VASAVI JNANA PEETHA EVENING COLLEGE

VIJAYANAGAR,BANGALORE-40
B.Com/BA
Subject:CYBER SECURITY
Module-4
1)What is E-Commerce?
 E-commerce is a trading of goods and services with the help of telecommunication and
internet.
 E-Commerce or Electronic Commerce means buying and selling of goods, products, or services
over the internet.
 E-commerce is also known as electronic commerce or internet commerce.
 Transaction of money, funds, and data are also considered as E-commerce.
 These business transactions can be done in four ways: Business to Business (B2B), Business to
Customer (B2C), Customer to Customer (C2C), Customer to Business (C2B).

2)Explain Main components of E-Commerce?

The components of E-Commerce are as follows:
1. User: This may be individual / organization or anybody using the e-commerce platforms.
2. E-commerce vendors: This is the organization/ entity providing the user, goods/ services.
E.g.: www.flipkart.com.E-commerce Vendors further needs to ensure following for better,
effective and efficient transaction.
− Suppliers and Supply Chain Management
− Warehouse operations
− Shipping and returns
− E-Commerce catalogue and product display
− Marketing and loyalty programs
3. Technology Infrastructure:
 This includes Server computers, apps etc.
 These are the backbone for the success of the venture.
 They store the data/program used to run the whole operation of the organization.
4. Internet/ Network:
 This is the key to success of e-commerce transactions.
 Internet connectivity is important for any e-commerce transaction to go through.
 The faster net connectivity leads to better e-commerce.
5. Web Portal:
 This shall provide the interface through which an individual/organization shall
perform e-commerce transactions.
 These web portals can be accessed through desktops/ laptops/PDA/hand- held
computing devices/ mobiles and now through smart TVs.
6. Payment Gateway:
 The payment mode through which customers shall make payments.
 Payment gateway represents the way e-commerce vendors collect their payments.
 Examples are Credit / Debit Card Payments, Online bank payments, Vendors own
payment wallet, Third Party Payment wallets, like PAYTM and Unified Payments
Interface (UPI).

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 1
3)Explain Elements of E-Commerce security?
1. Encryption:
 Encrypting data ensures that sensitive information like credit card details, personal
information, and transaction data is encoded during transmission.
 Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols are
commonly used to encrypt data.
2. Secure Payment Gateways: Using trusted and secure payment gateways ensures that financial
information is transmitted securely between the customer, merchant, and financial institutions.
3. Firewalls and Security Software:
 Implementing firewalls and up-to-date security software helps prevent unauthorized
access to the e-commerce website's network.
 This includes protection against malware, viruses, and other cyber threats.
4. Authentication and Authorization: Employing strong user authentication methods, such as
two-factor authentication (2FA), helps verify the identity of users, reducing the risk of
unauthorized access.
5. Regular Updates and Patch Management: Ensuring that the e-commerce platform and all
associated software are regularly updated with the latest security patches helps mitigate
vulnerabilities that could be exploited by attackers.
6. Data Privacy and Compliance: Adhering to data privacy regulations (such as GDPR, CCPA)
and implementing privacy policies that protect customer data is crucial. This includes proper
handling and storage of personal information.
7. Risk Assessment and Monitoring:
 Conducting regular security audits and risk assessments helps identify potential
vulnerabilities and threats.
 Continuous monitoring of systems for suspicious activities is vital to detect and
respond to any security breaches promptly.
8. Customer Education: Educating customers about safe online practices, such as creating strong
passwords, avoiding public Wi-Fi for sensitive transactions, and being cautious of phishing
attempts, can significantly enhance overall e-commerce security.
9. Physical Security Measures: Ensuring physical security of servers and data centers where
customer information is stored is essential to prevent unauthorized access to hardware and
infrastructure.
10. Backup and Disaster Recovery: Implementing robust backup and disaster recovery plans
ensures that in case of a security breach or system failure, data can be recovered without
significant loss.

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 2
4)Explain E-Commerce threats?
E-commerce platforms face various threats that can compromise security and disrupt operations. Here
are some common threats:
1. Data Breaches: These occur when sensitive customer information, such as credit card details
or personal data, is accessed or stolen by unauthorized individuals or cybercriminals.
Breaches can happen through hacking, phishing, or exploiting vulnerabilities in the system.
2. Phishing Attacks: Cybercriminals use deceptive emails, messages, or websites that mimic
legitimate sources to trick users into revealing sensitive information like login credentials,
credit card numbers, or personal details.
3. Malware and Viruses: Malicious software can infect e-commerce websites, compromising
user data, stealing information, or disrupting operations. Malware can be introduced through
infected files, links, or vulnerable software.
4. DDoS Attacks: Distributed Denial of Service attacks aim to overwhelm a website's servers
with excessive traffic, causing it to become slow or unavailable, disrupting business
operations and potentially leading to financial losses.
5. SQL Injection: Attackers exploit vulnerabilities in the website's code to insert malicious SQL
queries, allowing them to access or manipulate the database, compromising sensitive
information.
6. Man-in-the-Middle (MITM) Attacks: Hackers intercept communication between a user
and an e-commerce website to eavesdrop, steal information, or manipulate data during the
transmission.
7. Identity Theft: Cybercriminals may steal user identities from e-commerce platforms to
make fraudulent purchases, access financial accounts, or commit other forms of fraud.
8. Supply Chain Attacks: Hackers target weaknesses in the supply chain to access the e-
commerce platform, compromising the security of transactions, customer data, or the overall
system.
9. Payment Frauds: Fraudulent activities during payment transactions, such as stolen credit
card information or unauthorized transactions, pose a significant threat to e-commerce
platforms and customers.

5)Explain E-Commerce security best practices?

1. Use Secure Sockets Layer (SSL) Encryption: Encrypt data transmitted between your
website and users' browsers. This prevents interception of sensitive information like credit
card details.
2. Implement Strong Password Policies: Encourage users to create strong passwords and
use multi-factor authentication (MFA) wherever possible to add an extra layer of security.
3. Regularly Update Software and Security Patches: Keep your e-commerce platform,
plugins, and software updated to patch vulnerabilities that attackers could exploit.
4. Secure Payment Gateways: Use reputable payment gateways that comply with Payment
Card Industry Data Security Standard (PCI DSS). Avoid storing payment information on
your servers.
5. Data Encryption: Encrypt sensitive data, including customer information and payment
details, when stored in databases or during transmission.
6. Regular Security Audits and Testing: Conduct security audits and penetration testing to
identify vulnerabilities and weaknesses in your system before attackers do.
7. Implement Firewalls and DDoS Protection: Install firewalls to monitor and control
incoming and outgoing traffic. Use DDoS (Distributed Denial of Service) protection to
prevent service disruption due to attacks.
Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 3
 8. Train Employees: Educate your staff about security best practices, phishing attacks, and how
to handle sensitive information to prevent internal security breaches.
9. Privacy Policies and Compliance: Comply with data protection regulations (like GDPR,
CCPA) and clearly communicate your privacy policies to customers.
10. Monitor and Respond to Suspicious Activity: Implement monitoring systems to detect
unusual activity and respond promptly to security incidents.
11. Backup Data Regularly: Keep regular backups of your e-commerce data to ensure you can
recover in case of a security breach or data loss.
12. Limit Access to Data: Restrict access to sensitive data. Only grant access to those who need
it for their specific roles.

6)What are the advantages of Advantage of e-commerce?

 Reduced overhead costs:
 No need for a physical storefront
 Ability to reach a broader audience
 Scalability
 Track logistics
 Save time
 Save money
 Available 24/7
 Easy to buying
 Easy to selling
 Online payment system

7)Explain Survey of popular e-commerce sites?

1. Amazon: One of the largest online retailers, offering a wide range of products from
electronics to books to household items.
2. eBay: Known for its auction-style selling and a vast array of products, including both
new and used items.
3. Alibaba: A Chinese e-commerce company specializing in wholesale trading between
businesses and consumers.
4. Walmart: A major retailer with a strong online presence, selling a variety of products
similar to its physical stores.
5. Etsy: Focused on handmade, vintage, and unique goods, often catering to niche markets
and creative products.
6. Target: Similar to Walmart, Target offers a diverse range of products and has a
significant online presence.
7. Best Buy: Specializes in electronics, offering a wide selection of tech-related products.
8. Zappos: A popular online shoe and clothing retailer known for its customer service and
wide selection.
9. ASOS: Primarily focused on fashion and beauty products, targeting a younger audience
with trendy items.
10. Rakuten: A diverse marketplace offering various products and services, often providing
cashback rewards for purchases.

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 4
8)Explain Introduction to Digital Payments?
 Digital payments are payments done through digital or online modes, with no exchange of hard
cash being involved. 
 Such a payment, sometimes also called an electronic payment (e-payment),
 It is the transfer of value from one payment account to another where both the payer and
the payee use a digital device such as a mobile phone, computer, or a credit, debit, or prepaid
card.
 The payer and payee could be either a business or an individual. 
 This means that for digital payments to take place, the payer and payee both must have a bank
account, an online banking method, a device from which they can make the payment,
 a medium of transmission, meaning that either they should have signed up to a payment
provider or an intermediary such as a bank or a service provider.

9)Explain Components of Digital Payment and Stake holders?

 Digital payments involve several components and stakeholders that collectively facilitate the
transfer of money or transactions through electronic means.
 Here are the key components and stakeholders:
 Components:
1. Payment Gateway:
 It's the technology that authorizes and facilitates transactions by connecting
merchants, banks, and customers.
 It encrypts sensitive information and ensures secure transfer.
2. Payment Processor:
 Responsible for managing the transaction process by transmitting data between
the merchant's bank and the customer's bank.
 It verifies transaction details and ensures funds are transferred.
3. Mobile Wallets:
 Apps or platforms that store payment information, allowing users to make
transactions through their smartphones.
 Examples include Apple Pay, Google Pay, and PayPal.
4. Digital Currencies/Cryptocurrencies: These decentralized forms of currency (like
Bitcoin or Ethereum) facilitate peer-to-peer transactions through blockchain technology.
5. Near Field Communication (NFC): Technology that enables contactless payments by
allowing devices to communicate when in close proximity.
6. QR Codes: Scannable codes that store payment information, enabling easy transactions by
simply scanning the code.

 Stakeholders:
1. Customers/Users: Individuals or entities making payments or transactions using digital
payment methods.
2. Merchants/Retailers: Businesses or individuals selling goods or services and accepting
digital payments from customers.
3. Financial Institutions: Banks, credit unions, and other financial entities that provide the
infrastructure and accounts necessary for digital transactions.
4. Payment Service Providers (PSPs): Companies that offer services facilitating digital
payments for merchants, such as Stripe, Square, or Adyen.
5. Regulatory Bodies/Government Agencies: Entities responsible for creating and

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 5
 enforcing rules, regulations, and standards for digital payments to ensure security and
fairness.
6. Technology Providers: Companies developing and maintaining the technology and
software necessary for secure digital payment systems, including hardware manufacturers
and software developers.
7. Security Firms: Organizations specializing in ensuring the security of digital payment
systems by providing encryption, fraud detection, and cybersecurity services.

10)Explain Modes of digital payments?

1. Banking cards:
 Cards are among the most widely used payment methods and come with various
features and benefits such as security of payments, convenience, etc.
 The main advantage of debit/credit or prepaid banking cards is that they can be used
to make other types of digital payments.
 For example, customers can store card information in digital payment apps or
mobile wallets to make a cashless payment. Some of the most reputed and well-known
card payment systems are Visa, Rupay and MasterCard, among others. Banking cards
can be used for online purchases, in digital payment apps, PoS machines, online
transactions, etc.
2. Unified Payment Interface (UPI):
 UPI is a payment system that culminates numerous bank accounts into a single
application, allowing the transfer of money easily between any two parties.
 As compared to NEFT, RTGS, and IMPS, UPI is far more well-defined and
standardized across banks.
 You can use UPI to initiate a bank transfer from anywhere in just a few clicks.
3. e-Wallets:
 Electronic wallets or e-wallets store financial information and allow users to make
online transactions quickly.
 E-wallet is a type of pre-paid account in which a user can store his/her money for
any future online transaction.
 An E-wallet is protected with a password. With the help of an E-wallet, one can make
payments for groceries, online purchases, and flight tickets, among others. E-wallet
has mainly two components, software and information.
 The software component stores personal information and provides security and
encryption of the data.
 The information component is a database of details provided by the user which
includes their name, shipping address, payment method, amount to be paid, credit or
debit card details, etc. Services like PayPal, Google Pay, Apple Pay, and Paytm fall
under this category.
4. Unstructured Supplementary Service Data (USSD):
 USSD technology enables mobile banking services through basic phones, allowing
users to access banking services by dialing a shortcode.
 This method doesn't require internet connectivity and is particularly beneficial in
regions with limited internet access.
 USSD was launched for those sections of India’s population which don’t have
access to proper banking and internet facilities.
 Under USSD, mobile banking transactions are possible without an internet connection

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 6
 by simply dialing *99# on any essential feature phone.
 This number is operational across all Telecom Service Providers (TSPs) and allows
customers to avail of services including interbank account to account fund transfer,
balance inquiry, and availing mini statements. Around 51 leading banks offer USSD
service in 12 different languages, including Hindi & English.
5. Aadhar enabled payments system (AEPS):
 AEPS is a bank-led model for digital payments that was initiated to leverage the
presence and reach of Aadhar.
 Under this system, customers can use their Aadhaar-linked accounts to transfer money
between two Aadhaar linked Bank Accounts.
 As of February 2020, AEPS had crossed more than 205 million as per NPCI data.
 AEPS doesn’t require any physical activity like visiting a branch, using debit or credit cards or
making a signature on a document.
 This bank-led model allows digital payments at PoS (Point of Sale / Micro ATM) via a Business
Correspondent (also known as Bank Mitra) using Aadhaar authentication.

11)Explain Digital Payments Related Common Frauds and Preventive Measures?

1. Phishing
 Phishing scams are fake messages, emails, or websites that trick people into providing
their personal information, such as login credentials, credit card details, or social security
numbers. These scammers then use this information to access victims’ accounts and steal
their funds.
 Preventive Measures:
− Verify website URLs before entering any personal information.
− Never share personal or financial details via email or unsecured websites.
− Enable two-factor authentication for added security.
2. Identity Theft
 Identity theft occurs when a fraudster steals someone’s personal information, such as
their name, address, or social security number, and uses it for fraudulent activities, such
as opening a new credit card or mobile payment account.
 Preventive Measures:
− Use strong, unique passwords for each financial account.
− Regularly monitor your credit report for any suspicious activities.
− Be cautious while sharing personal information online.
3. Account Takeover
 In an account takeover, a fraudster gains access to a user’s digital payment account by
stealing their login credentials or obtaining their personal information using phishing
scams. The attacker then uses the account to make unauthorized transactions and
transfer funds.
 Preventive Measures:
− Use strong, unique passwords and change them regularly.
− Enable account alerts for any unusual activity.
− Consider using biometric authentication if available.
4. Card Skimming
 Card skimming involves the illegal copying of a user’s credit or debit card information
using a skimming device when the card is swiped for payment. The scammers then use
the copied information to make fraudulent transactions.

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 7
  Preventive Measures:
− Check for tampering on card readers before using them.
− Use contactless payment methods where possible.
− Regularly monitor your account statements for any unauthorized charges.
5. Malware and Spyware:
 Malicious software designed to steal financial information from devices.
 Preventive Measures:
− Install and regularly update antivirus and anti-malware software.
− Avoid clicking on suspicious links or downloading unknown attachments.
− Keep your device's operating system and apps up to date.
6. Unauthorized Transactions:
 Transactions made without the account holder's knowledge or consent.
 Preventive Measures:
− Regularly check account statements for any unfamiliar transactions.
− Enable transaction notifications or alerts for your accounts.
− Report any unauthorized transactions to your bank or payment provider
immediately.
7. Social Engineering Attacks:
 Manipulating individuals to reveal confidential information.
 Preventive Measures:
− Be cautious of unsolicited calls or messages asking for personal information.
− Verify the identity of the person or organization before sharing any details.
− Educate yourself and your family about common social engineering tactics.

12)Explain RBI guidelines on digital payments and customer protection in unauthorized

banking transactions?
 The Reserve Bank of India (RBI) has put forth various guidelines regarding digital payments and
customer protection, particularly concerning unauthorized banking transactions.
 Here are some key aspects:
 Digital Payments:
1. Security Measures: RBI mandates that banks and financial institutions implement robust
security measures to safeguard digital transactions. This includes two-factor authentication,
encryption, and other security protocols.
2. Customer Awareness: Banks are required to educate customers about safe digital practices,
potential risks, and methods to secure their transactions. This could be through notifications,
SMS alerts, or educational campaigns.
3. Fraud Monitoring: Regular monitoring of transactions for any suspicious activity or
patterns to prevent fraudulent transactions is mandatory.
4. Prompt Redressal: There are provisions for customers to report unauthorized transactions
promptly. Upon receiving such reports, banks are obligated to investigate and resolve
complaints within a specific timeline.
 Customer Protection in Unauthorized Transactions:
1. Limited Liability of Customers: In cases of unauthorized transactions, if the customer
reports the transaction within a stipulated time frame, the customer's liability is limited. The
liability shift is from the customer to the bank, subject to certain conditions and
documentation.
2. Timely Reporting: Customers are encouraged to report unauthorized transactions or any

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 8
 suspicious activity as soon as possible to minimize their liability.
3. Dispute Resolution: There is a defined process for dispute resolution between the
customer and the bank regarding unauthorized transactions.
4. Reversal of Transactions: The RBI mandates that banks have to ensure prompt reversal of
any unauthorized transaction within a specified time frame once it is reported by the
customer.

13)Explain Relevant provisions of Payment Settlement Act,2007?

 The Payment and Settlement Systems Act, 2007 is an Indian legislation that provides the
regulatory framework for payment systems in India. Here are some of the relevant provisions:

1. Regulation of Payment Systems: The Act establishes the Reserve Bank of India
(RBI) as the regulatory authority for payment systems in India. It aims to ensure the
stability, efficiency, and integrity of payment systems.
2. Designation of Payment Systems: The RBI has the authority to designate systems
for the purpose of the Act, allowing it to regulate and supervise various payment
systems in the country.
3. Licensing of Payment System Operators: The Act outlines provisions for the
licensing and regulation of payment system operators, ensuring that entities involved in
payment systems meet certain criteria and adhere to specified norms.
4. Oversight and Monitoring: The RBI is empowered to oversee and monitor payment
systems to ensure their smooth functioning, stability, and compliance with regulations.
5. Settlement Finality: The Act provides for settlement finality, meaning that once a
settlement in a payment system is deemed final, it cannot be revoked or reversed, except
in certain specified circumstances.
6. Establishment of Payment System Board: The Act establishes a Payment System
Board within the RBI to regulate and supervise payment systems more effectively.
7. Penalties and Enforcement: Provisions for penalties and enforcement mechanisms
are outlined in the Act to ensure compliance with its provisions and regulations set by
the RBI.

Yogesha S N
Asst Prof in Computer Science
Vasavi Jnana Peetha Evening College Page 9