MODULE 5

E-commerce is also known as “electronic commerce” or “internet commerce”, refers to the buying and
seeing of goods or services using the internet and the transfer of money and data to execute this
transaction.

E-commerce

E-commerce introduction security

Types of e-commerce Legal issue
EDI Risk
EAN system Cryptography
Article numbering Digital signature
Business process Electronic payment system
Re-engineering IT act 2004

LEGAL ISSUE OF E-COMMERCE :

The world is comfortable using signed paper document for conducting business and commerce. From past 2
decades commerce has been done based on written documents with the value authorized by the signature
of an authorized officer.
With the advanced and increased use of online media. Online business is becoming a fast emerging trend.
Almost every company are doing online business but being functional online dosen’t mean you can skip
legal matter. E-commerce is understood to mean the production ,distribution, marketing , sales , etc by
electronic media .
1. Privacy concern 3. Trade mark
2. Violation of law 4. Copyright
1. Trade mark and copyright – using someone else data like photo , logos ,article ,videos ,etc.
Ex-if an online store sells fake nike shoes or uses its logo without permission.
2. Privacy and data security – E-commerce sites collects personal information like your Address ,credit
card details ,phone no. etc.
3. online agreement – while clicking “ I agree” to terms is legally binding but the term must Be clear and in
easy language. Ex -A streaming service includes a hidden clause in their term.
4. Dispute across different countries – problems arise when buyers and sellers are in different countries
,suppose , a buyer in India orders a gadget from a US website , it arrives in damaged condition . the problem
for buyer is which countries law has to apply .
5 . Product safety – The product sold online must be safe and meet regulations .
Ex -An online store sells cheap mobile charger or headphone that overheat and cause fire .
The business could be held responsible and fined.
6 . Database sharing issue – Many website provide access to database same on – a chargeable basis which
may or may not always has a copyright protection.
7 . Insurance claim
 RISK IN E- COMMERCE :
Electronic documents are common these days because of the ease with which the document can be located
and retrieved help in reducing spaces as it is not required to store countless numbers of paper hardcopies
are less common in use however when compared to paper documents , e-document have more risk.

RISK

DATA THEFT POWER FAILURE LEAKAGE VIRUS DATA CORRUPTION

1. Data corruption – A file can be corrupted due to a number of different reasons . Documents are
damaged due to viruses or technological malfunction . which are not accurately readable or
retrievable by any computer program. sometimes the damaged file can be replaced but the process
can be time consuming . It is also suggested to keep backup of all the electronic document on a
different storage device so, that it can safely and quickly recover any data which can be corrupted .
2. Editing and Piracy – the electronic document can be easily edited and shared which can be security
threat for the business and agency with sensitive records that get changed without the knowledge of
business company.
3. Data theft – Electronic data can be duplicated and sent to any destination in the world.
Ex- If a companies confidential sites is hacked all the vital information can leaked and this will lead
to various kinds of loss for the company.
4. Payment risk – online transaction may face issues like unauthorize payment like gateway.
5. Fraud and scan – Fake website or seller may decline customers or business.

Authentication technology for electronic documents:

Technologies used to authenticate electronic document ensure their security and their integrity.
Any organization can authenticate an electronic document by affixing his “digital signature”.
Following are the technology for authenticating electronic document.
1. Digital signature – A digital signature is a cryptographic method to verify the sender identity and
ensure that the document is not be altered .
2. E-signature – A simple electronic representation of signature such as writing a name or drawing a
signature .
3. Certificate Authority.
4. Biometric authentication
5. Cloud based authentication.

LAWS OF E-COMMERCE:
1. Cyber law – this law is vital because it covers all the aspects of transactions and activities pertaining
to the internet.
2. Electronic contract and signature – Many countries recognized digital contract in the form of digital
signature . Ex-pentagon digital contract.
3. Consumer protection law – It provides transparency about the price , terms and written policy .
Ex -IT ACT 2000 section 66.
4. Data privacy and protection – it regulates all businesses collect , store , and use customer data .
Ex- personal data protection bill – In this bill it ensures and protects user privacy by setting strict
rules for data handling .
5. Intellectual property right – It protects digital content like trademark , copyright , patent etc. Ex-
copyright act in india – it prevent unauthorize use of digital product or content .
 6. Payment Regulation Act – It protects user from payment fraud and ensures secure digital
transaction. Ex – RBI guideline for digital payment .
7. Advertising law – Website advertisement advertise their goods to their customer their should not
be any unfair means while advertising on the internet.
8. Children special law – Browse for some of the website asks for parent consent before take any child
information.
9. Zoning – Every state and local municipal organization will set its law and regulation called zoning.

LEGAL ISSUES FOR INTERNET COMMERCE:

1. Trademark and Domain Name.
2. Copyright and Trademark
3. Insurance related Issues
4. Privacy Issue
5. Data base sharing Issue

MODULE 6:
CYBER SECURITY : It is the practice of protecting computer, mobile, electronic device, and important data
from malicious activities. It is also known as information security or system security. It is of following types :
i. APPLICATION SECURITY => Most of the application that we use on our cellphone are secured and
work under the rule and regulation of google-play store. The app must be installed from a trust
worthy platform not from other websites as it may contain malicious data.
ii. NETWORK SECURITY => It guards an internal network against outside thread with increase
network security. Sometimes we use to utilize free Wi-fi such as Mall, college, etc.. with this
activities third party start tracking your phone over the internet so avoid using free network
because free network does not support securities.
iii. CLOUD BASED SECURITY => Cloud based data storage has become a popular option over the last
decade. It enhance privacy and saves data on cloud making it access from any device but need
connect authentication. Ex : Google Drive, Dropbox, etc..
iv. IoT SECURITY => Devices frequently run on old software leaving them vulnerable to recently
identifies security vulnerable. This is generally the result of connectivity problem.
v. MOBILE SECURITY => Mobile is a very common gadget we use daily. Everything we access is by
mobile phone, call to the client then we use mobile phone, sending money we need mobile
phone, so mobile phone comes under all security patches.
CYBER ATTACK : It is a deliberate attempt by hackers to damage, steal or gain unauthorized access to data
over the system/network. These targets individual, organization or any government body. Cyber attack is
classified into two parts :
1. WEB BASED ATTACK => We based attack is related with websites, web severs, web application,
these are common in online services like E-commerce, banking cloud platform, social networking,
etc.. There are various types of web based cyber attack.
a. SQL INJECTION => In this attack attackers inject SQL commands to manipulate or retrieve
data from the database.
b. DENIAL OF SERVICES => It is an attack which is meant to make a sever or network resource
unavailable to the users. It accomplished this by flooding the target with traffic or sending it
to Crash the server.
 c. PHISHING => Phishing is a type of attack which attempt to steal sensitive information like
password or credit card details. Ex. -> An E-mail pretending to be from your bank asking you
to click a link and enter your account details.
d. DNS SPOOFING : It is a type of computer security hacking where server to return an incorrect
IP Address.
2. SYSTEM BASED ATTACK => System based attack target devices operating system and internal
software. These attacks aims to steal data or gain control over the system. It also called “
Malware”.
a. VIRUS => It stands for Vital Information Resources Under Siege. It is a type of malicious
software program that spreads throughout the computer files without, the knowledge of
user. It is executable code attached with another executable file. Ex. Creeper Melissa , ILU.
b. WORM => It is a type of malware whose primary function is to replicate itself to spread
unaffected computers. It slows down the network, it works same as virus but a virus need a
host program to run but worms can run by themselves. Ex.-> WannaCry
c. RANSOMWARE => It encrypts files and demands payment for decryption. Ex. ->
Ransomware298.
d. KEYLOGGERS => Keyloggers records everything the user type on their computer system to
obtain passwords and other sensitive information.
e. TROJAN HORSE => Trojan Horse is a malware that carries out malicious operations under the
appearance of desired operation. It works same as DNS spoofing. It disguise itself as
legitimate software to execute malicious action. Ex. -> Tiny Banker.
f. BRUTE FORCE ATTACK => It repeatedly guessing password to gain unauthorized access.
3. HACKING => Hacking refers to the process of gaining unauthorized access to the computer system.
Hackers uses special knowledge or tool to bypass security and gain access to the information.
Hacking can be good or bad at the same time.
a. ETHICAL HACKING => It is legal and authorized hacking to test and improve the security of the
system.
b. BLACK HAT => It is another type of hacking which is illegal exploits system for personal gain.
Black hat hackers can often engage in activities like data theft, ransomware attack, etc..
c. GREY HAT => It is unauthorized hacking without any malicious intent.
d. HACTIVISM => It is another type of hacking which is used to harm government websites.
Ex. -> Defacing government websites or leaking sensitive data.
4. CRYPTOGRAPHY => It is an concept on securing E-commerce transactions by ensuring confidentiality,
integrity authentication, non-repudiation. Cryptography mainly categorized into two parts.
i. SYMMETRY KEY CRYPTOGRAPHY => In this method same key is used in encryption and
decryption of data. PLAIN TEXT ➔ CYPHER TEXT ➔ PLAIN TEXT

KEY(for encryption) KEY(for decryption)

LIMITATIONS OF CRYTOPGRAPHY :
a. It is unsecured over the network.
b. If someone steal the key they can access everything.
c. It works well when both parties trust each other and can securely share the key.
d. Exchanging the key over the internet can be tricky.
ii. ASYMMETRY KEY => In asymmetric key two types of keys are used. Public key and
private key. One key is used for encryption and other is used for decryption.
 STEPS IN ASYMMETRY KEY CRYPTOGRAPHY:
• KEY GENERATION : Public key and private key is generated for both sender and receiver.
• ENCRYPTION : The message is encrypted with receiver’s public key.
• DECRYPTION : When receiver receives the encrypted message, it decrypt by receivers private key.

5. DIGITAL SIGNATURE : The digital signature is a technique which is used to validate the authenticity
and the integrity of the message. The basic idea behind a digital signature is to sign a document.
Private key is used to create digital signature and public key is used to verify digital signature.
FEATURES OF DIGITAL SIGNATURE :
i. AUTHENTICITY : It proves that the message is from the sender.
ii. INTEGRITY : It ensures that the message has not been altered.
iii. NON-REPUDIATION : The sender cannot deny having sent the message, as it is
encrypted with private key of sender.
WORKING PRINCIPLE OF DIGITAL SIGNATURE : Public key encryption is efficient when
message size of short. If the message is long public size is short. If the message is long,
public key encryption is efficient to use. The solution of this problem is to let the
sender sign the digest(A digest, in the context of cryptography and digital signatures,
is a fixed-size, condensed representation of a message or data) instead of all
document. The sender create a short version of the document( Message Digest) and
then sign create a digest of the message. The digest is encrypted using the sender’s
private key. After the digest is encrypted them, the encrypted digest is attached to the
original message and sent to the receiver. The receiver receives the original message
and encrypted digest it separated it into two parts. Original message to create the
second digest and also decrypt the received digest by using the public key of sender. If
both the digest are same then all the security are preserved.

STEPS FOR DIGITAL SIGNATURE PROCESS :

• We create a message in the form of text, images, charts, etc..
• Hash algorithm is applied which convert the whole message into a unique code called a hash value,
just like fingerprint(Message Digest).
• The Hash value is encrypted using private key. This encrypted message is called digital signature.
• This message is sent to the receiver for decryption.
• The receiver uses public key to decrypt the signature and receiver generates a new hash value(
message digest) from the original message. If the decrypted hash matches the newly generated the
document is verified as original and unchanged.
 6. FIREWALL : A firewall is like a security guard for your computer or network. It decides what data can
enter or leave your system and blocks anything that look unsafe like hacker or viruses.
FEATURES OF FIREWALL :
i. The firewall watches all data coming into ae going on of your computer or network.
ii. It allows only safe data to pass through.
iii. It blocks suspicious data.
iv. It provides overall security.
TYPES OF FIREWALL :
a. HARDWARE FIREWALL ➔ A physical device placed between your internet
connection and your network. It filters and block threats before they reach your
device. For example : A router with built in firewall system(Sysco firewall system).
b. SOFTWARE FIREWALL ➔ A program installed on a device like PC, smartphone,
laptop, etc.. and monitors the data going in and out of that specific device. It
blocks unauthorized access and alerts you about any threats. E.g. : window’s
defender firewall, Norton, etc..
MODULE 7
CYBER CRIME ➔Cyber Crime are illegal activities carried out using computer, network or the internet. This
Crime can target individuals, government, business, etc.. and often involved stealing sensitive information
of other countries, spreading viruses, hacking, etc..
Types of cyber crime ➔
• Cyberbullying – Sending rude or harmful messages to someone online.
• Viruses – Bad software that can damage computers or steal data.
• Phishing – Fake emails or websites that try to steal passwords and bank details.
• Hacking – Entering someone’s computer without permission.
• Ransomware – A virus that locks a computer and asks for money to unlock it.
• Keylogger – A program that records what you type (like passwords).
• DDoS Attack – Overloading a website with too many visitors to make it stop working.
IT Act 2000(INDIAN CYBER LAW) ➔ The IT Act 2000 is a law made in India to keep the internet safe. It helps
stop online fraud, cyber crimes, and protects digital transactions. This law also makes sure digital records
and electronic signatures are legal and safe to use.
IMPORTANCE OF IT ACT 2000
(a) Helps India’s digital economy grow.
(b) Makes online buying and selling (e-commerce) safe.
(c) To prevent and Punishes cyber criminals.
(d) Gives legal value to digital documents and signatures.
(e) Allows special organizations (Certifying Authorities) to give digital security certificates.
(f) Punishes people who send offensive messages online.
(g) Protects personal data from being misused.
SOME IMPORTANT SECTIONS OF IT ACT 2000
1. SECTION 66 ➔ Section 66 of the IT Act 2000 punishes hacking and other cyber crimes where a
person dishonestly or fraudulently uses a computer or network.
a. Section 66A – Punishment for Sending Offensive Messages ➔ This section punished
people for sending offensive (bad/insulting) messages through emails, SMS, or social
media. It was removed (struck down) in 2015 because it was misused.
b. Section 66B – Punishment for Stolen Computer Resources ➔ If someone receives or
keeps stolen electronic data (like a stolen laptop, mobile, or software), they can be jailed
for up to 3 years or fined up to ₹1 lakh.
 c. Section 66C – Identity Theft➔ If someone steals another person’s identity (like Aadhar
details, passwords, or credit card info), they can be jailed for up to 3 years and fined up to
₹1 lakh.
d. Section 66D – Cheating by Impersonation (Fake Identity) ➔ If someone pretends to be
another person online (through fake calls, emails, or profiles) to steal money or personal
details, they can be jailed for up to 3 years and fined ₹1 lakh.
e. Section 66E – Violation of Privacy➔ If someone takes, shares, or posts private photos or
videos of another person without permission, they can be jailed for up to 3 years and
fined up to ₹2 lakh.
f. Section 69 – Government's Power to Intercept or Block Data ➔The government can
monitor, block, or decrypt (read) any information if it is necessary for national security,
public safety, or crime prevention. Example: The government can block apps or
websites if they are dangerous.
2. Section 73 – Punishment for Publishing Fake Digital Certificates➔ If someone creates or
publishes fake digital certificates, they can be jailed for up to 2 years and fined up to ₹1 lakh.
3. Section 3 – Digital Signature & Authentication ➔ This section gives legal recognition to digital
signatures (online signatures). Digital signatures are used for secure online transactions and
documents.
PUBLIC KEY INFRASTRUCTURE : It is a framework that manages digital key and certificates to provide secure
communication over network. It ensures confidentiality, integrity, authenticity and non-repudiation. It uses
asymmetry key cryptography and relied on trusted third party entities known as certificate authorities(C.A.)
to issue digital certificate.
THE STEPS IN SETTING UP AND USING A PUBLIC KEY INFRASTRUCTURE :
1. Generate Key Pair (Public & Private Keys)
Create two keys: Public Key – Shared with others for encryption.
Private Key – Kept secret by the owner for decryption.
2. Create a CSR (Certificate Signing Request) : The CSR contains:
Public Key. Organization details (name, website, country, etc.).
The CSR is digitally signed with the Private Key.
3. Submit CSR to a Certificate Authority (CA) :
The CSR is sent to a trusted CA (like DigiCert, GlobalSign, Let’s Encrypt).
The CA verifies the identity of the requester.
4. CA Issues a Digital Certificate :
If verification is successful, the CA signs the Public Key and issues a Digital
Certificate. This certificate proves the identity of the website, email, or
software.
5. Install and Distribute the Digital Certificate :
The certificate is installed on servers, websites, or email systems.
It is trusted by users and browsers for secure communication.
6. Authentication (Verifying Identity) :
When a user visits a secure website (HTTPS), the browser checks the certificate
to ensure it is valid.
7. Encryption & Decryption
Public Key encrypts (locks) data before sending.
Private Key decrypts (unlocks) data when received.
8. Digital Signatures for Data Integrity
Users can digitally sign documents/messages with their Private Key.
The receiver verifies the signature with the Public Key.
9. Certificate Renewal & Revocation
Digital certificates expire and must be renewed.
If a certificate is compromised, the CA can revoke (cancel) it.