UNIT-II

The Internet as a Network Infrastructure in E-commerce:

The internet plays a crucial role in the infrastructure of e-commerce providing

a network that enables businesses and consumers to connect and conduct online
transactions. It has revolutionized the way we buy and sell products and services
offering convenience global reach and a wide range of possibilities for businesses.

Here are some key points about the internet’s role in e-commerce and the security
measures associated with it:

➢ Connectivity: The internet serves as a global network connecting devices

servers and users worldwide. E-commerce platforms leverage this
connectivity to connect buyers and sellers regardless of their physical
location.
➢ Online Marketplaces: E-commerce platforms such as Amazon eBay and
Alibaba utilize the internet to provide virtual marketplaces where buyers can
find a wide range of products and sellers can reach a global audience. These
platforms facilitate secure online transactions and provide tools for managing
product listings and customer interactions.

1) Security Measures: As e-commerce transactions involve sensitive data security

measures are essential to protect both buyers and sellers. Key security practices
include:
a) Secure Socket Layer (SSL) or Transport Layer Security (TLS): These
protocols encrypt data transmitted between a buyer’s browser and a seller’s
website. They ensure that the data such as credit card numbers and personal
information cannot be intercepted by unauthorized parties.

1
 b) Payment Gateway Security: Payment gateways handle the processing of
online transactions securely transmitting payment information between the
buyer and the seller’s bank. They implement various security measures such
as encryption tokenization and fraud detection systems to protect sensitive
payment data.
c) Two-Factor Authentication (2FA): To enhance security many e-commerce
platforms implement 2FA requiring users to provide two forms of
identification such as a password and a unique code generated by a separate
device or app.
d) Secure Data Storage: E-commerce platforms must securely store customer
data including personal information and order history. Robust data encryption
access controls and regular security audits are crucial to safeguarding this data
from unauthorized access.

2) Virtual Private Networks (VPNs): VPNs are commonly used to enhance

security and privacy in e-commerce. They establish encrypted connections
between a user’s device and a secure server ensuring that their online activities
and data transmissions are protected from eavesdropping or surveillance.

3) Distributed Denial of Service (DDoS) Protection: E-commerce websites are

often targeted by DDoS attacks which involve overwhelming a website’s server
with a flood of traffic causing it to become unreachable. Various mitigation
techniques such as traffic filtering and load balancing are used to protect e-
commerce platforms from such attacks.

2
4) Mobile Commerce (m-commerce): With the increasing use of smartphones and
tablets mobile commerce has gained significant importance.
The internet provides the infrastructure to support secure mobile transactions
allowing users to browse purchase and make payments through mobile apps or
mobile-optimized websites.

5) International Reach: The internet enables e-commerce businesses to expand

their reach globally. By leveraging the internet’s network infrastructure
businesses can connect with customers across various geographical locations
opening up new markets and opportunities.

In conclusion the internet plays a fundamental role in the infrastructure of e-

commerce providing a global network that facilitates online transactions and
connects buyers and sellers. Implementing robust security measures is crucial to
ensure the protection of sensitive data and to build trust among consumers. As
technology advances the internet will continue to shape the landscape of e-
commerce enabling new innovations and possibilities for businesses and consumers
alike.

Network Security

Network security encompasses all the steps taken to protect the integrity of a
computer network and the data within it. Network security is important because it
keeps sensitive data safe from cyber-attacks and ensures the network is usable and
trustworthy. Successful network security strategies employ multiple security
solutions to protect users and organizations from malware and cyber-attacks, like
distributed denial of service.

3
 A network is composed of interconnected devices, such as computers, servers,
and wireless networks. Many of these devices are susceptible to potential attackers.
Network security involves the use of a variety of software and hardware tools on a
network or as software as a service. Security becomes more important as networks
grow more complex and enterprises rely more on their networks and data to conduct
business. Security methods must evolve as threat actors create new attack methods
on these increasingly complex networks.

The most basic example of Network Security is password protection which

the user of the network oneself chooses. In recent times, Network Security has
become the central topic of cyber security with many organizations inviting
applications from people who have skills in this area. The network security solutions
protect various vulnerabilities of the computer systems such as:

➢ Users
➢ Locations
➢ Data
➢ Devices
➢ Applications

Benefits of Network Security

➢ Functionality. Network security ensures the ongoing high performance

of the networks that businesses and individual users rely on.
➢ Privacy and security. Many organizations handle user data and must
ensure the confidentiality, integrity, and availability of data on a
network, known as the CIA triad. Network security prevents the
security breaches that can expose PII and other sensitive information,
damage a business’s reputation and result in financial losses.

4
 ➢ Intellectual property protection. Intellectual property is key to many
companies’ ability to compete. Securing access to intellectual property
related to products, services and business strategies helps organizations
maintain their competitive edge.
➢ Compliance. Complying with data security and privacy regulations,
such as HIPAA and GDPR, is legally required in many countries.
Secure networks are a key part of adhering to these mandates.

Working on Network Security

The basic principle of network security is protecting huge stored data and networks
in layers that ensure the bedding of rules and regulations that must be acknowledged
before performing any activity on the data.

These levels are:

➢ Physical Network Security

➢ Technical Network Security
➢ Administrative Network Security

5
 1. Physical Network Security: This is the most basic level that includes
protecting the data and network through unauthorized personnel from
acquiring control over the confidentiality of the network. These include
external peripherals and routers that might be used for cable connections. The
same can be achieved by using devices like biometric systems.
2. Technical Network Security: It primarily focuses on protecting the data
stored in the network or data involved in transitions through the network. This
type serves two purposes. One is protected from unauthorized users, and the
other is protected from malicious activities.
3. Administrative Network Security: This level of network security protects
user behaviour like how the permission has been granted and how the
authorization process takes place. This also ensures the level of sophistication
the network might need for protecting it through all the attacks. This level also
suggests necessary amendments that have to be done to the infrastructure.

Types of Network Security

➢ Access Control
➢ Antivirus and Anti-Malware Software
➢ Cloud Security
➢ Email Security
➢ Firewalls
➢ Application Security
➢ Intrusion Prevention System (IPS)

6
1. Access Control: Not every person should have a complete allowance for the
accessibility to the network or its data. One way to examine this is by going
through each personnel’s details. This is done through Network Access
Control which ensures that only a handful of authorized personnel must be
able to work with the allowed number of resources.
2. Antivirus and Anti-malware Software: This type of network security
ensures that any malicious software does not enter the network and jeopardize
the security of the data. Malicious software like Viruses, Trojans, and Worms
is handled by the same. This ensures that not only the entry of the malware is
protected but also that the system is well-equipped to fight once it has entered.
3. Cloud Security: Now a day, a lot of many organizations are joining hands
with cloud technology where a large amount of important data is stored over
the internet. This is very vulnerable to the malpractices that few unauthorized
dealers might pertain to. This data must be protected and it should be ensured
that this protection is not jeopardized by anything. Many businesses embrace
SaaS applications for providing some of their employees the allowance of
accessing the data stored in the cloud. This type of security ensures creating
gaps in the visibility of the data.
4. Email Security: Email Security depicts the services, and products designed
to protect the Email Account and its contents safe from external threats. For
Example, you generally see, fraud emails are automatically sent to the Spam
folder. Because most email service providers have built-in features to protect
the content.
5. Firewalls: A firewall is a network security device, either hardware or
software-based, which monitors all incoming and outgoing traffic and based
on a defined set of security rules accepts, rejects, or drops that specific traffic.

7
 Before Firewalls, network security was performed by Access Control Lists
(ACLs) residing on routers.
6. Application Security: Application security denotes the security
precautionary measures utilized at the application level to prevent the stealing
or capturing of data or code inside the application. It also includes the security
measurements made during the advancement and design of applications, as
well as techniques and methods for protecting the applications whenever.
7. Intrusion Prevention System (IPS): An intrusion Prevention System is also
known as Intrusion Detection and Prevention System. It is a network security
application that monitors network or system activities for malicious activity.
The major functions of intrusion prevention systems are to identify malicious
activity, collect information about this activity, report it, and attempt to block
or stop it.

Firewalls:

A firewall can be defined as a special type of network security device or a

software program that monitors and filters incoming and outgoing network traffic
based on a defined set of security rules. It acts as a barrier between internal private
networks and external sources (such as the public Internet).The primary purpose of

8
a firewall is to allow non-threatening traffic and prevent malicious or unwanted data
traffic for protecting the computer from viruses and attacks. A firewall is a
cybersecurity tool that filters network traffic and helps users block malicious
software from accessing the Internet in infected computers.

How does a firewall work?

A firewall system analyses network traffic based on pre-defined rules. It then

filters the traffic and prevents any such traffic coming from unreliable or suspicious
sources. It only allows incoming traffic that is configured to accept.

Typically, firewalls intercept network traffic at a computer’s entry point,

known as a port. Firewalls perform this task by allowing or blocking specific data
packets (units of communication transferred over a digital network) based on pre-
defined security rules. Incoming traffic is allowed only through trusted IP addresses,
or sources.

Functions of Firewall: As stated above, the firewall works as a gatekeeper. It

analyses every attempt coming to gain access to our operating system and prevents
traffic from unwanted or non-recognized sources.

9
 Since the firewall acts as a barrier or filter between the computer system and
other networks (i.e., the public Internet), we can consider it as a traffic controller.
Therefore, a firewall’s primary function is to secure our network and information by
controlling network traffic, preventing unwanted incoming network traffic, and
validating access by assessing network traffic for malicious things such as hackers
and malware.

Generally, most operating systems (for example – Windows OS) and security
software come with built-in firewall support. Therefore, it is a good idea to ensure
that those options are turned on. Additionally, we can configure the security settings
of the system to be automatically updated whenever available.

Firewalls have become so powerful, and include a variety of functions and

capabilities with built-in features:

➢ Network Threat Prevention

➢ Application and Identity-Based Control
➢ Hybrid Cloud Support
➢ Scalable Performance
➢ Network Traffic Management and Control
➢ Access Validation
➢ Record and Report on Events
➢ Limitations of Firewall

When it comes to network security, firewalls are considered the first line of defence.
But the question is whether these firewalls are strong enough to make our devices
safe from cyber-attacks. The answer may be “no.” The best practice is to use a
firewall system when using the Internet. However, it is important to use other
defence systems to help protect the network and data stored on the computer.

10
Because cyber threats are continually evolving, a firewall should not be the only
consideration for protecting the home network.

The importance of using firewalls as a security system is obvious; however,

firewalls have some limitations:

➢ Firewalls cannot stop users from accessing malicious websites, making it

vulnerable to internal threats or attacks.
➢ Firewalls cannot protect against the transfer of virus-infected files or software.
➢ Firewalls cannot prevent misuse of passwords.
➢ Firewalls cannot protect if security rules are misconfigured.
➢ Firewalls cannot protect against non-technical security risks, such as social
engineering.
➢ Firewalls cannot stop or prevent attackers with modems from dialling in to or
out of the internal network.
➢ Firewalls cannot secure the system which is already infected.

Therefore, it is recommended to keep all Internet-enabled devices updated. This

includes the latest operating systems, web browsers, applications, and other security
software (such as anti-virus). Besides, the security of wireless routers should be
another practice. The process of protecting a router may include options such as
repeatedly changing the router’s name and password, reviewing security settings,
and creating a guest network for visitors.

Types of Firewalls

Depending on their structure and functionality, there are different types of firewalls:

➢ Proxy Firewall
➢ Packet-filtering firewalls
➢ Stateful Multi-layer Inspection (SMLI) Firewall
11
 ➢ Unified threat management (UTM) firewall
➢ Next-generation firewall (NGFW)
➢ Network address translation (NAT) firewalls

You can divide firewall types into several categories based on their general
structure and method of operation. Here are the five types of firewalls and their
three modes of deployment.

Type 1: Packet-Filtering Firewalls

As the most “basic” and oldest type of firewall architecture, packet-filtering firewalls
create a checkpoint at a traffic router or switch. The firewall performs a simple check
of the data packets coming through the router—inspecting information such as the
destination and origination IP address, packet type, port number, and other surface-
level details without opening the packet to examine its contents. It then drops the
packet if the information packet does not pass the inspection

The good thing about these firewalls is that they are not very resource-intensive.
Using fewer resources means they are relatively simple and do not significantly

12
impact system performance. However, they are also relatively easy to bypass
compared to firewalls with more robust inspection capabilities.

Type 2: Circuit-Level Gateways

Circuit-level gateways are another simplistic firewall type meant to quickly

and easily approve or deny traffic without consuming significant computing
resources. Circuit-level gateways work by verifying the transmission control
protocol (TCP) handshake. This TCP handshake check is designed to ensure that the
session the packet is from is legitimate.

While extremely resource-efficient, these firewalls do not check the packet

itself. So, if a packet held malware but had the proper TCP handshake, it would easily
pass through. Vulnerabilities like this are why circuit-level gateways are not enough
to protect your business by themselves.

Type 3: Stateful Inspection Firewalls

This firewall type combines packet inspection technology and TCP handshake
verification to create a more significant level of protection than either of the two
architectures could provide alone.

However, these firewalls also put more of a strain on computing resources.

This may slow down the transfer of legitimate packets compared to the other
solutions.

Type 4: Proxy Firewalls (Application-Level Gateways/Cloud Firewalls)

Proxy firewalls operate at the application layer to filter incoming traffic

between your network and the traffic source—hence, the name “application-level
gateway.” These firewalls are delivered via a cloud-based solution or another proxy

13
device. Rather than letting traffic connect directly, the proxy firewall first establishes
a connection to the source of the traffic and inspects the incoming data packet.

This check is like the stateful inspection firewall in looking at both the packet
and the TCP handshake protocol. However, proxy firewalls may also perform deep-
layer packet inspections, checking the actual contents of the information packet to
verify that it contains no malware.

Once the check is complete and the packet is approved to connect to the
destination, the proxy sends it off. This creates an extra layer of separation between
the “client” (the system where the packet originated) and the individual devices on
your network—obscuring them to create additional anonymity and protection for
your network.

The one drawback to proxy firewalls is that they can create a significant
slowdown because of the extra steps in the data packet transfer process.

Type 5: Next-Generation Firewalls

Many of the most recently-released firewall products are touted as “next-

generation” architectures. However, there is no consensus on what makes a firewall
genuinely next-gen.

Some typical features of next-generation firewall architectures include deep-

packet inspection (checking the actual contents of the data packet), TCP handshake
checks, and surface-level packet inspection. Next-generation firewalls may consist
of other technologies, such as intrusion prevention systems (IPSs), that automatically
stop attacks against your network.

14
 The issue is that there is no one definition of a next-generation firewall, so
verifying what specific capabilities such firewalls have before investing in one is
essential.

Firewall Deployment Architecture 1: Software Firewalls

Software firewalls include any type of firewall that is installed on a local

device rather than a separate piece of hardware (or a cloud server). The big benefit
of a software firewall is that it’s highly useful for creating defence in depth by
isolating individual network endpoints from one another.

However, maintaining individual software firewalls on different devices can

be difficult and time-consuming. Furthermore, not every device on a network may
be compatible with a single software firewall, which may mean having to use several
different software firewalls to cover every asset.

Firewall Deployment Architecture 2: Hardware Firewalls

Hardware firewalls use a physical appliance that acts like a traffic router to intercept
data packets and traffic requests before they are connected to the network’s servers.
Physical appliance-based firewalls like this excel at perimeter security by ensuring
malicious traffic from outside the network are intercepted before the company’s
network endpoints are exposed to risk.

However, the major weakness of a hardware-based firewall is that it is often easy for
insider attacks to bypass them. Also, the actual capabilities of a hardware firewall
may vary depending on the manufacturer—some may have a more limited capacity
to handle simultaneous connections than others, for example.

Firewall D-Hand shows a data cloud with a protective shield for cloud firewall
Whenever you use a cloud solution to deliver a firewall, it can be called a cloud

15
firewall or firewall-as-a-service (FaaS). Many consider cloud fire walls synonymous
with proxy firewalls since a cloud server is often used in a firewall setup (though the
proxy does not necessarily have to be on the cloud, it frequently is).

Client server network security:

In Client-server Security a different type of Security Environment is created

with the help of the Authorization methods. In this various security techniques are
used which make sure that only a valid user or a program has the valid access to the
information resources such as a person account or a database.

A Client-Server relation is made with the help of the Security so that there is
only one server and various clients which are authorized persons to use that server
for example On Amazon site there are various clients that are their costumers and
each person have their own account which has a username and password so that only
the valid person can use that account.

In this proper access control mechanism is maintained to ensure that only the
authenticated users are allowed to access the resources in which they are interested.
Such mechanism includes password protection, bio-metrics, encrypted payment
system and firewalls.

1. Introduction to Client-Server Network Security:

➢ Client-server architecture: In e-commerce client-server architecture is

commonly used where clients (users) interact with servers (websites or
applications).
➢ Network security: Client-server network security focuses on protecting the
communication between clients and servers to ensure the confidentiality
integrity and availability of data.

16
2. Common Security Threats in e-commerce:

➢ Unauthorized access: Attackers may attempt to gain unauthorized access to

sensitive data user accounts or server resources.
➢ Data breaches: This involves the unauthorized disclosure or theft of sensitive
information such as credit card details or personal information.
➢ Denial of Service (DoS) attacks: Attackers overload servers or networks to
disrupt the availability and accessibility of e-commerce platforms.
➢ Man-in-the-Middle (MitM) attacks: Attackers intercept and alter
communication between clients and servers enabling them to eavesdrop
modify or inject malicious content.

3. Security Measures to Protect Client-Server Communication:

➢ Secure Sockets Layer (SSL) / Transport Layer Security (TLS): SSL/TLS

protocols provide encryption and authentication mechanisms for secure
communication over the internet.
➢ HTTPS: Websites should use HTTPS instead of HTTP to establish a secure
channel between clients and servers. HTTPS employs SSL/TLS to encrypt
data in transit.
➢ Access controls: Implement strong authentication mechanisms such as
passwords multi-factor authentication or biometrics to restrict unauthorized
access.
➢ Firewall and Intrusion Detection Systems (IDS): Use firewalls to monitor
and control incoming/outgoing network traffic and IDS to detect and prevent
malicious activities.
➢ Regular software updates: Keep server software operating systems and
applications updated with the latest security patches to address known
vulnerabilities.
17
4. Additional Security Considerations:

➢ Secure coding practices: Developers should follow secure coding guidelines

to prevent common vulnerabilities such as SQL injection or cross-site
scripting (XSS).
➢ Data encryption: Critical data such as customer information or payment
details should be encrypted both in transit and at rest to protect against
unauthorized access.
➢ Network segmentation: Divide the network infrastructure into segments to
minimize the impact of a security breach and contain any potential damage.
➢ Security audits and testing: Regularly conduct security audits and
penetration testing to identify vulnerabilities and weaknesses in the client-
server network.
➢ Incident response plan: Develop an incident response plan to address
security incidents promptly minimize damage and restore normal operations.

5. Compliance and Legal Considerations:

➢ Payment Card Industry Data Security Standard (PCI DSS): If e-

commerce platforms handle credit card payments, they must comply with PCI
DSS requirements to ensure the security of cardholder data.
➢ General Data Protection Regulation (GDPR): E-commerce platforms
operating in the European Union (EU) must adhere to GDPR regulations to
protect user’s personal data.

Various Problems that lead to Client Server Network Security threats:

➢ Physical Security Holes: In this there is the unauthorized access to the data
and the hackers gain the password.

18
 ➢ Software Security Holes: In this there is hole due to bad program and due to
send mail hole- knee88, root access.
➢ Inconsistent usage Holes: In this the admin assembles the hardware and
software.
➢ To overcome these problems the following Protection methods have been
developed

PROTECTION METHODS:

➢ Trust based Security: In this approach we assume that no one get access to
the data that it will get the root access and delete the files.
➢ Security through Obscurity: In this we hide our password in binary files or
in the scripts with the
➢ Password Schemes: In this we make a strong password by using a mixed
password or changing password.
➢ Biometric System: In this there are finger prints, palm prints, signature
verification, voice recognition and retinal patterns

Firewalls and network security:

Firewalls are important for e-commerce security because they help to control
traffic that goes in and out of a network. They can also detect and prevent
unauthorized access to a network.

Firewalls and network security play a vital role in protecting e-commerce

systems from various cyber threats. In an e-commerce environment where sensitive
customer information and financial transactions are involved maintaining a robust
security posture is essential.

A firewall acts as a barrier between an organization’s internal network and the

internet monitoring and controlling traffic flow to prevent unauthorized access and
19
potential attacks. It examines the incoming and outgoing network packets filtering
them based on predefined security rules. This process ensures that only legitimate
and authorized traffic is allowed while blocking or alerting for suspicious or
malicious activities

Here are some aspects of firewall and network security in e-commerce that should
be considered:

1. Access Control: By defining access policies and rules firewalls ensure that
only authorized personnel can access critical resources such as servers and
databases. This helps prevent unauthorized users from gaining access to
sensitive customer data or e-commerce systems.
2. Intrusion Detection and Prevention: Firewalls equipped with intrusion
detection and prevention systems (IDPS) can detect and respond to various
types of attacks including malware DoS (Denial of Service DDoS (Distributed
Denial of Service SQL injection and cross-site scripting. These systems
analyse network traffic patterns and behaviour to identify and mitigate
potential threats.
3. Secure Remote Access: Many e-commerce organizations provide remote
access to their employees and partners. Virtual Private Network (VPN)
technologies can be used to establish secure encrypted connections over the
internet allowing authorized individuals to access the e-commerce systems
securely.
4. Secure Sockets Layer (SSL)/Transport Layer Security (TLS):
Implementing SSL/TLS protocols ensures secure communication by
encrypting data transmitted between clients and e-commerce servers.
SSL/TLS certificates enable the verification of the identity of a website

20
 protecting sensitive information such as credit card details and personal data
during transmission.
5. Network Segmentation: In an e-commerce network it is crucial to segment
different types of systems and resources. By implementing network
segmentation organizations can isolate sensitive databases payment gateways
and other critical assets from less secure components like web servers.
Firewalls can enforce access control policies between these segments limiting
the attack surface and containing potential breaches.
6. Continuous Monitoring and Logging: It is essential to continuously monitor
network traffic system logs and security events to identify any malicious or
abnormal activities promptly. Firewalls should be configured to log relevant
information allowing security teams to perform forensic investigations in case
of security incidents.
7. Regular Updates and Patching: Firewalls and associated security systems
should be kept up to date with the latest firmware patches and security
updates. Regularly applying these updates helps address known
vulnerabilities and protect against emerging threats.

In summary firewalls and network security measures are crucial for maintaining
a secure e-commerce environment. These measures help protect customer data
prevent unauthorized access detect and respond to threats enable secure remote
access and ensure the confidentiality integrity and availability of e-commerce
systems. Implementing a multi-layered security approach including firewalls
IDS/IDPS SSL/TLS network segmentation and continuous monitoring is essential
to safeguarding an e-commerce infrastructure.

21
Data and message security:

Data Security:

Electronic data security is important at a time when people are considering banking
and other financial transaction by PCs. One major threat to data security is
unauthorized network monitoring also called Packet sniffing.

Data and message security in e-commerce refer to the measures and practices
put in place to protect sensitive information during online transactions. Given the
increasing prevalence of cyber threats and the potential risks associated with online
transactions ensuring data and message security is vital for the trust and confidence
of customers in e-commerce platforms.

Data security generally suffers from packet sniffing. Sniffing attack begin
when a computer is compromised to sharing some data or program. Cracker starts to
install packet sniff into data that monitors the networks sniffer program to attack on
network traffic, telnet, FTP, or rlogin sessions: session that legitimate user initiates
to gain access to another system. The session contains the login ID, password and
name of the person that are logging into other machines, all this type of necessary
information a sniffer needs to login into machine.

Data security in e-commerce refers to the protection of sensitive information and

data that is exchanged during online transactions. It involves implementing measures
and protocols to safeguard the integrity confidentiality and availability of customer
data. Here are some key aspects of data security in e-commerce along with real-time
examples:

22
1. Secure Sockets Layer (SSL) Encryption: SSL is a cryptographic protocol
that ensures secure communication between web servers and browsers. It
encrypts data during transmission making it difficult for hackers to intercept
and decipher the information. For example, when you enter your credit card
details on an e-commerce website SSL encrypts the data to protect it from
being accessed or manipulated.
2. Payment Card Industry Data Security Standard (PCI DSS) Compliance:
PCI DSS is a set of security guidelines established by major credit card
companies to protect cardholder data. E-commerce businesses that process
credit card payments must comply with these standards. Failure to comply can
result in fines and loss of reputation. Compliance ensures that customer credit
card information is stored securely and securely transmitted during
transactions.
3. Two-Factor Authentication (2FA): 2FA adds an extra layer of security to e-
commerce platforms by requiring users to provide additional verification such
as a unique code or fingerprint in addition to their password. This prevents
unauthorized access even if the password is compromised. For instance, when
logging into an e-commerce account a one-time code is sent to the user’s
registered mobile number which needs to be entered along with the password.
4. Secure Password Policies: Strong password policies are essential to protect
customer accounts from being hacked. E-commerce platforms should enforce
password complexity such as requiring a combination of letters numbers and
special characters. Passwords should also be encrypted and stored securely in
databases making it difficult for attackers to obtain and use them.
5. Regular Security Audits and Vulnerability Assessments: E-commerce
businesses should conduct frequent security audits and vulnerability
assessments to identify and address any potential weaknesses in their systems.
23
 For example, automated tools can be used to scan websites for vulnerabilities
such as outdated software versions or XSS (Cross-Site Scripting)
vulnerabilities. Timely detection and remediation of these vulnerabilities can
prevent potential data breaches.
6. Secure Data Storage: E-commerce platforms must ensure that customer data
such as personal information and payment details is stored securely. This
involves implementing strong access controls encryption and data backup
systems. Regularly monitoring the storage infrastructure and employing
secure data storage practices helps to minimize the risk of data breaches.
7. Secure Third-Party Integrations: Many e-commerce platforms rely on
third-party integrations or services for various functionalities such as payment
gateways or analytics tools. It is crucial to ensure that these integrations are
secure and comply with data security standards. Regularly assess and monitor
the security measures implemented by these third parties to safeguard
customer data.

Message Security:

Messaging Security is a program that provides protection for companies

messaging infrastructure. It protects all the personal message of the company which
are related to company’s vision and mission.

Message security in e-commerce refers to the protection of communication

between various entities involved in e-commerce transactions including customers
vendors and payment processors. It involves implementing various security
measures to ensure the confidentiality integrity and authentication of messages
exchanged during online transactions.

24
Here are some essential aspects of message security in e-commerce:

1. Encryption: Encryption is the process of converting data into a format that is

unreadable to unauthorized individuals. It ensures that sensitive information
such as credit card details personal data and login credentials is protected
during transmission. Secure Sockets Layer (SSL) or Transport Layer Security
(TLS) protocols are commonly used to encrypt communications between web
browsers and e-commerce websites.
2. Secure Socket Layer (SSL) Certificates: SSL certificates establish a secure
connection between a web server and a web browser to ensure that the
transmitted data remains encrypted. SSL certificates are essential for building
trust with customers as visible indicators such as the padlock icon and
https:// in the website address assure visitors that their information is being
transmitted securely.
3. Secure File Transfer Protocol (SFTP) or Secure File Transfer Protocol over SSH
(SFTP-SSH): SFTP and SFTP-SSH are secure methods for transferring files
between systems over a network. They provide encryption and secure
authentication ensuring that sensitive data such as customer orders and
financial records are securely transmitted.
4. Message Authentication Code (MAC): A MAC is a cryptographic checksum
generated using a shared secret key. It verifies the integrity and authenticity
of a message ensuring that it has not been tampered with during
transmission.

25
 5. Digital Signatures: Digital signatures ensure message authenticity by using a
cryptographic algorithm to attach a unique identifier to a message. This
identifier can be verified by the recipient to ensure the message has not been
modified and originated from the claimed sender.
6. Two-Factor Authentication (2FA): By implementing 2FA e-commerce
platforms can add an extra layer of security during the login process requiring
users to provide an additional authentication factor such as a one-time
password (OTP in addition to their regular credentials.
7. Intrusion Detection Systems (IDS): IDSs monitor network traffic to detect
and respond to malicious activity. They can help identify and prevent
unauthorized access attempts and potential security breaches in real-time.
8. Regular Security Updates and Vulnerability Assessments: E-commerce
platforms should implement regular security updates to ensure the latest
security patches and fixes are applied. Additionally conducting vulnerability
assessments and penetration testing helps identify any potential weaknesses
in the system and address them proactively.

Implementing these measures in an e-commerce system ensures the protection

of sensitive information reduces the risk of data breaches and builds trust with
customers. It is crucial for e-commerce businesses to prioritize message security to
safeguard customer data and maintain a secure online environment.

26
Encrypted Documents and Electronic Mail:

Encrypted documents and electronic mail in e-commerce play a crucial role in

ensuring the security and privacy of information shared between parties.

Encrypted Documents:

Encrypted documents in e-commerce refer to electronic files or data that have

undergone a process of encryption which means they have been transformed into a
coded or unreadable format to ensure confidentiality and security during
transmission or storage.

Encryption refers to the process of converting plaintext (unencrypted) data

into ciphertext (encrypted) data using algorithms and keys. Encrypted documents
are files that have been converted into a format that can only be understood with the
corresponding decryption key.

1. Encryption Methods: Encryption involves using algorithms or mathematical

formulas to convert plain text or data into cipher text. The most used
encryption methods in e-commerce include symmetric encryption asymmetric
encryption and hashing.
2.
a. Symmetric Encryption: This method utilizes a single key to both
encrypt and decrypt the document. The same key is shared between the
sender and the recipient ensuring that only authorized parties can access
the information.
b. Asymmetric Encryption: Also known as public-key encryption this
method employs two different keys: a public key to encrypt the
document and a private key to decrypt it. The public key is widely
27
 distributed while the private key remains confidential and only
accessible to the recipient.
c. Hashing: Unlike encryption hashing is a one-way process that converts
data into a fixed-length string of characters. This method helps
authenticate the integrity of a document by generating a unique hash
value which can be verified later to ensure that the document remains
unchanged.

3. SSL/TLS: Secure Socket Layer (SSL) and Transport Layer Security (TLS)
protocols play a crucial role in establishing a secure communication channel
for e-commerce transactions. They enable encrypted connections between a
web server and a client’s browser ensuring that sensitive data such as credit
card information is encrypted during transmission.

In e-commerce encrypted documents serve several purposes including:

a. Confidentiality: Encryption ensures that sensitive information such as

customer data financial details or trade secrets remains confidential and
inaccessible to unauthorized individuals or entities.
b. Integrity: Encryption also enables data integrity. By encrypting documents
any alterations or modifications made to the data during transmission or
storage can be detected as decryption requires the original key.
c. Authentication: Encrypted documents can include digital signatures or
certificates to authenticate the sender’s identity. This helps establish trust
between parties involved and verifies the integrity of the document.
28
 d. Regulatory Compliance: Many industries and jurisdictions have legal
requirements regarding data security and privacy. Encrypted documents aid in
meeting these compliance standards by safeguarding sensitive information.

Common encryption techniques used to secure documents in e-commerce include

symmetric key encryption (e.g., Advanced Encryption Standard – AES) and
asymmetric key encryption (e.g., RSA Elliptic Curve Cryptography – ECC).

1. Benefits of Encrypted Documents in E-commerce:

a. Data Security: Encryption provides an additional layer of protection
by preventing unauthorized access to sensitive information. It
safeguards customer data financial transactions and reduces the risk of
hacking identity theft or data breaches.

b. Trust and credibility: Customers are more likely to trust e-commerce

platforms that prioritize the security and privacy of their data. By using
encryption businesses can build trust and credibility with their
customers increasing customer loyalty and generating repeat business.
c. Compliance with regulations: Encrypted documents help e-
commerce businesses adhere to various regulatory frameworks such as
the General Data Protection Regulation (GDPR) or the Payment Card
Industry Data Security Standard (PCI DSS which mandate the
protection of customer data.
4. Key Management: Proper key management is essential for effective
encryption in e-commerce. This involves securely generating storing
distributing and revoking encryption keys to ensure that encrypted documents
can be decrypted by authorized parties. Additionally implementing regular

29
 key rotation and employing strong unique passwords for encryption keys
helps maintain the security of the system.

In summary encrypted documents are a crucial aspect of e-commerce security.

By employing encryption methods implementing SSL/TLS protocols and ensuring
proper key management businesses can enhance the security of their systems protect
customer data and foster trust among consumers.

Electronic mail
Electronic mail commonly known as email is a digital method of exchanging
messages and other types of electronic communication through a computer network.
It has revolutionized communication in many areas including e-commerce.

Electronic mail or email allows the exchange of digital messages between

individuals or organizations making it a vital communication tool in e-commerce.
However, since emails can potentially traverse various networks and systems, they
are susceptible to interception or unauthorized access.

To enhance email security encryption can be applied to protect the content and
attachments within emails. Email encryption safeguards sensitive information by
rendering it unreadable to unauthorized parties.

Two common methods of email encryption are:

a. Secure Sockets Layer/Transport Layer Security (SSL/TLS): SSL/TLS
encryption protocols provide secure communication channels between email
servers and clients. They encrypt email content during transit preventing
unauthorized interception or tampering.

30
 b. Pretty Good Privacy (PGP): PGP is a widely-used encryption technology
that allows users to encrypt and digitally sign individual emails. It uses both
symmetric and asymmetric encryption to ensure confidentiality and
authenticity.

By employing encryption in electronic mail e-commerce businesses can protect

customer information trade secrets financial data and other sensitive
communications.

In the context of e-commerce email plays a crucial role in facilitating communication

between businesses and customers. Here are some important points about email in
e-commerce:

1. Order Confirmations: After customers make a purchase online, they

typically receive an email confirmation that includes details of their order.
This email serves as a receipt and provides important information such as the
order number item details shipping address and estimated delivery date. It
gives customers peace of mind and acts as a reference for future inquiries.
2. Shipment Updates: As the order progresses through the fulfilment process
email updates are sent to customers notifying them of the shipment status.
These emails provide tracking information allowing customers to monitor the
progress of their delivery. Shipment updates help build trust and transparency
keeping customers informed about when they can expect to receive their
products.
3. Promotional and Marketing Messages: Email is a valuable tool for
businesses to send promotional offers discounts and marketing messages to
their customers. By collecting email addresses during the checkout process or
through sign-up forms businesses can build a customer database and engage
31
 ith their audience. Personalized emails that target specific customer segments
based on purchase history preferences or behaviours can lead to increased
sales and customer loyalty.
4. Customer Support and Inquiries: Email serves as a convenient channel for
customers to reach out to businesses with inquiries feedback or complaints.
Customer support teams can respond to these emails helping and resolving
any issues or concerns. Prompt and helpful email communication can
significantly enhance the overall customer experience and satisfaction.
5. Review Requests: After customers receive and use product businesses often
send emails requesting feedback or reviews. These emails encourage
customers to share their experiences provide ratings and write product
reviews. Reviews play a crucial role in influencing purchasing decisions and
building trust with potential customers.
6. Abandoned Cart Reminders: When customers add items to their online
shopping carts but do not complete the purchase businesses can send
automated reminder emails. These emails aim to recapture the customer’s
attention and encourage them to revisit the website and complete the purchase.
Abandoned cart reminders can help recover potential sales that would
otherwise be lost.

Overall email communication in e-commerce serves as a vital tool for businesses

to engage with customers provide updates promote products offer support and drive
sales. Its efficiency widespread use and ability to reach customers directly make it
an indispensable element of e-commerce operations

In summary encrypted documents and electronic mail in e-commerce provide

essential security measures to protect confidential information ensure integrity and
establish trust between parties involved in digital transactions.

32