E commerce PPT

TABLE OF CONTENTTopic Page No.

What is Commerce ? 1

What is E-Commerce ? 2

Traditional Business Vs Direct Selling 3

Why use E-Commerce ? 4-to-5

Brief history of E-commerce ? 6-to-7

The process of E-Commerce 8-to-11

Types of E-Commerce 12-to-16

PROS and CONS of E-COMMERCE 17-to-21

Future of E-commerce in India 22

E-commerce Security 23-to-27

Protecting e-Commerce Sites 28

E-COMMERCE LAWS IN THE INDIAN PERSPECTIVE 29-to-33

Cyber Crimes with its Conclusion & Refrences 34-to-39

WHAT IS COMMERCE

According to Dictionary.com

Commerce is a division of trade or production which

deals with the exchange of goods and services

from producer to final consumer

It comprises the trading of something of economic

value such as goods, services, information, or

money between two or more entities.

WHAT IS E-COMMERCE

Commonly known as Electronic Marketing.

“It consist of buying and selling goods and services over an electronic systems Such as the internet and other computer networks.”

“E-commerce is the purchasing, selling and exchanging goods and services over computer networks (internet) through which transaction or terms of sale are performed Electronically.

TRADITIONAL BUSINESS

DIRECT SELLING

MANF. UNIT

20%

DISTRIBUTOR

10%

WHOLESALER

10%

RETAILER

10%

CUSTOMER

100%

ADVERTISEMENT

50%

CUSTOMERCOMPANY

Why

Use

E-Commerce

…….?

LOW ENTRY COST

REDUCES TRANSACTION COSTS

ACCESS TO THE GLOBAL MARKET

SECURE MARKET SHARE

Brief

History

Of

E-Commerce

1970s: Electronic Funds Transfer (EFT)

Used by the banking industry to exchange account

information over secured networks

Late 1970s and early 1980s: Electronic Data

Interchange (EDI) for e-commerce within

companies

Used by businesses to transmit data from one

business to another

1990s: the World Wide Web on the Internet

provides easy-to-use technology for information

publishing and dissemination

Cheaper to do business (economies of scale)

Enable diverse business activities (economies of

scope

THE

PROCESS

OF

E-COMMERCE

A consumer uses Web browser to connect to the home page of a merchant's Web site on the Internet.

The consumer browses the catalog of products featured on the site and selects items to purchase. The selected items are placed in the electronic equivalent of a shopping cart.

When the consumer is ready to complete the purchase of selected items, she provides a bill-to and ship-to address for purchase and delivery

When the merchant's Web server

receives this information, it computes

the total cost of the order--including

tax, shipping, and handling charges--

and then displays the total to the

customer.

The customer can now provide

payment information, such as a credit

card number, and then submit the

order.

When the credit card number is

validated and the order is completed

at the Commerce Server site, the

merchant's site displays a receipt

confirming the customer's purchase.

The Commerce Server site then

forwards the order to a Processing

Network for payment processing and

fulfillment.

TYPES

OF

E-COMMERCE

BUSINESS-TO-BUSINESS (B2B)

B2B stands for Business to Business. It consists of largest

form of Ecommerce. This model defines that Buyer and

seller are two different entities. It is similar to manufacturer

issuing goods to the retailer or wholesaler.

E.g.:-Dell deals computers and other associated accessories

online but it is does not make up all those products. So, in

govern to deal those products, first step is to purchases them

from unlike businesses i.e. the producers of those products.

BUSINESS-TO-CONSUMER (B2C):

It is the model taking businesses and consumers

interaction. The basic concept of this model is to

sell the product online to the consumers.

B2c is the direct trade between the company and

consumers. It provides direct selling through online.

For example: if you want to sell goods and services

to customer so that anybody can purchase any

products directly from supplier’s website.

BUSINESS-TO-EMPLOYEE (B2E)

Business-to-employee (B2E) electronic

commerce uses an intrabusiness network which

allows companies to provide products and/or

services to their employees. Typically,

companies use B2E networks to automate

employee-related corporate processes.

CONSUMER-TO-CONSUMER (C2C)

There are many sites offering free classifieds, auctions, and forums where individuals can buy and sell thanks to online payment systems like PayPal where people can send and receive money online with ease. eBay's auction service is a great example of where person-to-person transactions take place everyday since 1995.

PROS AND CONS

OF

E-COMMERCE

PROS

No checkout queues.

Reduce prices.

You can shop anywhere in the

world.

Easy access 24 hours a day.

Wide selection to cater for all

consumers.

CONS

Unable to examine products

personally

Not everyone is connected to

the Internet

There is the possibility of credit

card number theft

On average only 1/9th of stock

is available on the net

FUTURE OF E-COMMERCE IN INDIA

According to business world estimate near about

Sixty thousand new jobs will be created for the

internet world alone in the next two years

e-Commerce transactions are expected to cross the

Rs. 3500 crore milestone in 2010-11, a jump of

around 350 percent from the 2008-09 figure of Rs.

1000 crore

eBay said that consumers were trading goods

worth almost three crore rupees everyday, across

the globe.

E-COMMERCE

SECURITY

By the year 2014 it is estimated that close to $250 million a year will be

spent by consumers at online retailers. With web applications like Zen

Cart, Open Cart and Magento making it easy for brick and mortar

shops to quickly set up an ecommerce site, more businesses are

moving to get their products in front of a larger market using the web.

Risks Associated with E-Commerce

Over the years, the methods used by ecommerce sites to process and

store credit card information has become much more sophisticated

than the early days of online shopping. This progress has helped

online shopping overcome one of its greatest obstacles, consumer

trust. As evidenced by the amount of money spent online each year,

people feel much more secure in shopping online than they ever have.

Unfortunately for businesses, the methods used by cyber criminals

trying to steal their customer’s information have made it easier than

ever for them to compromise a web application.

Credit Card Theft/Fraud

Sophisticated cyber criminals use bot nets to launch coordinated attacks

against unsuspecting web sites that are vulnerable to attack in order to steal

credit card information –

credit card security is one of the most important components of e-commerce

security. The infamous TJX security breach disclosed in 2007 is a good

example of what can happen to companies that do not have the proper security

measures in place. This breach resulted in 94 million accounts being

compromised with losses exceeding $70 million due to fraud the result was a

lawsuit filed against TJX by over 300 banks. When the attacker, Alberto

Gonzalez, was finally caught it was found that he exploited SQL Injection

vulnerabilities in various web sites to net over 130 million credit cards. Some of

the most common exploits used in financial data theft include:

SQL Injection

Cross-Site Scripting

Path Traversal

Session Hijacking

Malware (Drive-by downloads)

Unfortunately, most sites that are vulnerable to these types of attacks don’t

know it until it is too late.

Damaged Brand

When credit cards are stolen from ecommerce sites, it usually makes the news.

When a theft reaches the headlines, both existing and potential customers tend to

avoid using that merchant. Even the most loyal customers think twice and may

turn to a competitor if they are concerned about the security of their financial data.

Theft is not the only way an attack can hurt an established brand name either.

With many Internet users relying on browser add-ons that seek out and report on

potentially harmful sites, if your web site is thought to be spreading malware or

loaded with spam as a result of a link injection you could quite rapidly see a loss

of traffic.

Interruption of Business

It could be that a competitor is trying to hurt your business, or maybe just an

attacker learning how to exploit known vulnerabilities. Quite possibly, it could be

that someone has compromised your web server so that they can use its

resources: hard drive space, processing power, and bandwidth. Whatever the

reason, a Denial of Service attack can hurt any business because customers

cannot get to your site while you are under attack. Not only is revenue lost

because your customers cannot get to your online store, but they may think twice

before ever shopping their again if they know that your site is vulnerable to attack.

SEARCH ENGINE RESULTS

Companies fight hard to achieve the premier listings in the

search engine results page, often spending a great deal of

money on Search Engine Optimization specialists to help

them rank high. All it takes is a Cross-Site Scripting attack

that feeds your visitors with malware, or a link injection attack

that flags your site as a spam delivery site and those

rankings you worked so hard for will plummet. Larger search

engines will remove potentially harmful sites from their

search results altogether.

Once a web site has been cleaned, a request can be made

to have it re-evaluated and returned to the search engine

results, however it can be a rather time consuming process

and it is a process that is sure to hurt traffic and revenue.

PROTECTING ECOMMERCE SITESIn 2004 five different credit card security programs merged to form the Payment

Card Industry Security Standards Council (PCI DSS) with the purpose of creating

an extra level of protection for card issuers making sure that merchants (both online

and brick and mortar) meet basic levels of security when storing, processing, and

transmitting cardholder data.

To set a minimum level of security, the Payment Card Industry set 12 requirements

for compliance that fall into one of six groups called control objectives. The control

objectives consist of:

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

Companies that fail to comply with the PCI DSS standards risk losing the ability to

process credit card payments and may be subjected to audits and fines.

E-COMMERCE

LAWS IN THE

INDIAN

PERSPECTIVE

Electronic commerce offers exceptional opportunities for the

economic development of India, with its huge pool of technology

skilled, English speaking manpower. However the growth of e-

commerce will depend on the concomitant advancement of a

consistent legal and regulatory framework able to cope with

ensuring rights and obligations in a virtual environment. A number

of developing countries have pursued policies to formulate

consistent legal and regulatory framework to support electronic

transactions across state, national and international borders.

Besides developing the e-infrastructure in the country through

effective Telecom Policy measures, the Indian Government is

taking appropriate steps as confidence building measures for the

growth of e-commerce. It has created the necessary legal and

administrative framework through the enactment of Information

Technology Act 2000,which combines the e-commerce

transactions and computer misuse and frauds rolled into an

Omnibus Act.

THE INFORMATION TECHNOLOGY ACT, 2000

AND E-COMMERCE

The Information Technology Act, 2000 and E-Commerce The

Information Technology Act 20004 is based on the Model Law on

Ecommerce adopted by the United Nations Commission on

International Trade Law (UNCITRAL) and pioneering e-commerce

enabling legislations such as the Utah Digital Signatures Act, 1995; the

Singapore Electronic Transactions Act, 1999 and the Malaysian

Electronic Signatures Act. The main objective behind the introduction of

IT Act, 2000 is to encourage the environment in which the laws are

simple and transparent and in which the advantages of e-commerce

can be tapped .The Act aims to provide legal recognition for the

transactions carried out by the means of electronic data interchange

and other means of communications, commonly referred to as

“Electronic Commerce”, which involve the use of alternatives to paper

based methods of the communication and storage of information, to

facilitate electronic filing of document with the government agencies.

SECURITY PROVISIONS OF THE IT ACT, 2000One of the most important issues in the context of e-commerce relates to the

security of business and commercial transactions. A security threat in term of

Internet has been defined as a circumstance, condition or even with the

potential cause economic hardship to data/network resources in the form of

destruction, disclosure, modification of data, denial of services, fraud and abuse.

The IT Act 2000 not only amends the Indian Panel Code to bring within its scope

conventional offences committed electronically, but also creates a new breed of

information technology offences, the prevention of which are incidental to the

maintenance of a secure electronic environment for e-commerce. To make e-

commerce transactions safe and secure, the IT Act 2000, provides for

investigation, trail and punishment for certain offences like source code attacks

(section 65), hacking (section 66), obscenity (section 67), failure to comply with

the controller’s directions (section 68), subscriber’s failure to Controller’s

requirement for decryption (section 69) , accessing designated protected

systems (section 70), misrepresentation to CCA (section 71), breach of

privacy/confidentiality (section 72), publishing false digital signature certificate

(section 73), making available digital signature for the fraudulent purpose

(section 74) and section 75 of the IT Act deals with the offences or contravention

committed outside India .

CONCLUDING REMARKSAs more and more business activates are carried out by the electronic means, it

has become more and more important that evidence of these activities should

available to demonstrate legal rights and obligations that flow from them. India is

among the first few countries, which have passed a separate law enabling e-

commerce and other IT enabled services. The IT Act, 2000 is quite

comprehensive and well defined. But there are many important issues of e-

commerce (e.g. Intellectual Property Rights, Data Protection, Domain Names

Disputes, Electronic Payment System, Data Protection, Protection of

EConsumers, Privacy and E-Taxation), which are important for the development

of this new technology, but not covered by the IT Act 2000. Added to these

issues, the Act is aset too far, the over complex provisions relating to contract

formation, the ties to particular technology in the regulation of digital signatures,

the over elaborate mechanisms for controlling certification authorities and the

attempts to define the technology stand in stark contrast to more minimalist

approaches adopted in other jurisdictions. Unless all these legal issues are dealt

with, e-commerce cannot really take off in India.

CYBER

CRIMES

Recent years have exponentially witnessed the growth of e-commerce. The growth of e-

commerce as a business technology is the result of such Internet driven initiative, It has

created a universal platform for buying and selling goods and services and driving important

business process inside the organization. Ecommerce offers huge business opportunities

from small scale industries to large scale industries. Many organizations now want to host

their business on the web to reach the new market as they could not reach effectively with

its sales force or advertising campaigns. Since ecommerce is not bounded with time, huge

shop rentals, distance etc.

With respect to the benefits of modernisation of the traditional concepts of shopping, business

transactions which use to consume whole lot of time, money etc ecommerce is suffering with a security

threat called cyber crime. The concept of crime has been very dynamic in the past century due to rapid

changes in the information technology. criminals, who buy and sell valuable stolen financial information

from millions of unsuspecting internet users every year in an on online black market. Cyber criminals are

so skilled at hacking into thousands of computers every day, the crime is potentially a billion-dollar

business. Cyber attacks mostly come from malware, or malicious software, that handles control of your

computer, and anything on it or entered into it, over to the cyber criminals without you even knowing it.

The future is likely to be more alarming in the sense that crimes will be committed without

the knowledge and cooperation of the victim. Preventing cyber crime in the future will

require strong esecurity rather than plain human prudence. The role,function and efficacy of

Law in curbing cyber crimes have been questioned in the recent years due to various

technological invasion of individual’s privacy. Most of these technologies are legal and

hence it is of utmost priority to analyse the necessary changes that have to be made in our

legal system in order to avoid technological invasion of privacy.

Internet and Electronic Commerce might have become part and parcel of very individual’s

life in the world but it is also one of the most dangerous aspect of ones life as there is very

rare scope for privacy protection and possibility of cyber crimes.

Data Alteration or TheftMost common type of cyber crime. The term Data Alteration or theft means making illegal changes or stealing data. There have been a growing number of cases of data alteration or theft over the past few years. Many measures are adopted in many organization with laws been set up.

Data DiddlingData diddling is the performing unauthorized modifications to data stored within the computer system system. Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements.

Salami AttacksThis kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. The Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particularaccount.

Web JackingThis term is derived from the term hi-jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked bythe Pakistani hackers and some obscene matterwas placed therein.

E-Mail BombingIn Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail toan address in an attempt to overflow the mailbox or overwhelm the server where the email address ishosted in a denial-of-service attack. Mass mailing consists of sending numerous duplicate mails to thesame email address. These types of mail bombs are simple to design but their extreme simplicity meansthey can be easily detected by spam filters. List linking means signing a particular email address up toseveral email list subscriptions. The victim then has to unsubscribe from these unwanted servicesmanually.

Spoofing and PhisingIn the context of network security, a spoofing attack is a situation in which one person or programsuccessfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.Today lot of Email is sent to many people where the mail source identity is changed. E mail spoofing isvery dangerous and it is a potential privacy infringer. Another kind of spoofing is “webpage spoofing,” alsoknown as phishing. In this attack, a legitimate web page such as a bank’s site is reproduced in “look andfeel” on another server under control of the attacker. The main intent is to fool the users into thinking thatthey are connected to a trusted site, for instance to harvest user names and passwords. This attack isoften performed with the aid of URL spoofing, which exploits web browser bugs in order to displayincorrect URLs in the browsers location bar; or with DNS cache poisoning in order to direct the user awayfrom the legitimate site and to the fake one. Once the user puts in their password, the attack-code reportsa password error, and then redirects the user back to the legitimate site.

VishingVishing is the criminal practice of using social engineering over the telephone system, mostoften using features facilitated by Voice over IP (VoIP), to gain access to private personal andfinancial information from the public for the purpose of financial reward. The term is a combination of“voice” and phishing. Vishing exploits the public’s trust in landline telephone services, which havetraditionally terminated in physical locations which are known to the telephone company, and associatedwith a bill-payer. The victim is often unaware that VoIP makes formerly difficult-to-abuse tools/features ofcaller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the bill-payerwidely available. Vishing is typically used to steal credit card numbers or other information used inidentity theft schemes from individuals.

SteganographySteganography is the science of hiding information. Steganography is the art andscience of writing hidden messages in such a way that no one, apart from thesender and intended recipient, suspects the existence of the message, a form ofsecurity through obscurity. The word steganography is of Greek origin and means“concealed writing”.

Computer VandalismVandalism means deliberately destroying or damaging property of another. Thuscomputer vandalism may include within its purview any kind of physical harm doneto the computer of any person. These acts may take the form of the theft of acomputer, some part of a computer or a peripheral attached to the computer or byphysically damaging a computer or its peripherals.

Cyber StalkingCyber stalking is the use of the Internet or other electronic means to stalk someone. It has been defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization. The behavior includes false accusations, monitoring, the transmission of threats, identity theft, damage to data or equipment, the solicitation of minors for sexual purposes, and gathering information for harassment purposes.

CONCLUSION

Cyber crimes have started to create a fear in the minds of many people linked tothe networks mostly worried to ecommerce technology as its success lies in theinternet. The various mechanisms used for securing internet based transactions orcommunication can be grouped into• Authorization, Authentication and Integrity• Privacy• Availability by controlling accessIn order to safe guard the present success of e-commerce The IT Act 2000 has tobe reviewed in order to save India from Cyber criminals and privacy invaders.Cyber criminals should not take the advantages of browser ignorance, legislativedelay, enforcement lapse, judicial inefficiency.

REFERENCES

1. http://cse.stanford.edu/class/cs201/projects/computer-crime/theft.html2. http://en.wikipedia.org/wiki/E-mail_bomb3. http://legal.practitioner.com/computer-crime/computercrime_3_2_7.htm4. Dr. Subhash Chandra Gupta, ‘Informationtechnology Act, and its Drawbacks’, 8.5. C.S.V.Murthy,”E-Commerce”,HimalayaPublishing House,1st Edition (2002).