Module-4

1) What is E-Commerce?
 E-commerce is a trading of goods and services with the help of telecommunication and
internet.
 E-Commerce or Electronic Commerce means buying and selling of goods, products, or
services over the internet.
 E-commerce is also known as electronic commerce or internet commerce.
 Transaction of money, funds, and data are also considered as E-commerce.
 These business transactions can be done in four ways: Business to Business (B2B), Business
to Customer (B2C), Customer to Customer (C2C), Customer to Business (C2B).

2) Explain Main components of E-Commerce?

The components of E-Commerce are as follows:
1. User: This may be individual / organization or anybody using the e-commerce platforms.
2. E-commerce vendors: This is the organization/ entity providing the user, goods/
services. E.g.: www.flipkart.com.E-commerce Vendors further needs to ensure following
for better, effective and efficient transaction.
− Suppliers and Supply Chain Management
− Warehouse operations
− Shipping and returns
− E-Commerce catalogue and product display
− Marketing and loyalty programs
3. Technology Infrastructure:
 This includes Server computers, apps etc.
 These are the backbone for the success of the venture.
 They store the data/program used to run the whole operation of the organization.
4. Internet/ Network:
 This is the key to success of e-commerce transactions.
 Internet connectivity is important for any e-commerce transaction to go through.
 The faster net connectivity leads to better e-commerce.
5. Web Portal:
 This shall provide the interface through which an individual/organization
shall perform e-commerce transactions.
 These web portals can be accessed through desktops/ laptops/PDA/hand-
held computing devices/ mobiles and now through smart TVs.
6. Payment Gateway:
 The payment mode through which customers shall make payments.
 Payment gateway represents the way e-commerce vendors collect their payments.
 Examples are Credit / Debit Card Payments, Online bank payments, Vendors own
payment wallet, Third Party Payment wallets, like PAYTM and Unified
Payments Interface (UPI).

Page 1
3) Explain Elements of E-Commerce security?
1. Encryption:
 Encrypting data ensures that sensitive information like credit card details,
personal information, and transaction data is encoded during transmission.
 Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols
are commonly used to encrypt data.
2. Secure Payment Gateways: Using trusted and secure payment gateways ensures that
financial information is transmitted securely between the customer, merchant, and financial
institutions.
3. Firewalls and Security Software:
 Implementing firewalls and up-to-date security software helps prevent
unauthorized access to the e-commerce website's network.
 This includes protection against malware, viruses, and other cyber threats.
4. Authentication and Authorization: Employing strong user authentication methods, such
as two-factor authentication (2FA), helps verify the identity of users, reducing the risk of
unauthorized access.
5. Regular Updates and Patch Management: Ensuring that the e-commerce platform and
all associated software are regularly updated with the latest security patches helps mitigate
vulnerabilities that could be exploited by attackers.
6. Data Privacy and Compliance: Adhering to data privacy regulations (such as GDPR,
CCPA) and implementing privacy policies that protect customer data is crucial. This
includes proper handling and storage of personal information.
7. Risk Assessment and Monitoring:
 Conducting regular security audits and risk assessments helps identify
potential vulnerabilities and threats.
 Continuous monitoring of systems for suspicious activities is vital to detect
and respond to any security breaches promptly.
8. Customer Education: Educating customers about safe online practices, such as creating
strong passwords, avoiding public Wi-Fi for sensitive transactions, and being cautious of
phishing attempts, can significantly enhance overall e-commerce security.
9. Physical Security Measures: Ensuring physical security of servers and data centers where
customer information is stored is essential to prevent unauthorized access to hardware and
infrastructure.
10. Backup and Disaster Recovery: Implementing robust backup and disaster recovery plans
ensures that in case of a security breach or system failure, data can be recovered without
significant loss.

Page 2
4) Explain E-Commerce threats?
E-commerce platforms face various threats that can compromise security and disrupt operations.
Here are some common threats:
1. Data Breaches: These occur when sensitive customer information, such as credit card
details or personal data, is accessed or stolen by unauthorized individuals or
cybercriminals. Breaches can happen through hacking, phishing, or exploiting
vulnerabilities in the system.
2. Phishing Attacks: Cybercriminals use deceptive emails, messages, or websites that
mimic legitimate sources to trick users into revealing sensitive information like login
credentials, credit card numbers, or personal details.
3. Malware and Viruses: Malicious software can infect e-commerce websites,
compromising user data, stealing information, or disrupting operations. Malware can be
introduced through infected files, links, or vulnerable software.
4. DDoS Attacks: Distributed Denial of Service attacks aim to overwhelm a website's
servers with excessive traffic, causing it to become slow or unavailable, disrupting
business operations and potentially leading to financial losses.
5.SQL Injection: Attackers exploit vulnerabilities in the website's code to insert malicious
SQL queries, allowing them to access or manipulate the database, compromising
sensitive information.
6.Man-in-the-Middle (MITM) Attacks: Hackers intercept communication between a
user and an e-commerce website to eavesdrop, steal information, or manipulate data
during the transmission.
7.Identity Theft: Cybercriminals may steal user identities from e-commerce platforms to
make fraudulent purchases, access financial accounts, or commit other forms of fraud.
8.Supply Chain Attacks: Hackers target weaknesses in the supply chain to access the e-
commerce platform, compromising the security of transactions, customer data, or the
overall system.
9. Payment Frauds: Fraudulent activities during payment transactions, such as stolen
credit card information or unauthorized transactions, pose a significant threat to e-
commerce platforms and customers.

5) Explain E-Commerce security best practices?

1. Use Secure Sockets Layer (SSL) Encryption: Encrypt data transmitted between your
website and users' browsers. This prevents interception of sensitive information like
credit card details.
2. Implement Strong Password Policies: Encourage users to create strong passwords
and use multi-factor authentication (MFA) wherever possible to add an extra layer of
security.
3. Regularly Update Software and Security Patches: Keep your e-commerce platform,
plugins, and software updated to patch vulnerabilities that attackers could exploit.
4. Secure Payment Gateways: Use reputable payment gateways that comply with
Payment Card Industry Data Security Standard (PCI DSS). Avoid storing payment
information on your servers.
5. Data Encryption: Encrypt sensitive data, including customer information and payment
details, when stored in databases or during transmission.
6. Regular Security Audits and Testing: Conduct security audits and penetration testing
to identify vulnerabilities and weaknesses in your system before attackers do.

Page 3
7. Implement Firewalls and DDoS Protection: Install firewalls to monitor and control
incoming and outgoing traffic. Use DDoS (Distributed Denial of Service) protection to
prevent service disruption due to attacks.

Page 4
 8. Train Employees: Educate your staff about security best practices, phishing attacks, and
how to handle sensitive information to prevent internal security breaches.
9. Privacy Policies and Compliance: Comply with data protection regulations (like
GDPR, CCPA) and clearly communicate your privacy policies to customers.
10. Monitor and Respond to Suspicious Activity: Implement monitoring systems to
detect unusual activity and respond promptly to security incidents.
11. Backup Data Regularly: Keep regular backups of your e-commerce data to ensure
you can recover in case of a security breach or data loss.
12. Limit Access to Data: Restrict access to sensitive data. Only grant access to those who
need it for their specific roles.

6) What are the advantages of Advantage of e-commerce?

 Reduced overhead costs:
 No need for a physical storefront
 Ability to reach a broader audience
 Scalability
 Track logistics
 Save time
 Save money
 Available 24/7
 Easy to buying
 Easy to selling
 Online payment system

7) Explain Survey of popular e-commerce sites?

1. Amazon: One of the largest online retailers, offering a wide range of products
from electronics to books to household items.
2. eBay: Known for its auction-style selling and a vast array of products, including
both new and used items.
3. Alibaba: A Chinese e-commerce company specializing in wholesale trading
between businesses and consumers.
4. Walmart: A major retailer with a strong online presence, selling a variety of
products similar to its physical stores.
5. Etsy: Focused on handmade, vintage, and unique goods, often catering to niche
markets and creative products.
6. Target: Similar to Walmart, Target offers a diverse range of products and has a
significant online presence.
7. Best Buy: Specializes in electronics, offering a wide selection of tech-related products.
8. Zappos: A popular online shoe and clothing retailer known for its customer service
and wide selection.
9. ASOS: Primarily focused on fashion and beauty products, targeting a younger
audience with trendy items.
10. Rakuten: A diverse marketplace offering various products and services, often
providing cashback rewards for purchases.

Page 5
8) Explain Introduction to Digital Payments?
 Digital payments are payments done through digital or online modes, with no exchange of
hard cash being involved.
 Such a payment, sometimes also called an electronic payment (e-payment),
 It is the transfer of value from one payment account to another where both the payer and
the payee use a digital device such as a mobile phone, computer, or a credit, debit, or
prepaid card.
 The payer and payee could be either a business or an individual.
 This means that for digital payments to take place, the payer and payee both must have a
bank account, an online banking method, a device from which they can make the payment,
 a medium of transmission, meaning that either they should have signed up to a payment
provider or an intermediary such as a bank or a service provider.

9) Explain Components of Digital Payment and Stake holders?

 Digital payments involve several components and stakeholders that collectively facilitate
the transfer of money or transactions through electronic means.
 Here are the key components and stakeholders:
 Components:
1.Payment Gateway:
 It's the technology that authorizes and facilitates transactions by
connecting merchants, banks, and customers.
 It encrypts sensitive information and ensures secure transfer.
2.Payment Processor:
 Responsible for managing the transaction process by transmitting data
between the merchant's bank and the customer's bank.
 It verifies transaction details and ensures funds are transferred.
3.Mobile Wallets:
 Apps or platforms that store payment information, allowing users to
make transactions through their smartphones.
 Examples include Apple Pay, Google Pay, and PayPal.
4.Digital Currencies/Cryptocurrencies: These decentralized forms of currency (like
Bitcoin or Ethereum) facilitate peer-to-peer transactions through blockchain
technology.
5.Near Field Communication (NFC): Technology that enables contactless payments
by allowing devices to communicate when in close proximity.
6.QR Codes: Scannable codes that store payment information, enabling easy transactions
by simply scanning the code.

 Stakeholders:
1. Customers/Users: Individuals or entities making payments or transactions using
digital payment methods.
2. Merchants/Retailers: Businesses or individuals selling goods or services and
accepting digital payments from customers.
3. Financial Institutions: Banks, credit unions, and other financial entities that provide
the infrastructure and accounts necessary for digital transactions.
4. Payment Service Providers (PSPs): Companies that offer services facilitating digital
payments for merchants, such as Stripe, Square, or Adyen.
5. Regulatory Bodies/Government Agencies: Entities responsible for creating and

Page 6
 enforcing rules, regulations, and standards for digital payments to ensure security and
fairness.
6. Technology Providers: Companies developing and maintaining the technology and
software necessary for secure digital payment systems, including hardware
manufacturers and software developers.
7. Security Firms: Organizations specializing in ensuring the security of digital payment
systems by providing encryption, fraud detection, and cybersecurity services.

10) Explain Modes of digital payments?

1. Banking cards:
 Cards are among the most widely used payment methods and come with various
features and benefits such as security of payments, convenience, etc.
 The main advantage of debit/credit or prepaid banking cards is that they can be used
to make other types of digital payments.
 For example, customers can store card information in digital payment apps or
mobile wallets to make a cashless payment. Some of the most reputed and well-
known card payment systems are Visa, Rupay and MasterCard, among others.
Banking cards can be used for online purchases, in digital payment apps, PoS
machines, online transactions, etc.
2. Unified Payment Interface (UPI):
 UPI is a payment system that culminates numerous bank accounts into a single
application, allowing the transfer of money easily between any two parties.
 As compared to NEFT, RTGS, and IMPS, UPI is far more well-defined and
standardized across banks.
 You can use UPI to initiate a bank transfer from anywhere in just a few clicks.
3. e-Wallets:
 Electronic wallets or e-wallets store financial information and allow users to make
online transactions quickly.
 E-wallet is a type of pre-paid account in which a user can store his/her money for
any future online transaction.
 An E-wallet is protected with a password. With the help of an E-wallet, one can
make payments for groceries, online purchases, and flight tickets, among others. E-
wallet has mainly two components, software and information.
 The software component stores personal information and provides security and
encryption of the data.
 The information component is a database of details provided by the user which
includes their name, shipping address, payment method, amount to be paid, credit or
debit card details, etc. Services like PayPal, Google Pay, Apple Pay, and Paytm fall
under this category.
4. Unstructured Supplementary Service Data (USSD):
 USSD technology enables mobile banking services through basic phones, allowing
users to access banking services by dialing a shortcode.
 This method doesn't require internet connectivity and is particularly beneficial in
regions with limited internet access.
 USSD was launched for those sections of India’s population which don’t have
access to proper banking and internet facilities.
 Under USSD, mobile banking transactions are possible without an internet connection

Page 7
 by simply dialing *99# on any essential feature phone.
 This number is operational across all Telecom Service Providers (TSPs) and allows
customers to avail of services including interbank account to account fund transfer,
balance inquiry, and availing mini statements. Around 51 leading banks offer USSD
service in 12 different languages, including Hindi & English.
5. Aadhar enabled payments system (AEPS):
 AEPS is a bank-led model for digital payments that was initiated to leverage the
presence and reach of Aadhar.
 Under this system, customers can use their Aadhaar-linked accounts to transfer
money between two Aadhaar linked Bank Accounts.
 As of February 2020, AEPS had crossed more than 205 million as per NPCI data.
 AEPS doesn’t require any physical activity like visiting a branch, using debit or credit cards
or making a signature on a document.
 This bank-led model allows digital payments at PoS (Point of Sale / Micro ATM) via a
Business Correspondent (also known as Bank Mitra) using Aadhaar authentication.

11) Explain Digital Payments Related Common Frauds and Preventive Measures?
1. Phishing
 Phishing scams are fake messages, emails, or websites that trick people into
providing their personal information, such as login credentials, credit card details, or
social security numbers. These scammers then use this information to access victims’
accounts and steal their funds.
 Preventive Measures:
− Verify website URLs before entering any personal information.
− Never share personal or financial details via email or unsecured websites.
− Enable two-factor authentication for added security.
2. Identity Theft
 Identity theft occurs when a fraudster steals someone’s personal information, such
as their name, address, or social security number, and uses it for fraudulent activities,
such as opening a new credit card or mobile payment account.
 Preventive Measures:
− Use strong, unique passwords for each financial account.
− Regularly monitor your credit report for any suspicious activities.
− Be cautious while sharing personal information online.
3. Account Takeover
 In an account takeover, a fraudster gains access to a user’s digital payment account
by stealing their login credentials or obtaining their personal information using
phishing scams. The attacker then uses the account to make unauthorized
transactions and transfer funds.
 Preventive Measures:
− Use strong, unique passwords and change them regularly.
− Enable account alerts for any unusual activity.
− Consider using biometric authentication if available.
4.Card Skimming
 Card skimming involves the illegal copying of a user’s credit or debit card
information using a skimming device when the card is swiped for payment. The
scammers then use the copied information to make fraudulent transactions.

Page 8
  Preventive Measures:
− Check for tampering on card readers before using them.
− Use contactless payment methods where possible.
− Regularly monitor your account statements for any unauthorized charges.
5. Malware and Spyware:
 Malicious software designed to steal financial information from devices.
 Preventive Measures:
− Install and regularly update antivirus and anti-malware software.
− Avoid clicking on suspicious links or downloading unknown attachments.
− Keep your device's operating system and apps up to date.
6. Unauthorized Transactions:
 Transactions made without the account holder's knowledge or consent.
 Preventive Measures:
− Regularly check account statements for any unfamiliar transactions.
− Enable transaction notifications or alerts for your accounts.
− Report any unauthorized transactions to your bank or payment provider
immediately.
7. Social Engineering Attacks:
 Manipulating individuals to reveal confidential information.
 Preventive Measures:
− Be cautious of unsolicited calls or messages asking for personal information.
− Verify the identity of the person or organization before sharing any details.
− Educate yourself and your family about common social engineering tactics.

12) Explain RBI guidelines on digital payments and customer protection in

unauthorized banking transactions?
 The Reserve Bank of India (RBI) has put forth various guidelines regarding digital payments and
customer protection, particularly concerning unauthorized banking transactions.
 Here are some key aspects:
 Digital Payments:
1.Security Measures: RBI mandates that banks and financial institutions implement
robust security measures to safeguard digital transactions. This includes two-factor
authentication, encryption, and other security protocols.
2.Customer Awareness: Banks are required to educate customers about safe digital
practices, potential risks, and methods to secure their transactions. This could be through
notifications, SMS alerts, or educational campaigns.
3.Fraud Monitoring: Regular monitoring of transactions for any suspicious activity or
patterns to prevent fraudulent transactions is mandatory.
4.Prompt Redressal: There are provisions for customers to report unauthorized
transactions promptly. Upon receiving such reports, banks are obligated to investigate
and resolve complaints within a specific timeline.
 Customer Protection in Unauthorized Transactions:
1.Limited Liability of Customers: In cases of unauthorized transactions, if the customer
reports the transaction within a stipulated time frame, the customer's liability is limited.
The liability shift is from the customer to the bank, subject to certain conditions and
documentation.
2. Timely Reporting: Customers are encouraged to report unauthorized transactions or any

Page 9
 suspicious activity as soon as possible to minimize their liability.
3.Dispute Resolution: There is a defined process for dispute resolution between the
customer and the bank regarding unauthorized transactions.
4.Reversal of Transactions: The RBI mandates that banks have to ensure prompt reversal
of any unauthorized transaction within a specified time frame once it is reported by the
customer.

13) Explain Relevant provisions of Payment Settlement Act,2007?

 The Payment and Settlement Systems Act, 2007 is an Indian legislation that provides the
regulatory framework for payment systems in India. Here are some of the relevant
provisions:

1. Regulation of Payment Systems: The Act establishes the Reserve Bank of India
(RBI) as the regulatory authority for payment systems in India. It aims to ensure
the stability, efficiency, and integrity of payment systems.
2. Designation of Payment Systems: The RBI has the authority to designate systems
for the purpose of the Act, allowing it to regulate and supervise various payment
systems in the country.
3. Licensing of Payment System Operators: The Act outlines provisions for the
licensing and regulation of payment system operators, ensuring that entities involved
in payment systems meet certain criteria and adhere to specified norms.
4. Oversight and Monitoring: The RBI is empowered to oversee and monitor
payment systems to ensure their smooth functioning, stability, and compliance with
regulations.
5. Settlement Finality: The Act provides for settlement finality, meaning that once a
settlement in a payment system is deemed final, it cannot be revoked or reversed,
except in certain specified circumstances.
6. Establishment of Payment System Board: The Act establishes a Payment
System Board within the RBI to regulate and supervise payment systems more
effectively.
7. Penalties and Enforcement: Provisions for penalties and enforcement
mechanisms are outlined in the Act to ensure compliance with its provisions and
regulations set by the RBI.

Page
10