E-Business, Is the Application of Information and Communication Technologies (ICT) in Support of All the Activities of Business

UNIT 1: E-BUSINESS

Introduction, E-Commerce – definition, History of E-commerce, types of E-Commerce B to B etc. Comparison of traditional commerce and e-commerce. E-Commerce business models – major B to B, B to C model, Consumer-to-Consumer (C2C), Consumer-to-Business (C2B) model, Peer to-Peer (P2P) model – emerging trends. Advantages/ Disadvantages of e-commerce, web auctions, virtual communities, portals, e-business revenue models. ------

Introduction of E-Commerce:

E-business, is the application of Information and Communication Technologies (ICT) in support of all the activities of business. Commerce constitutes the exchange of products and services between businesses, groups and individuals and can be seen as one of the essential activities of any business. Electronic commerce focuses on the use of ICT(Information and Communication Technologies) to enable the external activities and relationships of the business with individuals, groups and other businesses or e business refers to business with help of internet (i.e.) doing business with the help of internet network. The term "E-Business" was coined by IBM's marketing and Internet teams in 1996.

In 1997, IBM marketing, with its agency Ogilvy & Mather began to use its foundation in IT solutions and expertise to market itself as a leader of conducting business on the Internet through the term "e-business." Then CEO Louis V. Gerstner, Jr. was prepared to invest $1 billion to market this new brand.

After conducting worldwide market research, in October 1997, IBM began with an eight-page piece in the Wall Street Journal that would introduce the concept of "e-business" and advertise IBM's expertise in this new field. IBM decided not to trademark the term "e-business" in the hopes that other companies would use the term and create an entire new industry. However, this proved to be too successful and by 2000, to differentiate itself, IBM launched a $300 million campaign about its "e-business infrastructure" capabilities. Since that time, however, the terms, "e-business" and "E-Commerce " have been loosely interchangeable and have become a part of the common vernacular

E-business includes E-Commerce, but also covers internal processes such as production, inventory management, product development, risk management, finance, knowledge management and human resources. E-business strategy is more complex, more focused on internal processes, and aimed at cost savings and improvements in efficiency, productivity and cost savings.

Meaning of E-Business:

E-Business is the conduct of business on the Internet, not only buying and selling, but also servicing the customers and collaborating with the business partners. E-Business includes customer service (e-service) and intra-business tasks. Ashok Mammen V Assistant Professor Page 1

Example of E-Business:

• An online system that tracks the inventory and triggers alerts at specific levels is E-Business Inventory Management is a business process. When it is facilitated electronically, it becomes part of E-Business.

• An online induction program for new employees automates part or whole of its offline counterpart.

Meaning of E-Commerce:

(a) E-Commerce is defined as those commercial transactions carried out using the electronic means, in which goods or services are delivered either electronically or in their tangible or intangible form.

Examples of E-Commerce:

(a) Online shopping: Buying and selling goods on the internet is one of the most popular examples of E-Commerce.

(b) Electronic payments: When we are buying goods online, there needs to be a mechanism to pay online too. That is where the payment processors and payment gateways come into the picture. Electronic payments reduce the inefficiency associated with writing the Cheque books. It also does away with many of the safety issues that arise due to the payments made in currency notes.

Main difference between E-Business and E-Commerce:

E-BUSINESS E-Commerce

E-Business covers the online transactions, but E-Commerce refers to the online transactions also extends to all the internet based (i.e.) buying and selling of goods and/or transactions with the business partners, services over the internet. suppliers and customers like: selling directly to the consumers, manufacturers and suppliers; monitoring and exchanging information; auctioning surplus inventory; collaborative product design. These online interactions are aimed at improving or transforming the business processes and efficiency. An E- Business status is received when we handle the business using phone calls, E-Mail orders, postal orders, and also the online activities.

Ashok Mammen V Assistant Professor Page 2

Unique features of E-Commerce

(1) Ubiquity:

Ubiquity of E-Commerce means E-Commerce technological features are available anywhere and, we can connect to the Internet at any time, because they are web-based. It makes it possible to shop from homes, offices, video game systems with an Internet connection and mobile phone devices. The result is called a market space (i.e.) a marketplace which is able to extend its traditional geographic boundaries and operating hours. Example: An example includes the ability to access the Internet wherever there is a Wi-Fi hotspot, such as a cafe or airport. Moreover, individuals who have cell phones with data capabilities can access the Internet without a Wi-Fi connection. From the customer‘s point of view, ubiquity reduces the transaction costs (i.e.) the cost of participating in the market. In order to transact, it is no longer necessary that we spend both time and money, by travelling to a market.

At a broader level, the ubiquity of E-Commerce lowers the cognitive energy required to transact in a market space. Cognitive energy refers to the mental effort required to complete a task. Humans generally seek to reduce cognitive energy outlays. When given a choice, humans will choose the most convenient path, requiring the last effort.

(2) Global reach: Technologies within ecommerce seamlessly stretch across traditional cultural and national boundaries and enable worldwide access. The Internet and multilingual Web sites, as well as the ability to translate a Web page, allows international visitors all over the globe to access company Web sites, purchase products and make business interactions.

(3) Universal Standards Individuals, businesses and governments use one set of technological, media and Internet standards to use ecommerce features. Consequently, universal standards help to simplify the interactions. An individual can see these standards while shopping online, as the process to purchase items is similar on Web sites that use ecommerce technologies. Similarly, when an individual creates an online account, the site generally requires an individual to create a username and password so he can access his account. This universal technical standards of E- Commerce, greatly reduce the market entry costs. For the customers, it reduce the ―search costs (i.e.) the efforts required to find suitable products. And by creating a single, one world market space, where the prices and the product descriptions can be inexpensively displayed to all to see, and so, the price discovery becomes simpler, faster and more accurate. With the E-Commerce technologies, it is possible for the first time in the history, to easily find all the suppliers, prices and delivery terms of a specific product, anywhere in the world.

Ashok Mammen V Assistant Professor Page 3

(4) Information Richness:

Information provided on the web can be made rich, by adding color to the textual information, and adding audio and video clips. Users can access and utilize text messages and visual and audio components to send and receive the information. Pearson Education states that such aspects provide a rich informational experience in regards to marketing and the consumer experience. An individual may see information richness on a company's blog, if a post contains a video, which is related to a product and hyperlinks that allow him to look at or purchase the product and send information about the post via text message or email. Users can access and utilize text messages and visual and audio components to send and receive the information.

(5) Interactivity:

E-Commerce technologies are interactive means it allows for two way communication between the merchant and the customer. Technologies used in ecommerce require consumer interactions in order to make an individual feel as though he is an active participant in the transaction process. As a result, ecommerce technologies can adjust to each individual‘s experience. For example, while shopping online, an individual is able to view different angles of some items, add products into a virtual shopping cart, checkout by inputting his payment information and then submit the order.

(6) Information Density: Information density means the total amount and quality of information available to all the market participants, consumers and merchants alike. The use of ecommerce reduces the cost to store, process and communicate information. At the same time, accuracy and timeliness increase; thus, making information accurate, inexpensive much more about the consumers and plentiful. For example, the online shopping process allows a company to receive personal, shipping, billing and payment information from a customer, all at once and sends the customer's information to the appropriate departments in a matter of seconds.

A number of business consequences are resulting because of the growth in the information density. In E-Commerce markets, prices and costs become more transparent. Price transparency refers to the ease with which the consumers can in out the variety of prices in a market. Cost transparency refers to the ability of the consumers to discover the actual costs, by which the merchants are paying for their products.

Also, there are advantages for the merchants as well. Online merchants can discover much more about the various consumers, and this allows the merchants to segment the market into groups, and permits them to engage in price discrimination (i.e.) selling the same goods, or nearly the same goods to different targeted groups with different prices.

Ashok Mammen V Assistant Professor Page 4

(7) Personalization / Customization: Technologies within E-Commerce allow for the personalization and customization of marketing messages groups or individuals receives. Pearson Education states that companies can base such messages on individual characteristics of a consumer. An example of personalization includes product recommendations based on a user's search history on a Web site that allows individuals to create an account. Merchants can target their marketing messages to specific individuals by adjusting those messages.

The technology also permits customization. Changing the deliver product or service based, based on a user's preferences or prior behavior. Given the interactive nature of E-Commerce technology, a great deal of information, about the consumer can be gathered in the market place, at the moment of purchase.

With the increase in the information density, a great deal of information about the consumer's past purchases and behavior can be stored and used by the online merchants. The result is a level of personalization and customization, which is unthinkable with the existing commerce technologies. For example, we may be able to shape what we see on a television by selecting a channel, but, we cannot change the contents of the channel, which we have already chosen.

Emerging trends in E-Commerce

Online businesses have picked up momentum lately, and now people are no more skeptical about shopping online. And why it should be, not like this? E-Commerce sites have given you access to the unfathomable market, they do not tax your patience, and they let you save time in traveling. In this collaborative world, here are the 10 rising trend related to E-Commerce technology.

(1) Real-time Shopping Experience at Online Shopping: There is no doubt the people prefer to talk to real sales person and hold the product in their hand! But do not think that E-Commerce sites cannot offer you such pleasure. Most online retailers have facilities to chat online, get suggestions and answer all your queries. Online subscription even allow you to hold the product and touch it (i.e. Style mint, Birch box), and some even lets you chat all along while you are shopping with Catalog.

(2) Using Mobiles and Android Apps for Transaction: With the mobile devices outnumbering the desktops, the use of these devices for buying will increase in the near future. Additionally the websites must act like any app and must be very responsive in terms of design. We have many kinds of apps now that assist consumers to check out on his own, use payment wallet, store coupon codes like India plaza coupons (http://www.couponraja.com/indiaplaza.html), loyalties, card numbers and have GPS for proper advertisement of companies. There are also apps that will let you compare the prices of the same product at different outlets.

Ashok Mammen V Assistant Professor Page 5

(3) Multi-channel: Consumers these days expect a very effortless transaction, and they expect that a commodity added to the cart will be available if one calls the customer care or land up in the store. This will encourage the IT directors to invest in commerce packages, E-Commerce POS systems and CRM systems.

(4) Big Data: Big Data or Hadoop methodology is handling a lot of data. This has been a concept that has been drawing the interest of the E-Commerce site owners, and it is here to stay. It is synching offline data and online data together so that the retailers‘ decision-making capacity may be enhanced. In a nutshell, it allows retailers to understand the hidden consumer patterns.

(5) Customization and Personalization: In an extremely volatile market one must be ready for change all times- not otherwise but for personalization. Personalized recommendations will find more prominence in the market! (6) Valuing Customer Engagements than Conversion Ratio: Till date the conversion rates were given the most priority but with the rise in E-Commerce sites, gathering new customers will be very tough. So naturally retailers will depend on holding on to the existing customers. Customer engagement will ensure people develop a liking for your site and follow you regularly.

(7) Push Notifications: Pull browsing is the latest trend now, but it is not far when push browsing will overtake it. Messaging notifications, basket notifications for selective items on your home page- are all going to catch up momentum.

(8) Social Networking Sites: As the social networking sites increase in popularity, retailers must be using this platform for marketing and selling their products! Facebook, Twitter, LinkedIn will be the platforms where you will get data about the latest discounts and offers.

(9) Mobile POS and Accessing Via Mobile: The idea of Mobile POS to make each and every employee work and allow the customer transact without being to the billing counter. Thanks to the Android 4.2 Jellybean and iOS 6 that allows apps that lets the customer do endless jobs with such apps.

(10) Retailers Support to Omni-Channel Consumers: Now that mobile apps are there in the market that lets you compare prices, check the reviews online and share the product with friends, retailers will be integrating their separate channels into one for offering support to the consumers.

Benefits of Electronic Commerce

E-Commerce has revolutionized the concept of conducting business by providing equal chance to all the business to mark their global presence. It has also eased the customers with online shopping and easy transactions. With the introduction of E-Commerce business, communication

Ashok Mammen V Assistant Professor Page 6 has become effortless and has also changed a lot in recent years for the better. Still, there are people who think that conventional business practices are far better than the E-Commerce business. The benefits of Electronic commerce is Classified in to three categories those are: (a) Benefits of E-Commerce to Businesses (b) Benefits of E-Commerce to Consumers (c) Benefits of E-Commerce to Society

(a) Benefits of E-Commerce to Businesses:

1) It helps to reach Global: E-Commerce enabled business now have access to people all around the world. In effect all E-Commerce businesses have become virtual multinational corporations. E-Commerce expands the market place to national and international markets. Internal and web based E-Commerce helps to reach a more geographically dispersed customer base and more business partners as compared to the traditional business methods.

2) Cost effective: E-Commerce is proved to be highly cost effective for business concerns as it cuts down the cost of marketing, processing, inventory management, customer care etc. It also reduces the burden of infrastructure required for conducting business. It can also collect and manage the information related to the customers efficiently which in turn will assist the consumer in developing efficient promotional strategy.

3) New Customers with Search Engine Visibility: Physical retail is driven by branding and relationships. In addition to these two drivers, online retail is also driven by traffic from search engines. It is not unusual for customers to follow a link in search engine results and land up on an ecommerce website that they have never heard of. This additional source of traffic can be the tipping point for some ecommerce businesses.

4) It Reduces the Paper Costs: E-Commerce decreases the cost of creating, processing, distributing, storing and retrieving information through the use of FDI systems. This greatly cuts on the cost of paper work in terms of the time taken and the man power required. Also the date is more secure from theft and destruction.

5) Reduction in Inventories: A reduction in inventory is desirable to enable reduction in storage, handling, insurance and administrative costs. Internet E-Commerce can helps firms to reduce inventories by electronically linking the suppliers and buyers. 6) The process starts from the customer orders and uses just-in-time manufacturing. Information on inventory levels and production rate is shared between manufacturers and their suppliers. Using such information, the delivery schedules are ―fine turned‖ for justin-time manufacturing, rather than maintaining large inventories.

7) Mass Customization and Competitive advantage: The web based interactive ECommerce enables the customization of products/services as per the customer needs. This provides a great competitive advantage to businesses. For example, an online travel agency may

Ashok Mammen V Assistant Professor Page 7

customize the literary for a customer who wishes to travel abroad or a computer manufacturer may be able to supply to customized PC to a user.

8) No Middlemen: There is a direct contract with customers in E-Commerce through internet without any intermediation. Companies can now focus more on specific customers by adapting different one-to-one marketing strategy.

9) Reduced Production lead Time: The production cycle time is the time taken by a business to build a product, beginning with the design phase and ending with the completed product. The internet based E-Commerce enables the reduction of this cycle time by allowing the production teams to electronically share design specifications and refinement processes. 10) The reduction in the production cycle time helps to reduce the fixed overheads associated with each unit produced. This saving in the cost production can be passed onto the customer or may be used to achieve higher profits.

11) Improved Customer relationship: Customer service can be enhanced using the internet based E-Commerce by helping the customer to access information before, during and after a sale. Customers may need to retrieve information on product specifications and pricing. On the status of an order or may need online help in the installation or use of a product he has purchased. A prompt customer support service can help businesses to earn goodwill of customers in the long run.

12) Lower Sale and Marketing Costs: The internet allows businesses to reach many customers globally at lower costs. Thus by shifting the sale and marketing functions to the electronic processes, the organizations can bring down greatly the marketing overheads. For example, advertisements on the internet can cut down the cost of printing and mailing the pamphlets or brochure. Any charge in product specifications in the case of paper- based advertisements may mean re-printing, how-ever in web based advertisement it may mean changes only in the web site.

13) Lower Telecommunication Costs: The Internet is much cheaper than value added networks (VANs) which were based on leasing telephone lines for the sole use of the organization and its authorized partners. It is also cheaper to send a fax or e-mail via the Internet than direct dialling before the coming internet, only few organizations were using the private networks and VANs for their EDI. The cost of installation and running these systems was very high and beneficial only to the larger firms and enough business volumes to justify the cost.

14) New Found Business Partners: Internet based E-Commerce enables businesses to find new business partners globally on the web, thus not restricting themselves to a specific choice of suppliers.

15) Increased supply chain efficiencies: E-Commerce minimizes supply chain inefficiencies, reduces inventories, and reduces delivery delays.

Ashok Mammen V Assistant Professor Page 8

16) Digitization of Products and Processes: Particularly in the case of software and music/video products, this can be downloaded or e-mailed directly to customers via the Internet in digital or electronic format. The internet helps to expedite access to remote information, thus adding speed to transactions and processes.

17) Information sharing: It takes only few seconds to share information over the internet. a firm can e-mail its customers relating new products and new offers and can solve their product related quires and welcome suggestions.

(b) Benefits of E-Commerce to Consumers:

1) Gives freedom to make choices: It also gives customers an opportunity to look for cheaper and better quality products. With E-Commerce , consumers can search the specific product or service they require and can even find the direct manufacturer from where they can purchase products at comparatively less price. Shopping online is time saving and convenient. In addition to it, consumers also get to see the reviews of other consumers that will help in making beneficial purchase decision.

2) Increase in variety of goods: As the market will expand the variety of goods available will also expand. Wide variety of goods are available than ever before.

3) It gives more choice and alternatives: E-Commerce provides more choice and alternatives to customers that will increase the choice of vendors or products because they are no longer geographically constrained to reach a vendor or a product. A large number of vendors/manufacturers are marketing and selling their products/services on the internet. 4) Virtual shops (e.g.Homeshop18, snapdeal, flipkart) can offer the consumers a large number of products/services at a single site.

5) Convenience of Shopping at Home: allows the consumers to shop went it is convenient for them not strictly during store hours. Also for handicapped or ill consumers, home shopping on the internet provides a lot of opportunity and convenience.

6) Ensure Secrecy: the various security measures that are in built are used in ECommerce transactions to prevent any unauthorised access to information on the internet for ensure secrecy they maintain encoding, encryption and passwords.

7) More Competitive Prices and Increased Price comparison capabilities: The large amount of information available on the internet is giving more and more power to the consumers. Consumers can make comparison shopping. There are several online services that allow customers to browse multiple ecommerce merchants and find the best prices.

8) Access to Greater Amounts of Information on Demand: Consumers can have access to large amount of information online on products and services, their features and prices. This further translates into more choice to customers in shopping and greater price comparison opportunities.

Ashok Mammen V Assistant Professor Page 9

9) Time compression: Time is not a factor with Internet communication between firms and their stakeholders. Online stores can be open 24/7; people can communicate as their schedules permit; time zones disappear for managers collaborating with partners on other continents.

10) Quick Delivery of Digitized Products/Services: E-Commerce allows quick delivery in the case of digitized products such as music, software etc.

11) Provide Comparison Shopping: Economic facilitates comparison shopping. There are several online services that allow customers to browse multiple ecommerce merchants and find the best prices.

12) E-payment system: The electronic payment system on the internet is facilitated by payment gateways or intermediary between the business firm and customers and between the business firms for assuring the payments from the customers. (c) Benefits of E-Commerce to Society:

1) Enables More Flexible Working Practices: Which enhances the quality of life for a whole host of people in society, enabling them to work from home. Not only is this more convenient and provides happier and less stressful working environments. It also potentially reduces environmental pollution a fewer people have to travel to work regularly.

2) Connects People: Enables people in developing countries and rural areas to enjoy and access products, services, information and other people which otherwise would not be easily available to them.

3) Facilitates Delivery of Public Services: The health services available over the Internet on-line consultation with doctors or nurses, filing taxes over the Internet through the Inland Revenue website.

Disadvantages of Electronic Commerce

The following are the important drawback/disadvantages of electronic commerce:

1) Ecommerce Lacks That Personal Touch: Not that all physical retailers have a personal approach, but we do know of several retailers who value human relationship. As a result, shopping at those retail outlets is reassuring and refreshing. Clicking on ―Buy Now‖, and piling up products in virtual shopping carts.

2) System and data integrity: A computer virus is a program that clones itself when an injected piece of program code is executed. it is malicious program. data protection from the viruses that causes unnecessary delays and can clean up all stored information must. In order to create cost effective response to the varied technical and human threats to web site security.

3) E-Commerce Delays Goods: Ecommerce websites deliver to take a lot longer to get the goods into consumer hands. Even with express shipping the earliest consumer get goods in next day. An exception to this rule is in the case of digital goods an e-book or a music file. In this case, ecommerce might actually be faster than purchasing goods from a physical store. Ashok Mammen V Assistant Professor Page 10

4) System scalability: It means regular up graduation of the website is required when the number of website users increase over period of time or during busy seasons. As a result of rush of enquiries on the companies site, it might cause slow down of the system performance and eventually loss of customers.

5) Dependent on internet: E-Commerce is dependent on internet. Mechanical failures in the system can cause unpredictable effects on the total processes. Furthermore, there are many hackers who look for opportunities, and thus an ecommerce site, service, payment gateways; all are always prone to attack. Things such as viruses could mean losing the site or affecting the customer‘s computers while on purchasing from the website.

6) Many Goods Cannot Be Purchased Online: Despite its many conveniences, there are goods that consumer cannot buy online. Most of these would be in the categories of ―perishable‖ or ―odd-sized‖. It could order both of them online, but consider the inconvenience. The Popsicle would have to be transported in refrigerated trucks. Unless the seller was willing to make a huge loss, the cost of shipping that Popsicle would far exceed the cost of the Popsicle.

7) Products people won‘t buy online: There are various products which the customers 8) would like to first touch and feel and then buy it. For example: Furniture users want to touch ant they want to sit on it, feel the texture of the fabric.

9) Ecommerce Does Not Allow Experiencing the Product before Purchase: It cannot touch the fabric of the garment when consumers wants to buy and it check how the shoe feels on our feet, consumer cannot ―test‖ the perfume that consumer want to buy. In many cases, customers want to experience the product before purchase. Ecommerce does not allow that. If they buy a music system, they cannot play it online to check if it sounds right? If they are purchasing a home-theatre system, they would much rather sit in the ―experience centre‖ that several retails store set up.

10) Loyal customers: Great amount of effort is put on building a customer relationship buy the organizations and retaining them is rather a bigger job. A business cannot survive without a loyal customer.

11) Shopping is Social Experience: People love to shop in the mall because it gives them an opportunity to have fun with friends and family. It‘s something online stores lack of.

12) Anyone one Can Set Up an Ecommerce Website: Where online storefront providers bring the ability to set up an ecommerce store within minutes. The lowered barriers to entry might be a great attraction to the aspiring ecommerce entrepreneur. But for the buyer, reliability can be an issue. This could lead customers to restrict their online purchases to famous ecommerce websites.

13) Too Many Competitors: If there are thousands of online stores selling similar products, how company can attract visitors, so they actually but from it and not from others? As the technology has boomed the competition is increasing because more and more people are opening their businesses on internet

Ashok Mammen V Assistant Professor Page 11

14) Security: When making an online purchase consumer have to provide at least credit card information and mailing address. In many cases ecommerce websites are able to harvest other information about our online behaviour and preferences. This could lead to credit card fraud, or worse, identity theft.

Some of the very important E-Commerce models are elaborately explained as follows:

(1) Business - to - Business (B2B): Business - to - Business (B2B) is a transaction that occurs between two companies, as opposed to a transaction involving a consumer. This term may also describe a company that provides goods or services for another company.

Business - to - Business (B2B) is a transaction that exists between businesses, such as those involving o a manufacturer and wholesaler, or, o a wholesaler and a retailer.

Website following B2B business model sells its product to an intermediate buyer who then sells the product to the final customer. As an example, a wholesaler places an order from a company's website and after receiving the consignment, sells the end product to final customer who comes to buy the product at wholesaler's retail outlet.

Examples of B2B Model: Let us take an example of www.amazon.com. As we know, www.flipkart.com is an online store that sells various products from various companies. Assume that the skyward publishers want to sell the books online. In this case, the publishers have the option of either developing their own site or displaying their books on the Amazon site (www.flipkart.com), or both. The publishers mainly choose to display their books on www.flikart.com at it gives them a larger audience. Do Now, to do this, the publishers need to transact with flipkart, involving business houses on the both the ends, is the B2B model.

Consider another example. ABC company sells automobile parts and XYZ company assembles these parts and then sells the automobile to customers. XYZ company comes across the website of ABC and finds it suitable. XYZ therefore, a request for more information about ABC and finally, decides to purchase automobile parts automobile from ABC. To do this, XYZ places an order on the website of ABC. After ABC receives the order details, it validates the information. As soon as the order is confirm, the payment procedures are settled. Finally, ABC sends an acknowledgement of payment to XYZ and delivers the goods as per the shipment details decided between the two organizations.

Following are the leading items in B2B e-Commerce:-  Electronics  Shipping and Warehousing  Motor Vehicles

Examples of some of the B2B Websites:

Ashok Mammen V Assistant Professor Page 12

1. www.Getrespons.com: It is an innovative B2B service based company that has revolutionized the small business email marketing niche. Providing a web based email marketing platform aimed at the small business owner wanting to market their own business online.

2. www.Incorporate.com: Incorporate.com who have reduced the cost and streamlined the process of creating, limited liability companies. In a few easy steps online, anyone can create their own company for a fraction of the cost a corporate lawyer would charge

The impact of B2B markets on the economy:

B2B E-Commerce have a significant impact on the economy as they help to lower various cost involved in business transactions. There are the cost areas that are significantly reduced through the conduct of B2B E-Commerce :

(a) Search costs: Buyers need not go through intermediaries to search for information about suppliers, products and prices as in a traditional supply chain. Internet is more efficient information channel then its traditional counterpart. So effort, time and money can be saved. In B2B, buyers and sellers are gathered together into a single online trading community and reducing search cost even further.

(b )Processing cost: Reduction in the costs of processing transactions (e.g. invoices, purchase orders and payment schemes), as B2B allows for the automation of transaction processes and therefore the quick implementation of the same compared to telephone and fax.

(c) Avoid intermediaries: Through B2B e-markets, suppliers are able to interact and transact directly with buyers there by eliminating intermediaries and distributors.

(d) Transparency in pricing: The gathering of a large number of buyers and sellers in a single e-market reveals market price information and transactions processing to participants. Thus increases the price transparency.

Advantages and Disadvantages of B2B Model

Advantages: a) It can efficiently maintain the moment of the supply chain and the manufacturing and procuring processes. b) It can automate corporate processes to deliver the right products and services quickly and cost-effectively. c) B2B is global trade market, where we can but anything at anytime. d) Creates new sales opportunities e) It lowers the search cost and time for buyers to find products and vendors

Disadvantages: f) Delay of goods where the earliest to receive goods would be the next day g) Some goods cannot be purchased online such as perishable items h) Enable to experience the product before purchasing i) Fraudulent websites and scams

Ashok Mammen V Assistant Professor Page 13 j) Security issues leading to credit card fraud or identity theft

(2) Business - to – Consumer (B2C):

Business - to – Consumer (B2C) is a transaction in which the businesses sell their products or services to the consumers directly. It refers to the online selling of products, or, e-tailing, in which the manufacturers or retailers sell their products directly to the consumers over the internet.

Website following B2C business model sells its product directly to a customer. A customer can view products shown on the website of business organization. The customer can choose a product and order the same. Website will send a notification to the business organization via email and organization will dispatch the product/goods to the customer.

Business2consumer (B2C) : Online transactions are made between businesses and individual consumers e-Tailing (online retailing) Examples: amazon.com, dell.com

Examples of B2C Model k) Consider an example in which a transaction is conducted between a business organisation and a consumer. A business house, www.bagskart.com, displays and sells a range of bags on their Website. The details information of all their products is wants to buy a gift for his wife. He therefore, logs on to the site and selects a gift from the catalog. He also gets the detailed information about the gift such as, the price, availability, discounts, and so on from their catalog. Finally, when he decides to buy the gift, he places an order for the gift on their Web site. To place an order, he needs to specify his personal and credit card information on the site. The credit card details will be passed to the bank for verification. This information is then validated by bank and stored in their database. On verification of the information the order is processed. Therefore, as we can see, the B2C model involves transactions between a consumer and one or more business organisations. l) The example of the www.flipkart.com site also involves the B2C model in which the consumer searches for a book on their site and places an order, if required. This implies that a complete business solution might be an integration solution of more than one business model. For example, www.flipkart.com includes the B2B model in which the publishers transact with flipkart and the B2C model in which an individual consumer transact with the business organization.

Examples of some of the B2C Websites: 1. Fashion & Lifestyle Sunglassesindia.com, Brandsndeals.com, Shopperstop.com 2. Custom designed T-shirt, mug, calendar etc Myntra.com, Zoomin.com 3. Gifts, cakes etc. Infibeam.com, IndianGiftsPortal.com, Giftsandlifestyle.com

Key features of a B2C model: • Heavy advertising required to attract large number of customers. • High investment in terms of hardware/ software. • Support or good customer care service. • Consumer Shopping Procedure Steps used in B2C E-Commerce :

Ashok Mammen V Assistant Professor Page 14

Types of B2C: Different types of B2C Ecommerce are: direct sellers, online intermediaries, advertisingbased models, community-based models and fee-based models. Each type is so different from the other that they are not directly comparable. Some B2C businesses utilize more than one type to reach different audiences.

Type of B2C Description

(a) Direct Sellers Direct sellers, such as online retailers, sell a product or service directly to the customer via a website. Direct sellers are divided into e-tailers and manufacturers. Etailers are electronic retailers that either ship products from other their own warehouses or trigger deliveries from other companies Product manufacturers use the Internet as a catalog and sales channel to eliminate intermediaries.

(b) Online Intermediaries Online intermediaries perform the same function as any other broker. The business allows non-B2C companies to reap some Altering the price-setting processes. Of the benefits. Brokers offer buyers a service and help by

Advantages and Disadvantages of B2C Model:

Advantages:

1) Advantages for the Business: m) It can reach worldwide market with unlimited volume of customers. n) It can display information, pictures, and prices of products or services without spending a fortune on colourful advertisements. o) Order processing an easier task than before. p) It can operate on decreased, little, or even no overhead.

2) Advantages for the Consumers: q) Convenience: Consumers can shop at any time of day, from the privacy of their own home. Internet shopping can be done at time either day or night. r) Many choice: Consumers is offered many choices for the same products under various brands s) Less Hassle: Consumers can shop online without hassles like traffic, congestion of the malls etc.

Disadvantages: 1) Disadvantages for the Business: o Many websites offering the same product to the customers o Technological problems can cause the website to not operate properly thereby loosing the customer. o People are hesitant to enter the credit card details if the website does not have proper security norms. 2) Disadvantages for the consumer: o Security issues, especially credit card information which is very sensitive. o Fraud, rip-offs are very common on the web. o Customer service may not be satisfactory for the consumers.

Ashok Mammen V Assistant Professor Page 15

(3) Consumer - to - Consumer (C2C):

C2C, or customer-to-customer, or consumer-to-consumer, is a business model that facilitates the transaction of products or services between customers.

An example of C2C would be the classifieds section of newspaper, or an auction. In both of these cases, a customer, not a business, sells goods or services to another customer. The goal of a C2C is to enable this relationship, helping buyers and sellers locate each other. Customers can benefit from the competition for products and easily find products that may otherwise be difficult to locate.

Website following C2C business model helps consumer to sell their assets like residential property, cars, motorcycles etc. or rent a room by publishing their information on the website. Website may or may not charge the consumer for its services. Another consumer may opt to buy the product of the first customer by viewing the post/advertisement on the website. consumer-to- consumer (C2C) Consumers sell directly to other consumers

Example of Consumer to Consumer (C2C) Model Let us take an example of E-Bay. When a customer plan to sell his products to other customers on the Website of E-Bay, he first needs to interact with an E-Bay site, which in this case acts as a facilitator of the overall transaction. Then, the seller can host his product on www.E-Bay.in which in turn charges him for this. Any buyer can now browse the site of E-Bay to search for the product he interested in. If the buyer comes across such a product, he places an order for the same on the Web site of E-Bay. EBay now purchase the product from the seller and then, sells it to the buyer. In this way, though the transaction is between two customers, an organization acts as an interface between the two organizations.

Examples of C2C websites: 1) Craigslist: Craigslist is one of the top websites in the world and the leading service for classified ads. Consumers can not only buy, sell and trade items, but also conduct other transactions such as housing and job searches. 2) E-Bay: E-Bay is a global online shopping and auction website that offers millions of consumers a wide variety of goods and services. Sellers pay a fee or commission to sell their items and buyers can shop and make purchases for free. Buyers place bids just like in a traditional auction and only acquire an item if they are the highest bidder. Monetary transactions are typically completed through PayPal, a service for online money transfers. Once a transaction is complete, buyers and sellers can rate each other based on their trustworthiness. 3) Examples of other C2C websites: • www.olx.in (internet classified) • www.carwale.com (internet classified) • www.gaadi.com (internet classified)

Key features of a C2C model:

a) Consumers interact directly with other consumers. They exchange information such as :

Ashok Mammen V Assistant Professor Page 16

 Expert knowledge where one person asks a question about anything and gets an email reply from the community of other individuals.  Opinions about companies and products b) There is also an exchange of goods between people both with consumer auction sites such as e-bay, swapitshop.com, where individuals swap goods with each other without the exchange of money. c) In more recent times the blogging phenomenon has incorporated this business model well. The development of online communities with specific niche interests can gain huge followings. Most current C2C sites, such as E-Bay, have both streamlined and globalised traditional person-to-person trading, which was usually conducted through such forms as garage sales, collectibles shows, flea markets and more, with their web interface. This facilities easy exploration for buyers and enables the sellers to immediately list an item for sale within minutes of registering. d) C2C sites make money by charging fees to sellers. Although it‘s free to shop and place bids, sellers place fees to list items for sale, add on promotional features, and successfully complete transactions.

Advantages and disadvantages of C2C Model:

Advantages: • Customers can directly contact sellers and eliminate the middle man. • Anyone can now sell and advertise a product in the convenience of one‘s home. • Sellers can reach both national and international customers and greatly increase their market. • Feedback on the purchased product helps both the seller and potential customers. • The transactions occur at a swift rate with the use of online payments systems such as paypal.

Disadvantages • Although online auctions allow one to display his or her products, there is often a fee associated with such exhibitions. Other times, websites may charge a commission when products are sold. With the growing use of online auctions, the number of internet-related auction frauds has also increased. • Identity theft has become a rising issue. Scam artists often create sites with popular domain names such as ―e bay ― in order to attract unknowing E-Bay customers. These sites will ask for personal information including credit card numbers. Numerous cases have been documented in which users find unknown charges on their credit card statements and withdrawals in their bank statements after purchasing something online. • Illegal or restricted products and services have been found on auction sites. Anything from illegal drugs, pirated works have appeared on such sites.

(4) Consumer - to - Business (C2B):

Definition of Consumer to Business (C2B): Consumer to business E-Commerce refers to the transactions taking place between consumers to business organisations. The C2B model completely transposes the traditional business-to consumer (B2C) model, where a business produces services and products for consumer consumption.

Ashok Mammen V Assistant Professor Page 17

Customer to business (C2B), sometimes known as Consumer to Business is the most recent ECommerce business model. In this model, individual customers offer to sell products and services to companies who are prepared to purchase them. This business model is the opposite of the traditional B2C model. The idea is that the individual/end user provides a product or service that the business can use to complete a business process or gain competitive advantage. In this model, a consumer approaches website showing multiple business organizations for a particular service. Consumer places an estimate of amount he/she wants to spend for a particular service. For example, comparison of interest rates of personal loan/ car loan provided by various banks via website. Business organization that fulfils the consumer's requirement within specified budget approaches the customer and provides its services. Consumer2business (C2B)

Individuals use the Internet to sell products or services to organizations The C2B model involves a transaction that is conducted between a consumer and a business organization. It is similar to the B2C model, however, the difference is that in this a case the consumer is the seller and the business organisation is the buyer. In this kind of a transaction, the consumers decide the price of a particular product rather than the supplier. This category includes individuals who sell products and services to organisations. In the C2B model, a consumer provides a business with a fee-based opportunity to market a product or service on the consumer‘s website or blog. In this type of relationship, a website owner is paid to review the product or service through blog posts, videos or podcasts. In most cases, paid advertisement space is also available on the consumer website.

For the C2B relationship to be fulfilled, the players must be clearly defined. The consumer could be any individual who has something to offer a business, either a service or a good. Examples could be a blogger, as mentioned before, or a photographer offering stock images to businesses. This could also be someone answering a poll through a survey site, or offering job hiring service by referring someone through referral hiring sites.

Example of C2B Model: There are only a few kinds of companies whose trading models could be considered as C2B. • Online Advertising sites like Google Ad sense, affiliation platforms like Commission Junction and affiliation programs like Amazon are the best examples of C2B schemes. Individuals can display advertising banners, contextual text ads or any other promotional items on their personal websites. Individuals are directly commissioned to provide an advertising/selling service to companies. • Online surveys (GozingSurveys, Surveyscout, and Survey Monkey) are also typical C2B models. Individuals offer the service to reply to the company‘s survey and companies pay individual for this service.

Key features of a C2B model: Exchange of products, information or services are from individuals to business. A classic example of this would be individuals selling their services to businesses.

Steps involved in C2B model: • Consumer approaches website showing multiple business organisations for a particular service. Consumer places an estimate of amount he/she wants to spend for a particular service. • Business organisation who fulfils the consumer‘s requirement within specified budget approaches the customer and provides its services..

Ashok Mammen V Assistant Professor Page 18

Example: Comparison of interest rates of personal loan/ car loan provided by various banks via website.

Peer – to – to peer (P2P) - A New Model: Definition of Peer to Peer Model: A peer-to-peer (P2P) network is a type of decentralized and distributed networks architecture in which individuals nodes in the network (called ―peers‖) act as both suppliers and consumers of resources, in contrast to the centralized client-server model where client nodes request access to resources provided by central servers. Users in a P2P network can pool their resources, sharing each other‘s files, storage systems, and applications, thereby paving the way for extensive collaboration and efficient information sharing.

P2P is not only a E-Commerce type, but also a technology that allows people to share computer files and computer resources without going through a central web server. The required software should be installed by both sides so that they can communicate on the common platform. As from the beginning this type of E-Commerce has been launched to the free usage, it has quite low revenue. It consists in mutual help of consumers. The main disadvantage of this model of transaction often entangles cyber laws.

Peer – to – to peer (P2P) technology enables the internet users to share the files and computer resources directly without going to the central web server. Therefore, P2P works without an intermediary.

Example: (A) Napster.co., which was established to aid the internet users in finding and sharing the online music files known as MP3 files, is perhaps the most well known example of P2P E-Commerce. Also, it is important to note that Napster is partially P2P, because, it relies on a central database to show which users are sharing the music files.

Since 1999, entrepreneurs and venture capitalists have attempted to adapt various aspects of peer-to-peer technology into peer-to-peer (P2P) E-Commerce . In a peer-to-peer network, tasks such as searching for files or streaming audio/video are shared amongst multiple interconnected peers who each make a portion of their resources such as processing power, disk storage or network bandwidth directly available to other network participants, without the need for centralized coordination by servers. Security, of course, is a major concern for businesses looking to implement P2P networks. Since P2P allows users direct access to other‘s hard drives. Another obvious security concern was the heightened need to safeguard against malicious or careless P2P users uploading viruses directly into other‘s computers.

P2P or Peer to Peer is sometimes unified with E-Commerce type, C2C, because of the same parties participating in the transaction. Like C2C model, P2P model links users, enabling them to

Ashok Mammen V Assistant Professor Page 19

share the files and computer resources without a common server. The focus in P2P companies is on helping individuals make information available for anyone‘s use connecting users on the web. Historically, P2P software technology has been used to allow the sharing of copyrighted music files in violation of digital copyright law. The challenge for P2P ventures is to develop viable, legal business models that will enable them to make money.

Internet revenue model

For a publisher or other media site owner, eight types of revenue model are possible online.

1. Revenue from subscription access to content: The subscription model applies to the companies that charge subscribers a fee, normally to view text or graphical information. A range of documents can be accessed for a period of a month or typically a year. Here, one of the main challenges the companies are facing is, marketing to a much smaller niche audience who are willing to pay the regular fees, as opposed to a much larger audience that might use the services at no charge. For example, I subscribed to FT.com for access to the digital technology section for around ‚ 80 GBP per year a few years ago. Smart Insights Expert members have an annual subscription in this form.

2. Revenue from Pay Per View access to document: Here payment occurs for single access to a document, video or music clip which can be downloaded. It may or may not be protected with a password or Digital Rights Management. For example, I've paid to access detailed best practice guides on Internet marketing from Marketing Sherpa. Digital rights management (DRM) The use of different technologies to protect the distribution of digital services or content such as software, music, movies, or other digital data.

3. Revenue from CPM display advertising on site: (e.g. banners ads and skyscrapers). This model relies on advertising to make money. CPM stands for "cost per thousand" where M denotes "Mille". The site owner such as FT.com charges all the advertisers a rate card price (for example 50 GBP CPM) according to the number of its ads shown to site visitors. Ads may be served by the site owners' own ad server or more commonly through a third-party ad network service such as Google Ad Sense as is the case with my site.

4. Revenue from CPC advertising on site (pay per click text ads): CPC stands for "Cost Per Click". Advertisers are charged not simply for the number of times their ads are displayed, but according to the number of times they are clicked. These are typically text ads similar to sponsored links within a search engine but delivered over a network of thirdparty sites by on a search engine such as the Google Ad sense Network.

Ashok Mammen V Assistant Professor Page 20

Typical costs per click can be surprisingly high, (i.e.) they are in the range GBP 0.10 to "‚ GBP 4, but sometimes up to GBP 40 for some categories such as "life insurance" that have a high value to the advertiser.

The revenue for search engines or publishers from these sources can also be a fair proportion of this. Google Network Revenues through Ads generate around one third of Google's revenue. For me, the Google's content networks are one of the biggest secrets in online marketing with search engines such as Google generating over a third of their revenue from the network, but some advertisers not realizing their ads are being displayed beyond search engines and so not served for this purpose. Google is the innovator and offers options for different formats of ad units including text ads, display ads, streamed videos and now even cost per action as part of its pay per action scheme.

5. Revenue from Sponsorship of site sections or content types (typically fixed fee for a period): A company can pay to advertise a site channel or section. For example, bank HSBC could sponsors the Money section on a media site. This type of deal is often struck for a fixed amount per year. It may also be part of a reciprocal arrangement, sometimes known as a "contra-deal" where neither party pays. A fixed-fee sponsorship approach was famously used by Alex Tew in 2005, a 21-year-old considering going to University in the UK who was concerned about paying off his university debts. This is no longer a concern since he earned $1,000,000 in 4 months when he set up his Million Dollar Homepage. His page is divided into 100-pixel blocks (each measuring 10x10 pixels) of which there are 10,000 giving 1,000,000 pixels in total. Alex spent £50 on buying the domain name (www.milliondollarhomepage.com) and a basic web-hosting package. He designed the site himself but it began as a blank page.

6. Affiliate revenue (CPA, but could be CPC): Affiliate revenue is commission base. For example I display Amazon books on my personal blog site DaveChaffey.com and receive around 5% of the cover price as a fee from Amazon. Such an arrangement is sometimes known as Cost Per Acquisition (CPA ). Increasingly this approach is replacing CPM or CPC approaches where the advertiser has more negotiating power. For example, in 2005 manufacturing company Unilever negotiated CPA deals with online publishers where it paid for every e-mail address captured by a campaign rather than a traditional CPM deal.

However, it depends on the power of the publisher who will often receive more revenue overall for CPM deals. After all, the publisher cannot influence the quality of the ad creative e to click which will affect the Click through rate on the ad and so the CPM.

7. Subscriber data access for e-mail marketing:

Ashok Mammen V Assistant Professor Page 21

The data, a site owner has about its customers, is also potentially valuable since it can said different forms of e-mail to its customers if they have given their permission that they are happy to receive e-mail either from the publisher or third parties. The site owner can charge for advertisements placed in its newsletter or can deliver a separate message on behalf of the advertiser (sometimes known as list rental). A related approach is to conduct market research with the site customers.

8. Access to customers for online research: An example of a company that uses this approach to attract revenue from surveys is the teen site Dubit. Considering all of these approaches to revenue generation together, the site owner will seek to use the best combination of these techniques to maximize the revenue. To assess how effective different pages or sites in their portfolio are at generating revenue, they will use two approaches. The first is eCPM, or effective Cost Per Thousand.

This looks at the total they can charge (or cost to advertisers) for each page or site. Through increasing the number of ad units on each page this value will increase. This is why you will see some sites which are cluttered with ads. The other alternative to assess page or site revenue generating effectiveness is Revenue per click (RPC), which is also known as Earnings Per Click (EPC).

This is particularly important for affiliate marketers who make money through commission when their visitors click through to third party retail sites such as Amazon, and then purchase there.

Web Auction

A web auction/online auction is an auction which is held over the internet. Online auctions remove the physical limitations of traditional auctions such as geography, presence, time, space and target much wider audience. This arrival in reach ability has also made it easier to commit unlawful actions within an auction. Web Auction is a simple auction designed for organizations or individuals who want to hold an auction. It is not like E-Bay in the sense that only Administrator can add products. Products can have pictures, price, minimum bids, bid increments, and more. Definition and Examples: Web Auction or Online Auction Online auctions are places that people can go in order to buy or sell goods or services online for a small fee. Anyone can sell an item and anyone can bid on an item. The highest bidder wins the auction and pay for the good or service and then expects for to receive their winning in the next couple of days through the mail or some other way of delivery.

The largest online auction website is E-Bay followed by other sites such as Yahoo ad Amazon. These sites allow ordinary web citizens to sell their goods. The sale is generally based on a system of trust, but some people are finding profit in abusing the trust of others, while some are stretching the limits of the law via online auctions. Below is a listing of some of the major online auction sites on the Internet.

Ashok Mammen V Assistant Professor Page 22

• Auction-Warehouse - http://www.auction-warehouse.com • Craigslist - http://www.craiglist.org • E-Bay – http://www.ubid.com

Online auctions are a widely accepted business model for the following reasons: • No fixed time constraint • Flexible time limits • No geographical limitations • Offers highly intensive social interactions • Includes a large numbers of sellers and bidders, which encourages a high-volume online business

Online auctions include business to business (B2B), business to consumer (B2C), and consumer to consumer (C2C) auctions. E-Bay is the best example of an auction site that uses all three methodologies.

The online auction business model continues to evolve according to market needs. Examples include E-Bay, Web Store, Online Auction and Overstock. E-Bay and other providers encourage legitimate bidding activity through bidder block lists. E-Bay also offers Dutch auctions for large inventories, where auction bidders pay according to an item‘s highest sale price.

Like other online services and activities, online auctions can attract stolen or pirated products.

Setting up an auction with Web Auction: Setting up an auction with Web Auction is quick and simple. We can either host the auction on our own web server or set up our own auction on our servers for free. We have full control over our auction. We can create your own categories, set the start dates and end dates for our auction, select a custom header and footer, and enter the product categories that we want to have in our auction. Once the auction is installed and set up, we can begin adding the products immediately. Each product can have a minimum bid, open and close date, a photo, and a preferred bid increment associated with it. Users of our auction can browse the products that are up for auction and submit the bids. The winner will receive an email when the auction is closed with instructions on how to proceed. In e auction is a service in which auction users or participants sell or bid for products or services via the Internet. Virtual auctions facilitate online activities between buyers and sellers in different locations or geographical areas. Various auction sites provide users with platforms Powered by Different types of Auction Software An online auction is also known as a virtual auction.

Ashok Mammen V Assistant Professor Page 23

Benefits of Online Auctions: Online auctions hold two other potential benefits for small businesses, as well. First, buying and selling over the Internet can help expand the global reach of a small business, opening international markets that would have been impossible to reach via normal marketing channels. Second, auctions can help new businesses-or those offering new products-to establish market prices based on supply and demand. Small businesses can use online auctions to gauges interest in their products and find out what customers are willing to pay. Furthermore, companies can collect such information quickly and informally, rather than investing in time-consuming and expensive market research.

Types of Online Auctions:

1. Reverse auction 2. Penny auction 3. English auction 4. Dutch auction 5. First-price sealed-bid 6. Vickrey auction

What is a reverse auction? A reverse auction, as the name implies, is the opposite of a traditional auction. Instead of buyers bidding on a single item, sellers vie to provide goods and services to a buyer. Rather than driving prices up with each bid, reverse auctions drive prices down until the buyer is offered a price they are willing to pay. However, the winner is not always the business offering the lowest price.

How a reverse auction works: Reverse auctions are typically used in business settings, often for purchasing and procurement. If a business needs 100 desks for a new office, it might hold a reverse auction to see which suppliers will compete to provide the desks and for an optimal price. However, the lowest bidder does not necessarily automatically win the contract. If a bidder can provide 100 desks one week before the deadline, that may be more attractive than a business with a lower price who can only deliver the day of the opening.

Because the content of a supplier‘s bid varies from business to business, reverse auctions are flexible and best suited for service contracts. Many government contracts are determined by reverse auctions, since the federal government is often held to strict budget limits. Reverse auctions can take months as businesses prepare proposals and adjust their offerings based on the specifications of the buyer. And there is often stiff competition between vendors. Often, cost savings make it worth extending the procurement process.

What is a penny auction (or bidding fee) auction? Penny auctions, also known as bidding fee auctions, are exclusively online auctions where a buyer purchases the right to bid in the auction before it begins. The name comes from the fact

Ashok Mammen V Assistant Professor Page 24 that bids go up by a penny. The catch is that buyers pay for a finite number of bids before they enter the auction. Auctions are also timed, so once the time period is up, the highest bid is the winner. The allure is the potential to pay much less than retail price for a product, so long as a large number of bidders are not driving the price up quickly in a heated bidding war.

Say an iPhone is up for auction. While the opening bid may be one cent, you may also need to purchase 50 bids for $50. Once you bid 50 times on the iPhone, you will either need to purchase another bid pack or stop bidding. If you are lucky enough to win the iPhone at a bid of $100, you will need to pay the $100 in addition to the money spent purchasing bids. This way, penny auction sites can afford to offer expensive merchandise at greatly reduced prices. The downside is penny auctions are extremely similar to gambling and have similar outcomes, with the odds being greatly stacked against bidders.

What is an English auction? English auctions are the most traditional and common form of online and live auction. A single item is put up for auction with a starting bid attached, and individuals place ascending bids until no one is willing to outbid the final bidder. The winner is the bidder with the highest bid.

In person, this format is efficient and easy to follow. It also translates well online. The transparency into previous bids encourages future bids, and technology allows consumers to determine a max bid before the auction even starts. If that max bid is exceeded, participants can decide whether to make another bid or back out of the auction.

Online, English auctions may also run for several days or weeks, rather than a few minutes. This offers a large number of buyers the opportunity to view the listing and decide how much they would like to bid based on current activity. Some sites may even allow users to follow a particular auction and receive email updates every time a bid is made.

What is a Dutch auction? Dutch auctions function the same as English auctions, but in reverse. The opening price starts high and is lowered until a buyer chooses to accept it. While this auction format is much less popular than the English auction, it also translates well online. This is similar to a reverse auction, but there is only one seller gradually lowering the price of an item rather than multiple sellers offering various prices for the same service.

Dutch auctions are typically used when a company is seeking investors. The company sets a share price and gradually lowers it, seeing how many shares people are willing to buy at each price. At the end of the auction, the share price with the most bids for the most shares becomes the price all winners pay for their shares.

What is a first-price sealed-bid auction? First-price sealed-bid auctions are similar to English auctions in that the highest bid wins, but all participants submit a single, sealed bid to the auctioneer. The auctioneer then reads all the bids

Ashok Mammen V Assistant Professor Page 25 and the highest bid is the winner. Unlike most auctions, competition does not drive the final price because no one knows how much other bidders are willing to pay for an item.

What is a Vickrey auction? A Vickrey auction works similarly to a first-price sealed-bid auction, but the winner (the highest bidder) only pays what the second-highest bidder offered. So if the highest bid was $100 and the next-highest bid was $95, the person who suggested $100 will only pay $95. This is intended to prevent bidders from placing bids that are too high or too low, so the item is sold for a supposedly more accurate value. With all bids remaining hidden, buyers are forced to consider what they think an item is actually worth.

Source Ecommerce – compiled notes https://learn.g2.com/types-of-auctions

UNIT 2 : SECURITY FOR E-BUSINESS

Security threats – An area view – implementing E-commerce security – encryption – Decryption, Protecting client computers E-Commerce Communication channels and web servers Encryption, SSL protocol, Firewalls, Cryptography methods, VPNs, protecting, networks, policies and procedures ------

WHAT IS E-COMMERCE SECURITY E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Six dimensions of e-commerce security are 1. Integrity: prevention against unauthorized data modification 2. Non-repudiation: prevention against any one party from reneging on an agreement after the fact 3. Authenticity: authentication of data source 4. Confidentiality: protection against unauthorized data disclosure 5. Privacy: provision of data control and disclosure 6. Availability: prevention against data delays or removal

E-Commerce Threats Cyber-security represents one of the most important e-Commerce feature. Without the existence and implementation of proper protocols, online store owners put themselves and also their customers at risk for payment fraud. Even stores that cater to a small target market can find themselves at a heightened risk if they leave gaps in their online security. Actually, smaller stores face the biggest threat from cyber-criminals because of insufficient Internet safety. It has been observed that one in five small online businesses falls victim to fraud every year, and more that 60 of these stores are forced to close within six months.

Ashok Mammen V Assistant Professor Page 26

More than financial consequences, data breaches harm an e-Commerce website‘s reputation. Loyal customers will avoid continuing shopping at an online store that put their information at risk in the past. Therefore, using the right tools became compulsory, minimizing the risks of fraud.

Threats may be from anyone with the capability, technology, opportunity, and intent to do harm. Potential threats can be foreign or domestic, internal or external, state-sponsored or a single rogue element. Terrorists, insiders, disgruntled employees, and hackers are included in this profile

Some of the security concerns are Loss of Privacy/confidentiality, data misuse/abuse, Cracking, eavesdropping, spoofing, rootkits, Viruses, Trojans, worms, hostile ActiveX and Java, System unavailability, denial of service, natural disasters, power interruptions E-commerce activity takes place when there is a sender (customer), a receiver (the merchant) using a communication channel to do business. In this environment the sender has his own device or computer, uses the internet, logs in to the business portal of the merchant, the orders placed gets transmitted from one machine to another machine, often through a complex set of technology features. The threat to security is that the devices, the communication channel, the technology that is used, can all be compromised, thus causing damage or loss to both parties. The threats can be categorized into four areas depending on where or who gets effected.

1. Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g., music downloading, domain name (cyber squatting), software pirating

2. Client computer threats. The customer machine may be compromised due to Trojan horse, Active contents, Viruses

3. Communication channel threats can occur due to Sniffer program, Backdoor, Spoofing, Denial-of-service

4. Server threats maybe caused due to – Privilege settings, Server Side Include (SSI), Common Gateway Interface (CGI), File transfer, Spamming

Eavesdropping - This is the process of listening in or overhearing parts of a conversation. It also includes attackers listening in on your network traffic. It‘s generally a passive attack, for example, a co-worker may overhear your dinner plans because your speaker phone is set too loud. The opportunity to overhear a conversation is coupled with the carelessness of the parties in the conversation.

Snooping - This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper tracked to your bulletin board. Computer snooping on the other hand involves someone searching through your electronic files trying to find something interesting.

Interception - This can be either an active or passive process. In a networked environment, a

Ashok Mammen V Assistant Professor Page 27 passive interception might involve someone who routinely monitors network traffic. Active interception might include putting a computer system between sender and receiver to capture information as it is sent. From the perspective of interception, this process is covert. The last thing a person on an intercept mission wants is to be discovered. Intercept missions can occur for years without the knowledge of the intercept parties.

Modification Attacks - This involves the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. These attacks can be very hard to detect. The motivation of this type of attack may be to plant information, change grades in a class, alter credit card records, or something similar. Website defacements are a common form of modification attacks.

Repudiation Attacks - This makes data or information to appear to be invalid or misleading (Which can even be worse). For example, someone might access your email server and inflammatory information to others under the guise of one of your top managers. This information might prove embarrassing to your company and possibly do irreparable harm. This type of attack is fairly easy to accomplish because most email systems don't check outbound email for validity. Repudiation attacks like modification attacks usually begin as access attacks.

Denial-of-service Attacks - They prevent access to resources by users by users authorized to use those resources. An attacker may try to bring down an Ecommerce website to prevent or deny usage by legitimate customers. DoS attacks are common on the internet, where they have hit large companies such as Amazon, Microsoft, and AT&T. These attacks are often widely publicized in the media. Several types of attacks can occur in this category. These attacks can deny access to information, applications, systems, or communications. A DoS attack on a system crashes the operation system (a simple reboot may restore the server to normal operation). A common DoS attack is to open as many TCP sessions as possible; this type of attack is called TCP SYN flood DoS attack. Two of the most common are the ping of death and the buffer overflow attack. The ping of death operates by sending Internet control message protocol (ICMP) packets that are larger than the system can handle. Buffer overflow attacks attempt to put more data into the buffer than it can handle. Code red, slapper and slammer are attacks that took advantage of buffer overflows, sPing is an example of ping of death.

Distributed Denial-of-service Attacks - This is similar to a DoS attack. This type of attack amplifies the concepts of DoS attacks by using multiple computer systems to conduct the attack against a single organization. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and Cable. These permanently attached systems have little, if any, protection. The attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or Cable modems. The attack program lies dormant on these computers until they get attack signal from the master computer. This signal triggers these systems which launch an attack simultaneously on the target network or system.

Back door Attacks - This can have two different meanings, the original term back door referred to troubleshooting and developer hooks into systems. During the development of a complicated operating system or application, programmers add back doors or maintenance hooks. These back doors allow them to examine operations inside the code while the program is running. The second type of back door refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker. The program may allow a certain user to log in without a

Ashok Mammen V Assistant Professor Page 28 password or gain administrative privileges. A number of tools exist to create a back door attack such as, Back Orifice (Which has been updated to work with windows server 2003 as well as earlier versions), Subseven, NetBus, and NetDevil. There are many more. Fortunately, most antivirus software will recognize these attacks.

Spoofing Attacks - This is an attempt by someone or something to masquerade as someone else. This type of attack is usually considered as an access attack. The most popular spoofing attacks today are IP spoofing and DNS spoofing. The goal of IP spoofing is to make the data look like it came from a trusted host when it really didn't. With DNS spoofing, The DNS server is given information about a name server that it thinks is legitimate when it isn't. This can send users to a website other than the one they wanted to go to.

Man-in-the-Middle Attacks - This can be fairly sophisticated, this type of attack is also an access attack, but it can be used as the starting point of a modification attack. This involves placing a piece of software between a server and the user that neither the server administrators nor the user are aware of. This software intercepts data and then sends the information to the server as if nothing is wrong. The server responds back to the software, thinking it's communicating with the legitimate client. The attacking software continues sending information to the server and so forth.

Replay Attacks - These are becoming quite common, this occur when information is captured over a network. Replay attacks are used for access or modification attacks. In a distributed environment, logon and password information is sent over the network between the client and the authentication system. The attacker can capture this information and replay it later. This can also occur security certificates from systems such as Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system, and circumvent any time sensitivity.

Password Guessing Attacks - This occur when an account is attacked repeatedly. This is accomplished by sending possible passwords to an account in a systematic manner. These attacks are initially carried out to gain passwords for an access or modification attack. There are two types of password guessing attacks: - Brute-force attack: Attempt to guess a password until a successful guess occurs. This occurs over a long period. To make passwords more difficult to guess, they should be longer than two or three characters (Six should be the bare minimum), be complex and have password lockout policies. - Dictionary attack: This uses a dictionary of common words to attempt to find the users password. Dictionary attacks can be automated, and several tools exist in the public domain to execute them. Well, there you have it, the only way basically to prevent these types of attacks is to get a good firewall, anti-virus software, and a good Intrusion Detection System (IDS). Tell your firewall to drop ICMP packets that will prevent ICMP flooding.

Counter measure

Ashok Mammen V Assistant Professor Page 29

The following counter measures are taken to overcome the above security threats.

1. Intellectual property protection – Legislature- cyber security laws are formulated and put to practice in order to safeguard copyrights, trademarks and IPR issues. – Authentication: all ecommerce sites require that the client login with his / her credentials.

2. Client computer protection

– Privacy -- Cookie blockers; Anonymizer Cookie Blockers refuse to give consent to advertising cookies or blocks websites that forcefully try to set cookies on your device to track you. Ungenuine sites may use such cookies to steal information from your computer or devices. An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit-card numbers. Cookies perform essential functions in the modern web. Authentication Cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether the cookie data is encrypted.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.

– Digital certificate These are primarily intended to serve the same purpose as 'wet' ink-on-paper signatures – to allow the recipient of a document to confirm the sender's identity (although they also serve to show that a document has not been tampered with). They are authenticated by means of digital certificates. A digital certificate is simply the owner's public key, which a certificate authority has digitally signed.

Laws governing the use of digital (and other forms of electronic) signatures are changing. Our guide on the European Commission's proposal for a new Regulation on electronic identification and trust services for electronic transactions outlines what has been proposed.

– Browser protection

Ashok Mammen V Assistant Professor Page 30

The Browsers are usually updated by the service provider to add new patches that takes care of security breaches or adds more advanced security features. The devices usually prompt the users to update their browsers.

– Antivirus software

Antivirus software basically detects and removes computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. Modern antivirus software can protect users from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. It can protect user of malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks.

3. Communication channel protection

Encryption * Public-key encryption (asymmetric) vs Private-key encryption (symmetric) * Encryption standard: Data Encryption Standard (DES), Advanced Encryption Standard (AES)

The process of encryption underpins many information and communications technology security arrangements. Generally, the encryption process involves encoding a message using an encryption algorithm so that only the sender and intended recipients can access it. The encryption algorithm uses a key that at the receiving end is used to decode the message.

Traditionally, encryption used a secret key of which both the sender and receiver were aware. However, when transacting online, it could not be guaranteed that the secret key could be transmitted securely to the recipient. For this reason, public key cryptography is now often used for secure internet communication. Each recipient has a secret private key, and a public key that is published. The sender looks up the recipient's public key and uses it to encrypt the message, and the recipient uses a private key to decrypt the message.

Encryption not only protects the content of the message; the use of an encrypted digital signature may also be used to provide evidence of the sender and of the integrity of the message.

Protocol * Secure Sockets Layer (SSL) * Secure HyperText Transfer Protocol (S-HTTP)

SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. · In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that‘s nearly impossible to decrypt. · SSL initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be.

Ashok Mammen V Assistant Professor Page 31

· SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.

SSL is the predecessor to the modern TLS encryption used today. In 1999 the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this update was being developed by the IETF and Netscape was no longer involved, the name was changed to TLS. The differences between the final version of SSL (3.0) and the first version of TLS are not drastic; the name change was applied to signify the change in ownership. Since they are so closely related the two terms are often used interchangeably and confused. Some people still use SSL to refer to TLS, others use the term ‗SSL/TLS encryption‘ because SSL still has so much name recognition.

Is SSL still up to date? SSL has not been updated since SSL 3.0 in 1996 and is now considered to be deprecated. There are several known vulnerabilities in the SSL protocol and security experts recommend discontinuing its use. In fact, most modern web browsers no longer support SSL at all. TLS is the up-to-date encryption protocol that is still being implemented online, even though many people still refer to it as ‗SSL encryption‘. This can be a source of confusion for consumers shopping for security solutions. The truth is that any vendor offering ‗SSL‘ these days is almost certainly providing TLS protection, which has been an industry standard for nearly twenty years. But since many folks are still searching for ‗SSL protection‘, the term is still featured prominently on many product pages.

The HTTPS protocol ensures that the data exchange between the user and your website is encrypted and has no intermediaries. It proves that your site is actually your site and not its ―shadow copy‖ created by a hacker, which increases the trust of potential visitors.

Apart from security, HTTPS means good SEO (although it‘s not reflected in the acronym). Back in 2014, Google announced that they would use HTTPS as a ranking signal, which became one of the biggest incentives for webmasters. As a result, HTTPS has become a standard that every self-respecting organization should follow.

Digital signature The software program binds the message originator with the exact contents of the message. A hash function is used to transform messages into a 128-bit digest (message digest). The sender‘s private key is used to encrypt the message digest (digital signature) and then the message along with the signature is sent to the receiver. The recipient uses the hash function to recalculate the message digest and the sender‘s public key is used to decrypt the message digest and the program checks to see if the recalculated message digest = decrypted message digest

4. Server protection – Access control and authentication * Digital signature from user * Username and password * Access control list

– Firewalls

Ashok Mammen V Assistant Professor Page 32

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

The International Computer Security Association's classification: · Packet filter firewall: checks IP address of incoming packet and reject anything that does not match the list of trusted addresses (prone to IP spoofing) · Application level proxy server: examines the application used for each individual IP packet (e.g., HTTP, FTP) to verify its authenticity. · Stateful packet inspection: examines all parts of the IP packet to determine whether or not to accept or reject the requested communication.

Cryptography

Cryptography — the science of secret writing — is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non- standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.

There are five primary functions of cryptography: 1. Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver. 2. Authentication: The process of proving one's identity. 3. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. 4. Non-repudiation: A mechanism to prove that the sender really sent this message. 5. Key exchange: The method by which crypto keys are shared between sender and receiver.

In cryptography, we start with the unencrypted data, referred to as plaintext. Plaintext is encrypted into ciphertext, which will in turn (usually) be decrypted back into usable plaintext. The encryption and decryption is based upon the type of cryptography scheme being employed and some form of key.

Ashok Mammen V Assistant Professor Page 33

TYPES OF CRYPTOGRAPHIC ALGORITHMS There are several ways of classifying cryptographic algorithms. For purposes of this paper, they will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are: 1. Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption; also called symmetric encryption. Primarily used for privacy and confidentiality. 2. Public Key Cryptography (PKC): Uses one key for encryption and another for decryption; also called asymmetric encryption. Primarily used for authentication, non- repudiation, and key exchange. 3. Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint. Primarily used for message integrity.

Secret Key Cryptography Secret key cryptography methods employ a single key for both encryption and decryption. The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers.

Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.

A block cipher is so-called because the scheme encrypts one fixed-size block of data at a time. In a block cipher, a given plaintext block will always encrypt to the same ciphertext when using the same key (i.e., it is deterministic) whereas the same plaintext will encrypt to different ciphertext in a stream cipher.

Public Key Cryptography

Ashok Mammen V Assistant Professor Page 34

Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.

Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the cipher text. The important point here is that it does not matter which key is applied first, but that both keys are required for the process to work. Because a pair of keys is required, this approach is also called asymmetric cryptography.

Hash Functions Hash functions, also called message digests and one-way encryption, are algorithms that, in essence, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a mechanism to ensure the integrity of a file.

Why Three Encryption Techniques?

The answer is that each scheme is optimized for some specific cryptographic application(s). Hash functions, for example, are well-suited for ensuring data integrity because any change made to the contents of a message will result in the receiver calculating a different hash value than the one placed in the transmission by the sender. Since it is highly unlikely that two different messages will yield the same hash value, data integrity is ensured to a high degree of confidence. Secret key cryptography, on the other hand, is ideally suited to encrypting messages, thus providing privacy and confidentiality. The sender can generate a session key on a per- message basis to encrypt the message; the receiver, of course, needs the same session key in order to decrypt the message. Key exchange is a key application of public key cryptography. Asymmetric schemes can also be used for non-repudiation and user authentication; if the receiver can obtain the session key encrypted with the sender's private key, then only this sender could have sent the message. Public key cryptography could, theoretically, also be used to encrypt messages although this is rarely done because secret key cryptography values can generally be computed about 1000 times faster than public key cryptography values.

A Virtual Private Network (VPN) is that private network built on a public network.

Virtual Private Networks (VPNs) use advanced encryption and tunneling so that organizations can establish secure private end-to-end network connections over third-party networks, such as the Internet or extranets. When leveraging third-party networks through VPNs, organizations do not have to continue using costly leased lines or Frame Relay lines, which are generally tricky to dispose of for remote locations. VPNs also allow secure connectivity with suppliers and partners, allowing the use of new networked business applications. VPNs also connect remote users and mobile users to the corporate network through a local Internet service provider, rather than

Ashok Mammen V Assistant Professor Page 35 through expensive long distance calls. Also, VPNs offer a much higher level of security, through their advanced encryption protocols, thus making the data can only read by the receiver to which they sent.

Types of VPNs VPNs are generally divided into three categories: intranet, extranet and remote access. • Intranet (site-to-site): they are indicated to connect fixed locations, branches, branches, and remote offices. They normally use dedicated connections within the company's WAN communications structure based on an operator's private IP network. • Extranet: implemented to expand network services and provide limited and secure access to partners and customers of a company. These extensions are generally supported by public networks (typically the Internet, the public IP network par excellence), for client accesses and private IP networks with higher quality access for partners and collaborators. • Remote access: they provide secure access to mobile users and small offices with very basic communication needs. They use existing access networks, RTB and ISDN, to connect over the Internet.

VPN advantages There are several benefits over the traditional network that companies have been able to appreciate. The main advantages include: • Reduced costs: The total cost of ownership (TCO) reduced since bandwidth, trunk equipment and operations are less expensive. In fact, according to Infonetics, a network management consulting company, LAN-to-LAN connectivity costs usually are reduced between 20 and 40% compared to leased line networks, while reducing costs for solutions Remote access estimated between 60 and 80%. • It makes possible the Internet economy, favoring the agility of the business network – VPNs intrinsically present a more flexible and scalable architecture than classic WANs and, therefore, make it possible for companies to expand their connectivity quickly and profitably, which is conducive to the connection and disconnection of remote offices, international sites, teleworkers, mobile users with local call services (roaming) and the inclusion of external collaborators as required by the company. • Reduces management problems: Companies can outsource a good part or all of their WAN communications through an operator, making it possible for companies to focus their activities on the essential objectives of their business, instead of having to worry about the management of your WAN network or remote centers.

• Simplify the network topologies: By implementing an IP trunk that eliminates the permanent virtual circuits (PVCs) associated with the connection protocols, such as those of the Frame Relay, a fully open network topology created, thereby complexity and network costs are reduced.

• It serves as a support for the installation of value-added services such as VoIP, Video Conference, etc.

Importance of Virtual Private Networks

Ashok Mammen V Assistant Professor Page 36

The network of networks, the Internet becomes increasingly important. Every day there are faster access speeds, and the range of services offered through the Internet widened. It happens that many companies or institutions, with particular growth, have established branches or terminals which have their computers. In many cases, it is necessary to connect these computers to the central office network. We also have the case of remote users, employees, who connect from home or when they are traveling to, for example, check their email. One of the solutions that have found to the problem of the remote connection is that of Virtual Private Networks or VPN, according to its acronym in English, which use the open Internet infrastructure to transmit corporate data between offices or branches. When we talk about corporate data, we mean private information to a company or institution. The intention here is to take advantage of the infrastructure of Internet providers (ISP) to interconnect remote users at a low cost. VPNs allow system administrators to connect the branches of a corporation with the central office in an economical way. Also, they provide remote access to employees while reducing equipment and support spending. Also, often mobilized employees, such as sales representatives, can connect to the office network from any place where there is access (a phone number) to an Internet provider. uilding and managing a security program is an effort that most organizations grow into overtime. I have worked with startups who had no rules for how assets or networks were used by employees. I also have worked at established organizations where every aspect of IT and cybersecurity was heavily managed. The goal is to find a middle ground where companies can responsibly manage the risk that comes with the types of technologies that they choose to deploy.

In establishing the foundation for a security program, companies will usually first designate an employee to be responsible for cybersecurity. It will be this employee who will begin the process of creating a plan to manage their company‘s risk through security technologies, auditable work processes, and documented policies and procedures.

Security policies and procedures

A mature security program will require the following policies and procedures:

1. Acceptable Use Policy (AUP) An AUP stipulates the constraints and practices that an employee using organizational IT assets must agree to in order to access to the corporate network or the internet. It is standard onboarding policy for new employees. They are given an AUP to read and sign before being granted a network ID. It is recommended that and organizations IT, security, legal and HR departments discuss what is included in this policy. An example that is available for fair use can be found at SANS.

2. Access Control Policy (ACP) The ACP outlines the access available to employees in regards to an organization‘s data and information systems. Some topics that are typically included in the policy are access control standards such as NIST‘s Access Control and Implementation Guides. Other items covered in this policy are standards for user access, network access controls, operating system software controls and the complexity of corporate passwords. Additional supplementary items often outlined include methods for monitoring how corporate systems are accessed and used; how

Ashok Mammen V Assistant Professor Page 37 unattended workstations should be secured; and how access is removed when an employee leaves the organization. An excellent example of this policy is available at IAPP.

3. Change Management Policy A change management policy refers to a formal process for making changes to IT, software development and security services/operations. The goal of a change management program is to increase the awareness and understanding of proposed changes across an organization, and to ensure that all changes are conducted methodically to minimize any adverse impact on services and customers. A good example of an IT change management policy available for fair use is at SANS.

4. Information Security Policy An organization‘s information security policies are typically high-level policies that can cover a large number of security controls. The primary information security policy is issued by the company to ensure that all employees who use information technology assets within the breadth of the organization, or its networks, comply with its stated rules and guidelines. I have seen organizations ask employees to sign this document to acknowledge that they have read it (which is generally done with the signing of the AUP policy). This policy is designed for employees to recognize that there are rules that they will be held accountable to with regard to the sensitivity of the corporate information and IT assets. The State of Illinois provides an excellent example of a cybersecurity policy that is available for download.

]5. Incident Response (IR) Policy The incident response policy is an organized approach to how the company will manage an incident and remediate the impact to operations. It‘s the one policy CISOs hope to never have to use. However, the goal of this policy is to describe the process of handling an incident with respect to limiting the damage to business operations, customers and reducing recovery time and costs. Carnegie Mellon University provides an example of a high-level IR plan and SANS offers a plan specific to data breaches.

6. Remote Access Policy The remote access policy is a document which outlines and defines acceptable methods of remotely connecting to an organization's internal networks. I have also seen this policy include addendums with rules for the use of BYOD assets. This policy is a requirement for organizations that have dispersed networks with the ability to extend into insecure network locations, such as the local coffee house or unmanaged home networks. An example of an remote access policy is available at SANS.

7. Email/Communication Policy A company's email policy is a document that is used to formally outline how employees can use the business‘ chosen electronic communication medium. I have seen this policy cover email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology. An example of an email policy is available at SANS.

8. Disaster Recovery Policy An organization‘s disaster recovery plan will generally include both cybersecurity and IT teams‘ input and will be developed as part of the larger business continuity plan. The CISO and teams

Ashok Mammen V Assistant Professor Page 38 will manage an incident through the incident response policy. If the event has a significant business impact, the Business Continuity Plan will be activated. An example of a disaster recovery policy is available at SANS.

9. Business Continuity Plan (BCP) The BCP will coordinate efforts across the organization and will use the disaster recovery plan to restore hardware, applications and data deemed essential for business continuity. BCP‘s are unique to each business because they describe how the organization will operate in an emergency. Two examples of BCP‘s that organizations can use to create their own are available at FEMA and Kapnick.

======Security Issues

The perceived lack of security in transacting and communicating online continues to be seen as an obstacle to the uptake of e-business. This guide gives a brief overview of the subject.

There are three main security issues relevant to doing business online:

1. Verifying the identity of the person you are doing business with. 2. Ensuring that messages you send and receive have not been tampered with. 3. Obtaining evidence of the date, time and place at which a contract was made.

These three issues are addressed by a variety of means including:

Encryption The process of encryption underpins many information and communications technology security arrangements. Generally, the encryption process involves encoding a message using an encryption algorithm so that only the sender and intended recipients can access it. The encryption algorithm uses a key that at the receiving end is used to decode the message.

Encryption not only protects the content of the message; the use of an encrypted digital signature may also be used to provide evidence of the sender and of the integrity of the message.

Digital signatures These are primarily intended to serve the same purpose as 'wet' ink-on-paper signatures – to allow the recipient of a document to confirm the sender's identity (although they also serve to

Ashok Mammen V Assistant Professor Page 39 show that a document has not been tampered with). They are authenticated by means of digital certificates. A digital certificate is simply the owner's public key, which a certificate authority has digitally signed.

Certification authorities Certification authorities (CAs) are independent third parties which issue digital certificates to individuals after verifying that a public key belongs to an individual. The process of certification varies depending on the certification authority and the level of certification. The more rigorous the CA's identity-checking procedures, the more reliable are the certificates which it issues. ======

The majority of e-Commerce software platforms provide a number of built-in security features. Here are three important ways online store owners could use in order to improve their website‘s security:

1. Update e-Commerce software constantly: Software providers issue frequent updates that fix any problems in their platforms. Thus, store owners should install these in order to close vulnerabilities from new malware and viruses. Additionally, online stores should utilize business-grade anti-malware software in order to protect themselves.

2. Address Verification System: AVS tool is used in order to compare the billing address the customer entered with the one the credit card issuer has on file. The majority of payment processors offer this feature. In fact, it separates legitimate transactions from fraudulent ones.

3. CVV: Card Verification Value represents the three or four-digit code on the back of a credit card. Under PCI standards, retailers are not allowed to register this number, even if they record other information for future transactions. In addition, many cyber-criminals have a credit card number, but not the physical card. Therefore, a CVV requirement makes it much more difficult for a fraudulent transaction to go through.

====

Five Online Security Measures to Survive as an e-Business

Cybersecurity is a broad term that encompasses all the technologies geared toward protecting networks and computers, along with the software and data kept on them. While more and more data today can be accessed via the internet, online security has become the major issue for businesses.

The risks associated with online security are constantly and quickly increasing. The number of internet users steadily grows as well as the amount of information stored online. At the same Ashok Mammen V Assistant Professor Page 40 time, hacking techniques evolve, including numerous social engineering tactics. As a result, online security issues are likely to become more prevalent, particularly in the business sphere.

Menlo Security annual research suggests that 42% of Alexa top 100,000 websites are compromised. So what do you need to know to safeguard your online business? We explore five online security measures that will help keep you on the right track.

1. Remember that S in HTTPS is for Security The HTTPS protocol ensures that the data exchange between the user and your website is encrypted and has no intermediaries. It proves that your site is actually your site and not its ―shadow copy‖ created by a hacker, which increases the trust of potential visitors.

The key point here isn‘t so much HTTPS encryption, as it is the ability of big companies like Google to set industry standards. Search engines, on which most online businesses are dependent in some way, are the obvious example but legislation is another key area to consider. It will be vital in the future that developers are aware of the demands of both big companies like Google and legislators, and that they tailor their online security measures accordingly.

2. Use Third-party Tools (But with a Caution) One of the biggest areas of growth in cybersecurity over the last few years has been the development of third-party software aimed at developers. There‘s often an assumption on the part of businesses that developers have sufficient knowledge to adequately protect websites and apps from attack. Yet this isn‘t always the case.

Automation is another key part of the picture in regards to the use of third-party software. Tools that allow developers to automate important aspects of the security testing process are vital for allowing the proper allocation of resources and for ensuring consistent and up-to-date testing in the long-term. The widespread implementation of automated processes is also allowing developers to focus their attention on app vulnerabilities that are difficult to detect with non- human technologies.

Of course, a tool is just a tool, you still need a professional to choose the right one, fine-tune it, and make the most of it. Note that unproven open-source tools may harm your software instead of protecting it.

3. Watch Your IoT Because the focus of security developers has largely been on desktop browser-based apps, software for smartphones and other connected devices has been left somewhat vulnerable. And hackers are increasingly taking advantage of these opportunities.

The fast-growing ecosystem of devices that make up the internet of things also presents another prime hacking opportunity, one with potentially far more serious consequences than traditional website breaches. Gartner predicts that by 2020 there will be more than 20 billion connected devices worldwide. That means an immense attack surface and ominous consequences as to how

Ashok Mammen V Assistant Professor Page 41 stolen information may be exploited. Connected devices are now used for everything from tracking the user‘s location to managing and monitoring hospital equipment. Think of the havoc hackers could wreak if they are able to disrupt these systems.

To secure your IoT devices, keep the firmware up to date, change the default credentials, and disable any P2P features. There are also special tools for IoT security scanning (go to #2).

4. Keep in Mind Users‘ Responsibilities In any discussion about web security, it‘s always important to highlight the issue of human weakness. The fact that most consumers are unaware of security threats, particularly in regards to B2C, but also within the B2B sphere as well, is a cause of mounting concern.

Companies are addressing this problem in two ways. First, the integration of mandatory two-step authentication into apps is becoming increasingly common. This is especially true in areas where security is of vital importance, such as banking. Examples include messaging a pin number to users after they have entered their password or requiring further security details when a login attempt is made from a new location.

Secondly, users are actively being encouraged and advised to adopt safer browsing habits, particularly in the way that they use and store passwords and share data online. When it comes to security, an extra reminder can‘t hurt your users.

5. Balance the Speed and Quality of Web Development The huge increase in the demand for web apps and complex site architecture is something of a double-edged sword. Whilst it has pushed app-related security issues into the limelight and resulted, as mentioned, in the creation of a host of third-party apps, it has also prompted development companies to streamline and speed up their processes to meet the increased demand. In many cases, security has suffered as a result.

Attempts to address problems arising from this phenomenon have taken a number of forms. According to the experience of web development company Iflexion, applying the DevOps approach helps structure processes and increases productivity of a web development team. This allows for speedy completion of projects whilst taking advantage of expertise from a number of key people and departments within the organization.

Conclusion More devices and more users mean greater risk. It‘s vital that companies of all shapes and sizes work from an understanding of the nature of these risks when shaping their approach to web development. Not only will they be providing a safer experience to their customers, but also it‘s very likely that they will save both time and resources in the process.

UNIT 3 : E-PAYMENTS E-payment systems – An overview. B to C payments, B to B payments. Types of E- payment system – Credit card payment, debit cards, accumulating balance, online stored value payment systems, digital cash, digital (electronic) wallets, agile wallet, smart cards and digital cheques. Secure Electronic Transaction (SET) protocol

Ashok Mammen V Assistant Professor Page 42

ELECTRONIC PAYMENT SYSTEM Electronic Payment system is a financial exchange that takes place online between buyers and sellers. The content of this exchange is usually some form of digital financial instrument {such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or by a legal tender. The various factors that have leaded the financial institutions to make use of electronic payments are:‐ 1. Decreased technology cost 2. Reduced operational and processing cost 3. Increasing online commerce The Internet Payment Processing System The participants in an online electronic payment transaction include the following:‐ 1. The Customer:‐Customer in an e‐commerce may be the holder of a payment card such as credit card or debit card from an issuer 2. The issuer:‐The issuer means a financial institution such as bank that provides the customer with a payment card .The issuer is responsible for the card holder‘s debt payment. 3. The Merchant – The person or organizations that sells goods or services to the cardholder via a website is the merchant. The merchant that accepts payment cards must have an Internet Merchant account with the acquirer 4. The acquirer – is a financial institution that establishes an account with the merchant and processes payment card authorizations and payments. The acquirer provides authorization to the merchant that given card account is active and that the proposed purchase doesn‘t exceed the customer‘s credit limit. The acquirer also provides electronic transfer of payments to the merchant‘s account, and is then reimbursed by the issuer via the transfer of electronic funds over a payment network. 5. The Processor – The Processor is a large data centre that processes credit card transactions and settles funds to merchants, connected to the merchant on behalf of an acquirer via a payment gateway.

Basic steps of an online payment The basic steps of an online payment transaction include the following:‐ The customer places an order online by selecting items from the merchant‘s Website and sending the merchant a list. The merchant often replies with an order summary of the items, their price, a total, and an order number The customer places an order along with their credit card information and sends it to the business. The payment information is usually encrypted by an SSL pipeline set up between the customer‘s web browser and the merchant‘s web server SSL certificate.

The merchant confirms the order and supplies the goods or services to the customer. The business sends the consumer an invoice, their certificate and their bank‘s certificate.  The business then generates an authorization request for customer‘s credit card and sends it to their bank  The business‘s bank then sends the authorization request to the acquirer  The acquirer sends an acknowledgement back to the business‘s bank after receiving an acknowledgement from the customer‘s Bank.  Once the consumer‘s bank authorizes payment, the business‘s bank sends an acknowledgement back to the business with an authorization number

Ashok Mammen V Assistant Professor Page 43

Various Online Payment Systems 1. Electronic Tokens An Electronic token is a digital analog of various forms of payment backed by a bank or financial institution. There are two types of tokens:‐ 1] Real Time (or Pre‐paid tokens) – These are exchanged between buyer and seller, their users pre‐pay for tokens that serve as currency. Transactions are settled with the exchange of these tokens. Eg. Digicash , Debit Cards, Electronic Purse etc. 2] Post Paid Tokens – are used with fund transfer instructions between the buyer and seller. Eg. Electronic Cheques, Credit card data etc.

2 Electronic or Digital Cash This combines computerized convenience with security and privacy that improve upon paper cash. Cash is still the dominant form of payment as : The consumer still mistrusts the banks. The non cash transactions are inefficiently cleared. The properties of Digital cash are: ‐ • Must have a monetary value • It must be backed by cash [currency], bank authorized credit or a bank certified cashier‘s check • Digital cash is based on cryptographic systems called ―Digital Signatures‖ similar to the signatures used by banks on paper cheques to authenticate a customer. • Maintenance of sufficient money in the account is required to back any purchase. • Must be interoperable or exchangeable as payment for other digital cash, paper cash, goods or services, lines of credit, bank notes or obligations, electronic benefit transfers and the like.

3. Electronic Cheques The electronic cheques are modeled on paper checks, except that they are initiated electronically. They use digital signatures for signing and endorsing and require the use of digital certificates to authenticate the payer, the payer‘s bank and bank account. They are delivered either by direct transmission using telephone lines or by public networks such as the Internet. Integration of the banking and the information technology industry has benefitted the consumers in many aspects with respect to time, cost and operational efficiency

PREPAID AND POST PAID PAYMENT SYSTEMS Electronic payment systems are broadly classified in to prepaid and post paid payment systems: A] Prepaid payment systems It provides a service that is paid prior to usage. Here the customer is allowed to spend only up to the amount that have pre‐determined into the account. This type of payment system is highly useful to those customers who would like to control overspending. E.g. Prepaid debit cards or prepaid credit cards. Prepaid payment system is taken by the customer by depositing money with the credit given company. It can be deposited in the savings account or the current account. Once the money is deposited, the card is used as a regular credit card. It is very effective card as it doesn‘t put in to debt. Once the money is exhausted in the account, the credit card cannot be used. There is no interest charges related to this card.

Benefits of the pre‐paid payment system 1. It is accepted at the entire merchant establishment worldwide according to the affiliation of the credit given company. 2. It can be used to withdraw cash from the ATMs

Ashok Mammen V Assistant Professor Page 44

3. Reloadable anytime anywhere 4. It can be used to withdraw cash in any international currency 5. It is usually backed up by personal accident insurance cover 6. Customer has the facility to get online and track spending , check balance, change pin

Post paid Payment System This system is like a credit card used to make incremental purchases through the web site. As purchases are made, the accumulated debt on the post paid credit instrument increase until a credit limit is reached, or until an arrangement has made to settle the debt such as monthly payment. Normally all credit cards are post paid cards. The customer gets the eligibility of spending through the income statement and credit history produced before the credit card company. The customer gets a credit limit and a credit period by which the customer is supposed to pay back the money to the credit card company.

Features of Post paid payment system  Global acceptance – accepted by all the merchant establishments according to the network set by the credit card company.  Balance transfer option – It is possible to transfer outstanding funds from one card to other cards with low interest rates.  Revolver facility – Customer can pay only a small amount of the total outstanding and revolve the rest for the payment o the next month.  Cash advance facility – Customer can withdraw around 30% of the credit limit at any ATM connected to the credit card company  Teledraft – These facilities are available at the door steps of the customer  Other services – Credit card can be used for railway tickets and airline ticket purchase  Convenience – as the customer is not required to carry cash for any purchase  Easy availability – holder can load prepaid credit cards at anytime they need.

E‐Cash or Electronic cash E‐Cash or Electronic Cash is a new concept to execute cash payment using computers connected with network. E‐cash is an electronic medium for making payments. The primary function of e‐cash is to facilitate transactions on the Internet. Many of these transactions may be small in size and would not be cost efficient through other payment medium such as credit cards. Electronic money [also known as e‐currency, e‐money, electronic cash, electronic currency, digital money, digital cash or digital currency] refers to money or scrip which is exchanged only electronically. Typically, this involves the use of computer networks, the internet and digital stored value systems. Electronic Fund Transfer and direct Deposit are all examples of electronic money. E‐cash is a system of purchasing cash credits in relatively small amounts, storing the credits in our computer, and then spending them when making electronic purchases over the Internet. The e‐cash is the creation of electronic money or tokens, usually by a bank, which buyers and sellers trade for goods and services. It consists of a token, which may be authenticated independently of the issuer. This is commonly achieved through the use of self‐authenticating tokens or tamper proof hardware. It includes credit cards, smart cards, debit cards, electronic fund transfer etc. An e‐cash system must have the following properties:‐ • Digital cash must have a monetary value. It must be backed by cash • Digital cash must be exchangeable. • It should be storable and retrievable • It should not be easy to copy or tamper with while it is being exchanged

Ashok Mammen V Assistant Professor Page 45

E‐cash can be used for making or receiving payments between buyer and seller. The bank‘s server computer sends a secure e‐cash packet to the customer effect the network currency server of the bank is issuing a bank note with a serial number for a specified amount. The bank uses its private key to digitally sign such a bank note.

2. Electronic Cheque E‐cheques are a mode of electronic payments. Integration of the banking and the information technology industry has benefitted the customers in many aspects with respect to time, cost and operational efficiency. Cheque is the most widely accepted negotiable instrument to settle transactions in the world. Paper cheques provide consumers an important payments mechanism.

This technology was developed by a consortium of Silicon Valley IT Researchers and merchant bankers and since then has been promoted by many of the financial bodies. E‐cheques work the same way as paper cheques and are a legally binding promise to pay. Electronic cheques are gathered by banks and cleared through existing banking channels, such as automated clearing houses. The advantages of Electronic cheques are :‐ 1. The online merchants could receive payments instantly 2. Similar to traditional cheques and eliminates need for customer education 3. Much faster 4. Less chance for cheque bouncing 5. Cost – effective manner

3. Credit Cards They are the convenient method of making online payment. Credit cards work around the globe regardless of the location of country of the issuing bank. They also handle multiple currencies through a series of clearing houses. The credit card holders can purchase goods and services either offline or online without making immediate payment. Payment to the merchant‘s will be made by the customer‘s Bank. The credit card is a financial instrument which can be used more than once to borrow money or buy products and services on credit. It also contains a validity period and other important particulars. To accept a credit card for payment, we have to open a merchant account with our bank. A merchant account allows sellers to accept and process credit card transactions. In these transactions, the card number and transaction details are processed with no identification of the buyer. To implement the payments over the internet, the web merchant needs some form of secure and encrypted line using the Secure sockets Layer [SSL] that is standard on Netscape and Microsoft browsers. The merchant server needs an encryption key for the purpose.

4. Smart Card A smart card is a plastic card about the size of a credit card, with an embedded microchip that can be loaded with data, used for telephone calling, electronic cash payments, and other applications and then periodically refreshed for additional use. A smart card, chip card, or integrated circuit card [ICC] is any pocket sized card with embedded integrated circuits which can process data. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. Smart card technology conforms to international standards and is available in a variety of form factors, including plastic cards, fobs, subscriber identification modules [SIMs] used in GSM Mobile phones and USB based tokens. These cards can be used to purchase goods and services. Smart cards are very useful to merchants and consumers to settle the transaction between them. Smart card provides a lot of benefits

Ashok Mammen V Assistant Professor Page 46 to consumers. It helps to manage expenditures more effectively, reduce the paper work and ability to access multiple services and the Internet. A multiple application card can support services like health care, travel and financial data access.

The benefits of smart cards for the consumer are the following:‐ a. Security – unauthorized access is prevented by a lock function b. Convenience c. Flexibility d. Control e. International use f. Interest free loan

5. Debit Cards It is a popular method of making payment. Banks issue debit cards to their customers who have maintained an account in the balance with sufficient credit balance. Each time the customer makes a purchase, an equal amount of the purchase is debited in his account. The transaction works much like a credit card transaction. For Eg. A customer gives an ATM card to the seller for the purchase. The merchant read the card through a transaction terminal and the customer enters his personal identification number. Then the terminal route the transaction through the ATM networks back to the customer‘s bank for authorization against customer‘s deposit account. The funds, are approved, are transferred from the customer‘s bank to the sellers bank.

6. Electronic Purse Electronic Purse is a card with a microchip that can be used instead of cash and coins for everything from vending machines to public transportation. The Electronic Purse would consist of micro‐ chip embedded in a credit card, debit card, or stand alone card to store value electronically. The card would replace cash and coins for small ticket purchases such as gasoline stations, pay phones, road/bridge tolls, video games, school cafeterias, fast food restaurants, convenience stores, and cash lanes at supermarkets. Cardholders can ―reload‖ the microchip and control the amount of value stored in the card‘s memory. The Electronic Purse provides cardholders with the security and convenience of carrying less cash and coins, eliminating the need for exact change. Electronic purse is a term applied to a number of formats, each with different applications. At the moment, smart card based systems are used as a direct replacement for money that the user would have in his pocket and software based systems are used for online purchases. The e‐ purse is an electronic / cash less payment option for making small purchases within the campus. To load an electronic purse, the user must be able to operate an ATM or card loading machine. Usually this requires the user to be able to read a visual display, but methods for alleviating this problem have been developed. To use the electronic purse, the user hands the card to the shop assistant who inserts the card in a terminal and keys in the amount of the transaction. This is displayed visually to the customer. Once again, the person must be able to read a display screen. The customer confirms that the amount is correct, and the money is transferred from the card to the terminal. In some systems the customer need to key in their PIN [Personal Identification Number] before the transaction can be completed.

Main security requirements for e-payment 1. Authorization – a payment must always be authorized by the payer – needs payer authentication (physical, PIN, or digital signature) – a payment may also need to be authorized by the bank data confidentiality and authenticity

Ashok Mammen V Assistant Professor Page 47

– transaction data should be authentic – external parties should not have access to data 2. some data need to be hidden even from participants of the transaction – the merchant does not need to know customer account information – the bank doesn‘t need to know what the customer bought availability and reliability 3. payment infrastructure should always be available – centralized systems should be designed with care 4. critical components need replication and higher level of protection atomicity of transactions – all or nothing principle: either the whole transaction is executed successfully or the state of the system doesn‘t change – in practice, transactions can be interrupted (e.g., due to communication failure) – it must be possible to detect and recover from interruptions (e.g., to undo already executed steps) 5. Privacy (anonymity and untraceability) – customers should be able to control how their personal data is used by the other parties – sometimes, the best way to ensure that personal data will not be misused is to hide it • anonymity means that the customer hides her identity from the merchant • untraceability means that not even the bank can keep track of which transactions the customer is engaged in

Basic classification of e-payment systems • Pre-paid, pay-now, or pay-later – Pre-paid: customer pays before the transaction (e.g., she buys electronic tokens, tickets, coins) – pay-now: the customer‘s account is checked and debited at the same time when the transaction takes place – pay-later (credit-based): customer pays after the transaction on-line or off-line

– on-line: a third party (the bank) is involved in the transaction (e.g., it checks solvency of the user, double spending of a coin, …) in real-time – off-line: the bank is not involved in real-time in the transactions

Security issues on Electronic Payment System It is recommended that the clients instruct their banks to make the transfer of large payments directly to the agency‘s bank and not use Internet‐ based payment systems. In common with all other electronic information processing systems, payment systems are prone to disruption by people exploiting the systems innate vulnerabilities. Those considering employing a payments system must decide whether to accept the consequent risks. Data in computers are more liable to destruction, fraud, error and misuse. Since payment information is so valuable its security is all the more important than other kinds of tangible assets in the organizational context. Security refers to the policies, procedures and technical measures and to prevent unauthorized access, alteration, theft or physical damage to information systems. The basic objective of information security is the protection of interests of those involved in online business. All electronic information processing systems are vulnerable to denial of service attacks where the attacker employs any one of a variety of methods to prevent a client using a service a provider offers. Such attacks can have the effect of closing down a business. Some of the attacks were as follows:‐ – Development of a method of obtaining the goods or services without making the appropriate payment

Ashok Mammen V Assistant Professor Page 48

– Compromise of clients‘ financial details credit card number, etc, which may result in the unauthorized transfer of funds and or political embarrassment by their publication. – Illicit modification of the electronic goods offered by the merchant or of the descriptions of the other goods or services on the merchant server

Other methods permitting the unauthorized transfer of funds. Before the introduction of computers, people manage payment systems directly and valuable information of business organisations was kept safely in paper records and files. However, in ecommerce environment, information related to payments is transmitted through computers and as such it can easily be accessible to any number of people including outsiders. Hence, the data in computers are more liable to destruction, fraud, error, and misuse. Since payment information is so valuable its security is all the more important than other kinds of tangible assets in the organisational context. Therefore it is highly essential to protect this valuable information against loss, damage or disclosure. Though only the positive change brought about by the e-payment systems is highlighted, we cannot ignore the disadvantages of electronic payment systems. One must be aware of the privacy and security concerns raised by electronic payment systems.

Security refers to the policies, procedures and technical measures and to prevent authorized access, alteration, theft or physical damage to information systems.

Information Security: The basic objective of information security is the protection of interest of those involved in online business. Thus the main objectives of information security can be stated as follows.

i. availability Objective - Information should be available and usable whenever it is required. ii. Confidentiality Objective - This objective states that information should be available to only those who have the right to access it. iii. Integrity Objectives - As per this objective, information should be protected from unthorised alteration and modification and misuse.

Solutions to security issues: There are numerous threats that appear on the Internet or are spread through the Internet. Such threats include viruses, worms, Trojans, hackers, Denial of Service, sniffers and information theft. There are also internal threats from staff and backdoors. The software technologies that can be used to face such threats include the following.

The solution for meeting each of the goals above includes two essential components: 1. Digital certificates for Web servers, to provide authentication, privacy and data integrity through encryption. 2. A secure online payment management system, to allow e-commerce Web sited to securely and automatically accept, process, and manage payments online. Along with these, a business firm can make use of technologies to build up a trusty infrastructure to take full advantage of this Internet. A brief discussion on various methods generally used for managing the security issues given below.

1. Anti-Virus Programs The first and most critical element of e-payment security system is antivirus software. If organisation does not have up-to-date antivirus software they are asking for trouble. It is reported that 300 new viruses

Ashok Mammen V Assistant Professor Page 49 appear each month and if we are not constantly protecting our system against this threat our computer will become infected with at least one virus. Antivirus software scans computers of signatures of a virus. A virus signature is the unique part of that virus. It can be a file name, how the virus behaves or the size of the virus file itself. Good antivirus software will find viruses that have not yet infected your PC and eliminate the ones that have.

Antivirus software can only protect our computer form virus trying to infect it via e-mail, CDRom, floppy disk, Word documents or other types of computer files. Antivirus software alone will not keep our computer cent percent safe. It is also necessary to use other methods like firewall software. As the organization‘s computer accesses the Internet then an anti-virus scanner should be installed. There are different types of antivirus software now in use. It should be configured to perform analysis and be able to scan zipped files as well as other types of files. Anti-virus programms can be used on the server level itself. Such programs can scan the files that the server receives and looks for patterns that match known malicious software. The anti-virus scanners are set to update them automatically. If any notification is received through such thing as radio or TV or the Internet, that there is a major problem with a virus or worm, then the anti-virus software can be updated manually at that time.

2. Firewalls A Network Firewall is basically a secure gate between our organizations data and the Internet. The firewall is a combination of hardware and software. The firewall then filters traffic based on our requirements. Firewall security is designed to detect and resists unwanted attempts to penetrate our server security. All data traffic in bound to our server solution flows to the firewall. There, data packets are inspected and evaluated against a security policy that we define. All data packets are compared to our security policy before being forwarded or rejected by the firewall. There are certain benefits that result for the server such as the protection of vulnerable services and restricted access to any vulnerable machines. The firewall server is to act as a gateway. It hides the existence of any of the internal machines from any hackers on the Internet. All access to the Internet will to through it and this means the Internet traffic will be able to watched closely, so any misuse could be noticed quickly.

3. Secure Socket Layer (SSL) SSL allows traffic to be scrambled (or encrypted). The standard SSL developed by Netscape provides a high level of protection. The US government views encryption technology as munitions, so the only version of SSL available worldwide is the relatively weak 40-bit version. However, this version can protect against any casual attempt to decpher card details, as it take over an hour to crack one message. Browsers that support this feature a dialogue ox, a padlock in the bottom task bar, or a blue key (like Netscape Navigator) to indicate that a secure session is in progress.

4. Secure Electronic Transaction (SET) SET encrypts payment card transaction data and verifies that both parties in the transaction are genuine. SET, originally developed by Mastercard and Visa in collaboration with leading technology providers, has a large corporate backing and is perceived to be more secure as a result of its validation from card companies.

5. Public Key Software Infrastructure (PKI) PKI is similar to a bank‘s night safe in that may public keys can be used to deposit items into the safe, but only one private key, belonging to the bank can make withdrawals.

Ashok Mammen V Assistant Professor Page 50

6. Other Measures For secure online transactions, the site that hosts the account should follow strict security policies. If the passwords are susceptible to being hacked, it results in a serious financial loss. Banks or financial institutes, which maintain customer‘s personal information, cannot afford to expose it to hackers. There is a potential risk of our personal and account details being stolen. One of the most severe disadvantages of electronic payment systems is that of identify theft. The available security measures can prevent the sensitive information from being exposed. But it is important to use virus protection or firewalls for our computer. It is important to carry out money transactions over a secure server. There is a great risk involves in the theft or the loss of the smart cards. In case the cards fall in unsafe hands, there is a danger of the expenditure of our entire bank balance. There are measures to inform the concerned authorities about the loss of the card. But, the time between losing the card and informing the authorities is critical. Unauthorized users may carry transactions in our name during this period of time. Mostly, electronic cash is based on cryptographic systems. The transactions are encoded by means of numeric keys while the transaction details travel across the net. Though, electronic payments are resistant to forgery, these keys are vulnerable to attack.

BIOMETRICS Biometrics comprises methods for uniquely recognizing human based upon one or more intrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. Biometrics characteristics can be divided into two main classes:‐  Physiological are related to the shape of the Body. E.g. Fingerprint, face recognition, DNA, hand and palm geometry, iris recognition  Behavioral are related to the behavior of a person. E.g. typing rhythm, gait, and voice. Biometrics is the science and technology of measuring and analyzing biological data. Biometrics is automated methods of recognizing a person based on a physiological or behavioral characteristic. To verify an individual‘s identity, biometric devices scan certain characteristics and compare them with a stored entry in a computer database. In Information Technology biometrics refers to technologies for measuring and analyzing human physical and behavioral characteristics for authentication purposes. The simplicity that biometrics lends to secure verification of an individual provides greater opportunities for e‐businesses to offer more products and services online.

A biometric system can operate in the following two modes:‐ 1. Verification – A one to one comparison of a captured biometric with a stored template to verify that the individual is who he claims to be. Can be done in conjunction with a smart card, username or ID number

Identification – A one too many comparison of the captured biometric against a biometric database in attempt to identify an unknown individual. The identification only succeeds in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Types of Biometrics There are two types of biometrics: behavioral and physical. Behavioral biometrics are generally used for verification while physical biometrics can be used for either identification or verification. The different types of biometrics under these includes:‐

1. Signature

Ashok Mammen V Assistant Professor Page 51

Computers can quantify, analyse and compare the different properties of signature to make signature recognition a viable biometric technology. Being based on things that are not visible [pen pressure and velocity], signature based biometric technology offers a distinct advantage over regular signature verification. A Signature based biometric system could mimic our current legally customary acceptance of a signature to simultaneously convey both identity and authority.

2. Keystroke Dynamics The rhythms with which one types at a keyboard are sufficiently distinctive to form the basis of the biometric technology known as keystroke dynamics. Key stroke dynamics unlike other biometric technologies is 100% software based, and it just requires a home computer to operate it.

3. Hand geometry This system requires the subject to place his right hand on a plate where it is photographically captured and measured. Made of 27 bones and a complex web of interconnected joints, muscles, and tendons, the human hand presents a sufficiently peculiar conformation of anatomical features to enable authentication. Airports, prisons, and factories have successfully employed hand geometry system

4. Finger Print It is a forensic criminological technique, used to identify perpetrators by the fingerprints they leave behind them at crime scenes. In modern biometrics, the features of fingerprint called fingerprint minutiae, can be captured, analyzed, and compared electronically, with correlations drawn between a live sample and a reference sample, as with other biometric technologies.

5. Facial Recognition With good cameras and good lighting, a facial recognition system can sample faces from tremendous distances without the subject‘s knowledge or consent. It works by two methods; facial geometry or eigen face comparison. Facial geometry analysis works by taking a known reference point, say, and distance from eye to eye, and measuring the various features of the face in their distance and angles from this reference point. Eigen face comparison uses a palette of about 150 facial abstractions, and compares the captured face with these abstract faces.

6. Eye biometrics [Iris/ Retina] Both the iris and the veins of the retina provide patterns that can uniquely identify an individual. The pattern of lines and colors on the eye are, as with other biometrics, analyzed, digitized, and compared against a reference sample for verification.

7. Voice Verification The identity of a person can also be verified with his voice. It is a difficult problem for computers to identify the voice of a person. The prospect of accurate voice verification offers one great advantage. It would allow a remote identification using the phone system without any additional cost.

===== Additional notes https://www.webhelp.com/en-in/news-insights/blog/b2c-b2b-payment-four-differences/

Ashok Mammen V Assistant Professor Page 52

B2C and B2B payments are different. But what are these differences in terms of e-commerce, and how can we be sure that B2B payment becomes a positive component of customer experience and loyalty? The 4 major differences to be taken into account if this is to be achieved are explained below.

Average basket

One of the main differences between B2C and B2B payment is the value of the average basket. In fact, in B2C transactions, the average basket value is quite low. It can range from a few euros to a few hundred euros, but practically never reaches a substantial sum.

On the other hand, in B2B transactions, the value of this average basket can be far higher, ranging from several hundreds of euros to several thousands or even several tens of thousands of euros! And this sum can even be much higher in some cases.

This difference in average basket value leads to other particularities. Paying a few hundred euros instantly is simple, but when we are talking in tens of thousands of euros, the operation is immediately more complex. This leads to other differences, such as differences in methods and terms of payment.

Payment Methods

In B2C e-commerce, payment methods are mainly ―electronic‖ (bank card, paypal) and synchronous (in real time).

A digital purchase path with card payment consists of a real-time authorisation request, which ensures that the money is available on the buyer‘s account. It is quickly debited. The money is therefore transferred almost immediately from the buyer‘s to the vendor‘s account, which is why it is called a synchronous payment method.

However, in B2B transactions, purchases are larger and the buyer cannot always afford to pay instantly. That is why asynchronous payment methods are widely used. They include, for example, bank transfers, direct debits or even cheques that do not involve a real-time authorisation request, which therefore means that processes must be adapted.

As such payments are widely used in offline B2B transactions, they must be transposed online and made available on sales platforms to offer a consistent experience, which is a necessary condition for the successful development of online sales.

Fragmentation of the customer base and recurrence of purchases

In B2B, the customer base is far less fragmented than in B2C. However, one of the purposes of e-commerce is to reach customers who were previously inaccessible and to expand one‘s catchment area. This, of course, fragments the customer base a little more than with offline transactions.

On the other hand, unlike B2C, since customers are buying to keep their company running, professional buyers make far more frequent purchases than individuals, up to several times a week as opposed to two to three times a year for many B2C players. Consequently, although

Ashok Mammen V Assistant Professor Page 53

B2B may talk of customers in process, the logic is not only transaction monitoring, but also broader customer account management.

Payment Terms

Offline, in B2B, very often payment terms such as 30 days from the end of the month are proposed. Players are therefore used to this system and are not prepared to pay for all their orders in advance.

Consequently, a B2B e-commerce site based solely on prepayment is not viable. Prepayment can be important and used in certain situations, such as in the case of low-value baskets or for a first purchase, when the buyer is not yet known. However, if a company wants to turn its site into a high-performance sales development tool and a transactional tool and not just an online showroom, it must be able to offer its customers the same experience online as offline by offering them appropriate payment terms.

Lastly, the same payment differences between B2B and B2C are found both online and offline. Digital channels will therefore also have to offer these differences if they are to provide a consistent customer experience. This is especially important for marketplaces. When vendors are recruited, they often ask how the operator intends to charge customers. If the operator does not offer payment methods and terms appropriate to B2B, vendors will remain doubtful about the success of the marketplace and it will therefore be more complicated to recruit them.

======https://www.currencypay.com/blog/b2c-vs-b2b-payments/

B2B vs. B2C Payments: Order Quantity and Frequency

The quantity of items ordered as well as the frequency of making orders is another significant difference when it comes to B2C vs. B2B buying behavior. In B2B transactions, the quantity of goods ordered is typically larger than it is for a B2C purchase.

One reason that B2B might beat out B2C commerce when it comes to the average quantity of goods and services purchased is that a business is buying items and services to be used by their entire company. The average size of a company is likely to be much larger than the average size of a household (3.14 persons), so businesses will need to purchase items in larger quantities when they are buying items for their business.

In addition, businesses typically place orders more frequently compared to households. This may be because some of the businesses involved in B2B commerce will need supplies/resources repeatedly, so it is not out of the ordinary for businesses to purchase the same goods and services from another business supplier frequently.

B2B vs. B2C Payments: Terms of Purchase

B2B and B2C payments differ when it comes to the terms of the purchase. In the business to consumer model, consumers pay for their goods or services either at the initial point of sale, or in some cases, before they receive the good or service. Ashok Mammen V Assistant Professor Page 54

When it comes to B2B transactions, payments are not made in advance, and invoices are typically required. Once the business receives the good or service that they ordered (once the payment terms of the order are fulfilled), then the business will settle the invoice with the supplier.

B2B vs. B2C payments: The Decision-Making Process

And lastly, there is a difference between the B2B and B2C decision-making process. In B2C commerce, a consumer is typically buying items for themselves or their household, therefore, there are only a few steps or people involved. The decision-making process is thus relatively simple.

On the other hand, when it comes to B2B purchases, the decision-making process is usually much longer and involves several different people and opinions. Decisions regarding whether a business needs a good or service or what vendor to choose will sometimes need to pass through several departments within a company before they are approved or denied. Each party might have different criteria when evaluating the product or vendor, and so B2B businesses must be able to answer all of their questions in order to be considered.

=== https://www.bankbazaar.com/ifsc/digital-payment.html

What is a Digital Payment

To put it in simple words, a digital payment occurs when goods or services are purchased through the use of various electronic mediums. There is no use of cash or cheques in this type of payment method.

What is a Cashless Economy

In a cashless economy, all transactions are carried out using different types of payment methods and this does not involve the physical use of money for the purchase of various goods and services.

10 Types of Digital Payment Methods in India

1. Banking cards 2. USSD 3. Aadhaar Enabled Payment System (AEPS) 4. UPI 5. Mobile Wallets 6. Bank pre-paid cards 7. Point of Sale (PoS) 8. Internet Banking 9. Mobile Banking

Ashok Mammen V Assistant Professor Page 55

10. Bharat Interface for Money (BHIM) app

Banking cards: Cards are among the most widely used payment methods and come with various features and benefits such as security of payments, convenience, etc. The main advantage of debit/credit or prepaid banking cards is that they can be used to make other types of digital payments. For example, customers can store card information in digital payment apps or mobile wallets to make a cashless payment. Some of the most reputed and well-known card payment systems are Visa, Rupay and MasterCard, among others. Banking cards can be used for online purchases, in digital payment apps, PoS machines, online transactions, etc.

USSD: Another type of digital payment method, *99#, can be used to carry out mobile transactions without downloading any app. These types of payments can also be made with no mobile data facility. This facility is backed by the USSD along with the National Payments Corporation of India (NPCI). The main aim of this type of digital payment service is to create an environment of inclusion among the underserved sections of society and integrate them into mainstream banking. This service can be used to initiate fund transfers, get a look at bank statements and make balance queries. Another advantage of this type of payment system is that it is also available in Hindi.

How to Use *99#?

This service can be used by dialling *99#, after which the customer can interact with an interactive voice menu through their mobile screen.

To use the service the mobile number of the customer should be the same as the one linked to the bank account

The next step is to register for USSD, MMID (Mobile Number Identifier) and MPIN

3. AEPS: Expanded as Aadhaar Enabled Payment System, AEPS, can be used for all banking transactions such as balance enquiry, cash withdrawal, cash deposit, payment transactions, Aadhaar to Aadhaar fund transfers, etc. All transactions are carried out through a banking correspondent based on Aadhaar verification. There is no need to physically visit a branch, provide debit or credit cards, or even make a signature on a document. This service can only be availed if your Aadhaar number is registered with the bank where you hold an account. This is another initiative taken by the NPCI to promote digital payments in the country.

How to use AEPS?

It is very simple to use AEPs, all you need to do is to provide the accurate Aadhaar number and the payment will be successfully made to the concerned merchant

4. UPI: UPI is a type of interoperable payment system through which any customer holding any bank account can send and receive money through a UPI-based app. The service allows a user to

Ashok Mammen V Assistant Professor Page 56

link more than one bank account on a UPI app on their smartphone to seamlessly initiate fund transfers and make collect requests on a 24/7 basis and on all 365 days a year. The main advantage of UPI is that it enables users to transfer money without a bank account or IFSC code. All you need is a Virtual Payment Address (VPA). There are many UPI apps in the market and it is available on both Android and iOS platforms. To use the service one should have a valid bank account and a registered mobile number, which is linked to the same bank account. There are no transaction charges for using UPI. Through this, a customer can send and receive money and make balance enquiries.

How to use UPI?

 Download the app on Android or iOS platform  Register for the service by providing bank account details  Create a VPA, get an MPIN

5. Mobile Wallets: A mobile wallet is a type of virtual wallet service that can be used by downloading an app. The digital or mobile walletstores bank account or debit/credit card information or bank account information in an encoded format to allow secure payments. One can also add money to a mobile wallet and use the same to make payments and purchase goods and services. This eliminated the need to use credit/debit cards or remember the CVV or 4-digit pin. Many banks in the country have launched e-wallet services and apart from banks, there are also many private players. Some of the mobile wallet apps in the market are Paytm, Mobikwik, Freecharge, etc. The various services offered by mobile wallets include sending and receiving money, making payments to merchants, online purchases, etc. Some mobile wallets may charge a certain transaction fee for the services offered. How to use a mobile wallet?

 Download the app  Register for the service by following instructions and providing all details  Load money

6. Bank pre-paid cards: A prepaid card is a type of payment instrument on to which you load money to make purchases. The type of card may not be linked to the bank account of the customer. However, a debit card issued by the bank is linked with the bank account of the customer. How to Use a Prepaid Card?

 Apply for the card  Get pin  Load money from your bank account/debit card

7. PoS terminals: Traditionally, PoS terminals referred to those that were installed at all stores where purchases were made by customers using credit/debit cards. It is usually a hand held device that reads banking cards. However, with digitization the scope of PoS is expanding and this service is also available on mobile platforms and through internet browsers. There are different types of PoS terminals such as Physical PoS, Mobile PoS and Virtual PoS. Physical

Ashok Mammen V Assistant Professor Page 57

PoS terminals are the ones that are kept at shops and stores. On the other hand, mobile PoS terminals work through a tablet or smartphone. This is advantageous for small time business owners as they do not have to invest in expensive electronic registers. Virtual PoS systems use web-based applications to process payments. 8. Internet Banking: Internet banking refers to the process of carrying out banking transactions online. These may include many services such as transferring funds, opening a new fixed or recurring deposit, closing an account, etc. Internet banking is also referred to as e-banking or virtual banking. Internet banking is usually used to make online fund transfers via NEFT, RTGS or IMPS. Banks offer customers all types of banking services through their website and a customer can log into his/her account by using a username and password. Unlike visiting a physical bank, there are to time restrictions for internet banking services and they can be availed at any time and on all 365 days in a year. There is a wide scope for internet banking services.

9. Mobile Banking: Mobile banking is referred to the process of carrying out financial transactions/banking transactions through a smartphone. The scope of mobile banking is only expanding with the introduction of many mobile wallets, digital payment apps and other services like the UPI. Many banks have their own apps and customers can download the same to carry out banking transactions at the click of a button. Mobile banking is a wide term used for the extensive range or umbrella of services that can be availed under this. 10. Bharat Interface for Money (BHIM) app: The BHIM app allows users to make payments using the UPI application. This also works in collaboration with UPI and transactions can be carried out using a VPA. One can link his/her bank account with the BHIM interface easily. It is also possible to link multiple bank accounts. The BHIM app can be used by anyone who has a mobile number, debit card and a valid bank account. Money can be sent to different bank accounts, virtual addresses or to an Aadhaar number. There are also many banks that have collaborated with the NPCI and BHIM to allow customers to use this interface. How to Use BHIM App?

 Download and install the BHIM app  Choose a language  Register for the service by providing mobile number linked to bank account  Add bank-related information and set up a UPI PIN by following the given instructions Benefits of Digital Payments

 Faster, easier, more convenient: Perhaps, one of the biggest advantages of cashless payments is that it speeds up the payment process and there is no need to fill in lengthy information. There is no need to stand in a line to withdraw money from an ATM or carry cards in the wallet. Also, with the move to digital, banking services will be available to customers on a 24/7 basis and on all days of a year, including bank holidays. Many services like digital wallets, UPI, etc, work on this basis.  Economical and less transaction fee: There are many payment apps and mobile wallets that do not charge any kind of service fee or processing fee for the service provided. The UPI interface is one such example, where services can be utilized by the customer free of cost. Various digital payments systems are bringing down costs.  Waivers, discounts and cashbacks: There are many rewards and discounts offered to customers using digital payment apps and mobile wallets. There are attractive cash back offers

Ashok Mammen V Assistant Professor Page 58

given by many digital payment banks. This comes as boon to customers and also acts a motivational factor to go cashless.  Digital record of transactions: One of the other benefits of going digital is that all transaction records can be maintained. Customers can track each and every transaction that is made, no matter how small the transaction amount this.  One stop solution for paying bills: Many digital wallets and payment apps have become a convenient platform for paying utility bills. Be it mobile phone bills, internet or electricity bills, all such utility bills can be paid through a single app without any hassle.  Helps keep black money under control: Digital transactions will help the government keep a track of things and it will help eliminate the circulation of black money and counterfeit notes in the long run. Apart from this, this may also give a boost to the economy as the cost of minting currency also goes down. Digital payments are slowly gaining popularity in India and there are many apps that are being launched in this sector. It has become a hassle-free and secure way to make payments.

FAQ's of Digital Payment

1. How are digital payments better than cash? Ans: Digital payments are much easier and safer than cash payments. They are much more convenient than cash payments as well. Since they are digital, you do not have to carry cash as well. 2. What are the different security requirements of digital payments? Ans: The different security requirements of digital payments are mentioned below:

 Confidentiality  Integrity  Authentication  Availability  Authorization  Non-repudiation 3. What are the objectives of digital transactions? Ans: The main objectives of digital transactions are to reduce the costs and risks of handling cash and to increase the ease of conducting transactions. 4. How do digital payments work? Ans: Payments that are done over mobile channels and the internet are digital payments. Digital payments can also be defined as any payments that are done online via the internet or mobile-enabled services. 5. How are digital payments important? Ans: Since digital payments reduce the costs of providing poor people with financial services, they have become a vital tool in improving financial inclusion. The convenience and safety of using insurance, payments, and savings products also increase by using digital payments.

Ashok Mammen V Assistant Professor Page 59

UNIT 4 : E-BUSINESS MARKETING TECHNOLOGIES 10 Hrs

E-Commerce and marketing B to B and B to C marketing and branding strategies. Web transaction logs, cookies, shopping cart database, DBMS, SQL, data mining, CRM (customer relationship Management) system – permission marketing, affiliate marketing, viral marketing.

======

E-Commerce and marketing B to B and B to C marketing and branding strategies

Introduction

1. What is Industrial (Business) marketing. How is it different from consumer marketing?

Industrial (Business) marketing is the marketing of products / Services to business firms. In contrast consumer marketing is marketing products / services to individuals & households. B2B marketing may also be referred to as Industrial marketing, Business marketing or Organizational marketing and they mean one and the same.

The markets for both differ significantly and so does the marketing strategies. The differentiation is relative to each other.

AREAS / INDUSTRIAL MARKETS CONSUMER MARKETS CHARCTERISTI CS Market ‐ Geographically concentrated. ‐ Geographically disbursed. ‐ Fewer Buyers ‐ Large no. of Buyers (Mass Markets) Products ‐ Technically complex ‐ Non – Technical, ‐ Customized ‐ Standardized Service ‐ Very Important ‐ Somewhat important Buyer Behavior ‐ Various Functional specialists ‐ Family members involved involved ‐ Physiological / Psychological ‐ Mainly Rational buying Social need based buying decisions. decisions ‐ Interpersonal relationship ‐ Non – Personal Relationship. between buyers and sellers. Channel ‐ More direct ‐ Indirect ‐ Multi Channel ‐ Few Channels with many layers Promotional ‐ Importance to personal selling ‐ Importance to Advertising. Pricing ‐ Competitive bidding / ‐ MRP Negotiated prices

Ashok Mammen V Assistant Professor Page 60

Also, Industrial demand is derived from (or depends on) demand for consumer goods / services. Example - Steel is demanded for production of consumer durable products like Cars & Refrigerators, which are demanded by household consumers. Hence, demand for steel is derived from forecast of consumer demand for Cars, Refrigerators, Washing Machines, Etc.

MARKETING STRATEGIES AND E‐COMMERCE

The web - is the collection of distributed documents referred to as pages located on computers or servers all over the world. Server stores hypertext mark-up language (HTML) files and respond to requests. Users can access documents through the use of a browser.

A website is very essential to conduct e‐commerce. The important reason for having and operating a website are to have a Global Presence, used as an Information Reference, to maintain a Professional Image, have Website presence & used as online Reference, for E-Commerce, for Customer Contact and Feedback. The website should be able to attract customers from all over the world. A website is similar to a storefront. In e‐commerce context, it can be called as virtual storefront where cyber customers visit. A website contains text, banners, graphics, audio and video.

Web pages are accessed and transported with the hypertext Transfer Protocol [HTTP], which employ encryption [HTTP Secure, HTTPS] to provide security and privacy for the user of the web page content. All publicly accessible websites collectively constitute the World Wide Web. The pages of a website can be accessed from a simple Uniform Resource Locater called the homepage. Some website requires a subscription to access some or all of their content. Eg. Academic journal sites, gaming sites social networking sites, etc.

Components of a Website

The important components of a website are as follows:‐

1. Home page - This is the first page of a web site. The use reaches this page when they specify the address of a web site. It contains links and these links help the user to navigate the different parts of a site. It shows the name of the company and other important details. 2. Domain name – is the name of the company on the web site. Web sites should be hosted by professional web hosting agencies to ensure security and reliability.

3. Professional Logo - A professional looking logo is an integral part of a web site. It enables our visitors to recognize brand.

4. Theme based content - A web site should focus on a specific subject and provide a variety of information that relates to the subject.

Ashok Mammen V Assistant Professor Page 61

5. E‐mail capture - A web site should be able to capture email address of potential customers.

6. Privacy policy - We can state our ―Privacy policy‖ on the webpage for our visitors to know exactly how we will be using the information collected from them. Such a page should contain warning to visitors regarding security and privacy of information they provide.

7. Testimonials - To increase credibility, it is better to include customers‘ testimonials.

8. Money back guarantee - Providing the customers with a solid, no risk, money back guarantee will increase credibility so that it completely removes our potential customer‘s risk. This will put their mind at ease by building their confidence with our company and products.

9. Feed back - Potential customers will have many questions about our products and services. It is better to use a feedback form for this purpose.

10. Copy rights - It is always good to display the copyright information at the bottom of each page.

11. Link - A link is a connector that makes it possible to go to another web page on the site or the Internet or to go back to the home page. A link has a specific title and directions for use.

12. Banner - A banner is a graphic display on a web page usually used for advertising. The banner is usually linked to the advertiser‘s web page.

To summarise, the webpage should have product information, should be easy to navigate, should provide visuals and demo videos, should have live chats and enquiry form that allow customers to interact, should offer filter options so that the customer can filter the product by specification, price and payment option, and should be transparent with their security and privacy policies. It is common for companies to link their webpage to their social media pages created in facebook, instagram and twitter. Sites share industry related news and announcements. Companies also create micro sites for customers to share their experiences. Comments, Reviews by users are welcomed by companies.

Further, in the era of mobile technology the mobile platform is a powerful tool to market.

Process of setting up website for e-commerce

The content of the site is of prime importance. The main objective of building a site should be the following.

‐ Speed up the interactive process. ‐ Reduce the human intervention to the minimum level. ‐ To save time. ‐ Make the buying and selling cheap.

Process of setting up website for e-commerce involves the following steps.

Ashok Mammen V Assistant Professor Page 62

1. Planning the site - It is the blue print for designing form, function, navigation an interface. Planning is covers the determination of the goals of designing the web site for e-commerce.

2. Define the Audience and Competition - It is important to understand and keep in mind the type of customers who may visit our site. Organisation must also think about their competitors while designing the site.

3. Consultation - The process of developing an appropriate website can be handed over to a professional web designing firm. While the look and feel of the webpage should be good, the site should also be robust to support enquiry, online payments, and online technical supports. Thus an ecommerce site requires that a professional team of software people create the site and the website is hosted by reliable service providers. 4. Planning and Review of Existing Advertising – A review of the existing forms of advertising and the methods currently used to promote products, services, or information is needed. In an effort to make the website dynamic, it is needed to evaluate the content of web site: product and price lists, newsletters, manuals, articles, forms, policies, charts, and company or organization information. 5. Development of the Web site - Based on the scope document, designer can now proceed to the actual design and construction of the website. Due importance should be given to the contents of the site. For example, the home page should contain basic information about the company, its departments, its privacy policy and name of officers. Information that can be included in the home page of a website are i. Company Logo ii. A catalogue of products with pictures. iii. A brief description about the company iv. A page of testimonials from loyal customers. v. A form for placing an online order. Appropriate use of HTML Meta tags and effectively presented text, will help our website get high listings in the search engines. This is critical to getting traffic to our web site, and can make the difference between success and failure.

6. Upload and Test - The last step is to upload the initial version of the website to the Internet Service Provider (ISP). The site should be thoroughly tested in order to validate all hyperlinks and e-mail addresses, to make sure that all forms, buttons, Java scripts etc. work properly, and to test browser compatibility, screen width, and colours. At this point we can review our website and request any changes that would like to be made in the site.

E- BRANDING:

Branding, by definition, is a marketing practice in which a company creates a name, symbol or design that is easily identifiable as belonging to the company. This helps to identify a product and distinguish it from other products and services. It is a way of distinguishing yourself from the competitors and clarifying what it is you offer that makes you the better choice.

Ashok Mammen V Assistant Professor Page 63

E- Branding is an important marketing strategy for creating new markets and securing repeated customers. It is the creation and development of communication strategies specifically for brands to have meaning and context to the WEB.

Importance of E-Branding: 1. It supports advertising initiatives 2. It helps to build reputation 3. It creates Familiarity and Loyalty 4. It help to build successful marketing Strategy 5. It help to expand customer relationship 6. It plays a major role in Lead generation

Branding generates referral business. Strong branding generally means there is a positive impression of the company amongst consumers, and they are likely to do business with you because of the familiarity and assumed dependability of using a name they can trust. Also, it can boost the employee pride and satisfaction. One of the major purposes of branding is that it creates trust within the marketplace and thereby strong goodwill. Customers try to associate with the brands and remain loyal to their preferred brand. Company are also able to decrease price sensitivity by using brand names.

WEB TRANSACTION LOGS What are web transaction logs, and how do they work in combination with registration forms, shopping cart databases, and tracking files to help firms understand how customers behave online?

Answer: Transaction logs, which are built into web server software, record user activity at a website. Log file analysis tools gather information from these files, which can contain tens to hundreds of entries for each user. Transaction log data becomes more useful when it is combined with registration form data and shopping cart data. Registration forms and shopping cart database are two other visitor-generated data trails. Merchants use registration forms to gather personal data such as the name, address, phone number, zip code, e-mail address, and other optional information on the tastes and interests of the consumer. The shopping cart database captures all the item selection, purchase, and payment data. The data from transaction logs, registration forms, and the shopping cart database can also be combined with other information that users submit on product forms, contribute in chat rooms, or submit via e-mail messages to a firm to produce a real treasure trove of information for both individual merchant sites and for the industry as a whole. Although the transaction log represents the foundation of online data collection, it is supplemented using cookies that are placed on a user's hard drive when he or she visits a site. Cookies allow a website to store data on a user's machine that can be retrieved later. Cookies provide marketers with a very quick means to identify each customer and to understand his or her prior behavior at the site. Cookies can be used to determine how many people are visiting a site, how many are repeat visitors, and how often they have visited. They also make

Ashok Mammen V Assistant Professor Page 64 shopping cart and quick checkout possible by allowing a site to keep track of a user as he or she adds to the shopping cart. Cookies can be combined with web bugs to create cross-site profiles. Web beacons (sometimes called web bugs) are graphic files that are embedded in e-mails and on websites. When a user opens an HTML format e-mail with an embedded web beacon, a request is sent to the server for the graphic data. Web beacons are used to automatically transmit information about the user and the page being viewed to a monitoring server in order to collect personal browsing behavior and other personal information.

For additional reading on Web Transaction Logs https://faculty.ist.psu.edu/jjansen/academic/pubs/jansen_tla_02.pdf

For Web searching, a transaction log is an electronic record of interactions that have occurred during a searching episode between a Web search engine and users searching for information on that Web search engine.

How are these interactions collected? Web servers record and store the interactions between searchers (i.e., actual browsers on a particular computer) and search engines in a log file (i.e., the transaction log) on the server using a software application. Thus, most transaction logs are server-side recordings of interactions. Major Web search engines execute millions of these interactions per day. The server software application can record various types of data and interactions depending on the file format that the server software supports. Typical transaction log formats are access log, referrer log, or extended log. However, transaction logs for Web searching are a special type of transaction log file. This searching log format has most in common with the extended file format, which contains data such as the client computer‘s Internet Protocol (IP) address, user query, search engine access time, and referrer site, among other fields.

Why is data collected? Once the server collects and records the data in a file, the data is analysed to obtain beneficial information. The process of conducting this examination is referred to as transaction log analysis (TLA). TLA can focus on many interaction issues but it typically addresses either issues of system performance, information structure, or measurements of user interactions. TLA is defined as the use of data collected in a transaction log to investigate particular research questions concerning interactions among Web users, the Web search engine, or the Web content during searching episodes. Using TLA as a methodology, one examines the characteristics of searching episodes in order to isolate trends and identify typical interactions between searchers and the system. Interaction has several meanings in information searching, addressing a variety of transactions including query submission, query modification, results list viewing, and use of

Ashok Mammen V Assistant Professor Page 65 information objects. A searching episode is a series of searching interactions within a given temporal span. The format of each searching interaction is:  User Identification: the IP address of the client‘s computer. This is sometimes also an anonymous user code address assigned by the search engine server.  Date: the date of the interaction as recorded by the search engine server.  The Time: the time of the interaction as recorded by the search engine server.  Search URL: the query terms as entered by the user. Web search engine server software normally always records these fields. Other common field include Results Page (a code representing a set of result abstracts and URLs returned by the search engine in response to a query), Language (the user preferred language of the retrieved Web pages), Source (the federated content collection searched), and Page Viewed (the URL that the searcher visited after entering the query and viewing the results page, which is also known as click-thru or click-thorough).

Parsing the Data - (Parsing means to resolve a sentence/ data into its component parts and describe their syntactic roles). Using the three fields of The Time, User Identification, and Search URL, common to all Web transaction logs, the chronological series of actions in a searching episode is recreated. The Web query transaction logs usually contain searches from both human users and agents. Depending on the research question, one may be interested in only human, common user terminals, or agent interactions. For the example in this manuscript, the interest is in only human searching episodes. From the Web transaction log, a sub-set of interactions must be selected that are deemed likely to have been submitted by humans.

Normalizing Searching Episodes - When a searcher submits a query, then views a document, and returns to the search engine, the Web server typically logs this second visit with the identical user identification and query, but with a new time (i.e., the time of the second visit).

The three common levels of analysis for examining transaction logs are term, query, and session.

Term Level Analysis The term level of analysis naturally uses the term as the basis for analysis. A term is a string of characters separated by some delimiter such as a space or some other separator. At this level of analysis, one focuses on measures such as term occurrence, which is the frequency that a particular term occurs in the transaction log. ‗Total terms’ is the number of terms in the dataset. Unique terms are the terms that occur in the data regardless of the number of times they occur. High Usage Terms are those terms that occur most frequently in the dataset. Term co-occurrence measures the occurrence of term pairs within queries in the entire transaction log. One can also calculate degrees of association of term pairs using various statistical measures Query Level Analysis

Ashok Mammen V Assistant Professor Page 66

The query level of analysis uses the query as the base metric. A query is defined as a string list of zero or more terms submitted to a search engine. The first query by a particular searcher is as an initial query. A subsequent query by the same searcher that is different than any of the searcher‘s other queries is a modified query. There can be several occurrences of different modified queries by a particular searcher. A subsequent query by the same searcher that is identical to one or more of the searcher‘s previous queries is an identical query.

A results page is the list of results, either sponsored or organic (i.e., non-sponsored), returned by a Web search engine in response to a query. Using either identical queries or some results page field, one can analyze the result page viewing patterns of Web searchers. One can examine other measures at the query level of analysis. A unique query refers to a query that is different from all other queries in the transaction log, regardless of the searcher. A repeat query is a query that appears more than once within the dataset by two or more searchers. Query complexity examines the query syntax, including the use of advanced searching techniques such as Boolean and other query operators. Failure rate is a measure of the deviation from the published rules of the search engine. The use of query syntax that the particular IR system does not support, but may be common on other IR systems, is carry over.

Session Level Analysis At the session level of analysis, one primarily examines the within-session interactions. However, if the transaction log spanned more than one day or assigns some temporal limit to interactions from a particular user, one could examine between-sessions interactions. A session interaction is any specific exchange between the searcher and the system (i.e., submitting a query, clicking a hyperlink, etc.). A searching episode is defined as a series of interactions within a limited duration to address one or more information needs. It can happen that the searcher may be multitasking within a searching episode, or the episode may be an instance of the searcher engaged in successive searching. This session definition is similar to the definition of a unique visitor that is used by commercial search engines and organizations to measure Web site traffic. The number of queries per searcher is the session length.

Session duration is the total time the user spent interacting with the search engine, including the time spent viewing the first and subsequent Web documents, except the final document. Session duration can therefore be measured from the time the user submits the first query until the user departs the search engine for the last time (i.e., does not return). This viewing time of the final Web document is not available since the Web search engine server does not record the time stamp. Naturally, the time between visits from the Web document to the search engine may not have been entirely spent viewing the Web document, which is a limitation of the measure. A Web document is the Web page referenced by the URL in on the search engine‘s results page. A Web document may be text or multimedia and, if viewed hierarchically, may contain a nearly unlimited number of sub-Web documents. A Web document may also contain URLs linking to other Web documents. From the results page, a searcher may click on a URL, (i.e., visit) one or

Ashok Mammen V Assistant Professor Page 67 more results from the listings on the result page. This is click through analysis and measures the page viewing behavior of Web searchers. One measures document viewing duration as the time from when a searcher clicks on a URL on a results page to the time that searcher returns to the search engine. Some researchers and practitioners refer to this type of analysis as page view analysis. Click through analysis is possible if the transaction log contains the appropriate data.

One typical question is ―How many searchers have visited the search engine during this period? ―How many searchers have visited the search engine on each day during this period?‖

Limitations: - • As a server side logging, transaction logs typically do not contain the full range of user – system interactions. Therefore, researchers have to rely of other applications to log these interactions. Transaction logging can be supplemented with an application that includes online questionnaires. In some cases a spy software package is used to covertly ―monitor‖ a person‘s computer activities to trace demographic data. • A transaction log does not record the reasons for the search, the searcher motivations, or other qualitative aspects of use. • In the instances where one needs this data, one should use transaction log analysis in conjunction with other data collection methods. • The logged data may not be complete due to caching of server data on the client machine or proxy servers. For example, a user accesses the page of results from a search engine using the Back button of a browser. This navigation accesses the results page via the cache on the client machine. The Web server will not record this action. However, if the user clicks on any URL on that results page, functions coded on the results page redirects the click first to the Web server, from which the Web server records the visit to the Web site. • In short, Transaction logs are primarily a server-side data collection method; therefore, some interactions events are masked (ie., cannot be traced) from these logging mechanisms, such as when the user clicks on the back or print button on the browser software, or cuts or pastes information from one window to another on a client computer. Transaction logs also, do not record the underlying situational, cognitive, or affective elements of the searching process

The Shopping Cart Database When a customer purchases online, a virtual shopping cart is made available. Usually the customer picks a product from the catalog and adds to his shopping cart. The cart keeps stock of the selected products, the quantity and generates the total cost of the selection. The customer can add more or remove the items from the cart. Once the customer finalises the purchase, he /she can submit the cart for billing and by fulfilling the payment options can complete the order. Alternatively the cart can be saved and the process completed afterwards. The database related to the shopping cart help the –business to manage this.

Ashok Mammen V Assistant Professor Page 68

The database is complex and is created by software professionals. The Shopping cart database contains not only products but also customer data. The shopping cart database stores information about the products and about the orders. It stores the catalog of products; it stores general information about the order, such as the customers' names and addresses, and the items selected for each order and when the order was submitted. For example, the design of online furniture shopping cart database- The software application will have a database containing three tables. The first table (the Furniture table) is the catalog of products. A second table (the Customer Order table) stores information general to the order, such as name and address, order number, and so on. The third table (the Order Item table) stores a row for each item ordered, linked to the first table by the order number. The catalog can be in a separate database. The catalog database might include other tables related to the products, such as an inventory table and so on.

A Shopping cart software allows buyers to:

• Save items they‘re interested in and purchase it at their convenience later • Add/remove products without having to cancel their entire order • It gives a clear summary of the total number of items, total cost, shipping fees, tax, VAT and any other fees • Makes it easier for online sellers to track their customers‘ orders

From the seller perspective, a shopping cart software is used to have complete control and to customize over the buying experience of a customer. It offers other benefits like

• Integrate multiple payment gateways • Allow one-time or subscription based payments • Offer free or paid trials • Offer payment plans that allow customers to pay in installments in case of high ticket products • Customize the checkout page with the help of a huge library of existing templates • Trigger exit-intent popups with incentives that encourage the visitor to complete their purchase • Automatically translate the checkout page to up to 20 languages • Create your own Sales and VAT tax profiles to charge at checkout

SQL (Structured query Language)

Much of business happen online and websites and apps place a major role. While it may be easy to make a stand alone website or application, hoisting it on the World Wide Web and accessing information is complex. The content generated on the sites can be handled through databases, but on its own database management can be a very difficult job. By using the SQL programming

Ashok Mammen V Assistant Professor Page 69 language we can help ease things a lot. Structured query Language or SQL is widely used for editing and querying information within different database management systems.

History - The humble beginnings of SQL date back to the 1970s, when IBM laboratories developed a breakthrough in database software known as “System R.” For the storing of data on System R, SQL was created. Initially known as SEQUEL, the name still sometimes used as an alternative pronunciation for SQL, but was later renamed to SQL. In 1979, a company known as Relational Software was the first to realize the true potential of SQL and created its own modified version to release it under the name Oracle V2. Relational Software also changed its name to Oracle.

Now as the fourth decade after SQL’s creation, it has become a revered form of database management. It is mainly popular for its flexibility due to supporting distributed databases which means that databases can be distributed on several system networks at the same time. Certified by both ISO and ANSI, SQL is now considered the database query standard, which is being used to power some of the best database applications on the internet today. Some examples of open- source SQL database solutions are SQLite, MySQL and PostgreSQL.

SQL Language is based on several different elements. For developers‘ convenience, language commands in most database management systems are executed by a specific CLI (Command line interface).

• Expressions – These can produce scalar values or tables, made up of rows and columns of data. • Clauses – These are the components of different queries and statements. • Queries – Queries can retrieve data based on the provided criteria, it is good to have an understanding of some o the most basic queries that a person will have to send when working in SQL. • Predicates – These specify conditions that are used to limit the effects of Queries and Statements or to change the flow of the entire program. • Statements – With statements, the data handler is able to control: o Program flow o Transactions o Sessions o Connections o Diagnostics

In database systems, SQL statements are used to generate queries from a client program to the database. This can allow the users to execute a wide range of fast data manipulation. Thus SQL is the main language that allows your database servers to store and edit the data on it. With most companies using cloud databases and having a lot of their client information on these databases SQL facilitates data processing.

Ashok Mammen V Assistant Professor Page 70

Data Mining

Data mining is the practice of examining large pre-existing databases in order to generate new information. Data mining is a process used by companies to turn raw data into useful information. By using software to look for patterns in large batches of data, businesses can learn more about their customers to develop more effective marketing strategies, increase sales and decrease costs. Data mining depends on effective data collection, warehousing, and computer processing.

How Data Mining Works Data mining involves exploring and analyzing large blocks of information to glean meaningful patterns and trends. It can be used in a variety of ways, such as database marketing, credit risk management, fraud detection, spam Email filtering, or even to discern the sentiment or opinion of users. The data mining process breaks down into five steps.

i. Organizations collect data and load it into their data warehouses. ii. They store and manage the data, either on in-house servers or the cloud. iii. Business analysts, management teams and information technology professionals access the data and determine how they want to organize it. iv. Then, application software sorts the data based on the user's results, and finally, v. The end-user presents the data in an easy-to-share format, such as a graph or table.

Customer relationship management (CRM) CRM is a term that was initially defined and designed to improve customer service. Today, though, it relates to an entire business strategy. CRM software acts as a single repository to bring your sales, marketing, and customer support activities together, and streamline your process, policy, and people in one platform. The CRM philosophy is simple: Put the customer first.

When your business looks at every transaction through the eyes of the customer, you can‘t help but deliver a better customer experience, which in turn increases loyalty to your company.

For example;

• customers are willing to pay more for a better customer experience • Customer centric companies are more profitable than those that aren‘t • customers will leave a brand they love after just one negative experience

A CRM software brings together all information from different departments throughout the company to give one, holistic view of each customer in real time. This allows customer-facing employees in areas such as sales, marketing and customer support to make quick and informed decisions on everything from up-selling and cross-selling, to improving the quality of customer

Ashok Mammen V Assistant Professor Page 71 communication and responsiveness, to coordinating the management of sales and marketing campaigns. When implemented successfully, CRM gives companies not only insight into the opportunities to grow business with each customer, but a way of measuring their value.

Permission Marketing

Permission marketing refers to a form of advertising where the intended audience is given the choice of opting in to receive promotional messages. Common forms of permission marketing include opting into receiving updates as part of an email list.

Permission marketing has increased in popularity, particularly with respect to digital marketing. Subscription email updates are a good example of permission marketing. Users can opt-in to receive periodic emails with updates and offers based on the interests they expressed when they registered on a website or other consumer touch point. Subscribing, in this case, is the act of giving permission and allowing themselves to be marketed to.

Advantages of Permission Marketing

Permission marketing is a low-cost and effective way to create a relationship with a potential customer. The use of digital platforms with direct access to consumers, such as email or social media, removes many of the overhead costs that traditional channels such as mass mailing and print ads must assume. In addition, the main benefit of permission marketing is that because users self-select into receiving marketing messages, they are likely to be higher quality leads for

Ashok Mammen V Assistant Professor Page 72 marketers. The opt-in from the potential customer makes it more likely that they will read the content and absorb the marketing messages because they already have a demonstrated interest. While other forms of advertising may reach a bigger audience, permission marketing allows for more valuable relationships and interactions with potential future customers.

Affiliate marketing Affiliate marketing is one of the oldest forms of digital marketing wherein you refer someone to any online product and when that person buys the product based on your recommendation, you receive a commission. Every big companies like Amazon, Apple, Google have affiliate program.

How does the affiliate program work? i. An Online shopper decides to buy an item online ii. The shopper lands on an affiliate site. iii. The shopper clicks on the link that redirects to the merchant site. iv. The shopper makes a purchase and v. the merchant rewards the affiliate for his effort.

What are the advantages of affiliate marketing? i. Affiliate marketing is performance-based - affiliates are only paid a commission once the desired action has taken place. ii. It helps broaden your audience - Affiliates can be found in every market and product category that exists today. If you are a company wanting to engage an affiliate, the chances are there are many reputed affiliates who have an established visitor base. These partnerships grant the opportunity to expand out into new markets that you might not otherwise have had the bandwidth to explore or to further saturate your existing target markets, giving your brand a much stronger online presence. iii. Affiliates can boost your reputation - These partners will champion your products and, will further solidify consumer confidence in your product or service. By partnering with trusted bloggers and reputable websites, you can further the reputation of your brand and its products. Consumers also have a certain level of trust in websites they frequent for product recommendations. iv. It's cost effective - affiliate marketing can be extremely cost effective. If you‘re only paying commissions when the desired conversion occurs. Furthermore, recruiting affiliates in new markets is an easy way to branch out into that market without the overhead cost of creating an entire marketing campaign, mitigating the need to sink money into an unproven market for testing. v. Affiliates can rapidly scale your traffic (and sales) - In conjunction with your other marketing efforts, recruiting affiliates to your program will allow you to scale traffic faster. The more sites that link to your pages, the more opportunities you‘ll have to convert those users into paid customers. Also, although affiliate links won't have a direct

Ashok Mammen V Assistant Professor Page 73

impact on your search engine rankings, it will have a 'halo effect' in terms of more people searching for your products and navigating to your pages which improves your rankings.

Viral marketing

Viral marketing or viral advertising is a business strategy that uses existing social networks to promote a product. Its name refers to how consumers spread information about a product with other people, much in the same way that a virus spreads from one person to another.

Viral marketing typically supplies its audience with something of value for free. This can be something as simple as an amusing song or game. Whatever the viral content is, it must encourage people to share with others so as many people as possible receive the content's message. Viral marketing is useful as a stand-alone marketing tool or as a part of a larger campaign that uses multiple kinds of marketing. It is especially attractive to smaller businesses or companies because viral marketing can be a cheaper alternative to traditional marketing efforts.

For example, a new energy drink company could create an Internet video featuring a person who consumes the energy drink before performing a seemingly impossible bicycle jump. If the video is made to look real, it may encourage people who see it to share it with others. After the video receives enough views, the company could reveal its true purpose, convincing its viewers to seek out more information about the drink without ever using a traditional advertisement. Viral marketing is often used in conjunction with other methods of marketing. The viral aspect of the campaign generated, buzz about the story long before the release of commercials, trailers, posters, and other forms of traditional marketing. This caused many people to already talk about the movie before it was officially announced to the public. Another example is when political campaigns often create videos featuring sound clips of an opposing candidate saying something people may find offensive. Politicians hope that by pointing out an outrageous statement, the video will go viral and cause others to develop a negative attitude toward the targeted opponent.

----****---

References: - https://www.coursehero.com/file/p6lf8ghk/What-are-web-transaction-logs-and-how-do-they-work-in- combination-with/ https://www.quickstart.com/blog/what-is-sql-server-and-how-does-it-work/ https://www.investopedia.com/terms/d/datamining.asp https://www.youtube.com/watch?v=hnEQq7kNFWo&feature=youtu.be https://www.superoffice.com/blog/what-is-crm/ https://www.investopedia.com/terms/p/permission-marketing.asp https://www.marketing-schools.org/types-of-marketing/viral-marketing.html

Ashok Mammen V Assistant Professor Page 74

UNIT 5 : CYBER LAWS Legal Aspects of E-Business, Internet frauds – Cyber Laws. IT Act 2000 salient features. ==== Information Technology Act, 2000 In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the model law on electronic commerce (e-commerce) to bring uniformity in the law in different countries. Then the General Assembly of the United Nations recommended that all countries must consider this model law before making changes to their own laws. India became the 12th country to enable cyber law after it passed the Information Technology Act, 2000.

1. The Information Technology Act, 2000 provides legal recognition to the transaction done through electronic exchange of data and other electronic means of communication or electronic commerce transactions. 2. This also involves the use of alternatives to a paper-based method of communication and information storage to facilitate the electronic filing of documents with the Government agencies. 3. Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers‘ Books Evidence Act 1891, and the Reserve Bank of India Act 1934.

Objectives of the Act The objectives of the Act are as follows:

i. The Act grant legal recognition to all transactions done via electronic exchange of data or other electronic means of communication or e-commerce, in place of the earlier paper-based method of communication. ii. Give legal recognition to digital signatures for the authentication of any information or matters requiring legal authentication iii. Facilitate the electronic filing of documents with Government agencies and also departments iv. Facilitate the electronic storage of data v. Give legal sanction and also facilitate the electronic transfer of funds between banks and financial institutions vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000 a) All electronic contracts made through secure electronic channels are legally valid. b) Legal recognition for digital signatures. c) Security measures for electronic records and also digital signatures are in place d) A procedure for the appointment of adjudicating officers for holding inquiries under the Act is finalized

Ashok Mammen V Assistant Professor Page 75 e) Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this tribunal will handle all appeals made against the order of the Controller or Adjudicating Officer. f) An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court g) Digital Signatures will use an asymmetric cryptosystem and also a hash function h) Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Controller to act as a repository of all digital signatures. i) The Act applies to offences or contraventions committed outside India j) Senior police officers and other officers can enter any public place and search and arrest without warrant k) Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the Central Government and Controller.

Applicability and Non-Applicability of the Act Applicability - According to Section 1 (2), the Act extends tao the entire country, which also includes Jammu and Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of the constitution. Further, it does not take citizenship into account and provides extra-territorial jurisdiction. Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or contravention committed outside India as well. If the conduct of person constituting the offence involves a computer or a computerized system or network located in India, then irrespective of his/her nationality, the person is punishable under the Act.

Lack of international cooperation is the only limitation of this provision.

Non-Applicability - According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to the following documents: 1. Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except cheques. 2. Execution of a Power of Attorney under the Powers of Attorney Act, 1882. 3. Creation of Trust under the Indian Trust Act, 1882. 4. Execution of a Will under the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called. 5. Entering into a contract for the sale of conveyance of immovable property or any interest in such property. 6. Any such class of documents or transactions as may be notified by the Central Government in the Gazette.

E-COMMERCE ETHICAL AND LEGAL ISSUES

Ashok Mammen V Assistant Professor Page 76

The vastness of Internet advertising offers a solid platform for Electronic Commerce (or e- commerce) to explode. Electronic Commerce has the ability to provide secure shopping transactions coupled with instant verification and validation of credit card transactions. E- Commerce is not about the technology itself, it is about doing business leveraging the technology. A technological innovation is followed by frequent incorporation of ethical standards into law. New forms of E-Commerce that enables new business practices have many advantages but also bring numerous risks. Let‘s discuss about the ethical and legal issues related to e-business.

Ethical Issues

In general, many ethical and global issues of Information Technology apply to e-business. So, what are the issues particularly related to e-commerce? Let‘s list some of the ethical issues spawned with the growing field of e-commerce.

Web tracking E-businesses draw information on how visitors use a site through log files. Analysis of log file means turning log data into application service or installing software that can pluck relevant information from files in-house. Companies track individual‘s movement through tracking software and cookie analysis. Programs such as cookies raise a batch of privacy concerns. The tracking history is stored on your PC‘s hard disk, and any time you revisit a website, the computer knows it. Many smart end users install programs such as Cookie cutters, Spam Butcher, etc which can provide users some control over the cookies.

The battle between computer end users and web trackers is always going on with a range of application programs. For example, software such as Privacy Guardian, My Privacy, etc can protect user‘s online privacy by erasing browser‘s cache, surfing history and cookies. To detect and remove spyware specially designed programs like Ad-Aware are present. A data miner application, SahAgent collects and combines Internet browsing history of users and sends it to servers. The battle goes on!

Privacy Most Electronic Payment Systems knows the identity of the buyer. So it is necessary to protect the identity of a buyer who uses Electronic Payment System.

A privacy issue related to the employees of company is tracking. Monitoring systems are installed in many companies to monitor e-mail and other web activities in order to identify employees who extensively use business hours for non-business activities. The e-commerce activities performed by a buyer can be tracked by organizations. For example, reserving railway tickets for their personal journey purpose can be tracked. Many employees don‘t want to be under the monitoring system even while at work.

As far as brokers and some of the company employees are concerned, E-Commerce puts them in danger zone and results in elimination from their jobs. The manner in which employees are

Ashok Mammen V Assistant Professor Page 77 treated may raise ethical issues, such as how to handle displacement and whether to offer retraining programs.

Disintermediation and Reintermediation Intermediation is one of the most important and interesting e-commerce issue related to loss of jobs. The services provided by intermediaries are

(i) Matching and providing information. (ii) Value added services such as consulting.

The first type of service (matching and providing information) can be fully automated, and this service is likely to be in e-marketplaces and portals that provide free services. The value added service requires expertise and this can only be partially automated. The phenomenon by which Intermediaries, who provide mainly matching and providing information services are eliminated is called Disintermediation.

The brokers who provide value added services or who manage electronic intermediation (also known as infomediation), are not only surviving but may actually prosper, this phenomenon is called Reintermediation.

The traditional sales channel will be negatively affected by disintermediation. The services required to support or complement e-commerce are provided by the web as new opportunities for reintermediation. The factors that should be considered here are the enormous number of participants, extensive information processing, delicate negotiations, etc. They need a computer mediator to be more predictable.

Legal Issues Where are the headlines about consumers defrauding merchants? What about fraud e-commerce websites? Internet fraud and its sophistication have grown even faster than the Internet itself. There is a chance of a crime over the internet when buyers and sellers do not know each other and cannot even see each other. During the first few years of e-commerce, the public witnessed many frauds committed over the internet. Let‘s discuss the legal issues specific to e-commerce.

Fraud on the Internet E-commerce fraud popped out with the rapid increase in popularity of websites. It is a hot issue for both cyber and click-and-mortar merchants. The swindlers are active mainly in the area of stocks. The small investors are lured by the promise of false profits by the stock promoters. Auctions are also conductive to fraud, by both sellers and buyers. The availability of e-mails and pop up ads has paved the way for financial criminals to have access to many people. Other areas of potential fraud include phantom business opportunities and bogus investments.

Copyright The copyright laws protect Intellectual property in its various forms, and cannot be used freely. It is very difficult to protect Intellectual property in E-Commerce. For example, if you buy

Ashok Mammen V Assistant Professor Page 78 software you have the right to use it and not the right to distribute it. The distribution rights are with the copyright holder. Also, copying contents from the website also violates copy right laws.

Domain Names The competition over domain names is another legal issue. Internet addresses are known as domain names and they appear in levels. A top level name is qburst.com or microsoft.com. A second level name will be qburst.com/blog. Top level domain names are assigned by a central non-profit organization which also checks for conflicts or possible infringement of trademarks. Problems arise when several companies having similar names competing over the same domain name. The problem of domain names was alleviated somewhat in 2001 after several upper level names were added to com.

Another issue to look out for is Cybersquatting, which refers to the practice of registering domain names with the desire of selling it at higher prices.

Security features such as authentication, non-repudiation and escrow services can protect the sellers in e-commerce.

One needs to be careful while doing e-commerce activities. The need to educate the public about the ethical and legal issues related to e-commerce is highly important from a buyer as well as seller perspective.

Internet fraud is the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them. Internet crime schemes steal millions of dollars each year from victims and continue to plague the Internet through various methods.

The most common types of online fraud are called phishing and spoofing. Phishing is the process of collecting your personal information through e-mails or websites claiming to be legitimate. This information can include usernames, passwords, credit card numbers, social security numbers, etc.

In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

To prevent online fraud:

‐ Keep current with your software and virus protection. ‐ Create strong passwords. ‐ Ignore emails from senders you don't know. ‐ Use your pop-up blocker. ‐ Download files only from sites you know. ‐ Sign up for email/text "transaction alerts" from your bank to keep track of your purchases.

What are different types of frauds?

Ashok Mammen V Assistant Professor Page 79

‐ Mail Fraud. ‐ Driver's License Fraud. ‐ Healthcare Fraud. ‐ Debit and Credit Card Fraud. ‐ Bank Account Takeover Fraud. ‐ Stolen Tax Refund Fraud. ‐ Voter Fraud. ‐ Internet Fraud.

Top 5 Popular Cybercrimes to Effortlessly Protect Your Computer and Data Against its Impact 1. Phishing scams. Phishing is a practice of a cybercriminal or hacker attempting to obtain sensitive or personal information from a computer user. ... 2. Identity Theft scams. ... 3. Online Harassment. ... 4. Cyberstalking. ... 5. Invasion of privacy.

Most Common Types of Cybercrime Acts Cybercrime involves the use of computer and network in attacking computers and networks as well. Cybercrime is obviously a criminal offense and is penalized by the law. Cybercriminals devise various strategies and programs to attack computers and systems. These are the most common types of cybercrime acts:

Fraud Fraud is a general term used to describe a cybercrime that intends to deceive a person in order to gain important data or information. Fraud can be done by altering, destroying, stealing, or suppressing any information to secure unlawful or unfair gain.

Hacking Hacking involves the partial or complete acquisition of certain functions within a system, network, or website. It also aims to access to important data and information, breaching privacy. Most ―hackers‖ attack corporate and government accounts. There are different types of hacking methods and procedures.

Identity Theft Identify theft is a specific form of fraud in which cybercriminals steal personal data, including passwords, data about the bank account, credit cards, debit cards, social security, and other sensitive information. Through identity theft, criminals can steal money. According to the U.S. Bureau of Justice Statistics (BJS), more than 1.1 million Americans are victimized by identity theft.

Scamming Ashok Mammen V Assistant Professor Page 80

Scam happens in a variety of forms. In cyberspace, scamming can be done by offering computer repair, network troubleshooting, and IT support services, forcing users to shell out hundreds of money for cyber problems that do not even exist. Any illegal plans to make money falls to scamming.

Computer Viruses

Most criminals take advantage of viruses to gain unauthorized access to systems and steal important data. Mostly, highly-skilled programs send viruses, malware, and Trojan, among others to infect and destroy computers, networks, and systems. Viruses can spread through removable devices and the internet.

Ransomware

Ransomware is one of the most destructive malware-based attacks. It enters your computer network and encrypts files and information through public-key encryption. In 2016, over 638 million computer networks are affected by ransomware. In 2017, over $5 billion is lost due to global ransomware.

DDoS Attack

DDoS or the Distributed Denial of Service attack is one of the most popular methods of hacking. It temporarily or completely interrupts servers and networks that are successfully running. When the system is offline, they compromise certain functions to make the website unavailable for users. The main goal is for users to pay attention to the DDoS attack, giving hackers the chance to hack the system.

Botnets

Botnets are controlled by remote attackers called ―bot herders‖ in order to attack computers by sending spams or malware. They usually attack businesses and governments as botnets specifically attack the information technology infrastructure. There are botnet removal tools available on the web to detect and block botnets from entering your system.

Spamming

Spamming uses electronic messaging systems, most commonly emails in sending messages that host malware, fake links of websites, and other malicious programs. Email spamming is very popular. Unsolicited bulk messages from unfamiliar organizations, companies, and groups are sent to large numbers of users. It offers deals, promos, and other attractive components to deceive users.

Phishing

Phishers act like a legitimate company or organization. They use ―email spoofing‖ to extract confidential information such as credit card numbers, social security number, passwords, etc.

Ashok Mammen V Assistant Professor Page 81

They send out thousands of phishing emails carrying links to fake websites. Users will believe these are legitimate, thus entering their personal information.

Social Engineering

Social engineering is a method in which cybercriminals make a direct contact with you through phone calls, emails, or even in person. Basically, they will also act like a legitimate company as well. They will befriend you to earn your trust until you will provide your important information and personal data.

Malvertising

Malvertising is the method of filling websites with advertisements carrying malicious codes. Users will click these advertisements, thinking they are legitimate. Once they click these ads, they will be redirected to fake websites or a file carrying viruses and malware will automatically be downloaded.

Cyberstalking

Cyberstalking involves following a person online anonymously. The stalker will virtually follow the victim, including his or her activities. Most of the victims of cyberstalking are women and children being followed by men and pedophiles.

Software Piracy

The internet is filled with torrents and other programs that illegally duplicate original content, including songs, books, movies, albums, and software. This is a crime as it translates to copyright infringement. Due to software piracy, companies and developers encounter huge cut down in their income because their products are illegally reproduced.

Cyberbullying

Cyberbullying is one of the most rampant crimes committed in the virtual world. It is a form of bullying carried over to the internet. On the other hand, global leaders are aware of this crime and pass laws and acts that prohibit the proliferation of cyberbullying.

-----*****-----

Ashok Mammen V Assistant Professor Page 82