1. PROTECTION ANDSECURITYOF
ECOMMERCE
Prepared by :-
RISHAVGUPTA

2. INDEX
 What is e-commerce?
 Different types of e-commerce
 Digital e-commerce cycle
 E-commerce Security Tools
 E-commerce Security Strategy
 Purpose Of Security
 Security Issues
 Security threats
 Secure Websites
 Passwords
 Phishing
 Types of phishing
 Ways to prevent phishing
 Ways To Be Safe And Protected
 Guidelines For The First Time Users

3.  Electronic commerce , commonly written as E-commerce.
 It is the trading or facilitation of trading in products or services using computer
networks, such as the Internet.
 Modern electronic commerce typically uses the World Wide Web for at least one part
of the transaction's life cycle, although it may also use other technologies such as e-
mail.
 It draws on technologies such as mobile commerce , electronic funds transfer , supply
chain management , internet marketing online transaction processing etc.
What is E-commerce ?

4. Different Types Of E-
commerce!
 Business-to-Business : B2B e-commerce is simply
defined as e-commerce between companies, it deals
with relationships between and among businesses.
 Business-to-Consumer: B2C e-commerce is between
companies and consumers, involves gathering
information, purchasing physical goods, receiving
products over electronic network.
 Business-to-Government: B2G is generally defined as
commerce between companies and the public sector.
 Consumer-to-Consumer: C2C e-commerce is simply
commerce between private individuals or consumers.
 Government-to-consumer: G2C e-commerce is to
provide good and effective services to each citizen.
 Government-to-business: G2B e-commerce refers to
government providing services or information to business
organization.

5. Digital E-commerce
cycle

6. Digital e-commerce cycle includes the
following steps:
1. Online stores – there are various online stores like flip kart
, snap deal , amazon etc.
2. Internet marketing - Internet marketing, or online
marketing, refers to advertising and marketing efforts that
use the Web and email to drive direct sales via electronic
commerce
3. Payment solutions : like credit card, debit card, master
card etc.
4. Customer order management – customers can track their
order through their order number.
5. Shipping – goods are shipped through various shipping
companies like DTDC GATI etc.
6. Customer support - is a range of customer services to
assist customers in making cost effective and correct use of
a product

7. E-COMMERCE SECURITY
TOOLS

8. ……
 Digital certificates: An attachment to an electronic message
used for security purposes. The most common use of a digital
certificate is to verify that a user sending a message is who he or
she claims to be, and to provide the receiver with the means to
encode a reply.
 Encryption : Encryption is the most effective way to achieve
data security. To read an encrypted file, you must have access
to a secret key or password that enables you to decrypt it.
Unencrypted data is called plain text ;encrypted data is referred
to as cipher text.
 Firewall: Firewalls can be either hardware or software but the
ideal firewall configuration will consist of both. In addition to
limiting access to your computer and network, a firewall is also
useful for allowing remote access to a private network
through secure authentication certificates and logins.
E-COMMERCE SECURITY TOOLS
!

9. E-COMMERCE SECURITY
TOOLS !
 Digital signature: A digital certificate, an electronic
document that contains the digital signature of the
certificate-issuing authority, binds together a public key
with an identity and can be used to verify a public key
belongs to a particular person or entity.
 Biometric scanner: In computer security, biometrics
refers to authentication techniques that rely on
measurable physical characteristics that can be
automatically checked. There are several types of
biometric identification schemes: face: the analysis of
facial characteristics
 Password: A password is a word or string of characters
used for user authentication to prove identity or access
approval to gain access to a resource, which should be
kept secret from those not allowed access. The use
ofpasswords is known to be ancient

10. E-commerce security
strategy:REGULATORY
(EXTERNAL)
FINANCIAL
(INTERNAL)
MARKETING &
OPERATIONS
(INTERNAL)
•CONTROL- database
and network security
•CONTROL-
embezzlement, bad debt
expense
•CONTROL- website
functions, customer
transactions, electronic
documents, Intellectual
property.
•ASSURANCE
METRICS-confidentiality
, integrity, authentication
•ASSURANCE
METRICS-
authentication and
integrity
•ASSURANCE
METRICS- availability,
non repudiation
•PROTECT AGAINST-
unauthorised access by
hackers, formers
employees, malware and
crimeware privacy
violations .
•PROTECTION
AGAINST –
Transactions using
stolen identities, debit or
credit cards, and checks,
unauthorized
transactions and
overrides.
•PROTECT AGAINST-
phishing, spoofing
,denial of service attacks
industrial espionage.

11. Purpose Of Securities
 It seems you cannot go a day without hearing
about someone or some group hacking a
website or stealing credit card and other
sensitive data from ecommerce sites.
-the electronic system that supports ecommerce is susceptible to abuse
and failure in many ways which have to be dealt seriously

12.  Disruption of device : it may result in major losses of the
business or inconvenience to the customer
 illegal intrusion in customer data: the acts leads to loss
of customer confidence stemming from illegal intrusions
into customer files or company business dishonesty ,
human mistakes or net work failure.
 Fraud: the act results in direct financial loss funds might
transferred from one account another, or records might
simply be destroyed.
 Theft: theft of confidential, proprietary, technological or
marketing information belonging to firm/customer. An
intruder may disclose information to a third party,
resulting in damage to the key customer, a client , or the
firm it self.

13.  The nature of ecommerce and bricks and mortar
models of doing business is quite different
 The difference in the physical payment systems
(electronic money and real money)
 The FIRST issue in public security is identifying the
principles . They are the people, processes,
machines and keys that transact (send , receive ,
access, update, delete ) information via databases,
computers, and networks.
 Security concerns generally involve the following
issues :
 Confidentiality
Knowing who can read data and ensuring that
information in the network remains private. This
is done via encryption
Security concerns

14. Authentication
making sure that the
message senders or
principles are who they
say they are.
Integrity
making sure that information
is not accidentally or
maliciously altered or
corrupted in transit.
Access Control
restricting the use of a
resource to authorized
principles
Non repudiation
ensuring that principals
cannot deny that they
sent the message
Security
Concern
s

15. SECURITY THREATS IN
E-COMMERCE

16. Threats in E-commerce
 A threat is an object, person, or other entity that represents a
constant danger to an asset.
 Hackers attempting to steal customer information or
disrupt the site.
 A server containing customer information is stolen.
 Imposters can mirror your ecommerce site to steal
customer money.
 Authorized administrators/users of an ecommerce
website downloading hidden active content that attacks
the ecommerce system.
 A disaffected employee disrupting the ecommerce
system.
 It is also worth considering where potential threats to
your ecommerce site might come from, as identifying
potential threats will help you to protect your site.

17. Acts of Human Error or failure
 Includes acts done with no malicious
intent.
 Caused by inexperience, improper
training, incorrect assumptions, other
circumstances.
 Employees are greatest threats to
information security because they are
closest to organized data.
• Employee mistakes can easily can
easily lead to revealing classified
data, entry of erroneous data,
Accidental deletion or modification
of data, Storage of data in
unprotected areas, Failure to
protect information
• Many of threats can be prevented
with controls

18. The EC Security Environment: The
Scope of the Problem
 In 2002 Computer Security Institute Survey of
503 security personnel in U.S. corporations
and government.
 80% of respondents had detected breaches of
computer security within last 12 months and
suffered financial loss as a result.
 40% experienced denial of service attacks.
 40% reported attacks from outside the
organization.
 85% detected virus attacks.
Sales
virus
attacks
outside
attacks
inside
attacks

19. Risk Assessment:
A risk assessment will examine how your ecommerce site
works and take into account access, users, passwords
and other security features that may or may not be in
place.
A risk assessment will also examine the transaction
process customers go through in order to buy your
products as vulnerabilities can occur during these
processes
Security solution
There are a multitude of programmes and business
procedures that can help keep your ecommerce site
more secure.
Scans frequent scans of your server can identify any
malicious programmes that may be running, such as
worms, viruses or Trojan horses.
Limited user access ensure you know exactly who has
access to your ecommerce system and assign each user
with unique access passwords
Speak to a internet security company who offers
comprehensive security packages

20. Secure websites
 Secure sites use encryption technology to transfer information from
your computer to the online merchant’s computer. Encryption
scrambles the information in order to prevent computer hackers from
obtaining it from route. The only people who can unscramble the
code are those with legitimate access privileges.
 Look at the URL of the website. If it begins with “https” instead of
“http” it means the site is secured using an SSL Certificate (the s
stands for secure). SSL Certificates secure all of your data as it is
passed from your browser to the website's server.

21. Web Site’s privacy and security
policy
 Every reputable online Web site offers information about how it
processes. It is usually listed in the section “Private Policy”. You can
find out if the merchant intends to share your information with a third
party or affiliate company.
 Every website has its own terms and conditions which it offers to its
users, so it is the responsibility of the user to read the terms and
conditions before start using that website.

22.  Before dealing with any website or for example
shopping online , the research should be made
about the trustworthiness of the website. so
research the websites before you deal with
them.
research can be done by calling and getting
the information from the business official
websites.

23. Be aware of cookies
and behavioural
marketing
 Online merchants as well as other sites watch
our shopping and surfing habits by using
“cookies”, an online tracking system that
attaches pieces of code to our Internet browsers
to track which sites we visit as we search the
web.
 “Persistent” cookies remain stored in on your
computer while,
“session” cookies expire when you turn the
browser off.

24. Create strong passwords
 While it is the responsibility of
the retailer to ensure that the
customer information is safe
in the same way in order to
ensure the safety of
information the customer
should secure his information
using user id and password

25. Never give your out social security
number
 Providing your social security
number is not a requirement
for placing an order at an
online shopping site.
 Giving out your social security
number could lead to have
identity stolen.

26. Disclose only bare facts when you
order
 While placing an order there is
certain information that you
must provide to the web
merchant such as name and
address.
 There is no need of any such
information like leisure lifestyle
and annual income this can
lead to spam
 Often the questions that are
necessary to be answered are
marked as (*)

27. Keep your password private
 Many shopping sites require the
shopper to log in before placing
or viewing an order.
 The shopper is usually required
to provide a user name and
password.
 Never give your password to
anyone. Your password should
be unique.

28. PHISHING
 Phishing is the
attempt to
acquire sensitive
information such as
usernames,
passwords, and credit
card details (and
sometimes,
indirectly, money),
often for malicious
reasons, by
masquerading as a
trustworthy entity in
an electronic

29. Types Of Phishing
 Spear phishing - Phishing attempts directed at specific individuals or
companies have been termed spear phishing. Attackers may gather
personal information about their target to increase their probability of
success. This technique is, by far, the most successful on the internet today,
accounting for 91% of attacks.
 Clone phishing - A type of phishing attack whereby a legitimate, and
previously delivered, email containing an attachment or link has had its
content and recipient address taken and used to create an almost identical
or cloned email. The attachment or link within the email is replaced with a
malicious version and then sent from an email address spoofed to appear to
come from the original sender.
 Whaling Several - recent phishing attacks have been directed specifically at
senior executives and other high profile targets within businesses, and the
term whaling has been coined for these kinds of attacks. In the case of
whaling, the masquerading web page/email will take a more serious
executive-level form. The content will be crafted to target an upper manager
and the person's role in the company

30. Ways to prevent phishing
 The user is expected to confirm that the domain name in the
browser's URL bar was in fact where they intended to go.
URLs can be too complex to be easily parsed.
 Eliminating phishing mail
 Specialized spam filters can reduce the number of phishing emails that reach
their addressees' inboxes. These approaches rely on machine learning
and natural language processing approaches to classify phishing emails. Email
address authentication is another new approach.
 Some newer browsers, such as Internet Explorer 8, display the entire URL in
grey, with just the domain name itself in black, as a means of assisting users in
identifying fraudulent URLs.

31. Ways to prevent phishing contd.
 The email may state that your account information has
expired, been compromised or lost and that you need
to immediately resend it to the company.
 Some emails sent as part of such “phishing”
expeditions often contain links to official- Looking Web
pages. Other times the emails ask the consumer to
download and submit an electronic form.
 Remember, legitimate businesses don’t ask for
sensitive information via email. Don’t respond to any
request for financial information that comes to you in an
email. Again, don’t click on any link embedded within a
suspicious email.

32. • Change the password from time to time.
• Don’t keep the protected and sensitive files in folders
that have revealing name.
• Choose passwords with numbers, lower and upper case
letters, 8 digitals long and have special characters.
• Get regular audits (www.comodo.com) – these services
usually come with an icon that you can put in your store
and they have been known to boost sales.
• Apply updates to your shopping carts whenever
available.
BASIC WAYS TO PROTECT
YOURSELF

33. • Always use https while navigating through your admin
area (if you have SSL installed on your server.
• If you want (and have the option), consider deleting all
the customer credit card details after purchases.
• Sign up with a managed firewall service (www.able-
commerce.com) – these services usually come with an
icon that you can put in your store and they have been
known to boost sales.
•Choose a shopping cart that can
blacklist (block) IP addresses and
users.
BASIC WAYS TO PROTECT
YOURSELF contd.

34. If you are new to the Internet
or a regular shopper online, the following
guidelines should apply.
1. Find out the cost of delivery before placing
your order and how long the delivery will take. Most shopping sites use couriers to
deliver the goods and when delivering overseas can become quite expensive.
2. If you are bidding on E-bay check out the buyers and sellers feedback.This should
become standard before you ever place a bid.
3. Always read the FAQ section if you are new to the site.
4. lf someone demands cash for a payment, ‘say no‘. Use your credit card to make
your payment; this will protect you against fraud. Credit card companies refund
accounts where fraudulent activity transpires.
GUIDELINES FOR THE FIRST TIME
USERS

35. 5. Don’t be afraid to ask the seller lots of questions, some sites
provide you the option to contact the seller.(EBAY)
6. Check, and read in full the terms and conditions, and the
privacy policy of the site.
7. If you are unsure about a site. try doing a search with
Google or any of the other search engines. You may find
comments posted about the shopping site from other
customers.
GUIDELINES FOR THE FIRST TIME USERS
contd.

36. CONCLUSION
In the end we would like to conclude that-
 The e-commerce has changed the relative
importance of time, but as the pillars of indicator
of the country’s economic state that the
importance of time should not be ignored.
 The e-commerce is not a kind of new industry, but
it is creating a new economic model. Most of
people agree that the e-commerce indeed to be
important and significant for economic society in
the future, but actually that is a bit of clueless
feeling at the beginning, this problem is exactly
prove the e-commerce is a sort of incorporeal
revolution.

37. BIBLIOGRAPHY
The information in this project has been attained
from the following :
 https://en.wikipedia.org/wiki/E-commerce
 http://www.google.co.in
 https://garage.godaddy.com
 http://www.sitepoint.com
 http://www.tutorialspoint.com

38. THANK YOU