is to add money to the Mobile Wallet and use the said balance
to transfer money.

Types of digital payment fraud:

Identity theft –

 This is not a new thing, since it also happens outside cyberspace.

 Typically, this type of fraud entails a cybercriminal stealing your personal information by
spoofing your system.
 In order to perform illegal online payment transactions, the hacker then uses your data.
Since the cybercriminal has all the essential details, they can bypass restrictions and
firewalls on fraud detection.

Divya k gfgc shivamogga Page 7

Module 4

Phishing –

 You would have come across numerous email subscriptions and websites that persuade
you to opt for updates and notifications.
 In most cases, these sources would ask you to provide certain personal information,
including your credit card details.
 If the email is not from a reliable source, your data will be compromised and used to
carry out fraud e-commerce transactions. This is known as a phishing attack.

Merchant Identity Fraud –

 This involves a fraudster that builds a platform quite similar to that of the merchant
account.
 The attacker then proceeds and imposes fake payments and fees on stolen credit cards.
 This whole operation is carried out in a quick way before the cardholders realize they are
being cheated.

Pagejacking –

 At times, e-commerce websites are hacked by criminals who direct the customers to an
unsecured network.
 This untrusted site can contain malware that can break webpage security systems and
steal the customer’s funds.

Securities fraud

 Speed, fast access, and anonymous activity, all provide a suitable atmosphere for
securities and stock market fraud. This can happen in several ways.
 The most common of all involves providing misleading or fake information on a specific
stock to shoot up its price.
 Investors treat this information as genuine and start buying the stock, resulting in a price
increase.
 By the time they realize that the information is fake, the stock price falls, and the
investors lose their money.

Stock market fraud–

 With the advancement in technology and everything at our fingertips, there has been a
rise in stock market scams too.
 Unknowingly, the investors are exposed to the immense risk of a criminal who uses their
personal data and investment for illegal trades, leaving investors at a loss.

Divya k gfgc shivamogga Page 8

Module 4

Preventive measures:
E-commerce firms have already begun to raise awareness regarding internet corrupt practices.
Even though it is difficult to eradicate cybercriminals entirely, you can take certain measures
to prevent internet fraud.

 Use a certified payment processor

 Be updated with recent trends in digital payment fraud
 Use tested antivirus software that runs regular checks
 Encrypt the transactions and emails containing confidential information
 Regularly change your login and passwords
 Regularly update network security systems

Divya k gfgc shivamogga Page 9

Module 4

RBI Guidelines for Unauthorized Transactions:

If neither the bank nor the customer is at fault and a third-party breach led to an unauthorized
transaction complaint, the following rule applies for a refund:

 Within 3 Days - As per RBI guidelines for disputed transactions, if the customer reports
bank fraud transactions within 3 days, he/ she will have to bear zero liability. The whole
amount will be refunded to the account by the concerned bank.
 Within 4-7 Days - Limiting liability of customers, RBI guidelines require customers to
bear with the transaction amount or an amount within Rs 5000 up to Rs 25,000,
whichever is lower in case the unauthorized transaction complaint is made after 3 days
and before 7 days.
 After 7 Days - The bank won't refund unauthorized transactions after the expiry of 7 days
if the policy does not allow it.

Divya k gfgc shivamogga Page 10