UNIT IV: E – Commerce

1.0 E – Commerce Definition

Electronic Commerce (E-commerce) is a business model encompassing purchasing and selling
goods and services over the Internet. It includes transactions conducted by companies and
individual sellers and buyers.
 E-commerce operates in several market segments including business-to-business, business-
to-consumer, consumer-to-consumer, and consumer-to-business.
 E-commerce has helped businesses (especially small businesses) gain access to and establish a wider
market presence by providing cheaper and more efficient distribution channels for their products or
services.
1.1 Advantages and Disadvantages of E-commerce

Pros

 Owners can generate revenue semi-passively.

 Consumers can easily browse for specific products.
 There is greater earning potential as there are no limitations on physical location, as long as
you can ship there.
 Reduced costs, assuming digital presence costs less than building, insurance, taxes, and
repairs.
 Greater marketing control, including data extraction from customers, targeted ads, and pop-
up placement.

Cons

 Limited customer service opportunities due to lack of face-to-face interaction

 Delayed gratification as customers need to trust the product before seeing it in person
 Customers can't physically interact with products until delivery
 Loss of revenue when websites experience downtime
 Heavily reliant on shipping, which may have constraints

2.0 Components of E-Commerce

Key components of e-commerce are as follows:

1|Page
 1. Website or Online Store: The foundation of e-commerce is the online platform where
products or services are displayed, and customers can browse, search, and make
purchases.
2. Product Catalog: This is a digital representation of the products or services available for
purchase. It includes product images, descriptions, prices, and other relevant information
to help customers make informed buying decisions.
3. Shopping Cart: An essential feature of e-commerce websites, the shopping cart allows
customers to add products they want to purchase. It keeps track of selected items and
their quantities until the customer is ready to check out.
4. Checkout and Payment Processing: The checkout process involves finalizing the
purchase. Customers provide their shipping information, select a payment method, and
enter payment details. Payment processing systems securely handle transactions, ensuring
the safety of customer data.
5. Payment Gateway: This is the technology that connects the e-commerce website to the
financial networks to process payments. It encrypts sensitive payment information to
ensure secure transactions.
6. Security Measures: E-commerce platforms must implement robust security measures to
protect customer data, including SSL certificates for secure connections, encryption for
sensitive data, and measures to prevent hacking and data breaches.
7. Inventory Management: Effective inventory management ensures that products are
available when customers want to buy them. It involves tracking stock levels, restocking,
and managing product variants.
8. Shipping and Fulfillment: This component handles the logistics of getting products
from the seller to the buyer. It includes options for shipping methods, tracking orders, and
generating shipping labels.
9. Customer Accounts: Creating accounts allows customers to store their information for
future purchases, track order history, save favorite items, and manage their personal
details.
10. Customer Support: E-commerce businesses need to provide customer support to assist
with inquiries, resolve issues, and address concerns.

2|Page
 11. Reviews and Ratings: Customer feedback in the form of reviews and ratings adds
credibility to products and helps other shoppers make purchasing decisions.
12. Marketing and Promotion: E-commerce businesses use various digital marketing
strategies like SEO, social media, email marketing, and online advertising to attract
customers to their websites and promote their products.
13. Analytics and Reporting: Monitoring and analyzing data related to website traffic,
customer behavior, sales, and other metrics helps businesses understand their
performance and make informed decisions.
14. Mobile Optimization: As mobile usage continues to grow, ensuring that the e-commerce
platform is responsive and optimized for mobile devices is crucial.
15. Returns and Refunds: Providing clear policies and processes for returns, exchanges, and
refunds contributes to a positive customer experience.
16. Legal and Compliance: E-commerce businesses need to adhere to various legal and
regulatory requirements related to data protection, privacy, taxation, etc.

3.0 Elements of Ecommerce security

 Confidentiality
 Integrity
 Availability
 Authenticity
 Non-Repudiability
 Encryption − Information should be encrypted and decrypted only by an authorized user.
 Auditability − Data should be recorded in a manner that allows for auditing to ensure
integrity requirements are met.
3.1 Measures to ensure Security
 Encryption − Encrypting data is an effective way to secure information sent over a network.
The sender uses a secret code; only the specified receiver can decrypt the information using
the same or a different code.
 Digital Signature − Digital signatures are crucial for verifying the authenticity and integrity
of information through encryption and a password.
 Security Certificates − A security certificate is a unique digital ID used to verify the identity
of an individual website or user.

3|Page
3.2 Advantages of E-Commerce Security
 E-commerce security involves protocols designed for online platforms to securely process
electronic transactions, ensuring the safety of buying and selling over the Internet.
 The absence of e-commerce security can lead to the loss of banking credentials, the leak of
private information, phishing attacks, money theft, and credit card fraud.
 E-commerce security ensures the safe processing and transfer of electronic funds.

4.0 E-Commerce Threats

Tax Evasion: In E-commerce shopping, online transactions take place due to which funds get
transferred electronically making it tough for IRS to count the transactions properly leading to
high chances of tax evasions.
Payment conflict: Payment conflicts can arise between users and the E-commerce platforms.
These electronic funds transferring systems might process extra transactions from the users
Financial fraud: During online transactions, a pin or password is required for authentication to
prevent unauthorized access. However, attackers can use spyware and viruses to carry out
unauthorized transactions, leading to financial fraud.
E-wallets: E-wallets are now an essential part of E-commerce platforms. Attack on E-wallets
can lead to the leak of the sensitive banking credentials of the users which can be used by the
attackers for their own profit.
Phishing: Attackers send emails and messages containing a malicious link. When opened,
malware downloads in the background, giving attackers control over users' financial information.
They also create fake websites to deceive users into entering their financial credentials.
SQL injections: Attackers use SQL injections to manipulate databases by inserting malicious
code containing malware. They then search for targeted queries and extract sensitive
information.
Cross-site scripting (XSS): Hackers target the website of E-commerce companies by entering
malicious code into their codebase to gain complete control of the site and track user activity.
Trojans: Attackers create deceptive software that seems useful at first but installs malicious
programs upon download. These programs gather personal data and may lead to data leaks.
Brute force attacks: Hackers draw patterns and use random methods to crack into someone
else’s account as an unauthorized user. Hackers use algorithms to gain unauthorized account
access.

4|Page
Bots: The hackers use numerous bots on E-commerce websites to track competitors' rankings
and user purchasing behavior, aiming to scrape sales and revenue data, potentially leading to
decreased website rankings, lower prices, and reduced sales revenue.
DDoS attacks: Distributed Denial of Service (DDoS) attacks are most commonly used by
hackers to not allow original legitimate users to access and buy and sell products from the E-
commerce platforms. Hackers use a large number of computers to flood the number of requests
to the server so that at one time the server crashes out.
Skimming: Skimming is a standard method of spreading malware on websites. It steals and
leaks user-entered information on the web page/main page to the attacker.
Middlemen attack: The attacker can clearly get all the information in the conversation taking
place between the consumer and the E-commerce platform itself. The attacker sees the
conversation between both of them and uses this as an opportunity to make the user face some
vulnerability.

5.0 E-Commerce security best practices

Two-Factor Authentication: An additional layer of protection, like Multi-Factor
Authentication, can be implemented. One such instance is the use of a two-factor authentication.
When a person logs in, they immediately get a text message or email with instructions on what to
do next.
HTTPS: If you want consumers to see the green lock and the word “secured” in their browsers,
you need to use HTTPS. HTTPS technologies safeguard users’ private data and the critical
information they enter.
Secure Socket Layer Certificates: Trusted authorities known as Secure Sockets Layer (SSL)
issue certificates widely used in online commerce. These certificates establish an encrypted link
between a user’s web browser and the server.
Use Firewalls: A firewall and the plugins that go with it let only approved traffic into an e-
commerce site. The system actively blocks any other potentially harmful links. It’s easier to find
and stop attempts to break into a network when you can control the flow of data. Firewalls are
very good at stopping SQL leaks, spam, and cross-site scripting threats because of this.

5|Page
Install Antivirus and Antimalware Software: It is important to have a program or app that can find
malware and stop it from getting into your devices, computers, and online accounts. Anti-
malware software is another name for this kind of bug software. Anti-malware software should
get rid of any virus that has been able to hide on your site.
Maintain PCI-DSS Compliance: The PCI Data Security Standard (DSS) is a set of guidelines
according to GDPR (General Data Protection Regulation) for protecting credit card data from
data breaches. Only use a PCI-compliant e-commerce platform to store your credit card
information.
Data Backup: Data loss commonly occurs due to hardware failures or cyber-attacks. Periodically
backing up your data is crucial to prevent permanent loss.
Use Secure Payment Processing Platform: To keep this from happening, your business should
never store a customer’s credit card information on its computers and should always make sure
its payment methods are safe. You can also use a third-party system to handle funds from afar.
Choose a Secure E-commerce Platform: There are many sites that work jointly to send requests to
the server that is closest to the user’s location. A content delivery network (CDN) refers to this
infrastructure. This is a great choice for a web stores those ships all over the world. People from
every corner of the world may visit and ask questions on an eCommerce site. But if the site takes
too long to load, people may not come back. A content delivery network (CDN) can help speed
up page loading by doing things like scaling pictures.

6|Page