e-Comm&CyberSecurity Notes
e-Comm&CyberSecurity Notes
e-Comm&CyberSecurity Notes
Unit-1
Introduction to Electronic Commerce
What is ecommerce?
E-commerce, short for electronic commerce, refers to the buying and selling of goods
or services over the internet. This can include a wide range of activities, from purchasing
physical products from an online retailer to booking travel arrangements, buying digital
products such as music or e-books, and using online marketplaces to buy and sell goods and
services.
E-commerce has become increasingly popular in recent years due to the convenience and
accessibility it offers to both consumers and businesses. For consumers, e-commerce eliminates
the need to physically travel to a store and allows for easy price comparisons and product
reviews. For businesses, e-commerce provides a low-cost way to reach a global audience and
gather valuable data on customer behavior and preferences.
Aims of E-commerce
The aims of e-commerce can vary depending on the type of business and its target market, but
some common goals include:
Benefits of E-commerce:
E-commerce offers a wide range of benefits for both consumers and businesses, including:
• Increased reach: E-commerce allows businesses to reach a global audience, which can
lead to increased sales and revenue.
• Convenience: E-commerce allows customers to shop from the comfort of their own
homes, without the need to leave their house or wait in line.
• 24/7 availability: E-commerce websites are open 24/7, allowing customers to shop at
any time.
• Lower costs: E-commerce businesses do not have the same costs associated with
traditional brick-and-mortar stores, such as rent, utilities, and staffing.
• Personalization and targeting: E-commerce allows businesses to collect data on
customer behavior and preferences, which can be used to personalize the shopping
experience and target marketing efforts.
• Increased competition: E-commerce creates a level playing field for small and large
businesses, as customers can easily compare prices and products from different sellers.
• Better inventory management: E-commerce allows businesses to have a better track
of their inventory, this way they can reorder when needed and avoid stockouts.
• Automation: E-commerce allows businesses to automate many process, such as order
processing, invoicing, and shipping, which can save time and reduce errors.
• Globalization: E-commerce allows businesses to expand beyond their local market and
sell to customers all over the world
• Easy Comparison and research: E-commerce allows customers to easily compare
products and prices from different vendors, as well as read product reviews and research
products before making a purchase.
• Limitations of E-commerce:
• Limited physical interaction: Online shopping does not allow customers to physically
examine or test products before purchasing, which can lead to dissatisfaction with the
product or difficulty in determining the right fit.
It's worth noting that, these days, many businesses are utilizing both e-commerce and
traditional commerce strategies to reach customers in different ways. Some businesses use
e-commerce to expand their reach, while maintaining a physical storefront to provide
customers with a tangible experience. Some businesses use physical storefronts to promote
brand awareness and create community, while also having an online store for customers
who prefer to shop online.
M-Commerce:
M-commerce, short for mobile commerce, refers to the buying and selling of goods or services
through mobile devices such as smartphones and tablets. This can include a wide range of
activities, from purchasing physical products from an online retailer using a mobile device to
using mobile apps to book travel arrangements, buy digital products such as music or e-books,
and use mobile-optimized versions of online marketplaces to buy and sell goods and services.
M-commerce has become increasingly popular in recent years due to the widespread use of
smartphones and tablets, and the convenience and accessibility it offers to both consumers and
businesses. For consumers, m-commerce eliminates the need to be in front of a computer to
shop online and allows for easy price comparisons and product reviews on the go. For
businesses, m-commerce provides a way to reach customers wherever they are and gather
valuable data on customer behavior and preferences.
It is also important to note that M-commerce is a subset of e-commerce, as it covers all the
buying and selling activities that take place through mobile devices.
What is E-Business?
E-business, short for electronic business, refers to the use of technology and the internet to
conduct business operations and transactions. This can include a wide range of activities, from
selling products and services online to automating internal business processes, such as human
resources and accounting, to communicating and collaborating with customers and partners.
E-business includes e-commerce, but it goes beyond that, it encompasses all the online
activities of a business, including internal operations, external interactions with customers and
partners, and the use of technology to support these activities. E-business can also include the
E-business can provide many benefits to businesses, such as increased efficiency, cost savings,
and improved customer service. However, it also poses new challenges, such as the need for
businesses to stay on top of rapidly changing technologies and adapt to new market trends.
• Advantages of e-Commerce
▪ Convenience: E-commerce allows customers to shop and make purchases at any time
and from any location.
▪ Increased reach: E-commerce allows businesses to reach customers beyond their
physical location, which can increase the customer base and revenue.
▪ Cost savings: E-commerce can save businesses money by reducing the need for
physical storefronts, inventory storage, and other expenses.
▪ Personalization: E-commerce platforms have the ability to track customer behavior,
preferences and purchase history, which can be used for personalized marketing and
recommendations.
▪ Automation: Many e-commerce tasks can be automated, such as inventory
management, order fulfillment, and marketing campaigns.
▪ Data collection and analysis: E-commerce platforms generate a large amount of data
that can be used to gain insights into customer behavior, preferences, and buying
patterns.
▪ Increased competition: E-commerce has made it easier for small businesses to compete
with larger ones as they can reach a larger audience and don't need to invest as much in
physical infrastructure.
▪ Faster buying process: Shopping online is generally faster than physically going to a
store, as customers can easily browse through products, compare prices, and complete
a purchase in a shorter amount of time.
▪ Greater product selection: Online retailers can offer a larger selection of products than
physical stores because they don't have the same space constraints.
▪ Global market: E-commerce allows businesses to sell to customers worldwide, which
can greatly increase
• Disadvantages of e-Commerce
▪ Limited customer interaction: E-commerce transactions lack the personal touch of face-
to-face interactions, which can lead to lower customer satisfaction and loyalty.
• Advantages of m-Commerce
▪ Convenience and accessibility, as customers can shop and make purchases from
anywhere at any time using their mobile devices.
▪ Increased reach and accessibility, as more and more customers are using mobile devices
to browse the internet.
▪ Personalization and targeting, as companies can use data from mobile devices to
personalize the shopping experience and target advertising.
▪ Ability to reach customers through push notifications and other mobile-specific
features.
▪ Improved customer engagement, as mobile devices allow for interactive features such
as touch, GPS, and camera.
▪ Increased sales, as mobile commerce can make it easier for customers to purchase
products and services.
▪ Better customer experience, as mobile commerce can provide faster loading times, easy
navigation, and easy checkout.
▪ Cost-effective, as mobile commerce requires less investment in physical infrastructure
and maintenance.
• Disadvantages of m-Commerce
▪ Limited screen size and functionality of mobile devices can make it difficult to navigate
and complete transactions on mobile websites or apps.
▪ Security concerns, as mobile devices are more susceptible to hacking and data breaches.
▪ Limited payment options, as some customers may not have access to mobile payment
methods or prefer to use other forms of payment.
▪ Dependence on internet connectivity, which can be unreliable in some areas or during
certain times.
▪ Mobile websites may not be optimized for search engines, which can make it harder for
customers to find the mobile site.
E-Commerce Framework:
An e-commerce framework is a flexible and adaptable system that allows businesses to evolve
with the changing market trends and customer needs. Businesses can use it as a guide to
develop their own e-commerce strategy and tailor it to their specific goals and target market.
Some of the features that may be included in an e-commerce consumer application include:
1. Product browsing: Customers can browse products by category, brand, price, or other filters.
2. Product details: Customers can view detailed information about products, including images,
descriptions, and customer reviews.
3. Shopping cart: Customers can add items to their shopping cart and review the contents before
completing a purchase.
4. Payment processing: Customers can securely enter their payment information and complete
a transaction within the app.
5. Order tracking: Customers can track the status of their orders and view order history.
6. Customer service: Customers can access customer service through the app and communicate
with the business if they have any questions or concerns.
7. Personalization: Customers can create an account and save their preferences, and the app will
personalize the shopping experience based on their browsing and purchase history.
8. Push notifications: Customers will receive notifications of promotions, deals, and other
information that the business wants to share with them.
Many e-commerce consumer apps are integrated with the business's e-commerce platform,
allowing the customer to access the same inventory and features as the website. This allows
customers to shop on the go and make purchases anytime, anywhere.
1. Inventory management: Allows businesses to manage and track their inventory levels, set
reorder points, and generate reports on stock levels and sales.
2. Order management: Allows businesses to manage and track customer orders, from initial
purchase to final delivery.
3. Customer relationship management (CRM): Allows businesses to manage customer
information, track customer interactions, and analyze customer behavior and preferences.
Dr. Poonam Patel Page 9
e-Commerce & Cyber Security TYBCA
4. Financial management: Allows businesses to manage financial transactions, such as
invoicing, payments, and accounting.
5. Supply chain management: Allows businesses to manage relationships with suppliers, track
deliveries, and optimize logistics.
6. Marketing and promotion: Allows businesses to create, manage, and track marketing
campaigns, such as email campaigns and social media promotions.
7. Analytics and reporting: Allows businesses to track key performance indicators (KPIs) such
as website traffic, sales, and customer behavior.
8. Digital asset management: Allows businesses to store, organize and manage digital assets
such as images and videos.
9. Workflow management: Allows businesses to automate and streamline internal processes,
such as order fulfillment and customer service.
These e-commerce organizational applications are designed to help businesses more efficiently
manage their operations and make data-driven decisions. They can be integrated with e-
commerce platforms, mobile apps, and other software systems, and can be customized
accordingly.
1. Network infrastructure: The physical and logical components that make up a network, such
as routers, switches, and cables, that are used to transmit data between different devices and
systems.
2. Data transfer protocols: Standards that dictate how data should be formatted and transmitted
over a network, such as TCP/IP and HTTP.
3. Data storage systems: Technologies and solutions used to store data, such as databases, cloud
storage, and file servers.
4. Data processing and analysis: Applications and tools used to process and analyze data, such
as data warehousing, business intelligence, and big data analytics.
5. Data security: Measures and protocols that are implemented to protect data from unauthorized
access, such as encryption, firewalls, and intrusion detection systems.
6. Data governance: Policies and procedures that are used to manage and control the flow of data
within an organization, such as data retention and archiving policies.
An information way in IT is essential to ensure the smooth flow of data within an organization
and to protect the data from unauthorized access. It requires a balance between security,
accessibility and efficiency.
Network access equipment, also known as edge devices, are the hardware and software
components that provide a connection between a user or device and a network. These
devices are located at the edge of a network and are responsible for providing network
access, routing data traffic, and enforcing security policies.
1. Routers: These devices are responsible for directing data traffic between different
networks. They use routing protocols to determine the best path for data packets to take
and can also be used to connect multiple networks together.
A router is a networking device that forwards data packets between computer networks.
It is connected to two or more networks and determines the best path for a data packet
to take based on its destination IP address.
Routers use routing tables and protocols to determine the most efficient path for data
packets to travel. When a data packet is sent from a device on one network to a device
on another network, the router receives the packet and consults its routing table to
determine the best path to forward the packet.
The router then uses network protocols such as IP (Internet Protocol) and ICMP
(Internet Control Message Protocol) to forward the packet to the next hop on its way to
the final destination.
Routers also have the ability to perform Network Address Translation (NAT) to allow
multiple devices on a private network to share a single public IP address. They also
provide security by using firewall rules to control access to and from the network.
Routers also have Quality of Service (QoS) features that allows to prioritize certain
types of traffic like video conferencing over others like file downloads, this ensures that
critical applications get the bandwidth they need to function properly.
2. Switches: These devices are used to connect multiple devices within a network.
They forward data packets to the appropriate device based on their MAC address.
A switch is a networking device that connects devices on a network and forwards
data between them. It operates at the data link layer (layer 2) of the OSI model and
uses MAC addresses to forward data to the appropriate device. Switches are
commonly used to connect devices in a local area network (LAN) and can also be
used to connect LANs to other networks, such as a wide area network (WAN) or the
Internet.
3. Wireless infrastructure
Wireless infrastructure refers to the physical and technological components that make
up a wireless network, which is used to transfer the data using wireless technologies.
All these different components work together to create a global network that allows for the
rapid and efficient distribution of information to users all around the world.
1. File sharing networks: P2P networks are often used for file sharing, where users can share
and download files directly with each other without the need for a central server.
2. Decentralized platforms: Blockchain technologies use P2P network to validate and record
transactions, eliminating the need for a central authority.
3. Collaboration networks: P2P networks can also be used to enable collaboration among peers,
such as in online forums and chat groups.
4. VoIP: Some Voice over Internet Protocol (VoIP) services use P2P networks to connect users
directly, allowing for free or low-cost calling.
P2P networks are considered more resilient and fault-tolerant than client-server networks as
there is no single point of failure. However, they can also present security challenges, as the
absence of a central authority makes it more difficult to detect and prevent malicious activity.
In a client-server network, the server is responsible for maintaining and managing the network
resources, such as data storage, software applications, and hardware devices. The clients, on
1. Corporate networks: Many businesses use client-server networks to manage and share
resources such as files, printers, and databases among employees.
2. Web services: In web-based services, web servers provide resources and services to clients
through a web browser.
3. Remote access: Remote desktop and virtual private networks (VPNs) use client-server
architecture to allow remote users to access network resources.
4. Cloud computing: Cloud-based services such as Software-as-a-Service (SaaS) and
Infrastructure-as-a-Service (IaaS) use client-server architecture.
The client-server architecture can be divided into tiers, depending on the number of layers and
the distribution of functionality between them. The most common tiers are:
1. Single-tier: In this architecture, the client and server functionality is combined into a single
program. This is typically used for small applications where the client and server functionality
is simple and not expected to change.
2. Two-tier: In this architecture, the client and server functionality is separated into two distinct
programs. The client program handles the user interface, while the server program handles data
storage and business logic. This architecture is commonly used for small to medium-sized
applications.
3. Three-tier: In this architecture, the client, server and database are separated into three distinct
programs. The client program handles the user interface, the server program handles the
application logic and communicates with the database, and the database stores the data. This
architecture is commonly used for larger and more complex applications.
4. N-tier: This is an extension of the three-tier architecture, where the functionality is further
divided into multiple tiers. This can include additional application servers, web servers, and
other services. This architecture is commonly used for large-scale enterprise applications.
Each tier is designed to handle specific functions, which can make the application more
scalable, manageable and secure. The choice of the tier depends on the size and complexity of
the application, as well as the expected number of users and the need to handle multiple types
of clients
▪ Transaction models
Transaction models of e-commerce refer to the different ways in which businesses sell
their products and services online. The most common transaction models of e-
commerce include:
Unit 3
e-Commerce Payment and Security Issues
E-commerce payment systems are the methods and technologies used to process and authorize
payments made by customers through an e-commerce website. Some common e-commerce
payment systems include:
1. Credit Card: This is the most widely used e-commerce payment system. It involves
customers providing their credit card details to the merchant, and the payment is authorized
by the card issuer.
2. Debit Card: Debit card payment is similar to credit card payment, but the funds are taken
directly from the customer's bank account.
3. Electronic Funds Transfer (EFT): EFT is a method of transferring funds electronically,
typically between banks. EFT payments can be made through online banking, direct
deposit, and wire transfer.
4. Digital wallets: Digital wallets such as PayPal, Apple Pay, and Google Wallet allow
customers to store their payment information securely and make payments without entering
their details each time.
5. Smart Card:
6. E-Cash:
7. E-Cheque:
Each e-commerce payment system has its own advantages and disadvantages, and the choice
of the system depends on the specific requirements of the e-commerce business, such as
security, convenience, and cost.
1. Application: The cardholder applies for a credit card with a credit card issuer, such as a
bank or credit union. The issuer will check the cardholder's creditworthiness and may
approve or deny the application based on this information.
2. Activation: Once the cardholder is approved, the issuer will send them a physical credit
card and instructions on how to activate it. The cardholder may need to call the issuer or
visit a website to activate the card.
3. Use: The cardholder can now use their credit card to make purchases at merchants that
accept that particular credit card network (Visa, MasterCard, Amex etc).
4. Authorization: When a purchase is made, the merchant submits the transaction to the
credit card issuer for approval. The issuer then checks the cardholder's available credit limit
and creditworthiness, and if approved, sends an authorization code to the merchant to
confirm the transaction.
Dr. Poonam Patel Page 18
e-Commerce & Cyber Security TYBCA
5. Billing: The card issuer will bill the cardholder for the purchase at the end of the billing
cycle. The cardholder can either pay off the balance in full by the due date, or make a
minimum payment and carry over the balance to the next month, incurring interest charges.
6. Payment: The cardholder will be responsible for making payments on the credit card
account, including any interest charges.
As a reminder, credit card network such as Visa or Mastercard facilitates the transaction
between the merchant and the card issuer, and also ensures that the funds are transferred
properly. Additionally, credit cards also offer the added benefit of fraud protection, as credit
card companies are able to detect and prevent unauthorized transactions.
A debit card is a payment card that allows cardholders to access funds they have deposited in
a bank account. When a consumer uses a debit card to make a purchase, the funds are
transferred from the cardholder's bank account to the merchant's account.
The process of using a debit card typically involves the following steps:
1. Application: The cardholder applies for a debit card with their bank or credit union. The
bank will check the cardholder's account information and may approve or deny the
application based on this information.
2. Activation: Once the cardholder is approved, the bank will send them a physical debit card
and instructions on how to activate it. The cardholder may need to call the bank or visit a
website to activate the card.
3. Use: The cardholder can now use their debit card to make purchases at merchants that
accept that particular debit card network (Visa, MasterCard, Maestro etc).
4. Authorization: When a purchase is made, the merchant submits the transaction to the card
issuer's network for approval. The issuer then checks the cardholder's available balance and
if approved, sends an authorization code to the merchant to confirm the transaction.
5. Settlement: The funds are then transferred from the cardholder's bank account to the
merchant's account. The cardholder's bank account balance is reduced by the amount of the
purchase.
6. Reconciliation: The cardholder's account statement will show the transactions that have
been made with the debit card, and the cardholder will reconcile the statement with their
bank account balance.
Unlike credit cards, debit cards do not offer credit and cardholders can only spend the amount
they have in their account. Also, debit card transactions are not subject to interest charges as
it's not borrowing but using the funds that you have in your account.
• Automated Clearing House (ACH) transactions, which are used for direct deposit of payroll,
social security and other government benefits, and other recurring payments.
• Wire transfers, which are used to transfer funds quickly and securely between financial
institutions.
• Point-of-sale (POS) transactions, which are used when a consumer makes a purchase with a
debit or credit card.
EFTs are generally considered to be a safe and secure way to transfer funds, as they are
processed through secure networks and are subject to strict regulations to prevent fraud. They
are also convenient, as they can be initiated and completed quickly, often with just a few clicks
of a button.
EFT transactions use routing numbers and account numbers to identify the sender and receiver's
account, and the transactions happen in real-time. They are also sometimes called as electronic
payments or digital payments.
Electronic Fund Transfer (EFT) is a type of electronic payment system that allows for the
transfer of money from one bank account to another without the use of paper checks or cash.
EFT transactions can be initiated through online banking, mobile apps, or at an ATM.
The process of an EFT typically starts with the sender initiating a transfer from their bank
account to the recipient's account. This is done by providing the recipient's account number
and routing number, which is a unique identification code that identifies the bank and branch
where the account is held.
Once the sender has entered the necessary information, the EFT system will process the
transaction and transfer the funds from the sender's account to the recipient's account. The
funds are typically available in the recipient's account within a few business days, depending
on the financial institution's policies.
EFTs are considered a secure and efficient way to transfer money. They can be used for a
variety of purposes such as paying bills, transferring money to friends and family, or for
business transactions. Some of the benefits of EFTs include convenience, speed, and a
reduction in errors and fraud.
Components of EFT
1. Payment originator: This is the person or organization initiating the EFT, such as a
customer making an online purchase.
2. Payment recipient: This is the person or organization receiving the EFT, such as a
merchant or vendor.
3. Payment network: This is the infrastructure that connects the payment originator and
recipient, such as the Automated Clearing House (ACH) network.
4. Financial institutions: These are the banks or other financial institutions that hold the
accounts involved in the EFT, such as the customer's bank and the merchant's bank.
5. Security measures: These are the measures in place to ensure the security and integrity
of the EFT, such as encryption and authentication.
• E-Wallets
• An e-wallet (or digital wallet) is a type of electronic device or online service that allows
individuals to make electronic transactions. It stores information such as credit card numbers,
shipping addresses, and account balances in one secure place. This information can then be
used to make purchases online, in-store, or through mobile devices.
• E-wallets can take the form of a physical device, such as a card or a key fob, or it can be an
app or website that can be accessed through a computer or mobile device. They can be linked
to a specific bank account, credit card or debit card, or they can be pre-loaded with a certain
amount of money.
• Users can use their e-wallets to make purchases online or in-store, as well as to pay bills,
transfer money to other people and make other types of transactions. Some e-wallets also
offer rewards or cashback for using the service.
• Popular examples of e-wallets include Apple Pay, Google Wallet, PayPal, Alipay and
Venmo. These e-wallets are widely accepted and can be used at a variety of merchants, both
online and in-store.
• Overall, e-wallets provide a convenient way to store and use payment information, they also
offer an extra layer of security as the payment information is not shared directly with
merchants.
• Smart Card
Storing and using credit, debit, or prepaid account information for electronic transactions.
Storing and using personal identification information, such as for access control or public
transportation.
Storing and using medical information, such as for electronic medical records or prescription
drug coverage.
The chip in a smart card can be either contact or contactless type. Contact smart cards have a
small gold or silver square on the front or back of the card, which must be physically inserted
into a card reader for the card to be read. Contactless smart cards, on the other hand, use radio-
frequency identification (RFID) technology to communicate with a card reader without the
need for physical contact.
Smart cards are considered to be more secure than traditional magnetic stripe cards as they are
difficult to duplicate and the information stored on them is encrypted. They are also used in
various industries such as finance, healthcare, transportation and government.
• E-Cash
E-cash, or electronic cash, is a digital form of currency that can be used for online transactions.
It is designed to mimic the functionality of physical cash, providing a way for users to make
anonymous, untraceable payments.
E-cash typically takes the form of a digital token or digital file that is stored on a user's
computer or mobile device. When a user wants to make a payment, they provide the e-cash
token or file to the merchant, who then verifies the authenticity of the e-cash and processes the
transaction.
There are different types of e-cash systems, some of them are based on digital signatures, which
provide a way to ensure the authenticity of the e-cash and prevent fraud. Other types of e-cash
are based on encryption technologies, which provide a way to protect the privacy of the user.
E-cash has been around for decades but it never really took off, this is because of the popularity
of credit cards and online payment systems like PayPal, which have similar features and are
more widely accepted by merchants. Additionally, the development of blockchain and
cryptocurrency has opened new possibilities for digital transactions that provide similar
features to e-cash.
• E-Cheque
• An E-Check (short for electronic check) is an electronic version of a paper check that allows
individuals and businesses to make payments over the internet. An E-Check is created when
the payer's bank account is debited and the funds are electronically transferred to the payee's
bank account. It uses the Automated Clearing House (ACH) network to transfer funds.
• eChecks work similarly to paper checks. The payer provides their bank account information,
including routing and account numbers, to the payee. The payee then initiates the eCheck,
which debits the funds from the payer's account and transfers them to the payee's account.
The process can take several days for the funds to clear, just like traditional paper checks.
• eChecksare considered to be a secure and cost-effective way to make payments, as they are
processed through the secure ACH network and are subject to strict regulations to prevent
fraud. They can be used for a variety of transactions, such as paying bills, making online
purchases, and funding online accounts.
• eChecks can be processed online via an e-commerce platform, or via an automated clearing
house (ACH) that allows for businesses and individual to process payments electronically.
They are widely accepted and used by merchants and businesses.
Electronic payment systems, such as online banking, mobile payments, and digital wallets,
have become increasingly popular in recent years due to their convenience and ease of use.
However, with this increased usage, there are also potential risks associated with electronic
payment systems. Some of the risks include:
1. Fraud: Electronic payment systems are vulnerable to fraud, such as phishing scams, where
criminals try to steal personal and financial information.
2. Hacking: Electronic payment systems are also vulnerable to hacking, which can lead to
unauthorized access to personal and financial information.
3. Data breaches: Electronic payment systems store sensitive personal and financial
information, which can be exposed in the event of a data breach.
4. Technical problems: Electronic payment systems can also be prone to technical problems,
such as system failures or glitches, which can result in delays or errors in processing
transactions.
5. Privacy concerns: Electronic payment systems may also raise concerns about privacy, as
the use of digital transactions can be tracked and recorded, thus exposing personal
information.
To mitigate these risks, it is important to use electronic payment systems that have strong
security measures in place, such as encryption and secure servers, and to be vigilant in
protecting personal and financial information. Additionally, regularly checking account
statements and reporting any suspicious activity promptly can also help protect against fraud.
To protect against fraud and unauthorized transactions, EPS providers employ a variety of
security measures, including:
It's also important for users to take steps to protect their own information, such as by keeping
their computer and mobile device secure, avoiding phishing scams, and being wary of giving
out personal information online.
Overall, EPS providers use a variety of security measures to protect user's information, but it's
important for users to also take the necessary steps to protect their own information.
• SSL
• Secure Sockets Layer (SSL) is a security protocol that is used to establish a secure and
encrypted connection between a web server and a web browser. The purpose of SSL is to
ensure that all data passed between the web server and browser remains private and
integral.
• When a user connects to a website that uses SSL, the browser and the web server establish
an SSL connection using a process called an SSL Handshake. During the SSL Handshake,
the browser and web server exchange information to establish a secure connection. This
includes the browser providing the web server with a copy of the SSL certificate, which
the web server uses to verify the identity of the website.
• Once the SSL Handshake is completed, the browser and web server will use the
established SSL connection to encrypt all data that is exchanged between them. This
means that any sensitive information, such as login credentials or credit card information,
• SSL was succeeded by Transport Layer Security (TLS) which is an updated version of
SSL, but the two terms are often used interchangeably. SSL and TLS are implemented in
web browsers and servers to create a secure connection and protect sensitive data in
transit.
• Websites that use SSL or TLS are identified by the prefix "https" in the URL, and the
padlock icon in the browser address bar. Websites that use SSL or TLS are considered
more secure and trustworthy than those that do not.
The SSL Record Protocol is a component of the Secure Sockets Layer (SSL) protocol
that is responsible for the fragmentation, compression, and encryption of data
exchanged between the client and server. The SSL Record Protocol works in
conjunction with the SSL Handshake Protocol and the SSL Change Cipher Spec
Protocol to establish a secure connection and exchange data.
▪ Record Layer: This is the layer that provides the core security services of the SSL
protocol, including data fragmentation, compression, and encryption.
▪ Data Fragmentation: The Record Protocol fragment the application data into
manageable chunks before it is encrypted, this is done to avoid exceeding the
maximum transmission unit (MTU) of the underlying network.
▪ Data Compression: The Record Protocol can also apply data compression to the
application data before it is encrypted, this can improve performance by reducing
the amount of data that needs to be transmitted.
▪ Data Encryption: The SSL Record Protocol uses symmetric key encryption to
encrypt the application data. The encryption algorithm and key are agreed upon
during the SSL Handshake Protocol.
▪ Data Integrity: The SSL Record Protocol uses a message authentication code
(MAC) to ensure that the data has not been tampered with during transmission.
▪ Data format: The SSL Record Protocol defines a specific format for the data that
is sent and received. This format includes fields for the SSL version number, the
length of the data, and the data itself, as well as the MAC for data integrity check.
• Handshake Protocol
▪ Client Hello: This is the initial message sent by the client to initiate the SSL Handshake.
The Client Hello message includes information about the client's SSL version,
supported cipher suites, and a random number called the client random.
▪ Server Hello: This is the message sent by the server in response to the Client Hello.
The Server Hello message includes information about the server's SSL version, the
chosen cipher suite, and a random number called the server random.
▪ Certificate: This is the message sent by the server to provide its digital certificate
to the client. The certificate includes information about the identity of the server
and a public key that can be used to encrypt the data.
▪ Server Key Exchange: This is an optional message sent by the server in some cases
when the server has no certificate or the certificate doesn't contains the public key.
▪ Server Hello Done: This is the message sent by the server to indicate that the server
hello and certificate message(if applicable) are finished.
▪ Client Key Exchange: This message sent by the client after the server hello done,
to provide the pre-master secret to the server, that both parties will use to generate
the session key.
▪ Change Cipher Spec: This is a message sent by both the client and the server to
indicate that all future messages will be encrypted using the session key.
▪ Finished: This is a message sent by both the client and the server to indicate the
completion of the SSL Handshake.
Once the SSL Handshake is completed, the SSL Record Protocol is used to encrypt and
decrypt data exchanged between the client and server.
o
• Change Cipher Protocol
▪ The SSL (Secure Sockets Layer) Change Cipher Spec Protocol is a part of the
SSL/TLS (Transport Layer Security) protocol suite used to provide secure
communications on the internet. It is used to signal the end of the SSL/TLS
handshake process and the beginning of the secure data transfer phase.
▪ The Change Cipher Spec Protocol is used to notify the other party that the sender
will start using new cryptographic parameters for the secure data transfer. This is
▪ When the Change Cipher Spec message is received, the recipient of the message
will use the new cryptographic parameters (e.g. keys and algorithms) to secure the
data that is sent and received over the SSL/TLS connection. This ensures that the
data is protected by the strongest and most up-to-date cryptographic algorithms
available.
• Alert Protocol
The SSL (Secure Sockets Layer) Alert Protocol is a part of the SSL/TLS (Transport
Layer Security) protocol suite used to provide secure communications on the internet.
It is used to convey important information and error messages between the client and
server during the SSL/TLS handshake process. The SSL Alert Protocol defines a set of
alert messages that can be sent by either the client or server to indicate the status of the
SSL/TLS connection, such as a handshake failure or a certificate problem. It uses a 2
byte format with the first byte being the level (warning or fatal) and the second byte
being the description of the alert.
What is SSL?
SSL (Secure Sockets Layer) is a protocol for establishing secure communications over the
internet. It was developed in the 1990s and was widely used to provide secure connections for
web browsers and other internet applications. In 1999, SSL was succeeded by TLS (Transport
Layer Security), which is considered to be a more secure and robust protocol for establishing
secure connections.
Dr. Poonam Patel Page 27
e-Commerce & Cyber Security TYBCA
The main purpose of SSL/TLS is to provide a secure channel for data transmission between a
client (e.g. a web browser) and a server (e.g. a web server) by using a combination of public-
key and symmetric-key encryption.
In general, SSL/TLS is used to encrypt the data being sent and received between a client and
server, to authenticate the server to the client, and to provide integrity protection for the data
being transmitted. SSL/TLS is often used to protect sensitive information such as login
credentials, credit card numbers, and other personal information when it is transmitted over the
internet.
It is generally enabled by installing a SSL/TLS certificate on the server. It will make sure that
the data sent and received is encrypted, and the identity of the server is verified using the
certificate.
▪ Data encryption: SSL/TLS encrypts the data being sent and received between a client
and server, making it difficult for anyone to intercept and read the data. This is especially
important when sensitive information such as login credentials, credit card numbers, and
other personal information is being transmitted.
▪ Server authentication: SSL/TLS is used to authenticate the server to the client, ensuring
that the client is communicating with the intended server and not an imposter. This helps
to prevent man-in-the-middle attacks.
▪ Data integrity: SSL/TLS provides integrity protection for the data being transmitted,
which helps to detect any tampering or modification of the data in transit.
▪ Compliance: Some compliance regulations like PCI-DSS, HIPAA etc, require to use
SSL/TLS for online transactions and data transfer.
▪ Trust: Having an SSL/TLS certificate on your website gives a sense of trust and
assurance to the customers that their information is safe with you.
In summary, SSL/TLS is used to protect the confidentiality, integrity and authenticity of the
data being transmitted over the internet, which is crucial for maintaining security and privacy
in online transactions.
The SSL (Secure Sockets Layer) protocol has a layered architecture that consists of several
different layers, each of which serves a specific purpose in establishing a secure connection
between a client and a server. The main layers of the SSL protocol include:
3. Alert Protocol: This layer is used to convey important information and error messages
between the client and server during the SSL/TLS handshake process.
4. Change Cipher Spec Protocol: This layer is used to signal the end of the SSL/TLS
handshake process and the beginning of the secure data transfer phase.
Each layer of the SSL/TLS protocol is built on top of the previous layer and provides additional
functionality. Together, these layers work to provide a secure, authenticated, and private
channel for the exchange of information between a client and a server over the internet.
The history of cybercrime can be traced back to the early days of the internet and computer
technology. Here are a few key milestones in the history of cybercrime:
1. 1960s: The first computer viruses and worms began to appear. These early forms of
malware were primarily created as pranks or experiments, but they laid the foundation for
more malicious forms of cybercrime.
2. 1970s: The first cases of hacking and unauthorized access to computer systems began to be
reported. This was the beginning of cybercrime as we know it today.
3. 1980s: The first instances of computer fraud and identity theft began to be reported. The
development of online banking and e-commerce also made it easier for criminals to steal
money and personal information.
4. 1990s: The World Wide Web and the rise of the Internet made it easier for criminals to
perpetrate cybercrime on a global scale. Phishing, spamming, and other forms of online
fraud became more prevalent.
5. 2000s: The use of the Internet and mobile devices became widespread, and cybercrime
began to evolve to take advantage of these new technologies. Malware, ransomware and
APT became common, data breaches became more frequent.
6. 2010s: social media and IoT made it easier for cybercriminals to target individuals and
organizations on a massive scale. Cybercrime became a major concern for governments
and businesses around the world.
7. 2020s: With more people working from home and using online tools, cybercrime has
become more prevalent and sophisticated. Ransomware attacks, BEC and phishing
campaigns have become more common.
These are just a few examples of the technical aspects of cybercrime. It's important to note that
these tactics and technologies are constantly evolving, and new forms of cybercrime are
emerging all the time.
1.Social Engineering: This is the use of psychological manipulation to trick individuals into
divulging personal or sensitive information or performing actions that they wouldn't normally
do. This can include phishing scams, vishing (voice phishing), and pretexting (creating a false
identity to gain trust).
2.Remote Access: This involves gaining unauthorized access to a computer or network from a
remote location. This can include hacking, malware, and ransomware.
3.Physical Access: This involves gaining access to a computer or network by physically
accessing the device, such as through the use of USB drives or other removable media.
4.Insider Threat: This is when an individual with authorized access to a computer or network
uses that access to commit cybercrime. This can include employees, contractors, or other
insiders.
5.Supply Chain Attack: This is when a cyber criminal targets a third-party vendor or supplier
that has access to an organization’s network and uses them as an entry point to launch an
attack.
6.Cloud-based attacks: This is when a cyber criminal targets a cloud-based service such as
software as a service (SaaS), infrastructure as a service (IaaS), or platform as a service (PaaS)
to gain unauthorized access to a network or steal data.
7.IoT attacks: This is when a cyber criminal targets vulnerability in IoT devices to gain
unauthorized access to a network.
8.Cryptojacking: This is the unauthorized use of someone else's computer to mine
cryptocurrency.
Cybercrime and traditional crime are both illegal activities, but they differ in several key ways:
1. Location: Traditional crime typically takes place in a physical location, such as a bank
or a store. Cybercrime, on the other hand, can take place anywhere that has an internet
connection, making it a more borderless and international phenomenon.
2. Modus Operandi: Traditional crime often involves physical force or the threat of force,
while cybercrime typically relies on technology and the manipulation of information.
3. Target: Traditional crime often targets individuals or physical assets, while cybercrime
may target computer systems, networks, and data.
4. Evidence: Evidence collection is different in both types of crime. Traditional crime
involves collecting physical evidence such as fingerprints, DNA, and other physical
trace, while in cybercrime, the evidence is digital and forensic analysis is needed to
collect evidence.
5. Impact: Traditional crime can have a localized impact, while cybercrime can have a
global impact, affecting multiple individuals and organizations at once.
6. Punishment: Punishment for traditional crime is usually served in the form of
imprisonment or fines, while cybercrime punishment is not always as clear cut, and can
depend on the country's laws and regulations.
In summary, while traditional crime and cybercrime both involve illegal activities, they differ
in terms of location, modus operandi, target, evidence and impact, and the way they are
punished.
Hacking can be divided into different categories based on the intent and methods used, such
as:
• White hat hacking: done by ethical hackers to identify vulnerabilities in a system and help
improve its security.
It's important for individuals and organizations to take steps to protect themselves against
unauthorized access and hacking. This can include using strong passwords, keeping software
updated, and being cautious when clicking on links or opening attachments. Additionally, it's
also a good practice to regularly perform security audits and penetration testing to identify
vulnerabilities in your systems and to implement security measures to mitigate them.
• File infector viruses: These viruses infect executable files, such as .exe and .com
files, and replicate themselves when the infected file is run.
• Boot sector viruses: These viruses infect the boot sector of a disk, which is the area
of the disk that is used to start the computer. They replicate themselves by installing
a copy of the virus in the boot sector of any disk that is inserted into the infected
computer.
• Macro viruses: These viruses infect documents, such as those created in Microsoft
Word or Excel, and replicate themselves by infecting other documents that are
opened on the infected computer.
• Stealth viruses: These viruses use techniques to evade detection by anti-virus
software, by hiding themselves or disguising their activities.
• Polymorphic viruses: These viruses can change their appearance or code to evade
detection by anti-virus software.
• Ransomware: These are a type of malware that encrypts the victims' files and
demands a ransom to be paid to provide the decryption key.
• Worms: These are a type of malware that can replicate itself and spread to other
computers, often through network vulnerabilities.
• Trojan horses: These are a type of malware that disguises itself as a legitimate
program, but once executed, it can cause harm to the system or steal information.
Dr. Poonam Patel Page 33
e-Commerce & Cyber Security TYBCA
• Rootkits: These are a type of malware that can hide itself and other malicious
software on the infected system, making it difficult to detect and remove.
• Adware and Spyware: These are a type of malware that can track the user's
browsing activity and display unwanted ads or steal personal information.
It's important to have up-to-date anti-virus software installed on your computer and to
practice safe browsing habits to protect against computer viruses. This includes avoiding
suspicious email attachments and links, keeping software updated, and being cautious
when downloading files from the internet.
• Trojan
A Trojan, or Trojan horse, is a type of malware that disguises itself as legitimate
software in order to gain access to a computer or network. Once it has infiltrated the
system, a Trojan can perform a variety of malicious actions, such as stealing personal
information, installing other malware, or giving hackers remote access to the infected
computer.
Unlike viruses, which replicate and spread on their own, Trojans are typically spread
through social engineering tactics, such as tricking the user into downloading and
installing the malware. They can be disguised as legitimate software or as a software
update, and are often spread through email attachments, instant messages, or malicious
websites.
• Remote Access Trojans (RATs): These Trojans allow an attacker to gain remote
access to the infected computer, allowing them to control the computer, steal
information, or install other malware.
• Banking Trojans: These Trojans are designed to steal financial information, such
as login credentials for online banking.
• Downloader Trojans: These Trojans download and install other malware, such as
viruses and spyware, on the infected computer.
• Backdoor Trojans: These Trojans open a "backdoor" on the infected computer,
allowing an attacker to gain unauthorized access.
• Dropper Trojans: These Trojans are used to install other malware by "dropping"
the malware onto the infected computer.
• Information stealing Trojans: These trojans are designed to steal personal
information such as login credentials, credit card details and other sensitive
information.
• Rootkit Trojans: These Trojans are a type of malware that can hide itself and other
malicious software on the infected system, making it difficult to detect and remove.
• Cryptojacking Trojans: These Trojans are designed to perform crypto mining
operations by using the infected computer's resources without the user's knowledge.
• Worm
Worms are typically spread through email attachments, infected software or apps, and
malicious websites. They can also spread through vulnerabilities in networked systems,
such as unpatched software or weak passwords. Once a computer is infected, the worm
can spread to other computers by sending itself to contacts in an email address book, or
by spreading through a network.
It's important to have up-to-date anti-virus software installed on your computer and to
practice safe browsing habits to protect against computer worms. This includes avoiding
suspicious email attachments and links, keeping software updated, and being cautious
when downloading files from the internet.
1. Phishing: the use of fake emails or websites to trick individuals into providing personal
or financial information.
2. Business Email Compromise (BEC): a type of phishing attack where the attacker poses
as a legitimate business or executive to trick employees into transferring funds or
providing sensitive information.
3. Email fraud: sending fraudulent emails to trick individuals into sending money or
providing personal information.
4. Email spoofing: creating fake emails that appear to be from a legitimate source in order
to trick individuals into providing personal or financial information.
5. Spamming: sending unsolicited emails in bulk, often for the purpose of advertising or
phishing.
6. Email bombing: sending a large number of emails to a specific email address in order
to overload the recipient's inbox and disrupt their ability to use email.
7. Email extortion: threatening to release sensitive information unless a ransom is paid.
These are just a few examples of email-related crimes, but it's important to note that these
tactics and technologies are constantly evolving, and new forms of email-related crimes are
emerging all the time. To protect yourself from email-related crimes, it's important to be
cautious when clicking on links or opening attachments in emails, especially if they come from
• There are different ways to spoof an email, but the most common method is to use
a technique called "spoofing the sender address" (or "spoofing the From field"),
which involves forging the "From" field in the email header so that it appears to be
from a legitimate source. This can be done by manipulating the Simple Mail
Transfer Protocol (SMTP) and by using software that allows for the creation of
custom email headers.
• Email spoofing can also be done through "phishing" attacks, in which a fraudster
sends an email that appears to be from a legitimate source, with the intention of
tricking the recipient into providing personal or financial information.
• To protect yourself from email spoofing, it's important to be cautious when clicking
on links or opening attachments in emails, especially if they come from unknown
sources. Additionally, it is a good practice to use anti-spam and anti-phishing
software, and to be aware of the latest scams and threats. It is also advisable to hover
over the sender's email address to check the actual email address, and not the display
name.
E-mail Spamming
• Email spamming refers to the practice of sending unsolicited emails in bulk, often
for the purpose of advertising or phishing. These emails are typically sent to many
email addresses at once, and they can be sent from a single sender or from a network
of compromised computers (botnet).
• Spam emails can take many forms, but they are often used to advertise products or
services, to promote scams or fraud, or to spread malware. They can also be used
to phish for personal information, such as login credentials or financial information.
• Spammers use various techniques to send spam emails, such as using email lists
that they have purchased or harvested from the internet and using software that can
automatically send emails to large numbers of recipients. They can also use botnets,
networks of compromised computers that can be controlled remotely, to send spam
emails.
▪ E-mail Bombing
• Email bombing refers to the practice of sending many emails to a specific email
address in order to overload the recipient's inbox and disrupt their ability to use
email. The goal of email bombing is to flood the recipient's inbox with so many
emails that they are unable to access their legitimate messages or to cause the email
service to crash or become unavailable.
2. List linking:
Lists linking is a technique used in email bombing to evade detection and
blocking by email servers. It involves using multiple lists of email addresses
to send emails, rather than a single list. This can make it more difficult for
3. Zip bombing:
Zip bombing, also known as "compression bombing" or "file bombing," is
a type of email bombing that involves sending many small files in a
compressed format, such as a ZIP file, to a target email address or server.
The goal of this type of attack is to overload the recipient's email server or
storage capacity, causing the server to crash or become unresponsive.
The compressed file may contain many small files, such as text files or
images, which can be used to consume a large amount of storage space and
cause the email server to crash. The compressed file can also contain
malware or other malicious code that can infect the recipients' systems when
the file is opened.
DoS attacks can be launched from a single device or from a network of compromised
devices (botnet), and they can be difficult to prevent or mitigate. Some techniques that can
be used to protect against DoS attacks include:
1. Flooding attacks: These attacks involve overwhelming a network or server with a large
amount of traffic. The attacker can use a single device to flood the target with traffic or
use a botnet (a network of compromised devices) to amplify the attack. Examples of
flooding attacks include:
1. ICMP Flood: The attacker sends many ICMP echo request packets
(ping) to the target, overwhelming the network and causing it to become
unavailable.
2. UDP Flood: The attacker sends many UDP packets to a target,
overwhelming the network and causing it to become unavailable.
3. SYN Flood: The attacker sends many SYN packets to a target,
overwhelming the network and causing it to become unavailable.
2. Amplification attacks: These attacks involve using a network of infected devices
(botnet) to amplify the traffic to the target. Examples of amplification attacks include:
1. DNS Amplification: The attacker sends many DNS requests to open
DNS resolvers, which then respond to the target, overwhelming it with
traffic.
DoS attacks can be launched from a single device or from a network of compromised devices
(botnet), and they can be difficult to prevent or mitigate. Some techniques that can be used to
protect against DoS attacks include:
• Network traffic filtering: blocking traffic that appears to be part of a DoS attack
• Rate limiting the number of requests that can be made to a server or network
• Scrubbing services: redirecting traffic to a network that can filter and block malicious
traffic
• Firewall: protecting the network from unwanted traffic
It is important to note that DoS attacks can be very sophisticated and can change form
over time, so it's important to have a proactive approach and to have a incident response
plan in place.
There are several ways to protect against Distributed Denial of Service (DDoS) attacks:
It's important to remember that DDoS attacks can come in many forms, and there is no
single solution that can protect against all types of attacks. A combination of different
methods and techniques is often necessary to provide adequate protection.
• The internet has made it easier for individuals to access and distribute illegal
pornographic material, and it has also made it more difficult for law enforcement to
identify and prosecute individuals involved in these activities. Cybercriminals may use
various methods to distribute illegal pornographic material, such as peer-to-peer
networks, file-sharing sites, and dark web sites. They may also use encryption and other
methods to conceal their activities from authorities.
• The proliferation of illegal pornographic content on the internet can also lead to other
forms of cybercrime, such as extortion and blackmail, as well as being a potential
security risk, as it can be used as a vector to spread malware.
Intellectual property rights (IPR) violation refers to the unauthorized use, distribution, or
infringement of a person or organization's legally protected intellectual property. This can
include patents, trademarks, copyrights, trade secrets, and other forms of proprietary
information.
In the context of cybercrime, IPR violation can take many forms. For example, individuals
or organizations may use the internet to distribute copyrighted material, such as movies,
music, or software, without permission from the rights holder. This is known as piracy and
it is illegal in most countries.
IPR violation can also occur through trademark infringement, where a company or an
individual uses a trademark that is similar to an existing one, in order to mislead customers
and gain commercial advantage.
IPR violation is a serious crime and can result in significant financial losses for the rights
holder. It is punishable by law and can lead to fines, legal penalties and even imprisonment.
• Software Piracy:
Software piracy refers to the unauthorized use, distribution, or reproduction of copyrighted
software. This can include downloading and installing software from unlicensed sources,
such as torrent sites or peer-to-peer networks, as well as making copies of software and
distributing them to others.
When an individual or organization uses pirated software, they are not only violating
copyright law, but they are also breaking the terms of the software license agreement. This
can lead to several legal and financial consequences, including fines, legal penalties, and
even imprisonment.
Software piracy can also have a significant impact on the software industry, as it results in
lost revenue for software companies and can also harm the economy. Some software
companies even lose money due to piracy which can hamper the innovation and
development of new software.
It's important to note that using unlicensed or pirated software also poses a security risk as
it may be infected with malware or other malicious software, which can harm the user's
computer or steal sensitive information.
• Copyright Infringement:
Copyright infringement refers to the unauthorized use, distribution, or reproduction of
copyrighted material. This can include movies, music, books, artwork, software, and other
forms of creative expression that are protected by copyright laws.
In the context of the internet, copyright infringement can take many forms. For example,
individuals or organizations may use the internet to distribute copyrighted material, such
as movies, music, or software, without permission from the rights holder. This is known as
online piracy, and it is illegal in most countries. Other examples include reproducing and
distributing copyrighted material, such as books or music, on peer-to-peer networks, or
sharing copyrighted files on cloud storage sites without permission.
Copyright infringement can also occur when someone uses copyrighted material without
permission for commercial gain, like using copyrighted music on a YouTube channel
without permission from the rights holder.
Copyright infringement is a serious crime and can result in significant financial losses for
the rights holder. It is punishable by law and can lead to fines, legal penalties and even
imprisonment.
It's important to note that copyright laws vary by country and region, and it's always best
to check the local laws before using or distributing copyrighted material.
• Trademark Violation:
In the context of the internet, trademark infringement can take many forms. For example,
individuals or organizations may use a similar trademark to that of an established company
in order to sell counterfeit goods or services online. This can be particularly prevalent in e-
commerce platforms, where it can be difficult to differentiate between genuine and fake
products.
Trademark infringement can also occur when someone uses a trademarked name or logo in
an online ad or social media post without permission, or when a company uses a similar
name or logo for their business, in order to confuse customers and gain an unfair advantage.
Trademark violation is a serious crime and can result in significant financial losses for the
rights holder, as well as damage to their reputation. It is punishable by law and can lead to
fines, legal penalties and even imprisonment.
It's important to note that trademark laws vary by country and region, and it's always best
to check the local laws before using or registering a trademark.
Source code theft can occur in various ways, such as an employee of a company stealing
source code before leaving the company, or an outsider hacking into a company's computer
systems to access and steal source code.
Source code theft can have serious consequences for the affected company. It can lead to
financial losses, as the stolen code may be used to create competing products or services.
It can also harm the company's reputation and lead to legal action.
Additionally, it can also pose a security risk, as stolen source code may contain
vulnerabilities that can be exploited by hackers or cybercriminals to gain unauthorized
access to the systems or to steal sensitive information.
It's important to note that source code theft is a serious crime, and it is punishable by law.
Companies should take steps to protect their source code, such as implementing access
controls, using encryption, and regularly monitoring their systems for any unauthorized
access
• Patent Violation:
In the context of the internet, patent infringement can occur when an individual or company
uses or sells a patented invention or process without permission online. This can include
manufacturing or selling products that use a patented technology or process or using a
patented invention or process to provide a service.
Patent infringement can also occur when a company imports or sells products that were
made using a patented process or technology without permission.
Patent infringement can have serious consequences for the affected company or individual.
It can lead to financial losses, as well as legal action from the patent holder. It can also
harm the company's reputation and can lead to injunctions, fines, or even imprisonment.
It's important to note that patent laws vary by country and region, and it's always best to
check the local laws before using or selling a patented invention or process. Additionally,
it's important to conduct a patent search to ensure that the invention or process is not already
patented by someone else.
• Cyber Squatting
Cybersquatting, also known as domain squatting, is the act of registering, trafficking in, or
using a domain name with bad faith intent to profit from the goodwill of a trademark
belonging to someone else. This typically involves registering domain names that are
similar or identical to existing trademarks, with the intent to sell the domain name to the
trademark owner or a competitor at a higher price, or to use the domain name to divert
traffic to another website for commercial gain.
Cybersquatting can be a serious issue for businesses and individuals, as it can harm their
reputation and lead to lost revenue. It can also make it difficult for customers to find a
legitimate website and can lead to confusion and frustration.
In addition to registering domain names that are similar or identical to existing trademarks,
cybersquatters may also register domain names that are misspellings or variations of
existing trademarks, or that use variations of top-level domains (TLDs) such as .com, .net,
.org, etc.
There are laws and regulations in place to combat cybersquatting, such as the
Anticybersquatting Consumer Protection Act (ACPA) in the United States and the Uniform
Domain-Name Dispute-Resolution Policy (UDRP) established by the Internet Corporation
for Assigned Names and Numbers (ICANN) that allows trademark owners to file a
complaint with a dispute resolution service provider.
It's important to note that businesses and individuals should take steps to protect their
trademarks and domain names by regularly monitoring for potential cybersquatting
activities and taking legal action if they suspect they are a victim of cybersquatting.
Dr. Poonam Patel Page 44
e-Commerce & Cyber Security TYBCA
These types of cybercrime can result in significant financial losses for both individuals and
financial institutions. To prevent such crimes, banks and other financial institutions employ
various security measures such as encryption, firewalls, and multi-factor authentication to
protect their systems, and also educate customers on how to spot and avoid scams.
Cyber defamation is the act of making false and damaging statements about someone on
the internet. This can include statements made on social media, in online forums or
comments, or on websites. The statements can be in the form of text, images, or videos.
The defamatory statements can be about an individual, a company, or a group of people
and can be seen by many people which can cause serious harm to the reputation, credibility,
and financial stability of the person or entity being defamed. Unlike traditional defamation,
which can be difficult to prove, cyber defamation is often easier to trace, as it leaves a
digital footprint. Cyber defamation is considered a form of online harassment and can have
serious consequences for the person being defamed such as legal action, emotional distress,
and financial loss.
• Cyber Stalking
• Cyber Terrorism
• Investment Fraud: