e-Comm&CyberSecurity Notes

e-Commerce & Cyber Security TYBCA
Unit-1
Introduction to Electronic Commerce
What is ecommerce?
E-commerce, short for electronic commerce, refers to the buying and selling of goods
or services over the internet. This can include a wide range of activities, from purchasing
physical products from an online retailer to booking travel arrangements, buying digital
products such as music or e-books, and using online marketplaces to buy and sell goods and
services.
E-commerce has become increasingly popular in recent years due to the convenience and
accessibility it offers to both consumers and businesses. For consumers, e-commerce eliminates
the need to physically travel to a store and allows for easy price comparisons and product
reviews. For businesses, e-commerce provides a low-cost way to reach a global audience and
gather valuable data on customer behavior and preferences.
E-commerce can take place on various platforms and channels, including:
• Online marketplaces like Amazon and Flipkart

• Businesses websites and mobile apps
• Social media platforms like Instagram, Facebook and TikTok
• Online classifieds like Craigslist and Gumtree
• Subscription-based services like Netflix and Spotify
There are many different types of e-commerce, including business-to-consumer (B2C),

consumer-to-consumer (C2C), business-to-business (B2B), and mobile commerce (M-
commerce).
Aims of E-commerce
The aims of e-commerce can vary depending on the type of business and its target market, but
some common goals include:
• Increasing sales and revenue: E-commerce allows businesses to reach a global

audience, which can lead to increased sales and revenue.
• Improving customer service: E-commerce allows businesses to provide customers
with a convenient and personalized shopping experience, which can improve customer
satisfaction and loyalty.
• Expanding market reach: E-commerce allows businesses to expand beyond their
local market and sell to customers all over the world.
• Lowering costs: E-commerce can lower overhead costs associated with traditional
brick-and-mortar stores, such as rent, utilities, and staffing.
• Gaining customer insights: E-commerce allows businesses to collect data on customer
behavior and preferences, which can be used to improve products and services and
target marketing efforts.
• Improving inventory management: E-commerce allows businesses to have a better
track of their inventory, this way they can reorder when needed and avoid stockouts.
Dr. Poonam Patel Page 1
• Automation: E-commerce allows businesses to automate many process, such as order
processing, invoicing, and shipping, which can save time and reduce errors.
• Building a brand: E-commerce allows businesses to create a strong online presence
and build a brand through online marketing and social media.
• Increasing customer engagement: E-commerce allows businesses to engage with
customers through personalized communications, social media, and other digital
channels.
• Creating new revenue streams: E-commerce allows businesses to explore new
business models, such as subscription-based services and digital products, which can
create new revenue streams.
Benefits of E-commerce:
E-commerce offers a wide range of benefits for both consumers and businesses, including:
• Increased reach: E-commerce allows businesses to reach a global audience, which can
lead to increased sales and revenue.
• Convenience: E-commerce allows customers to shop from the comfort of their own
homes, without the need to leave their house or wait in line.
• 24/7 availability: E-commerce websites are open 24/7, allowing customers to shop at
any time.
• Lower costs: E-commerce businesses do not have the same costs associated with
traditional brick-and-mortar stores, such as rent, utilities, and staffing.
• Personalization and targeting: E-commerce allows businesses to collect data on
customer behavior and preferences, which can be used to personalize the shopping
experience and target marketing efforts.
• Increased competition: E-commerce creates a level playing field for small and large
businesses, as customers can easily compare prices and products from different sellers.
• Better inventory management: E-commerce allows businesses to have a better track
of their inventory, this way they can reorder when needed and avoid stockouts.
• Automation: E-commerce allows businesses to automate many process, such as order
processing, invoicing, and shipping, which can save time and reduce errors.
• Globalization: E-commerce allows businesses to expand beyond their local market and
sell to customers all over the world
• Easy Comparison and research: E-commerce allows customers to easily compare
products and prices from different vendors, as well as read product reviews and research
products before making a purchase.
• Limitations of E-commerce:
There are several limitations of ecommerce, including:
• Limited physical interaction: Online shopping does not allow customers to physically
examine or test products before purchasing, which can lead to dissatisfaction with the
product or difficulty in determining the right fit.

• Shipping and handling issues: Ecommerce relies on shipping and handling to deliver
products to customers, which can result in delays, damage, or lost packages.
• Lack of personal interaction: Shopping online can lack the personal interaction and
assistance that customers may receive when shopping in-store.
• Limited payment options: Some ecommerce platforms may not accept certain forms
of payment, such as cash or checks, which can limit the ability of some customers to
make purchases.
• Cyber security concerns: Ecommerce is vulnerable to cyber attacks and fraud, which
can lead to financial loss and damage to customer trust.
• Shipping Cost: Shipping cost may be higher for some remote locations and for heavy
item.
• Return Policy and Process: Some e-commerce sites have strict return policies, which
can make it difficult for customers to return items that do not meet their expectations.
E-Commerce v/s Traditional Commerce
E-commerce and traditional commerce (also known as brick-and-mortar commerce) are

two different ways of buying and selling goods and services. While e-commerce
primarily takes place online, traditional commerce typically involves physical
storefronts and in-person transactions.
Benefits of e-commerce include:
1. Increased reach: E-commerce allows businesses to reach a global audience with

minimal overhead costs. This can lead to increased sales and revenue.
2. Convenience: E-commerce allows customers to shop from the comfort of their own
homes, without the need to leave their house or wait in line.
3. 24/7 availability: E-commerce websites are open 24/7, allowing customers to shop at
any time.
4. Lower costs: E-commerce businesses do not have the same costs associated with
traditional brick-and-mortar stores, such as rent, utilities, and staffing.
5. Personalization and targeting: E-commerce allows businesses to collect data on
customer behavior and preferences, which can be used to personalize the shopping
experience and target marketing efforts.
6. Tangible experience: Physical stores provide customers with the opportunity to touch
and try on products before buying, which can lead to increased customer satisfaction.
7. Immediate satisfaction: Customers can take their purchases home with them
immediately, rather than waiting for delivery.
8. In-person customer service: Physical stores often have staff on hand to provide
customer service and answer questions.
9. Brand awareness and reputation: A physical store can serve as a symbol of a
business's reputation and credibility.
10. Community building: Physical stores can foster a sense of community and bring
people together.

Benefits of traditional commerce include:
It's worth noting that, these days, many businesses are utilizing both e-commerce and
traditional commerce strategies to reach customers in different ways. Some businesses use
e-commerce to expand their reach, while maintaining a physical storefront to provide
customers with a tangible experience. Some businesses use physical storefronts to promote
brand awareness and create community, while also having an online store for customers
who prefer to shop online.
M-Commerce:
M-commerce, short for mobile commerce, refers to the buying and selling of goods or services
through mobile devices such as smartphones and tablets. This can include a wide range of
activities, from purchasing physical products from an online retailer using a mobile device to
using mobile apps to book travel arrangements, buy digital products such as music or e-books,
and use mobile-optimized versions of online marketplaces to buy and sell goods and services.
M-commerce has become increasingly popular in recent years due to the widespread use of
smartphones and tablets, and the convenience and accessibility it offers to both consumers and
businesses. For consumers, m-commerce eliminates the need to be in front of a computer to
shop online and allows for easy price comparisons and product reviews on the go. For
businesses, m-commerce provides a way to reach customers wherever they are and gather
valuable data on customer behavior and preferences.
M-commerce can take place on various platforms and channels, including:
• Mobile apps of online marketplaces like Amazon and Etsy

• Businesses mobile apps
• Mobile optimized version of social media platforms like Instagram, Facebook and TikTok
• Mobile optimized version of online classifieds like Craigslist and Gumtree
• Mobile apps of subscription-based services like Netflix and Spotify
It is also important to note that M-commerce is a subset of e-commerce, as it covers all the
buying and selling activities that take place through mobile devices.
What is E-Business?
E-business, short for electronic business, refers to the use of technology and the internet to
conduct business operations and transactions. This can include a wide range of activities, from
selling products and services online to automating internal business processes, such as human
resources and accounting, to communicating and collaborating with customers and partners.
E-business includes e-commerce, but it goes beyond that, it encompasses all the online
activities of a business, including internal operations, external interactions with customers and
partners, and the use of technology to support these activities. E-business can also include the

use of digital technologies such as cloud computing, artificial intelligence, and the Internet of
Things to improve business operations and create new revenue streams.
Examples of e-business activities include:
• Selling products or services online through e-commerce platforms

• Using social media to connect with customers and promote products or services
• Using digital communication tools like email, instant messaging, and video conferencing to
collaborate with remote teams and partners
• Using digital tools to automate internal processes such as accounting, human resources, and
inventory management
• Using big data and analytics to gain insights into customer behavior and optimize business
operations
• Using online marketing techniques to reach new customers and promote products or services
E-business can provide many benefits to businesses, such as increased efficiency, cost savings,
and improved customer service. However, it also poses new challenges, such as the need for
businesses to stay on top of rapidly changing technologies and adapt to new market trends.
• Advantages of e-Commerce
▪ Convenience: E-commerce allows customers to shop and make purchases at any time
and from any location.
▪ Increased reach: E-commerce allows businesses to reach customers beyond their
physical location, which can increase the customer base and revenue.
▪ Cost savings: E-commerce can save businesses money by reducing the need for
physical storefronts, inventory storage, and other expenses.
▪ Personalization: E-commerce platforms have the ability to track customer behavior,
preferences and purchase history, which can be used for personalized marketing and
recommendations.
▪ Automation: Many e-commerce tasks can be automated, such as inventory
management, order fulfillment, and marketing campaigns.
▪ Data collection and analysis: E-commerce platforms generate a large amount of data
that can be used to gain insights into customer behavior, preferences, and buying
patterns.
▪ Increased competition: E-commerce has made it easier for small businesses to compete
with larger ones as they can reach a larger audience and don't need to invest as much in
physical infrastructure.
▪ Faster buying process: Shopping online is generally faster than physically going to a
store, as customers can easily browse through products, compare prices, and complete
a purchase in a shorter amount of time.
▪ Greater product selection: Online retailers can offer a larger selection of products than
physical stores because they don't have the same space constraints.
▪ Global market: E-commerce allows businesses to sell to customers worldwide, which
can greatly increase
• Disadvantages of e-Commerce
▪ Limited customer interaction: E-commerce transactions lack the personal touch of face-
to-face interactions, which can lead to lower customer satisfaction and loyalty.

▪ Shipping and handling issues: Shipping and handling physical goods can be
complicated and can lead to issues such as lost or damaged items.
▪ Shipping costs: Shipping costs can be a significant expense for both the business and
the customer.
▪ Returns and exchanges: Returns and exchanges can be more difficult to handle in an e-
commerce setting, leading to increased costs and reduced customer satisfaction.
▪ Cyber security risks: E-commerce transactions involve sensitive personal and financial
information, which can be vulnerable to hacking and other cyber threats.
▪ Limited product inspection: Customers cannot inspect products in person before
purchasing, which can lead to dissatisfaction with the product or the need for returns.
▪ Dependence on technology: E-commerce relies heavily on technology, which can be
vulnerable to outages, breakdowns, and other issues.
▪ Competition: Online marketplaces are highly competitive, making it difficult for new
businesses to establish themselves and for existing businesses to stand out.
▪ Lack of tactile experience: Online shopping doesn't provide customers with the tactile
experience of physically handling and examining a product before buying.
▪ Limited to digital products: E-commerce is limited to digital products and services,
which makes it difficult for businesses that sell physical goods to establish a strong
online presence.
• Advantages of m-Commerce
▪ Convenience and accessibility, as customers can shop and make purchases from
anywhere at any time using their mobile devices.
▪ Increased reach and accessibility, as more and more customers are using mobile devices
to browse the internet.
▪ Personalization and targeting, as companies can use data from mobile devices to
personalize the shopping experience and target advertising.
▪ Ability to reach customers through push notifications and other mobile-specific
features.
▪ Improved customer engagement, as mobile devices allow for interactive features such
as touch, GPS, and camera.
▪ Increased sales, as mobile commerce can make it easier for customers to purchase
products and services.
▪ Better customer experience, as mobile commerce can provide faster loading times, easy
navigation, and easy checkout.
▪ Cost-effective, as mobile commerce requires less investment in physical infrastructure
and maintenance.
• Disadvantages of m-Commerce
▪ Limited screen size and functionality of mobile devices can make it difficult to navigate
and complete transactions on mobile websites or apps.
▪ Security concerns, as mobile devices are more susceptible to hacking and data breaches.
▪ Limited payment options, as some customers may not have access to mobile payment
methods or prefer to use other forms of payment.
▪ Dependence on internet connectivity, which can be unreliable in some areas or during
certain times.
▪ Mobile websites may not be optimized for search engines, which can make it harder for
customers to find the mobile site.

▪ Limited customer service options, as it can be difficult to provide support via a mobile
device.
▪ Potential to be blocked by mobile carrier or government.

E-Commerce Framework:
An e-commerce framework is a set of guidelines, best practices, and technologies that

businesses can use to develop and implement an e-commerce strategy. A typical e-commerce
framework includes several key components:
1. E-commerce platform: This is the foundation of an e-commerce business, providing the

technical infrastructure for the website and online store. Popular e-commerce platforms include
Magento, Shopify, and WooCommerce.
2. Payment gateway: A payment gateway is a service that enables businesses to securely process
online payments. Examples include PayPal, Stripe, and Authorize.net.
3. Logistics and fulfillment: E-commerce businesses need to have a logistics and fulfillment
system in place to handle the storage, packaging, and shipping of products to customers.
4. Marketing and promotion: E-commerce businesses use various digital marketing techniques,
such as search engine optimization (SEO), email marketing, and social media marketing to
promote their products and services and drive traffic to their website.
5. Customer service: E-commerce businesses need to provide customers with a good customer
service experience. This includes providing information about products and services,
answering questions, and handling returns and refunds.
6. Data analytics: E-commerce businesses use data analytics tools to track customer behavior,
monitor website performance, and gain insights into customer preferences and trends.
7. Security: E-commerce businesses need to implement security measures to protect customer
data and prevent fraud. This includes using encryption and secure payment processing, as well
as complying with data privacy laws and regulations.
8. mobile optimization: E-commerce businesses need to make sure their website is mobile-
friendly and easy to navigate on a small screen.
An e-commerce framework is a flexible and adaptable system that allows businesses to evolve
with the changing market trends and customer needs. Businesses can use it as a guide to
develop their own e-commerce strategy and tailor it to their specific goals and target market.
E-Commerce Consumer Application:

An e-commerce consumer application, also known as an e-commerce app, is a mobile
application that enables consumers to shop for products and services directly from their mobile
devices. These apps typically provide a user-friendly interface and easy navigation to allow
customers to browse products, view details, add items to a shopping cart, and complete
transactions.
Some of the features that may be included in an e-commerce consumer application include:
1. Product browsing: Customers can browse products by category, brand, price, or other filters.
2. Product details: Customers can view detailed information about products, including images,
descriptions, and customer reviews.
3. Shopping cart: Customers can add items to their shopping cart and review the contents before
completing a purchase.
4. Payment processing: Customers can securely enter their payment information and complete
a transaction within the app.
5. Order tracking: Customers can track the status of their orders and view order history.
6. Customer service: Customers can access customer service through the app and communicate
with the business if they have any questions or concerns.
7. Personalization: Customers can create an account and save their preferences, and the app will
personalize the shopping experience based on their browsing and purchase history.
8. Push notifications: Customers will receive notifications of promotions, deals, and other
information that the business wants to share with them.
Many e-commerce consumer apps are integrated with the business's e-commerce platform,
allowing the customer to access the same inventory and features as the website. This allows
customers to shop on the go and make purchases anytime, anywhere.
E-Commerce Organizational Application:

An e-commerce organizational application is a type of software that businesses can use to
manage and streamline their e-commerce operations. These applications can include a wide
range of features and functionalities, depending on the specific needs of the business. Some
examples of e-commerce organizational applications include:
1. Inventory management: Allows businesses to manage and track their inventory levels, set
reorder points, and generate reports on stock levels and sales.
2. Order management: Allows businesses to manage and track customer orders, from initial
purchase to final delivery.
3. Customer relationship management (CRM): Allows businesses to manage customer
information, track customer interactions, and analyze customer behavior and preferences.
4. Financial management: Allows businesses to manage financial transactions, such as
invoicing, payments, and accounting.
5. Supply chain management: Allows businesses to manage relationships with suppliers, track
deliveries, and optimize logistics.
6. Marketing and promotion: Allows businesses to create, manage, and track marketing
campaigns, such as email campaigns and social media promotions.
7. Analytics and reporting: Allows businesses to track key performance indicators (KPIs) such
as website traffic, sales, and customer behavior.
8. Digital asset management: Allows businesses to store, organize and manage digital assets
such as images and videos.
9. Workflow management: Allows businesses to automate and streamline internal processes,
such as order fulfillment and customer service.
These e-commerce organizational applications are designed to help businesses more efficiently
manage their operations and make data-driven decisions. They can be integrated with e-
commerce platforms, mobile apps, and other software systems, and can be customized
accordingly.

Unit-2
The Network Infrastructure of e-Commerce
What is Information Way?

In the context of information technology (IT), an information way refers to the flow of data
between different systems and devices. This includes the technologies, protocols, and standards
that are used to transmit, store, and process data, as well as the policies and procedures that are
used to manage and protect this data.
Some examples of an information way in IT include:
1. Network infrastructure: The physical and logical components that make up a network, such
as routers, switches, and cables, that are used to transmit data between different devices and
systems.
2. Data transfer protocols: Standards that dictate how data should be formatted and transmitted
over a network, such as TCP/IP and HTTP.
3. Data storage systems: Technologies and solutions used to store data, such as databases, cloud
storage, and file servers.
4. Data processing and analysis: Applications and tools used to process and analyze data, such
as data warehousing, business intelligence, and big data analytics.
5. Data security: Measures and protocols that are implemented to protect data from unauthorized
access, such as encryption, firewalls, and intrusion detection systems.
6. Data governance: Policies and procedures that are used to manage and control the flow of data
within an organization, such as data retention and archiving policies.
An information way in IT is essential to ensure the smooth flow of data within an organization
and to protect the data from unauthorized access. It requires a balance between security,
accessibility and efficiency.
Information SuperHighway (I-Way)

The term "information superhighway" is a metaphor that was popularized in the 1990s to
describe the internet and the rapid growth of online information and communication. It was
used to convey the idea that the internet was becoming a vast network that would connect
people, businesses, and governments around the world, much like a physical highway connects
cities and towns. The term was often used to describe the potential of the internet to
revolutionize communication, commerce, and education. It also refers to the high-speed
communication lines, such as fiber-optic cables, that were being installed to support the
growing amount of data and traffic on the internet. The idea behind this was that the internet is
like a superhighway, allowing large amounts of information to be transmitted quickly and
efficiently over long distances.
Components of the I-Way

• Network access equipment
• Local on-Ramps
• Global Information Distribution Network
Network access equipment
Network access equipment, also known as edge devices, are the hardware and software
components that provide a connection between a user or device and a network. These
devices are located at the edge of a network and are responsible for providing network
access, routing data traffic, and enforcing security policies.
Some examples of network access equipment include:
1. Routers: These devices are responsible for directing data traffic between different
networks. They use routing protocols to determine the best path for data packets to take
and can also be used to connect multiple networks together.
A router is a networking device that forwards data packets between computer networks.
It is connected to two or more networks and determines the best path for a data packet
to take based on its destination IP address.
Routers use routing tables and protocols to determine the most efficient path for data
packets to travel. When a data packet is sent from a device on one network to a device
on another network, the router receives the packet and consults its routing table to
determine the best path to forward the packet.
The router then uses network protocols such as IP (Internet Protocol) and ICMP
(Internet Control Message Protocol) to forward the packet to the next hop on its way to
the final destination.
Routers also have the ability to perform Network Address Translation (NAT) to allow
multiple devices on a private network to share a single public IP address. They also
provide security by using firewall rules to control access to and from the network.
Routers also have Quality of Service (QoS) features that allows to prioritize certain
types of traffic like video conferencing over others like file downloads, this ensures that
critical applications get the bandwidth they need to function properly.
2. Switches: These devices are used to connect multiple devices within a network.
They forward data packets to the appropriate device based on their MAC address.
A switch is a networking device that connects devices on a network and forwards
data between them. It operates at the data link layer (layer 2) of the OSI model and
uses MAC addresses to forward data to the appropriate device. Switches are
commonly used to connect devices in a local area network (LAN) and can also be
used to connect LANs to other networks, such as a wide area network (WAN) or the
Internet.

3. Access Points: These devices are used to provide wireless network access to mobile
devices such as laptops and smartphones. They use wireless protocols such as Wi-Fi
and Bluetooth to transmit data.
4. Firewalls: These devices are used to enforce security policies and protect a network
from unauthorized access. They can be hardware or software-based, and use rules
and filters to block or allow specific types of network traffic.
5. VPN concentrators: These devices are used to create and manage virtual private
networks (VPNs), which allow remote users to securely access a network.
6. Load balancers: These devices are used to distribute network traffic across multiple
servers, in order to ensure that no single server is overwhelmed.
7. Proxies: These devices are used to filter and redirect network traffic, in order to
improve network performance and security.
Local on-ramps or Access Media

This is the second components of I-way, Access media is an essential component of the
information superhighway, as it refers to the various methods and technologies that allow users
to connect to the internet and access the vast amount of information and services available
online. They are described into four categories:
1. Telecom based infrastructure

Telecom based infrastructure refers to the physical and technological components that
make up a telecommunications network. This helps in transferring the information such
as text, audio, video and all other information from the one place to another place.
2. Cable TV based infrastructure

Cable TV based infrastructure refers to the physical and technological components that
make up a cable television network this helps on transferring the popular channels data
as broadcasting to home.
3. Wireless infrastructure
Wireless infrastructure refers to the physical and technological components that make
up a wireless network, which is used to transfer the data using wireless technologies.
4. Commercial on-line infrastructure

Commercial online infrastructure refers to the physical and technological components
that make up an e-commerce platform, which includes web servers, database servers,
content delivery servers, payment gateway, customer service and support, logistics and
fulfillment.
Global Information Distributed Networks

Global information distribution networks (GIDNs) refer to the complex network of systems,
technologies and infrastructure that enables the distribution and sharing of information on a
global scale. GIDNs are made up of a variety of different components, including:

1. Data centers: Large facilities that house servers, storage devices, and networking equipment
that store and process data.
2. Transmission networks: The physical and wireless infrastructure that connects data centers
and other devices, including fiber-optic cables, satellite links, and cellular networks.
3. Content delivery networks (CDNs): Distributed systems that help to deliver web content and
media to users more efficiently by replicating and caching content on servers located closer to
users.
4. Network service providers (NSPs): Companies that own and operate the infrastructure and
networks that make up the GIDN, such as internet service providers (ISPs) and cloud providers.
5. Applications and services: Platforms and tools that allow users to access and share
information, such as social media, search engines, and e-commerce sites.
All these different components work together to create a global network that allows for the
rapid and efficient distribution of information to users all around the world.
Network for E-Commerce

Peer to Peer (P2P)
A peer-to-peer (P2P) network is a type of decentralized network in which each participant
(peer) can act as both a client and a server. In P2P networks, there is no central server or
authority that controls the flow of information; instead, each peer acts as a node that can
connect to and communicate with other peers.
Some examples of P2P networks are:
1. File sharing networks: P2P networks are often used for file sharing, where users can share
and download files directly with each other without the need for a central server.
2. Decentralized platforms: Blockchain technologies use P2P network to validate and record
transactions, eliminating the need for a central authority.
3. Collaboration networks: P2P networks can also be used to enable collaboration among peers,
such as in online forums and chat groups.
4. VoIP: Some Voice over Internet Protocol (VoIP) services use P2P networks to connect users
directly, allowing for free or low-cost calling.
P2P networks are considered more resilient and fault-tolerant than client-server networks as
there is no single point of failure. However, they can also present security challenges, as the
absence of a central authority makes it more difficult to detect and prevent malicious activity.
Client Server Networks

A client-server network is a type of network architecture in which a central server provides
resources and services to multiple clients. The clients, also called workstations, request and
consume those resources and services.
In a client-server network, the server is responsible for maintaining and managing the network
resources, such as data storage, software applications, and hardware devices. The clients, on

the other hand, are responsible for displaying and processing the information provided by the
server.
Some examples of client-server networks are:
1. Corporate networks: Many businesses use client-server networks to manage and share
resources such as files, printers, and databases among employees.
2. Web services: In web-based services, web servers provide resources and services to clients
through a web browser.
3. Remote access: Remote desktop and virtual private networks (VPNs) use client-server
architecture to allow remote users to access network resources.
4. Cloud computing: Cloud-based services such as Software-as-a-Service (SaaS) and
Infrastructure-as-a-Service (IaaS) use client-server architecture.
A client-server network is considered a centralised network, and it is relatively easy to manage

and secure. However, if the central server goes down, the whole network will be affected.
Additionally, the network's scalability is limited by the capacity of the central server.
The client-server architecture can be divided into tiers, depending on the number of layers and
the distribution of functionality between them. The most common tiers are:
1. Single-tier: In this architecture, the client and server functionality is combined into a single
program. This is typically used for small applications where the client and server functionality
is simple and not expected to change.
2. Two-tier: In this architecture, the client and server functionality is separated into two distinct
programs. The client program handles the user interface, while the server program handles data
storage and business logic. This architecture is commonly used for small to medium-sized
applications.
3. Three-tier: In this architecture, the client, server and database are separated into three distinct
programs. The client program handles the user interface, the server program handles the
application logic and communicates with the database, and the database stores the data. This
architecture is commonly used for larger and more complex applications.
4. N-tier: This is an extension of the three-tier architecture, where the functionality is further
divided into multiple tiers. This can include additional application servers, web servers, and
other services. This architecture is commonly used for large-scale enterprise applications.
Each tier is designed to handle specific functions, which can make the application more
scalable, manageable and secure. The choice of the tier depends on the size and complexity of
the application, as well as the expected number of users and the need to handle multiple types
of clients
▪ Transaction models
Transaction models of e-commerce refer to the different ways in which businesses sell
their products and services online. The most common transaction models of e-
commerce include:

1. Business-to-business (B2B): Business-to-business (B2B) e-commerce refers to the

buying and selling of goods or services between companies over the internet. This can
include a wide range of activities, from purchasing raw materials and supplies to
selling finished products to other businesses. B2B e-commerce is often characterized
by high-value transactions, complex products or services, and long-term relationships
between buyers and sellers.
B2B e-commerce platforms, such as Alibaba and ThomasNet, have become

increasingly popular in recent years as a way for businesses to efficiently connect with
suppliers, customers, and partners.
2. Business-to-consumer (B2C): Business-to-Consumer (B2C) e-commerce refers to the

buying and selling of goods and services directly between a business and consumers
over the internet. This includes online retail websites, such as Amazon and Walmart,
as well as digital marketplaces, such as Etsy and Uber. B2C e-commerce allows
businesses to reach a global customer base, offer a wider range of products and
services, and provide a convenient and efficient shopping experience for consumers.
Many businesses also use B2C e-commerce as away to generate additional revenue
streams and increase brand awareness.
3. Consumer-to-consumer (C2C): Consumer-to-Consumer (C2C) e-commerce refers to

the buying and selling of goods and services directly between consumers over the
internet. This can include online marketplaces, such as eBay and Craigslist, as well as
social media platforms and mobile apps that enable individuals to sell goods and
services to other individuals. C2C e-commerce provides a platform for individuals to
buy and sell goods and services without the need for a traditional business
intermediary. This can enable consumers to find unique or hard-to-find items and also
allows them to sell their own goods and services. C2C e-commerce can also provide
a source of additional income for individuals who are looking to make money from
their hobbies or interests.
4. Consumer-to-business (C2B): Consumer-to-Business (C2B) e-commerce refers to a

type of e-commerce where consumers offer goods and services to businesses, instead
of the traditional business-to-consumer (B2C) model where businesses offer goods
and services to consumers. Examples of C2B e-commerce include online platforms
where individuals can sell their products, such as stock photos, videos, and designs to
business and websites for freelance work or gig work where individuals can offer their
services to businesses. C2B e-commerce can be beneficial for businesses, as they can
access a wider pool of talent and resources while also reducing costs. Additionally, it
can also be beneficial to individuals, as it allows them to leverage their skills and
resources to earn income
5. Business to Government (B2G): Business-to-Government (B2G) e-commerce refers

to the buying and selling of goods and services between businesses and government
entities over the internet. This can include procurement of goods and services such as
construction, technology, and consulting services. B2G e-commerce can help
government entities to reduce costs, increase efficiency and transparency in
procurement process, and also providing businesses with easy access to government
procurement opportunities. Many governments around the world have implemented
electronic procurement systems to streamline the procurement process for goods and
services. These systems allow businesses to submit bids, invoices, and other
documents electronically, making it easier for them to do business with government
agencies.
6. Government to Business (G2B): Government-to-Business (G2B) e-commerce refers

to the buying and selling of goods and services between government entities and
businesses over the internet. This can include the provision of services, such as
licenses and permits, as well as the sale of government-owned goods and resources.
G2B e-commerce can help government entities to increase transparency, reduce costs
and increase efficiency in the provision of services to businesses. It also allows
businesses to access information and services more easily and quickly. Many
governments around the world have implemented electronic systems such as portals,
websites, and applications that allow businesses to access government services and
information online. Examples of G2B e-commerce services are online business
registration, tax filing, and compliance reporting.
7. Government to Government (G2G): Government-to-Government (G2G) e-

commerce refers to the buying and selling of goods and services between different
levels of government or different government entities over the internet. This can
include the sharing of resources, such as information and personnel, as well as the
purchasing of goods and services. G2G e-commerce can help government entities to
increase collaboration, reduce costs, and improve the delivery of services to citizens.
Many governments around the world have implemented electronic systems such as
portals, websites, and applications that allow different government entities to share
resources and information, and also to facilitate cooperation on various projects and
initiatives. G2G e-commerce can also include inter-governmental procurement and
the sharing of common goods and services such as IT, logistics, and security.

Unit 3
e-Commerce Payment and Security Issues
E-commerce payment systems are the methods and technologies used to process and authorize
payments made by customers through an e-commerce website. Some common e-commerce
payment systems include:
1. Credit Card: This is the most widely used e-commerce payment system. It involves
customers providing their credit card details to the merchant, and the payment is authorized
by the card issuer.
2. Debit Card: Debit card payment is similar to credit card payment, but the funds are taken
directly from the customer's bank account.
3. Electronic Funds Transfer (EFT): EFT is a method of transferring funds electronically,
typically between banks. EFT payments can be made through online banking, direct
deposit, and wire transfer.
4. Digital wallets: Digital wallets such as PayPal, Apple Pay, and Google Wallet allow
customers to store their payment information securely and make payments without entering
their details each time.
5. Smart Card:
6. E-Cash:
7. E-Cheque:
Each e-commerce payment system has its own advantages and disadvantages, and the choice
of the system depends on the specific requirements of the e-commerce business, such as
security, convenience, and cost.
• Working of Credit Card

A credit card works by allowing cardholders to borrow funds up to a certain limit in order to
make purchases or withdraw cash. The cardholder is responsible for repaying the borrowed
funds, plus any interest charges. The process of using a credit card typically involves the
following steps:
1. Application: The cardholder applies for a credit card with a credit card issuer, such as a
bank or credit union. The issuer will check the cardholder's creditworthiness and may
approve or deny the application based on this information.
2. Activation: Once the cardholder is approved, the issuer will send them a physical credit
card and instructions on how to activate it. The cardholder may need to call the issuer or
visit a website to activate the card.
3. Use: The cardholder can now use their credit card to make purchases at merchants that
accept that particular credit card network (Visa, MasterCard, Amex etc).
4. Authorization: When a purchase is made, the merchant submits the transaction to the
credit card issuer for approval. The issuer then checks the cardholder's available credit limit
and creditworthiness, and if approved, sends an authorization code to the merchant to
confirm the transaction.
5. Billing: The card issuer will bill the cardholder for the purchase at the end of the billing
cycle. The cardholder can either pay off the balance in full by the due date, or make a
minimum payment and carry over the balance to the next month, incurring interest charges.
6. Payment: The cardholder will be responsible for making payments on the credit card
account, including any interest charges.
As a reminder, credit card network such as Visa or Mastercard facilitates the transaction
between the merchant and the card issuer, and also ensures that the funds are transferred
properly. Additionally, credit cards also offer the added benefit of fraud protection, as credit
card companies are able to detect and prevent unauthorized transactions.
• Working of Debit Card

Debit card is a payment card that deducts money directly from a consumer's checking account
to pay for a purchase. Debit cards are linked to the consumer's bank account and can be used
to withdraw cash or make purchases at merchants that accept the card. They are often branded
with the logo of a major credit card company, such as Visa or Mastercard, and can be used in
a similar way to credit cards. However, the funds are withdrawn from the consumer's account
immediately, rather than being borrowed from a lender.
A debit card is a payment card that allows cardholders to access funds they have deposited in
a bank account. When a consumer uses a debit card to make a purchase, the funds are
transferred from the cardholder's bank account to the merchant's account.
The process of using a debit card typically involves the following steps:
1. Application: The cardholder applies for a debit card with their bank or credit union. The
bank will check the cardholder's account information and may approve or deny the
application based on this information.
2. Activation: Once the cardholder is approved, the bank will send them a physical debit card
and instructions on how to activate it. The cardholder may need to call the bank or visit a
website to activate the card.
3. Use: The cardholder can now use their debit card to make purchases at merchants that
accept that particular debit card network (Visa, MasterCard, Maestro etc).
4. Authorization: When a purchase is made, the merchant submits the transaction to the card
issuer's network for approval. The issuer then checks the cardholder's available balance and
if approved, sends an authorization code to the merchant to confirm the transaction.
5. Settlement: The funds are then transferred from the cardholder's bank account to the
merchant's account. The cardholder's bank account balance is reduced by the amount of the
purchase.
6. Reconciliation: The cardholder's account statement will show the transactions that have
been made with the debit card, and the cardholder will reconcile the statement with their
bank account balance.
Unlike credit cards, debit cards do not offer credit and cardholders can only spend the amount
they have in their account. Also, debit card transactions are not subject to interest charges as
it's not borrowing but using the funds that you have in your account.

• Electronic Fund Transfer

EFT stands for "Electronic Funds Transfer." It is a method of transferring money between
accounts electronically, without the need for a physical check or cash. EFTs can be used to
transfer funds between individuals, businesses, or financial institutions.
There are several types of EFTs, including:
• Automated Clearing House (ACH) transactions, which are used for direct deposit of payroll,
social security and other government benefits, and other recurring payments.
• Wire transfers, which are used to transfer funds quickly and securely between financial
institutions.
• Point-of-sale (POS) transactions, which are used when a consumer makes a purchase with a
debit or credit card.
EFTs are generally considered to be a safe and secure way to transfer funds, as they are
processed through secure networks and are subject to strict regulations to prevent fraud. They
are also convenient, as they can be initiated and completed quickly, often with just a few clicks
of a button.
EFT transactions use routing numbers and account numbers to identify the sender and receiver's
account, and the transactions happen in real-time. They are also sometimes called as electronic
payments or digital payments.
Electronic Fund Transfer (EFT) is a type of electronic payment system that allows for the
transfer of money from one bank account to another without the use of paper checks or cash.
EFT transactions can be initiated through online banking, mobile apps, or at an ATM.
The process of an EFT typically starts with the sender initiating a transfer from their bank
account to the recipient's account. This is done by providing the recipient's account number
and routing number, which is a unique identification code that identifies the bank and branch
where the account is held.
Once the sender has entered the necessary information, the EFT system will process the
transaction and transfer the funds from the sender's account to the recipient's account. The
funds are typically available in the recipient's account within a few business days, depending
on the financial institution's policies.
EFTs are considered a secure and efficient way to transfer money. They can be used for a
variety of purposes such as paying bills, transferring money to friends and family, or for
business transactions. Some of the benefits of EFTs include convenience, speed, and a
reduction in errors and fraud.
Components of EFT

Electronic Fund Transfer (EFT) is a type of electronic payment system that allows the transfer
of funds between accounts without the use of physical money or checks. The components of
an EFT system include:
1. Payment originator: This is the person or organization initiating the EFT, such as a
customer making an online purchase.
2. Payment recipient: This is the person or organization receiving the EFT, such as a
merchant or vendor.
3. Payment network: This is the infrastructure that connects the payment originator and
recipient, such as the Automated Clearing House (ACH) network.
4. Financial institutions: These are the banks or other financial institutions that hold the
accounts involved in the EFT, such as the customer's bank and the merchant's bank.
5. Security measures: These are the measures in place to ensure the security and integrity
of the EFT, such as encryption and authentication.
• E-Wallets
• An e-wallet (or digital wallet) is a type of electronic device or online service that allows
individuals to make electronic transactions. It stores information such as credit card numbers,
shipping addresses, and account balances in one secure place. This information can then be
used to make purchases online, in-store, or through mobile devices.
• E-wallets can take the form of a physical device, such as a card or a key fob, or it can be an
app or website that can be accessed through a computer or mobile device. They can be linked
to a specific bank account, credit card or debit card, or they can be pre-loaded with a certain
amount of money.
• Users can use their e-wallets to make purchases online or in-store, as well as to pay bills,
transfer money to other people and make other types of transactions. Some e-wallets also
offer rewards or cashback for using the service.
• Popular examples of e-wallets include Apple Pay, Google Wallet, PayPal, Alipay and
Venmo. These e-wallets are widely accepted and can be used at a variety of merchants, both
online and in-store.
• Overall, e-wallets provide a convenient way to store and use payment information, they also
offer an extra layer of security as the payment information is not shared directly with
merchants.
• Smart Card

A smart card is a type of payment card that contains an embedded microprocessor or computer
chip. These chips can store and process information, and they allow for more advanced
functionality than traditional magnetic stripe cards.
Smart cards can be used for a variety of purposes, including:
Storing and using credit, debit, or prepaid account information for electronic transactions.
Storing and using loyalty or rewards program information.
Storing and using personal identification information, such as for access control or public
transportation.
Storing and using medical information, such as for electronic medical records or prescription
drug coverage.
The chip in a smart card can be either contact or contactless type. Contact smart cards have a
small gold or silver square on the front or back of the card, which must be physically inserted
into a card reader for the card to be read. Contactless smart cards, on the other hand, use radio-
frequency identification (RFID) technology to communicate with a card reader without the
need for physical contact.
Smart cards are considered to be more secure than traditional magnetic stripe cards as they are
difficult to duplicate and the information stored on them is encrypted. They are also used in
various industries such as finance, healthcare, transportation and government.
• E-Cash
E-cash, or electronic cash, is a digital form of currency that can be used for online transactions.
It is designed to mimic the functionality of physical cash, providing a way for users to make
anonymous, untraceable payments.
E-cash typically takes the form of a digital token or digital file that is stored on a user's
computer or mobile device. When a user wants to make a payment, they provide the e-cash
token or file to the merchant, who then verifies the authenticity of the e-cash and processes the
transaction.
There are different types of e-cash systems, some of them are based on digital signatures, which
provide a way to ensure the authenticity of the e-cash and prevent fraud. Other types of e-cash
are based on encryption technologies, which provide a way to protect the privacy of the user.
E-cash has been around for decades but it never really took off, this is because of the popularity
of credit cards and online payment systems like PayPal, which have similar features and are
more widely accepted by merchants. Additionally, the development of blockchain and
cryptocurrency has opened new possibilities for digital transactions that provide similar
features to e-cash.

• E-Cheque
• An E-Check (short for electronic check) is an electronic version of a paper check that allows
individuals and businesses to make payments over the internet. An E-Check is created when
the payer's bank account is debited and the funds are electronically transferred to the payee's
bank account. It uses the Automated Clearing House (ACH) network to transfer funds.
• eChecks work similarly to paper checks. The payer provides their bank account information,
including routing and account numbers, to the payee. The payee then initiates the eCheck,
which debits the funds from the payer's account and transfers them to the payee's account.
The process can take several days for the funds to clear, just like traditional paper checks.
• eChecksare considered to be a secure and cost-effective way to make payments, as they are
processed through the secure ACH network and are subject to strict regulations to prevent
fraud. They can be used for a variety of transactions, such as paying bills, making online
purchases, and funding online accounts.
• eChecks can be processed online via an e-commerce platform, or via an automated clearing
house (ACH) that allows for businesses and individual to process payments electronically.
They are widely accepted and used by merchants and businesses.
• Risk of Electronic Payment System
Electronic payment systems, such as online banking, mobile payments, and digital wallets,
have become increasingly popular in recent years due to their convenience and ease of use.
However, with this increased usage, there are also potential risks associated with electronic
payment systems. Some of the risks include:
1. Fraud: Electronic payment systems are vulnerable to fraud, such as phishing scams, where
criminals try to steal personal and financial information.
2. Hacking: Electronic payment systems are also vulnerable to hacking, which can lead to
unauthorized access to personal and financial information.
3. Data breaches: Electronic payment systems store sensitive personal and financial
information, which can be exposed in the event of a data breach.
4. Technical problems: Electronic payment systems can also be prone to technical problems,
such as system failures or glitches, which can result in delays or errors in processing
transactions.
5. Privacy concerns: Electronic payment systems may also raise concerns about privacy, as
the use of digital transactions can be tracked and recorded, thus exposing personal
information.
To mitigate these risks, it is important to use electronic payment systems that have strong
security measures in place, such as encryption and secure servers, and to be vigilant in
protecting personal and financial information. Additionally, regularly checking account
statements and reporting any suspicious activity promptly can also help protect against fraud.

• Security on web
Security is a critical concern for electronic payment systems (EPS) such as credit cards, debit
cards, e-wallets, eChecks and smart cards, as they involve the transfer of sensitive financial
information over the internet.
To protect against fraud and unauthorized transactions, EPS providers employ a variety of
security measures, including:
• Encryption: EPS providers use encryption to protect sensitive information as it is

transmitted over the internet. This makes it difficult for hackers to intercept and read the
information.
• Secure Socket Layer (SSL) and Transport Layer Security (TLS): These protocols are
used to create a secure connection between the user's web browser and the EPS provider's
website. This helps to prevent eavesdropping and tampering of information during
transmission.
• Two-factor authentication: This requires users to provide two forms of identification in
order to access their account, such as a password and a one-time code sent to their phone.
• Risk management: EPS providers use advanced algorithms and machine learning to detect
and prevent fraud in real-time. This includes monitoring transactions for suspicious patterns
and using fraud scoring to identify high-risk transactions.
• PCI-DSS Compliance: Payment Card Industry Data Security Standards (PCI-DSS)
compliance is a set of security standards that ensure that merchants, service providers, and
other organizations that handle credit and debit card information maintain a secure
environment.
It's also important for users to take steps to protect their own information, such as by keeping
their computer and mobile device secure, avoiding phishing scams, and being wary of giving
out personal information online.
Overall, EPS providers use a variety of security measures to protect user's information, but it's
important for users to also take the necessary steps to protect their own information.
• SSL
• Secure Sockets Layer (SSL) is a security protocol that is used to establish a secure and
encrypted connection between a web server and a web browser. The purpose of SSL is to
ensure that all data passed between the web server and browser remains private and
integral.
• When a user connects to a website that uses SSL, the browser and the web server establish
an SSL connection using a process called an SSL Handshake. During the SSL Handshake,
the browser and web server exchange information to establish a secure connection. This
includes the browser providing the web server with a copy of the SSL certificate, which
the web server uses to verify the identity of the website.
• Once the SSL Handshake is completed, the browser and web server will use the
established SSL connection to encrypt all data that is exchanged between them. This
means that any sensitive information, such as login credentials or credit card information,

is encrypted before it is transmitted over the internet. This ensures that the data cannot be
intercepted and read by anyone other than the intended recipient.
• SSL was succeeded by Transport Layer Security (TLS) which is an updated version of
SSL, but the two terms are often used interchangeably. SSL and TLS are implemented in
web browsers and servers to create a secure connection and protect sensitive data in
transit.
• Websites that use SSL or TLS are identified by the prefix "https" in the URL, and the
padlock icon in the browser address bar. Websites that use SSL or TLS are considered
more secure and trustworthy than those that do not.
Secure Socket Layer Protocol:

• SSL Record Protocol
The SSL Record Protocol is a component of the Secure Sockets Layer (SSL) protocol
that is responsible for the fragmentation, compression, and encryption of data
exchanged between the client and server. The SSL Record Protocol works in
conjunction with the SSL Handshake Protocol and the SSL Change Cipher Spec
Protocol to establish a secure connection and exchange data.
The main components of the SSL Record Protocol include:
▪ Record Layer: This is the layer that provides the core security services of the SSL
protocol, including data fragmentation, compression, and encryption.
▪ Data Fragmentation: The Record Protocol fragment the application data into
manageable chunks before it is encrypted, this is done to avoid exceeding the
maximum transmission unit (MTU) of the underlying network.
▪ Data Compression: The Record Protocol can also apply data compression to the
application data before it is encrypted, this can improve performance by reducing
the amount of data that needs to be transmitted.
▪ Data Encryption: The SSL Record Protocol uses symmetric key encryption to
encrypt the application data. The encryption algorithm and key are agreed upon
during the SSL Handshake Protocol.
▪ Data Integrity: The SSL Record Protocol uses a message authentication code
(MAC) to ensure that the data has not been tampered with during transmission.
▪ Data format: The SSL Record Protocol defines a specific format for the data that
is sent and received. This format includes fields for the SSL version number, the
length of the data, and the data itself, as well as the MAC for data integrity check.
• Handshake Protocol

The SSL Handshake Protocol is a component of the Secure Sockets Layer (SSL)
protocol that is responsible for the establishment of a secure connection between the
client and server. The Handshake Protocol works in conjunction with the SSL Record
Protocol and the SSL Change Cipher Spec Protocol to establish a secure connection and
exchange data.
The main components of the SSL Handshake Protocol include:
▪ Client Hello: This is the initial message sent by the client to initiate the SSL Handshake.
The Client Hello message includes information about the client's SSL version,
supported cipher suites, and a random number called the client random.
▪ Server Hello: This is the message sent by the server in response to the Client Hello.
The Server Hello message includes information about the server's SSL version, the
chosen cipher suite, and a random number called the server random.
▪ Certificate: This is the message sent by the server to provide its digital certificate
to the client. The certificate includes information about the identity of the server
and a public key that can be used to encrypt the data.
▪ Server Key Exchange: This is an optional message sent by the server in some cases
when the server has no certificate or the certificate doesn't contains the public key.
▪ Server Hello Done: This is the message sent by the server to indicate that the server
hello and certificate message(if applicable) are finished.
▪ Client Key Exchange: This message sent by the client after the server hello done,
to provide the pre-master secret to the server, that both parties will use to generate
the session key.
▪ Change Cipher Spec: This is a message sent by both the client and the server to
indicate that all future messages will be encrypted using the session key.
▪ Finished: This is a message sent by both the client and the server to indicate the
completion of the SSL Handshake.
Once the SSL Handshake is completed, the SSL Record Protocol is used to encrypt and
decrypt data exchanged between the client and server.
o
• Change Cipher Protocol
▪ The SSL (Secure Sockets Layer) Change Cipher Spec Protocol is a part of the
SSL/TLS (Transport Layer Security) protocol suite used to provide secure
communications on the internet. It is used to signal the end of the SSL/TLS
handshake process and the beginning of the secure data transfer phase.
▪ The Change Cipher Spec Protocol is used to notify the other party that the sender
will start using new cryptographic parameters for the secure data transfer. This is

done by sending a single message, called the Change Cipher Spec message, which
consists of a single byte with the value 1.
▪ When the Change Cipher Spec message is received, the recipient of the message
will use the new cryptographic parameters (e.g. keys and algorithms) to secure the
data that is sent and received over the SSL/TLS connection. This ensures that the
data is protected by the strongest and most up-to-date cryptographic algorithms
available.
• Alert Protocol
The SSL (Secure Sockets Layer) Alert Protocol is a part of the SSL/TLS (Transport
Layer Security) protocol suite used to provide secure communications on the internet.
It is used to convey important information and error messages between the client and
server during the SSL/TLS handshake process. The SSL Alert Protocol defines a set of
alert messages that can be sent by either the client or server to indicate the status of the
SSL/TLS connection, such as a handshake failure or a certificate problem. It uses a 2
byte format with the first byte being the level (warning or fatal) and the second byte
being the description of the alert.
What is SSL?
SSL (Secure Sockets Layer) is a protocol for establishing secure communications over the
internet. It was developed in the 1990s and was widely used to provide secure connections for
web browsers and other internet applications. In 1999, SSL was succeeded by TLS (Transport
Layer Security), which is considered to be a more secure and robust protocol for establishing
secure connections.
The main purpose of SSL/TLS is to provide a secure channel for data transmission between a
client (e.g. a web browser) and a server (e.g. a web server) by using a combination of public-
key and symmetric-key encryption.
In general, SSL/TLS is used to encrypt the data being sent and received between a client and
server, to authenticate the server to the client, and to provide integrity protection for the data
being transmitted. SSL/TLS is often used to protect sensitive information such as login
credentials, credit card numbers, and other personal information when it is transmitted over the
internet.
It is generally enabled by installing a SSL/TLS certificate on the server. It will make sure that
the data sent and received is encrypted, and the identity of the server is verified using the
certificate.
Why we need SSL?

The need for SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security) is
to provide a secure channel for data transmission between a client and a server over the internet.
This is important for a number of reasons:
▪ Data encryption: SSL/TLS encrypts the data being sent and received between a client
and server, making it difficult for anyone to intercept and read the data. This is especially
important when sensitive information such as login credentials, credit card numbers, and
other personal information is being transmitted.
▪ Server authentication: SSL/TLS is used to authenticate the server to the client, ensuring
that the client is communicating with the intended server and not an imposter. This helps
to prevent man-in-the-middle attacks.
▪ Data integrity: SSL/TLS provides integrity protection for the data being transmitted,
which helps to detect any tampering or modification of the data in transit.
▪ Compliance: Some compliance regulations like PCI-DSS, HIPAA etc, require to use
SSL/TLS for online transactions and data transfer.
▪ Trust: Having an SSL/TLS certificate on your website gives a sense of trust and
assurance to the customers that their information is safe with you.
In summary, SSL/TLS is used to protect the confidentiality, integrity and authenticity of the
data being transmitted over the internet, which is crucial for maintaining security and privacy
in online transactions.
SSL Layered Architecture
The SSL (Secure Sockets Layer) protocol has a layered architecture that consists of several
different layers, each of which serves a specific purpose in establishing a secure connection
between a client and a server. The main layers of the SSL protocol include:

1. Record Protocol: This layer is responsible for breaking up the data into smaller,
manageable blocks called records and then encrypting and authenticating each record.
2. Handshake Protocol: This layer is responsible for negotiating the cryptographic

parameters (e.g. keys and algorithms) that will be used to secure the connection. It also
authenticates the server to the client.
3. Alert Protocol: This layer is used to convey important information and error messages
between the client and server during the SSL/TLS handshake process.
4. Change Cipher Spec Protocol: This layer is used to signal the end of the SSL/TLS
handshake process and the beginning of the secure data transfer phase.
5. Application Layer: This layer is where the actual application-specific data is

exchanged between the client and server. The data passed through this layer is protected
by the cryptographic parameters established during the Handshake Protocol.
Each layer of the SSL/TLS protocol is built on top of the previous layer and provides additional
functionality. Together, these layers work to provide a secure, authenticated, and private
channel for the exchange of information between a client and a server over the internet.

Unit 4
Introduction to Cyber Crimes
• Introduction to Cyber Crimes

Cybercrime, also known as computer crime, refers to any illegal activity that involves the use
of computers, networks, or the internet. It encompasses a wide range of criminal activities such
as hacking, identity theft, cyber stalking, cyber bullying, and the spread of malware. These
crimes can be committed by individuals or groups, and can have serious consequences for both
individuals and organizations. With the increasing use of technology in our daily lives,
cybercrime has become a growing concern. It is important for individuals and organizations to
be aware of the risks and to take steps to protect themselves. This can include using strong
passwords, keeping software updated, and being cautious when clicking on links or opening
attachments.
• History of Cyber Crime
The history of cybercrime can be traced back to the early days of the internet and computer
technology. Here are a few key milestones in the history of cybercrime:
1. 1960s: The first computer viruses and worms began to appear. These early forms of
malware were primarily created as pranks or experiments, but they laid the foundation for
more malicious forms of cybercrime.
2. 1970s: The first cases of hacking and unauthorized access to computer systems began to be
reported. This was the beginning of cybercrime as we know it today.
3. 1980s: The first instances of computer fraud and identity theft began to be reported. The
development of online banking and e-commerce also made it easier for criminals to steal
money and personal information.
4. 1990s: The World Wide Web and the rise of the Internet made it easier for criminals to
perpetrate cybercrime on a global scale. Phishing, spamming, and other forms of online
fraud became more prevalent.
5. 2000s: The use of the Internet and mobile devices became widespread, and cybercrime
began to evolve to take advantage of these new technologies. Malware, ransomware and
APT became common, data breaches became more frequent.
6. 2010s: social media and IoT made it easier for cybercriminals to target individuals and
organizations on a massive scale. Cybercrime became a major concern for governments
and businesses around the world.
7. 2020s: With more people working from home and using online tools, cybercrime has
become more prevalent and sophisticated. Ransomware attacks, BEC and phishing
campaigns have become more common.
• Technical aspects of Cyber Crimes

The technical aspects of cybercrime involve the use of computer technology and networks to
commit illegal activities. Some examples of these technical aspects include:

1. Hacking: unauthorized access to a computer or network, often with the intent to steal or
corrupt data.
2. Malware: malicious software such as viruses, worms, and trojans that can damage or steal
information from a computer or network.
3. Phishing: the use of fake emails or websites to trick individuals into providing personal or
financial information.
4. Social Engineering: tricking people into divulging sensitive information or performing
actions that they wouldn't normally do
5. Distributed Denial of Service (DDoS) attacks: overwhelming a website or online service
with traffic to make it unavailable to users.
6. Ransomware: malware that encrypts a victim's files, making them inaccessible until a
ransom is paid.
7. Advanced Persistent Threats (APT): a set of stealthy and continuous computer hacking
processes, often orchestrated by human attackers, targeting a specific entity.
8. Internet of Things (IoT) attacks: targeting vulnerabilities in IoT devices, such as smart
home devices, to gain unauthorized access to networks.
These are just a few examples of the technical aspects of cybercrime. It's important to note that
these tactics and technologies are constantly evolving, and new forms of cybercrime are
emerging all the time.
Modes of cyber crime

There are several modes through which cybercrime can be committed:
1.Social Engineering: This is the use of psychological manipulation to trick individuals into
divulging personal or sensitive information or performing actions that they wouldn't normally
do. This can include phishing scams, vishing (voice phishing), and pretexting (creating a false
identity to gain trust).
2.Remote Access: This involves gaining unauthorized access to a computer or network from a
remote location. This can include hacking, malware, and ransomware.
3.Physical Access: This involves gaining access to a computer or network by physically
accessing the device, such as through the use of USB drives or other removable media.
4.Insider Threat: This is when an individual with authorized access to a computer or network
uses that access to commit cybercrime. This can include employees, contractors, or other
insiders.
5.Supply Chain Attack: This is when a cyber criminal targets a third-party vendor or supplier
that has access to an organization’s network and uses them as an entry point to launch an
attack.
6.Cloud-based attacks: This is when a cyber criminal targets a cloud-based service such as
software as a service (SaaS), infrastructure as a service (IaaS), or platform as a service (PaaS)
to gain unauthorized access to a network or steal data.
7.IoT attacks: This is when a cyber criminal targets vulnerability in IoT devices to gain
unauthorized access to a network.
8.Cryptojacking: This is the unauthorized use of someone else's computer to mine
cryptocurrency.

Again, these categories are not mutually exclusive, and an incident can have multiple elements
from different categories. Additionally, these tactics and technologies are constantly evolving,
and new forms of cybercrime are emerging all the time.
Difference between Cyber Crime and Traditional Crime
Cybercrime and traditional crime are both illegal activities, but they differ in several key ways:
1. Location: Traditional crime typically takes place in a physical location, such as a bank
or a store. Cybercrime, on the other hand, can take place anywhere that has an internet
connection, making it a more borderless and international phenomenon.
2. Modus Operandi: Traditional crime often involves physical force or the threat of force,
while cybercrime typically relies on technology and the manipulation of information.
3. Target: Traditional crime often targets individuals or physical assets, while cybercrime
may target computer systems, networks, and data.
4. Evidence: Evidence collection is different in both types of crime. Traditional crime
involves collecting physical evidence such as fingerprints, DNA, and other physical
trace, while in cybercrime, the evidence is digital and forensic analysis is needed to
collect evidence.
5. Impact: Traditional crime can have a localized impact, while cybercrime can have a
global impact, affecting multiple individuals and organizations at once.
6. Punishment: Punishment for traditional crime is usually served in the form of
imprisonment or fines, while cybercrime punishment is not always as clear cut, and can
depend on the country's laws and regulations.
In summary, while traditional crime and cybercrime both involve illegal activities, they differ
in terms of location, modus operandi, target, evidence and impact, and the way they are
punished.
• Unauthorized access & Hacking

Unauthorized access and hacking refer to the act of gaining unauthorized access to a computer
or network. Hacking can be done for a variety of reasons, such as to steal personal information,
cause damage to a computer or network, or to use the resources of the computer or network for
malicious purposes.
Unauthorized access can be achieved through a variety of methods, such as guessing or

cracking passwords, exploiting vulnerabilities in software or hardware, or using malware to
gain access.
Hacking can be divided into different categories based on the intent and methods used, such
as:
• White hat hacking: done by ethical hackers to identify vulnerabilities in a system and help
improve its security.

• Black hat hacking: done by malicious hackers with the intent of causing harm or stealing
information.
• Gray hat hacking: done by hackers who may or may not have malicious intent, but who do
not have permission to access the systems they are hacking.
It's important for individuals and organizations to take steps to protect themselves against
unauthorized access and hacking. This can include using strong passwords, keeping software
updated, and being cautious when clicking on links or opening attachments. Additionally, it's
also a good practice to regularly perform security audits and penetration testing to identify
vulnerabilities in your systems and to implement security measures to mitigate them.
Virus, Trojan and Worm Attacks

• Virus
A computer virus is a type of malware that is designed to replicate itself and spread to
other computers. Once a computer is infected with a virus, it can cause a variety of
problems, such as slowing down the performance of the computer, corrupting or
deleting files, and stealing personal information. Some viruses are relatively harmless
and simply display annoying messages or change the appearance of the computer's
desktop, while others can cause serious damage.
A computer virus is typically spread through email attachments, infected software or

apps, and malicious websites. Once a computer is infected, the virus can spread to other
computers by sending itself to contacts in an email address book, or by spreading
through a network.
There are different types of viruses, such as:
• File infector viruses: These viruses infect executable files, such as .exe and .com
files, and replicate themselves when the infected file is run.
• Boot sector viruses: These viruses infect the boot sector of a disk, which is the area
of the disk that is used to start the computer. They replicate themselves by installing
a copy of the virus in the boot sector of any disk that is inserted into the infected
computer.
• Macro viruses: These viruses infect documents, such as those created in Microsoft
Word or Excel, and replicate themselves by infecting other documents that are
opened on the infected computer.
• Stealth viruses: These viruses use techniques to evade detection by anti-virus
software, by hiding themselves or disguising their activities.
• Polymorphic viruses: These viruses can change their appearance or code to evade
detection by anti-virus software.
• Ransomware: These are a type of malware that encrypts the victims' files and
demands a ransom to be paid to provide the decryption key.
• Worms: These are a type of malware that can replicate itself and spread to other
computers, often through network vulnerabilities.
• Trojan horses: These are a type of malware that disguises itself as a legitimate
program, but once executed, it can cause harm to the system or steal information.
• Rootkits: These are a type of malware that can hide itself and other malicious
software on the infected system, making it difficult to detect and remove.
• Adware and Spyware: These are a type of malware that can track the user's
browsing activity and display unwanted ads or steal personal information.
It's important to have up-to-date anti-virus software installed on your computer and to
practice safe browsing habits to protect against computer viruses. This includes avoiding
suspicious email attachments and links, keeping software updated, and being cautious
when downloading files from the internet.
• Trojan
A Trojan, or Trojan horse, is a type of malware that disguises itself as legitimate
software in order to gain access to a computer or network. Once it has infiltrated the
system, a Trojan can perform a variety of malicious actions, such as stealing personal
information, installing other malware, or giving hackers remote access to the infected
computer.
Unlike viruses, which replicate and spread on their own, Trojans are typically spread
through social engineering tactics, such as tricking the user into downloading and
installing the malware. They can be disguised as legitimate software or as a software
update, and are often spread through email attachments, instant messages, or malicious
websites.
There are different types of Trojan, such as:
• Remote Access Trojans (RATs): These Trojans allow an attacker to gain remote
access to the infected computer, allowing them to control the computer, steal
information, or install other malware.
• Banking Trojans: These Trojans are designed to steal financial information, such
as login credentials for online banking.
• Downloader Trojans: These Trojans download and install other malware, such as
viruses and spyware, on the infected computer.
• Backdoor Trojans: These Trojans open a "backdoor" on the infected computer,
allowing an attacker to gain unauthorized access.
• Dropper Trojans: These Trojans are used to install other malware by "dropping"
the malware onto the infected computer.
• Information stealing Trojans: These trojans are designed to steal personal
information such as login credentials, credit card details and other sensitive
information.
• Rootkit Trojans: These Trojans are a type of malware that can hide itself and other
malicious software on the infected system, making it difficult to detect and remove.
• Cryptojacking Trojans: These Trojans are designed to perform crypto mining
operations by using the infected computer's resources without the user's knowledge.
• Worm

A worm is a type of malware that is designed to replicate itself and spread to other
computers. It is similar to a computer virus in that it can cause a variety of problems,
such as slowing down the performance of the computer, corrupting or deleting files,
and stealing personal information. Unlike viruses, which typically need a host file to
replicate, worms can replicate and spread on their own, often through networks and the
internet.
Worms are typically spread through email attachments, infected software or apps, and
malicious websites. They can also spread through vulnerabilities in networked systems,
such as unpatched software or weak passwords. Once a computer is infected, the worm
can spread to other computers by sending itself to contacts in an email address book, or
by spreading through a network.
There are different types of worms, such as:
• Email worms: spread through email attachments or links

• Network worms: spread through networks
• Instant messaging worms: spread through instant messaging
• File-sharing worms: spread through peer-to-peer file sharing networks
It's important to have up-to-date anti-virus software installed on your computer and to
practice safe browsing habits to protect against computer worms. This includes avoiding
suspicious email attachments and links, keeping software updated, and being cautious
when downloading files from the internet.
• E-mail related Crimes

Email-related crimes refer to illegal activities that involve the use of email or other forms of
electronic communication. Some examples of email-related crimes include:
1. Phishing: the use of fake emails or websites to trick individuals into providing personal
or financial information.
2. Business Email Compromise (BEC): a type of phishing attack where the attacker poses
as a legitimate business or executive to trick employees into transferring funds or
providing sensitive information.
3. Email fraud: sending fraudulent emails to trick individuals into sending money or
providing personal information.
4. Email spoofing: creating fake emails that appear to be from a legitimate source in order
to trick individuals into providing personal or financial information.
5. Spamming: sending unsolicited emails in bulk, often for the purpose of advertising or
phishing.
6. Email bombing: sending a large number of emails to a specific email address in order
to overload the recipient's inbox and disrupt their ability to use email.
7. Email extortion: threatening to release sensitive information unless a ransom is paid.
These are just a few examples of email-related crimes, but it's important to note that these
tactics and technologies are constantly evolving, and new forms of email-related crimes are
emerging all the time. To protect yourself from email-related crimes, it's important to be
cautious when clicking on links or opening attachments in emails, especially if they come from

unknown sources. Additionally, it's a good practice to use anti-spam and anti-phishing software
and to be aware of the latest scams and threats.
▪ E-mail Spoofing and Spamming

E-mail Spoofing
• Email spoofing is a technique used by cybercriminals to create fake emails that
appear to be from a legitimate source, such as a bank, a government agency, or a
well-known company. The goal of email spoofing is to trick individuals into
providing personal or financial information, or into clicking on a link or opening an
attachment that contains malware.
• There are different ways to spoof an email, but the most common method is to use
a technique called "spoofing the sender address" (or "spoofing the From field"),
which involves forging the "From" field in the email header so that it appears to be
from a legitimate source. This can be done by manipulating the Simple Mail
Transfer Protocol (SMTP) and by using software that allows for the creation of
custom email headers.
• Email spoofing can also be done through "phishing" attacks, in which a fraudster
sends an email that appears to be from a legitimate source, with the intention of
tricking the recipient into providing personal or financial information.
• To protect yourself from email spoofing, it's important to be cautious when clicking
on links or opening attachments in emails, especially if they come from unknown
sources. Additionally, it is a good practice to use anti-spam and anti-phishing
software, and to be aware of the latest scams and threats. It is also advisable to hover
over the sender's email address to check the actual email address, and not the display
name.
E-mail Spamming
• Email spamming refers to the practice of sending unsolicited emails in bulk, often
for the purpose of advertising or phishing. These emails are typically sent to many
email addresses at once, and they can be sent from a single sender or from a network
of compromised computers (botnet).
• Spam emails can take many forms, but they are often used to advertise products or
services, to promote scams or fraud, or to spread malware. They can also be used
to phish for personal information, such as login credentials or financial information.
• Spammers use various techniques to send spam emails, such as using email lists
that they have purchased or harvested from the internet and using software that can
automatically send emails to large numbers of recipients. They can also use botnets,
networks of compromised computers that can be controlled remotely, to send spam
emails.

• Receiving spam emails can be annoying and can also be a security risk, as they may
contain malware or phishing links. To protect yourself from spam emails, it's
important to be cautious when clicking on links or opening attachments in emails,
especially if they come from unknown sources. Additionally, it's a good practice to
use anti-spam software and to be aware of the latest scams and threats. Also, it's
advisable to mark the email as spam or unsubscribe if the option is available.
▪ E-mail Bombing
• Email bombing refers to the practice of sending many emails to a specific email
address in order to overload the recipient's inbox and disrupt their ability to use
email. The goal of email bombing is to flood the recipient's inbox with so many
emails that they are unable to access their legitimate messages or to cause the email
service to crash or become unavailable.
• Email bombing can be done manually or using automated scripts or software. In a

manual email bombing, the attacker will repeatedly send emails to the target
address, often from multiple email accounts. Automated email bombing can be done
by using software that can repeatedly send emails to a target address, often from a
botnet (a network of compromised computers).
• Email bombing can be a form of cyber-harassment and can cause serious

disruptions to the targeted individual or organization. It can also consume a
significant amount of network resources, causing the targeted server to crash or
become unavailable.
• To protect yourself or your organization from email bombing, it is important to have

proper email filtering and security measures in place. This may include using anti-
spam software, rate limiting, and IP blocking. Additionally, it is important to be
aware of the signs of email bombing and to report any suspicious activity to your
email service provider or to the authorities.
There are three methods of an email bombing:

1. Mass Mailing:
Mass mailing is the process of sending many emails to many recipients
simultaneously. This can be done for a variety of reasons, such as promoting
a product or service, sharing important news or information, or sending
marketing or promotional messages. Mass mailing can be done using email
marketing software or services, which can automate the process of sending
emails and manage large lists of recipients.
2. List linking:
Lists linking is a technique used in email bombing to evade detection and
blocking by email servers. It involves using multiple lists of email addresses
to send emails, rather than a single list. This can make it more difficult for

email servers to detect and block the emails, as the attack is coming from
multiple sources.
3. Zip bombing:
Zip bombing, also known as "compression bombing" or "file bombing," is
a type of email bombing that involves sending many small files in a
compressed format, such as a ZIP file, to a target email address or server.
The goal of this type of attack is to overload the recipient's email server or
storage capacity, causing the server to crash or become unresponsive.
The compressed file may contain many small files, such as text files or
images, which can be used to consume a large amount of storage space and
cause the email server to crash. The compressed file can also contain
malware or other malicious code that can infect the recipients' systems when
the file is opened.
▪ Denial of Service Attacks

A Denial of Service (DoS) attack is a type of cyber-attack in which an attacker attempts to
make a computer or network resource unavailable to its intended users by overwhelming it
with traffic. The goal of a DoS attack is to disrupt the normal functioning of a website,
service, or a network, making it unavailable to legitimate users.
There are different types of DoS attacks, such as:
DoS attacks can be launched from a single device or from a network of compromised
devices (botnet), and they can be difficult to prevent or mitigate. Some techniques that can
be used to protect against DoS attacks include:
1. Flooding attacks: These attacks involve overwhelming a network or server with a large
amount of traffic. The attacker can use a single device to flood the target with traffic or
use a botnet (a network of compromised devices) to amplify the attack. Examples of
flooding attacks include:
1. ICMP Flood: The attacker sends many ICMP echo request packets
(ping) to the target, overwhelming the network and causing it to become
unavailable.
2. UDP Flood: The attacker sends many UDP packets to a target,
overwhelming the network and causing it to become unavailable.
3. SYN Flood: The attacker sends many SYN packets to a target,
overwhelming the network and causing it to become unavailable.
2. Amplification attacks: These attacks involve using a network of infected devices
(botnet) to amplify the traffic to the target. Examples of amplification attacks include:
1. DNS Amplification: The attacker sends many DNS requests to open
DNS resolvers, which then respond to the target, overwhelming it with
traffic.

2. NTP Amplification: The attacker sends many NTP requests to open
NTP servers, which then respond to the target, overwhelming it with
traffic.
3. SNMP Amplification: The attacker sends many SNMP requests to
open SNMP servers, which then respond to the target, overwhelming it
with traffic.
3. Application layer attack: An Application-layer Denial of Service (DoS) attack is a

type of DoS attack that targets specific vulnerabilities in a website or application. This
type of attack is designed to exploit weaknesses in the application layer of the OSI
model and can cause the targeted application or website to become unavailable or slow
down. Examples of Application-layer DoS attacks include:
1. HTTP Flood: The attacker sends many HTTP requests to a website,

overwhelming the server and causing it to become unavailable.
2. Slowloris: The attacker opens many connections to a web server and
keeps them open, using minimal bandwidth. This causes the server's
resources to become exhausted and the website becomes unavailable.
3. POST Flood: The attacker sends many POST requests to a website,
overwhelming the server and causing it to become unavailable.
DoS attacks can be launched from a single device or from a network of compromised devices
(botnet), and they can be difficult to prevent or mitigate. Some techniques that can be used to
protect against DoS attacks include:
• Network traffic filtering: blocking traffic that appears to be part of a DoS attack
• Rate limiting the number of requests that can be made to a server or network
• Scrubbing services: redirecting traffic to a network that can filter and block malicious
traffic
• Firewall: protecting the network from unwanted traffic
It is important to note that DoS attacks can be very sophisticated and can change form
over time, so it's important to have a proactive approach and to have a incident response
plan in place.
▪ Distributed Denial of Service Attacks
A distributed denial-of-service (DDoS) attack is a type of cyberattack in which many

compromised devices, often referred to as "zombies," are used to flood a targeted
website or network with traffic. The goal of a DDoS attack is to overwhelm the targeted
website or network with so much traffic that it is unable to function properly and
becomes inaccessible to legitimate users. DDoS attacks can be launched from a single
location or from multiple locations simultaneously, which makes them difficult to
prevent and mitigate.
There are several ways to protect against Distributed Denial of Service (DDoS) attacks:

1. Use a DDoS protection service: Many companies offer DDoS protection
services that can detect and block incoming DDoS traffic before it reaches your
network.
2. Use a Content Delivery Network (CDN): A CDN can absorb some of the traffic
generated by a DDoS attack and can also help to distribute traffic across multiple
servers, making it more difficult for an attacker to take down your website.
3. Use a firewall: A firewall can be configured to block or limit incoming traffic
from suspicious IP addresses, which can help to mitigate the effects of a DDoS
attack.
4. Use rate limiting: Implement rate limiting on your servers and network devices
to limit the amount of traffic that can be sent to your website or network.
5. Use traffic shaping: Traffic shaping is a technique that can be used to prioritize
important traffic and drop less important traffic during a DDoS attack.
6. Monitor your network: Regularly monitor your network for any signs of a
DDoS attack, such as a sudden increase in traffic or a decrease in website
performance.
7. Have an incident response plan: Having a incident response plan in place and
practiced can help you quickly respond to a DDoS attack, minimize the damage,
and get your services back online as soon as possible.
8. Keep software and systems updated: Keep all software and systems up to date
to protect against known vulnerabilities that could be exploited by attackers.
It's important to remember that DDoS attacks can come in many forms, and there is no
single solution that can protect against all types of attacks. A combination of different
methods and techniques is often necessary to provide adequate protection.

Unit-5
Prohibited Actions on Cyber Crime
• Pornography
• In the context of cybercrime, pornography refers to the distribution or possession of
sexually explicit material on the internet that is illegal or prohibited by law. This can
include child pornography, which is illegal in most countries, as well as other forms of
pornography that are illegal to distribute or possess in specific regions or jurisdictions.
The possession, distribution and production of child pornography is considered a
serious crime and is punishable by law.
• The internet has made it easier for individuals to access and distribute illegal
pornographic material, and it has also made it more difficult for law enforcement to
identify and prosecute individuals involved in these activities. Cybercriminals may use
various methods to distribute illegal pornographic material, such as peer-to-peer
networks, file-sharing sites, and dark web sites. They may also use encryption and other
methods to conceal their activities from authorities.
• The proliferation of illegal pornographic content on the internet can also lead to other
forms of cybercrime, such as extortion and blackmail, as well as being a potential
security risk, as it can be used as a vector to spread malware.
• IPR Violations: Software Piracy, Copyright infringement, Trademarks Violations,

Theft of computer source code, Patent violations
Intellectual property rights (IPR) violation refers to the unauthorized use, distribution, or
infringement of a person or organization's legally protected intellectual property. This can
include patents, trademarks, copyrights, trade secrets, and other forms of proprietary
information.
In the context of cybercrime, IPR violation can take many forms. For example, individuals
or organizations may use the internet to distribute copyrighted material, such as movies,
music, or software, without permission from the rights holder. This is known as piracy and
it is illegal in most countries.
IPR violation can also occur through trademark infringement, where a company or an
individual uses a trademark that is similar to an existing one, in order to mislead customers
and gain commercial advantage.
Another form of IPR violation is patent infringement, where a person or an organization

uses or sells a patented invention or process without permission from the patent holder.
IPR violation is a serious crime and can result in significant financial losses for the rights
holder. It is punishable by law and can lead to fines, legal penalties and even imprisonment.

• Software Piracy:
Software piracy refers to the unauthorized use, distribution, or reproduction of copyrighted
software. This can include downloading and installing software from unlicensed sources,
such as torrent sites or peer-to-peer networks, as well as making copies of software and
distributing them to others.
When an individual or organization uses pirated software, they are not only violating
copyright law, but they are also breaking the terms of the software license agreement. This
can lead to several legal and financial consequences, including fines, legal penalties, and
even imprisonment.
Software piracy can also have a significant impact on the software industry, as it results in
lost revenue for software companies and can also harm the economy. Some software
companies even lose money due to piracy which can hamper the innovation and
development of new software.
It's important to note that using unlicensed or pirated software also poses a security risk as
it may be infected with malware or other malicious software, which can harm the user's
computer or steal sensitive information.
• Copyright Infringement:
Copyright infringement refers to the unauthorized use, distribution, or reproduction of
copyrighted material. This can include movies, music, books, artwork, software, and other
forms of creative expression that are protected by copyright laws.
In the context of the internet, copyright infringement can take many forms. For example,
individuals or organizations may use the internet to distribute copyrighted material, such
as movies, music, or software, without permission from the rights holder. This is known as
online piracy, and it is illegal in most countries. Other examples include reproducing and
distributing copyrighted material, such as books or music, on peer-to-peer networks, or
sharing copyrighted files on cloud storage sites without permission.
Copyright infringement can also occur when someone uses copyrighted material without
permission for commercial gain, like using copyrighted music on a YouTube channel
without permission from the rights holder.
Copyright infringement is a serious crime and can result in significant financial losses for
the rights holder. It is punishable by law and can lead to fines, legal penalties and even
imprisonment.
It's important to note that copyright laws vary by country and region, and it's always best
to check the local laws before using or distributing copyrighted material.
• Trademark Violation:

Trademark violation, also known as trademark infringement, refers to the unauthorized use
of a trademark that is like an existing one, in order to mislead customers and gain
commercial advantage. A trademark is a legally protected symbol, word, or phrase that is
used to identify and distinguish a company's products or services from those of its
competitors.
In the context of the internet, trademark infringement can take many forms. For example,
individuals or organizations may use a similar trademark to that of an established company
in order to sell counterfeit goods or services online. This can be particularly prevalent in e-
commerce platforms, where it can be difficult to differentiate between genuine and fake
products.
Trademark infringement can also occur when someone uses a trademarked name or logo in
an online ad or social media post without permission, or when a company uses a similar
name or logo for their business, in order to confuse customers and gain an unfair advantage.
Trademark violation is a serious crime and can result in significant financial losses for the
rights holder, as well as damage to their reputation. It is punishable by law and can lead to
fines, legal penalties and even imprisonment.
It's important to note that trademark laws vary by country and region, and it's always best
to check the local laws before using or registering a trademark.
• Computer Source code Theft:

Computer source code theft refers to the unauthorized access, duplication, or use of
proprietary source code, which is the underlying programming instructions that make a
computer program or software work. Source code is considered intellectual property and is
protected by copyright laws.
Source code theft can occur in various ways, such as an employee of a company stealing
source code before leaving the company, or an outsider hacking into a company's computer
systems to access and steal source code.
Source code theft can have serious consequences for the affected company. It can lead to
financial losses, as the stolen code may be used to create competing products or services.
It can also harm the company's reputation and lead to legal action.
Additionally, it can also pose a security risk, as stolen source code may contain
vulnerabilities that can be exploited by hackers or cybercriminals to gain unauthorized
access to the systems or to steal sensitive information.
It's important to note that source code theft is a serious crime, and it is punishable by law.
Companies should take steps to protect their source code, such as implementing access
controls, using encryption, and regularly monitoring their systems for any unauthorized
access
• Patent Violation:

Patent violation, also known as patent infringement, refers to the unauthorized use or sale
of a patented invention or process without permission from the patent holder. A patent is a
legally protected right granted to an inventor or company that gives them exclusive rights
to prevent others from making, using, or selling an invention for a certain period of time.
In the context of the internet, patent infringement can occur when an individual or company
uses or sells a patented invention or process without permission online. This can include
manufacturing or selling products that use a patented technology or process or using a
patented invention or process to provide a service.
Patent infringement can also occur when a company imports or sells products that were
made using a patented process or technology without permission.
Patent infringement can have serious consequences for the affected company or individual.
It can lead to financial losses, as well as legal action from the patent holder. It can also
harm the company's reputation and can lead to injunctions, fines, or even imprisonment.
It's important to note that patent laws vary by country and region, and it's always best to
check the local laws before using or selling a patented invention or process. Additionally,
it's important to conduct a patent search to ensure that the invention or process is not already
patented by someone else.
• Cyber Squatting
Cybersquatting, also known as domain squatting, is the act of registering, trafficking in, or
using a domain name with bad faith intent to profit from the goodwill of a trademark
belonging to someone else. This typically involves registering domain names that are
similar or identical to existing trademarks, with the intent to sell the domain name to the
trademark owner or a competitor at a higher price, or to use the domain name to divert
traffic to another website for commercial gain.
Cybersquatting can be a serious issue for businesses and individuals, as it can harm their
reputation and lead to lost revenue. It can also make it difficult for customers to find a
legitimate website and can lead to confusion and frustration.
In addition to registering domain names that are similar or identical to existing trademarks,
cybersquatters may also register domain names that are misspellings or variations of
existing trademarks, or that use variations of top-level domains (TLDs) such as .com, .net,
.org, etc.
There are laws and regulations in place to combat cybersquatting, such as the
Anticybersquatting Consumer Protection Act (ACPA) in the United States and the Uniform
Domain-Name Dispute-Resolution Policy (UDRP) established by the Internet Corporation
for Assigned Names and Numbers (ICANN) that allows trademark owners to file a
complaint with a dispute resolution service provider.
It's important to note that businesses and individuals should take steps to protect their
trademarks and domain names by regularly monitoring for potential cybersquatting
activities and taking legal action if they suspect they are a victim of cybersquatting.
• Banking/ Credit card related crimes
Banking-related cybercrime refers to criminal activities that involve the unauthorized

access or theft of financial information from banks or other financial institutions. These
crimes can take many forms, including phishing scams, which use fraudulent emails or
websites to trick victims into providing their personal or financial information, or malware
attacks, which use malicious software to infect a victim's computer and steal information.
Another common type of banking-related cybercrime is account takeover, in which a

criminal gains unauthorized access to a victim's bank account and transfers funds out of the
account without the victim's knowledge. Also, ATM skimming is another form of
cybercrime in which criminals use small devices called skimmers to steal card information
when people use ATMs.
These types of cybercrime can result in significant financial losses for both individuals and
financial institutions. To prevent such crimes, banks and other financial institutions employ
various security measures such as encryption, firewalls, and multi-factor authentication to
protect their systems, and also educate customers on how to spot and avoid scams.
• Defamation (Cyber Smearing)
Cyber defamation is the act of making false and damaging statements about someone on
the internet. This can include statements made on social media, in online forums or
comments, or on websites. The statements can be in the form of text, images, or videos.
The defamatory statements can be about an individual, a company, or a group of people
and can be seen by many people which can cause serious harm to the reputation, credibility,
and financial stability of the person or entity being defamed. Unlike traditional defamation,
which can be difficult to prove, cyber defamation is often easier to trace, as it leaves a
digital footprint. Cyber defamation is considered a form of online harassment and can have
serious consequences for the person being defamed such as legal action, emotional distress,
and financial loss.
• Cyber Stalking
Cyberstalking is the use of technology, particularly the internet, to harass, intimidate, or

threaten someone. It is a form of online harassment and can take many forms, such as
sending threatening emails or messages, posting defamatory information or personal details
about the victim online, or using social media to harass or intimidate the victim.
Cyberstalking can also involve tracking the victim's online activity, creating fake social
media accounts to harass them, or using technology to surveil the victim. Cyberstalking can
have serious consequences for the victim, such as emotional distress, fear, and even
physical harm. It is a criminal offense in many countries and may also be considered a civil
wrong, which can lead to legal action being taken against the perpetrator.

The National Center for Victims of Crime (NCVC) suggests that victims of cyberstalking
take the following steps:
• For minor, inform parents or a trusted adult.

• File a complaint with the cyberstalker’s Internet service provider.
• Collect evidence, document instances, and create a log of attempts o stop the
harassment.
• Present documentation to local law enforcement and explore legal avenues.
• Get a new email address and increase privacy settings on public sites.
• Purchase privacy protection software.
• Request removal from online directories.
• Cyber Terrorism
Cyber terrorism is the use of digital technology to disrupt or damage critical

infrastructure or to create widespread fear and panic. This can include hacking into
government or financial systems, spreading malware or viruses, or using social media
to spread false information or propaganda. The goal of cyber terrorism is to cause
physical or economic harm and to disrupt the normal functioning of society.
Examples of cyber terrorism include:
1. Hacking into critical infrastructure systems, such as power grids or water

treatment plants, with the intent to cause disruptions or damage.
2. Launching a distributed denial-of-service (DDoS) attack to flood a website or
network with traffic, making it inaccessible to users.
3. Spreading malware or viruses that can compromise sensitive information or
disrupt the normal functioning of computer systems.
4. Using social media to spread false information or propaganda in order to
create fear and panic among the population.
5. Attacking financial systems such as banks and stock markets, with the intent
of causing economic harm.
6. Cyber espionage: steal sensitive information from government and private
organizations
7. Encrypting malware: Ransomware attack by locking the victims' data or
systems, the cyber-criminals demand a ransom to release the data or systems.
8. Cyber-physical attack: hacking into a physical device or system that is
controlled by computer systems and making changes that can cause physical
damage or injury.
These are just a few examples, and the threat of cyber terrorism is constantly evolving
as technology and tactics change.
• Investment Fraud:
Investment fraud refers to any form of deception or misrepresentation that is used to

induce individuals or institutions to invest money or assets in a venture or scheme ][that

is not legitimate. This can include Ponzi schemes, pyramid schemes, insider trading,
and various forms of stock manipulation. Investment frauds often involve false
promises of high returns with little or no risk and may target individuals or groups who
are inexperienced or unsophisticated investors. Investment fraud can result in
significant financial losses for those who are defrauded.
Examples of investment fraud include:

1. Ponzi schemes: a fraudulent investment operation where returns are
paid to existing investors from funds contributed by new investors,
rather than from profit earned by the operator.
2. Pyramid schemes: a form of investment in which each person involved
recruits others to join. Money made by the new members funnels up to
the higher members.
3. Insider trading: buying or selling securities based on material,
nonpublic information.
4. Stock manipulation: artificially inflating or deflating the price of a
stock through illegal means, such as spreading false information or
insider trading.
5. Oil and gas investment scams: Promising high returns on investments
in oil and gas wells that don’t exist or have little chance of success.
6. Promissory note fraud: fraud involving investments in promissory
notes, which are private debt securities that promise to pay a fixed or
variable rate of interest.
7. Real estate investment scams: Promising high returns on investments
in property developments that don’t exist or have little chance of
success.
8. Affinity fraud: targeting victims who belong to a specific group or
community, such as religious or ethnic groups.
These are just a few examples, and new types of investment frauds are constantly
emerging as fraudsters come up with new ways to scam investors.

e-Comm&CyberSecurity Notes

Uploaded by

Copyright:

Available Formats

e-Comm&CyberSecurity Notes

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

e-Comm&CyberSecurity Notes

Uploaded by

Copyright:

Available Formats

e-Commerce & Cyber Security TYBCA

E-commerce can take place on various platforms and channels, including:

• Online marketplaces like Amazon and Flipkart

There are many different types of e-commerce, including business-to-consumer (B2C),

• Increasing sales and revenue: E-commerce allows businesses to reach a global

There are several limitations of ecommerce, including:

Dr. Poonam Patel Page 2

E-Commerce v/s Traditional Commerce

E-commerce and traditional commerce (also known as brick-and-mortar commerce) are

Benefits of e-commerce include:

1. Increased reach: E-commerce allows businesses to reach a global audience with

Dr. Poonam Patel Page 3

M-commerce can take place on various platforms and channels, including:

• Mobile apps of online marketplaces like Amazon and Etsy

Dr. Poonam Patel Page 4

Examples of e-business activities include:

• Selling products or services online through e-commerce platforms

Dr. Poonam Patel Page 5

Dr. Poonam Patel Page 6

Dr. Poonam Patel Page 7

An e-commerce framework is a set of guidelines, best practices, and technologies that

1. E-commerce platform: This is the foundation of an e-commerce business, providing the

E-Commerce Consumer Application:

E-Commerce Organizational Application:

Dr. Poonam Patel Page 10

What is Information Way?

Some examples of an information way in IT include:

Information SuperHighway (I-Way)

Components of the I-Way

Network access equipment

Some examples of network access equipment include:

Dr. Poonam Patel Page 12

Local on-ramps or Access Media

1. Telecom based infrastructure

2. Cable TV based infrastructure

4. Commercial on-line infrastructure

Global Information Distributed Networks

Dr. Poonam Patel Page 13

Network for E-Commerce

Some examples of P2P networks are:

Client Server Networks

Dr. Poonam Patel Page 14

Some examples of client-server networks are:

A client-server network is considered a centralised network, and it is relatively easy to manage

Dr. Poonam Patel Page 15

1. Business-to-business (B2B): Business-to-business (B2B) e-commerce refers to the

B2B e-commerce platforms, such as Alibaba and ThomasNet, have become

2. Business-to-consumer (B2C): Business-to-Consumer (B2C) e-commerce refers to the

3. Consumer-to-consumer (C2C): Consumer-to-Consumer (C2C) e-commerce refers to

4. Consumer-to-business (C2B): Consumer-to-Business (C2B) e-commerce refers to a

5. Business to Government (B2G): Business-to-Government (B2G) e-commerce refers

6. Government to Business (G2B): Government-to-Business (G2B) e-commerce refers

7. Government to Government (G2G): Government-to-Government (G2G) e-

Dr. Poonam Patel Page 17

• Working of Credit Card

• Working of Debit Card

Dr. Poonam Patel Page 19

• Electronic Fund Transfer

There are several types of EFTs, including: