MODULE 5

Cyber Crimes – Types of cybercrimes –against individuals’ institution, and states-various offenses and
punishments, digital signature-concepts of public key and private key, certification authorities and their role,
creation and authentication of digital signature. E-contracting –salient features of E-contracts, formation of E-
contracts and types, E-governance, E-governance models, E-commerce- salient features and advantages.

1. CYBER CRIMES
▪ Cyber crimes are crimes that involve criminal activities done through cyberspace by devices connected to
the internet. At times, cyber crimes are also called ‘computer crimes’.

▪ Most cybercriminals commit cyber crimes with mainly three motives- monetary, personal, or political.

▪ Though cyber crimes do not physically affect anyone, they tend to seriously harm the reputation, finances,
and privacy of the targeted persons.

▪ Further, another crucial characteristic of cyber crimes is the determination of jurisdiction.

▪ Since the identity of the cybercriminal can be completely erased and mostly stays concealed in cyberspace,
it is very difficult to identify him/ her.

▪ Also, cybercriminals may launch cross-border cyber attacks. For instance, a person situated in a country that
prohibits pornography may access pornographic content that is located on a computer in a country where it
is not banned at all. In such cases, it is very difficult to determine the liability of the person.

❖ Classification of cyber crimes

Due to the expanding cyberspace, various types of cyber-crimes are committed worldwide. The major objective
of committing such crimes is to gather confidential data from people and use it for monetary, political, or personal
motives.

Generally, almost all cyber-crimes can be classified under three heads, depending on the groups they are targeted
at. The heads are:

(i) Cyber-crimes against individuals,

(ii) Cyber crimes against organizations, and

(iii) Cyber crimes against society at large.

Different types of cyber crimes that fall under the above-mentioned categories are explained below.
 (i) CYBER CRIMES AGAINST INDIVIDUALS
Generally, ordinary individuals are the most vulnerable targets of cybercriminals. This is due to various reasons
like lack of information, guidance, and cyber-security.

The following are some of the main cyber crimes committed targeting individuals.

a. Cyberbullying

The term cyberbullying is not defined under any Indian law. However, in general parlance, cyberbullying refers
to bullying someone by threatening, harassing or embarrassing the victim using technology digital device.
Generally, cyberbullying includes the following activities on the internet:

• Humiliating/embarrassing content posted online about the victim of online bullying,

• Hacking social media accounts
• Posting vulgar messages on social media
• Threatening the victim to commit any violent activity
• Child pornography or threatening someone with child pornography

In India, a whopping amount of almost 85% of children experiences cyberbullying. There are no specific
provisions that deal with cyberbullying.

Section 67 of the IT Act is the closest legal provision relating to cyberbullying. It penalizes anyone who transmits
obscene materials in electronic form. The punishment for such transmission is imprisonment for a term which
may extend to five years and a fine which may extend to ten lakh rupees.

Also, Section 66E of the IT Act provides the punishment for violating any person’s privacy through the internet.
Under this section, any person who intentionally violates anyone’s privacy by transmitting, capturing or
publishing private pictures of others shall be punished with imprisonment up to three years imprisonment or a
fine of up to three lakhs.

Further, Section 507 of IPC provides that any person who threatens anyone through anonymous communication
shall be punished with imprisonment for up to two years.

b. Cyberstalking

Browsing anyone’s internet history or online activity, and sending obscene content online with the help of any
social media, software, application, etc. to know about that particular person is called cyberstalking.

Cyberstalkers take advantage of the inconspicuousness provided by the internet. They are generally not detectable
by the victim, as it is very easy for cyberstalkers to open spam accounts just to stalk any person; once the stalker
deletes the account, his/ her identity completely vanishes.
In India, in the year 2020, the state of Uttar Pradesh witnessed the highest number of cyberstalking incidents
against women and children, with around 11 thousand registered cases.

Section 67 of the IT Act punishes cyber stalkers who send, cause to send, or publish obscene posts or content on
electronic media with imprisonment of up to three years and a fine.

Section 354D of IPC deals with stalking. But it is relevant to cyberstalking as well. Under the Section, any cyber
stalker is punishable with imprisonment up to three years and a fine.

c. Cyber defamation

Cyber defamation means injuring the other person’s reputation via the internet through social media, Emails etc.
There are two types of Cyber defamation: libel and slander.

• Libel: It refers to any defamatory statement which is in written form. For instance, writing defamatory
comments on posts, forwarding defamatory messages on social media groups, etc. are a part of cyber
defamation in the form of libel.
• Slander: It refers to any defamatory statement published in oral form. For instance, uploading videos
defaming someone on YouTube is a part of cyber defamation in the form of slander.

Punishment for Cyber defamation is provided under Section 67 of the IT Act; whoever publishes or transmits a
defamatory statement about a person shall be punished with 2 years imprisonment and a fine up to ₹25000.

d. Phishing

Phishing refers to the fraudulent practice of sending emails under the pretext of reputable companies to induce
individuals to reveal personal information, such as passwords, credit card numbers, etc., online.

Phishing refers to the impersonation of a legitimate person and fraudulently stealing someone’s data.

Through phishing attacks, cybercriminals not only exploit innocent individuals but also spoil the reputation of
well-known companies.

Section 66C of the IT Act penalizes any offender committing phishing-related activities. It provides that anyone
who fraudulently uses an electronic signature, password or any other unique identification feature of any other
person is punishable with imprisonment of up to three years and a fine of up to rupees one lakh.

e. Cyber fraud

As the name suggests, cyber fraud refers to any act of fraud committed with the use of a computer. Any person
who dishonestly uses the internet to illegal deceive people and gets personal data, communication, etc. with a
motive to make money is called a cyber fraud.
Examples of cyber fraud include sending emails containing fake invoices, sending fake emails from email
addresses similar to the official ones, etc.

There is no specification for cyber fraud. But Section 420 of IPC which deals with cheating applies to cyber
fraud also. Punishment for cyber fraud under Section 420 of IPC is imprisonment of up to seven years with a fine.

f. Cyber theft

Cyber theft is a type of cybercrime which involves the unauthorized access of personal or other information of
people by using the internet.

The main motive of the cyber criminals who commit cyber theft is to gather confidential data like passwords,
images, phone numbers, etc. and use it as leverage to demand a lumpsum amount of money.

The unauthorized transmission of copyrighted materials, trademarks, etc. over the internet is also a part of cyber
theft.

Cyber thefts are committed through various means, like hacking, email/ SMS spoofing, etc.

Yahoo!, Inc. v. Akash Arora (1999), which was one of the initial cases related to cyber theft in India. In this case,
the defendant was accused of using the trademark or domain name ‘yahooindia.com,’. The Court ordered a
permanent injunction under Order 39 Rules 1 & 2 CPC in this case.

Under the IT Act, data theft is defined under Section 43(b) as downloading, copying, or extracting any data,
computer database or information from such computer, system, or network without the permission of its
owner. Punishment for cyber theft (specifically, identity theft) is provided under Section 66C of the IT Act. The
punishment for the same is imprisonment of up to three years and/or up to Rs 2 lakh fine.

g. Spyware

Spyware is a type of malware or malicious software, when it is installed it starts accessing and computing the
other person’s device without the end user’s knowledge. The primary goal of this software is to steal credit card
numbers, passwords, One-Time Passwords (OTPs), etc.

Punishment for spyware is provided under Section 43 of the IT Act. It states that if any person damages the
computer, system, etc. of any other person without his/ her permission, he/ she shall be liable to pay damages by
way of compensation to the person so affected.

(ii) CYBER CRIMES AGAINST ORGANIZATIONS

The cyber crimes mainly targeting individuals may help cybercriminals get only a meagre amount of ransom,
depending on the financial status of the targeted individuals.
On the other hand, cyber-attacking large companies or organizations can help them get their hands on extremely
confidential data of both private and public institutions or entities.

Cyber attacks on organizations are generally launched on a large scale to get a lump sum amount of ransom.
Since such attacks drastically damage the companies’ daily operations, most companies try to resolve them as
fast as possible.

The following are the kinds of cyber crimes launched targeting organizations:

a. Attacks by virus

A computer virus is a kind of malware which connects itself to another computer program and can replicate and
expand when any person attempts to run it on their computer system.

For example, the opening of unknown attachments received from malicious emails may lead to the automatic
installation of the virus on the system in which it is opened. These viruses are extremely dangerous, as they can
steal or destroy computer data, crash computer systems, etc. The attackers program such malicious viruses to get
hold of organisations’ official or confidential data. The illegally retrieved data is then used as leverage to extort
ransom from the organisations.

There are no specific provisions as to virus attacks in India. Nevertheless, Section 383 of IPC, which deals with
extortion, is applicable to virus attacks. The Section states that whoever intentionally puts any person in fear of
any injury to him or anyone else, and dishonestly induces the person so put in fear to deliver to any property or
valuable security, or anything signed or sealed which may be converted into a valuable security, commits
‘Extortion’. The punishment for extortion under Section 384 of IPC is imprisonment for up to three years, or
fine, or both.

b. Salami attack

It is one of the tactics to steal money, which means the hacker steals the money in small amounts. The damage
done is so minor that it is unnoticed.

Generally, there are two types of Salami attacks- Salami slicing and Penny shaving. In Salami slicing, the attacker
uses an online database to obtain customer information, such as bank/credit card details. Over time, the attacker
deducts insignificant amounts from each account. These sums naturally add up to large sums of money taken
from the joint accounts invisibly.

Any person convicted of a Salami attack shall be punished under Section 66 IT Act with imprisonment up to
three years or a fine up to 5 lakhs or maybe both

c. Web Jacking

Web Jacking refers to the illegal redirection of a user’s browser from a trusted domain’s page to a fake domain
without the user’s consent.
By using the method of Web Jacking, people visiting any well-known or reliable website can be easily redirected
to bogus websites, which in turn lead to the installation of malware, leak of personal data, etc. Web jackers intend
to illegally collect confidential information of users by enticing them to click on any link which may seem genuine
at the first glance.

There are no specific provisions dealing with web jacking under any Indian law. However, it can be punished
under Section 383 of IPC, which primarily deals with extortion. The punishment for web jacking under Section
383 of IPC is imprisonment of up to three years or with a fine, or both.

d. Denial of Service Attack

Denial of Service Attack or DoS, is a cyber attack on computer devices or systems, preventing the legal users or
accessors of the system from accessing them. The attackers generally attack systems in such a manner by
trafficking the targeted system until it ultimately crashes.

DoS attacks cost millions of dollars to the corporate world, as it curbs them from using their own systems and
carrying out their activities. The attack may be also used to incorporate ransomware into corporate systems.

Cyber attackers who launch DoS in India are punishable under Section 66F of the IT Act, which deals with cyber
terrorism. As per the said Section, any person who disrupts the authorised access to a computer resource or gets
access to a computer resource through unauthorised means or causes damage to a computer network is liable for
imprisonment which may extend for life.

e. Data diddling

Data diddling is a cyber crime which involves the unauthorized alteration of data entries on a computer. It may
be done either before or during the entry of such data.

It is generally committed by way of computer virus attacks. At times, to conceal the alteration, the altered data
is changed to its original data after retrieving the required information. Usually, the strategic or statistical data of
large companies.

In India, data diddling is an offence under Section 65 of the IT Act. The said Section provides that knowingly or
intentionally concealing, destroying, altering or causing another to conceal, destroy, or alter any computer source
code used for a computer, computer programme, computer system or computer network is punishable with
imprisonment of up to three years or with fine of up to two lakhs.

(iii) CYBER CRIMES AGAINST SOCIETY AT LARGE

Apart from the cyber crimes committed targeting individuals in society, various other cyber attacks are launched
against the community at large. Such cyber crimes may be aimed either against any particular section of society
or the entire country. The following are a few types of cyber crimes against the community at large.
 a. Cyber pornography

As per Merriam-Webster Dictionary, pornography is the depiction of erotic behavior (as in pictures or writing)
intended to cause sexual excitement. Accordingly, cyber pornography refers to using the internet to display,
distribute, import, or publish pornography or obscene materials.

Under the IT Act, provisions as to cyber pornography are given under Section 67 of the IT Act. It states that
the following activities are punishable with imprisonment of up to 3 years and a fine of up to 5 lakhs:

1. Uploading pornographic content on any website, social media, etc. where third parties may access it.
2. Transmitting obscene photos to anyone through email, messaging, social media, etc.

b. Cyber terrorism

Cyber terrorism means using cyberspace to hurt the general public and damage the integrity and sovereignty of
any country.

The IT Act defines cyber terrorism under Section 66F as any acts done by a person with the intent to create a
threat to the unity, integrity, sovereignty and security of the nation or create terror in minds of people or section
of people by way of disrupting the authorised access to a computer resource or getting access to a computer
resource through unauthorised means or causing damage to a computer network.

Cyber terrorism is generally carried out in the following ways:

1. Hacking government-owned systems of the target country and getting confidential information.
2. Destructing and destroying government databases and backups by incorporating viruses or malware
into the systems.
3. Disrupting government networks of the target nation.
4. Distracting the government authorities and preventing them from focusing on matters of priority.

The punishment for cyber terrorism as provided under Section 66F of the IT Act is imprisonment of up to 3
years and/or up to Rs 2 lakh fine.

c. Cyber Espionage

According to Merriam-Webster Dictionary, espionage is “the practice of spying or using spies to obtain
information about the plans and activities especially of a foreign government or a competing company.” Similarly,
cyber espionage refers to the unauthorized accessing of sensitive data or intellectual property for economic, or
political reasons. It is also called ‘cyber spying’.
In most cases of cyber espionage, spies in the form of hackers are deliberately recruited to launch cyber attacks
on the government systems of enemy nations to stealthily collect confidential information. The cross-border
exposure of sensitive data related to any country can continue as long as it stays undetected. The information
gathered through cyber espionage is then used by the gathering country to either combat or launch military or
political attacks on the enemy country.

Generally, the following data are gathered through cyber espionage:

• Military data
• Academic research-related data
• Intellectual property
• Politically strategic data, etc.

Though cyber espionage has serious consequences, unfortunately, there are no specific provisions related to it
under any Indian law. However, cyber spies may be punished under Section 120A of IPC, which deals with
criminal conspiracy. It provides that when two or more persons agree to do, or cause to be done, –

• an illegal act, or
• an act which is not illegal by illegal means, such an agreement is designated a criminal conspiracy.

The punishment of criminal conspiracy is provided under Section 120B of IPC as a death sentence, imprisonment
for life, and rigorous imprisonment for at least 2 years.

Further, any Indian who abets cyber espionage against India can be also punished under Section 121 of IPC,
which deals with waging, attempting, or abetting waging war against the Government of India. The punishment
prescribed for the same is the death sentence, imprisonment for life, and a fine.

2. ELECTRONIC CONTRACTS

While all the digital paraphernalia makes daily tasks a piece of cake, it also imposes a formal legal obligation
known as E-Contracts.
Section 2(h), of the Indian Contract Act, 1872, tells us that the term ‘contract’ is an agreement that is
enforceable under the law. Interestingly, in the case of an E-Contract, the essence of Section 2(h) is still sustained
by only tweaking the mode in which the Contract comes into existence.

Hence, an E-Contract is an agreement that is enforceable under the law and is in all respects drafted, negotiated,
and executed digitally. Unlike a traditional contract which is paper-based, E-Contracts are digital in their
entirety.
In an E-Contract, though there is an absence of a physical meeting of the parties, a meeting of minds is present
absolutely. The parties communicate with each other over the internet or through telephonic media.
An E-Contract is a step ahead of traditional pen-paper contracts and comes into existence through electronic and
digital mediums.

❖ Formation of e-contracts
Electronic contracts or online contracts enable transactions and agreements electronically without the parties
meeting each other. In the other words traditional contract process of offer, acceptance and agreement to
transact through electronic mode than physical mode of paper. E-Commerce to succeed such contracts need
to be validated legally an alternate mode of transaction through online using the latest technological
developments.
The main aims are:
1. Creating a secure atmosphere of transacting online with alternate mode to paper and writing.
2. Creating an electronic documentation system which will safeguard the contracting parties on par with the
traditional mode of contracts.
3. Creating statutory status and monitoring/verifying authorities for such electronic transaction.
4. Checking frauds intentional or unintentional transactions to promote and build confidence in genuine online
transactions.
5. Creating necessary legal structures to oversee such transactions.
6. Establishing standard rules and regulation for smooth functioning of online transactions.
7. Making Digital signature legally valid and incorporating the same with the existing legal regime of
contracts, sale of goods, evidence and consumer acts.

❖ What is the legal validity of an e-contract

Section 10 of the Indian Contract Act, 1872 provides the crucial pre-requisites for a Contract to be legally valid.
It is mandatory that a Contract satisfies the essentials specified in Section 10 of the Contracts Act, i.e.,

1. Offer

2. Acceptance to Offer

3. Consensus ad Idem

4. Lawful Consideration

Like traditional contracts, electronic contracts should also possess the said elements

“Section 10-A of the Information Technology Act, 2000: Validity of contracts formed through electronic means.
– Where in a contract formation, the communication of proposals, the acceptance of proposals, the revocation of
proposals and acceptances, as the case may be, are expressed in electronic form or by means of an electronic
record, such contract shall not be deemed to be unenforceable solely on the ground that such electronic form or
means was used for that purpose.”
❖ Types of e-contracts
E-contracts are specific to the nature of the business. There are various types of E-Contracts executed
depending on the structure of the business. The amalgamation of the conventional contracts with the proficiency
of technology constitutes an E-Contract. Below are a few of the most common types of E-Contracts:

1. Shrink Wrap Agreements

2. Clickwrap Agreements

3. Browse Wrap Agreements

4. Scroll Wrap Agreements

5. Sign-In Wrap Agreements

1. Shrink Wrap Agreements

Shrink Wrap agreements are the End User License Agreements (EULA) or Terms and Conditions, which are
packaged with the products. The technique of enclosing the product in a plastic wrap is called Shrink Wrap
which declares that the customer purchasing it is bound by the EULA.

Usage of the product is deemed acceptance by the user. Interestingly, the acceptance is by default once the
product is purchased along with the packaging being ripped and utilized. An example of Shrink Wrap
Agreements is Software Drives.

2.Clickwrap Agreements

Clickwrap agreements are a form of agreement used for software licensing, websites, and other electronic media.
When the user logs in to a website the terms and conditions or the privacy policies of the website are to be accepted
by the user as legal consent. Though the user is intimated in this method about the existence of certain terms and
conditions and is required to accept the same, there is no power of negotiation.

The user clicks “I Agree” to be bound by the legal obligations. Some prominent examples of Click Wrap
agreements are Amazon, Flipkart, and Make My Trip.

3. Browse Wrap Agreements

Browse Wrap Agreements are online contract or license agreements commonly used in website notices or mobile
applications. The terms and conditions are provided in a ‘Hyperlink’ in some part of the website which is not
beforehand intimated to the user.
There is no procedure to assent or reject the Terms and Conditions. At the onset, when the user is aware of such
terms they can scroll down and double click on the terms and conditions to have a complete view of the same.

4.Scroll Wrap Agreements

The Scroll Wrap Agreements require the user to scroll down the License Agreements, implying that it has been
read by the user by scrolling down through the terms and conditions before they can give their assent or rejection.

5.Sign-In Wrap Agreements

The Sign-In Wrap agreement is a kind of E-Contract in which once the end-user has signed into an online service
or signs in to use a product the acceptance is acquired.

6.Electronic Signatures

In the world of Electronic Contracts, the ancillary feature that has gained tremendous prominence is the Digital
signature or the Electronic Signature. The degree of acceptance of a Digital Signature is at varying levels across
the globe, so it is essential to ensure the validity of E- Signature ahead of execution of any International Contract
digitally.

The rendering of the signature which is done by the click of a button or through checking a box digitally is called
an electronic signature.

Electronic signatures are proffered digitally, which is, unconventional in comparison to the traditional Wet
Signature.

Information Technology Act, 2000 recognizes the legal validity of a Digital Signature Certificate (DSC) under
Indian Law.

3. E-GOVERNANCE
Electronic governance or e-governance is the application of information technology for delivering government
services, exchange of information, communication transactions, integration of various stand-alone systems
between government to citizen (G2C), government-to-business (G2B), government-to-government (G2G),
government-to-employees (G2E) as well as back-office processes and interactions within the entire governance
framework.

E-governance, or electronic governance, has become an integral part of modern governance systems, leveraging
digital technologies to enhance government operations and interactions with various urban stakeholders.
❖ E-Governance Models

There are essentially four types of e-governance –

(i) G2C (Government to Citizens),
(ii) G2B (Government to Business),
(iii) G2E (Government to employees) and
(iv) G2G (Government to Government),
that represent different dimensions of digital interactions and services within the broader scope of e-
governance.

(i) G2C (Government to Citizens)

G2C e-governance refers to the digital interactions and services provided by the government to citizens. It
involves the use of digital platforms and technologies to deliver public services, information, and benefits directly
to individuals. Examples include online portals for accessing government services, applying for documents like
passports or driver's licenses, paying taxes online, accessing public information, and participating in online
consultations. G2C e-governance aims to make government services more accessible, convenient, and citizen-
centric, empowering individuals to engage with government and access services from anywhere at any time.
This enables citizens to benefit from the efficient delivery of a large range of public services.
Expands the accessibility and availability of government services and also improves the quality of services
The primary aim is to make the government citizen-friendly.
(ii) G2B (Government to Business)
G2B e-governance focuses on the digital interactions between the government and businesses. It involves
providing online platforms and services that facilitate business registration, licensing, permits, tax filing,
procurement processes, and other government-business interactions. G2B e-governance aims to simplify
administrative procedures, reduce red tape, and improve the ease of doing business. By digitizing business-
government interactions, G2B e-governance enables faster processing times, increased transparency, and
improved efficiency in business-related transactions and regulatory compliance.
It enables the business community to interact with the government by using e-governance tools.
The objective is to cut red-tapism which will save time and reduce operational costs. This will also create a
more transparent business environment when dealing with the government.
The G2B initiatives help in services such as licensing, procurement, permits and revenue collection.
(iii) G2E (Government to employees)
G2E e-governance refers to the use of digital technologies to manage and streamline internal government
operations and interactions with employees. It involves digital platforms and systems that facilitate employee
recruitment, performance management, training programs, payroll management, leave applications, and
communication within government organizations. G2E e-governance aims to enhance the efficiency, productivity,
and engagement of government employees by providing them with user-friendly and efficient digital tools for
managing their work-related processes and accessing relevant information.
This kind of interaction is between the government and its employees.
ICT tools help in making these interactions fast and efficient and thus increases the satisfaction levels of
employees.
 (iv) G2G (Government to Government)
G2G e-governance focuses on the digital interactions and exchange of information between different government
agencies or departments. It involves the sharing of data, resources, and services between government entities to
improve coordination, collaboration, and efficiency in governance. G2G e-governance includes electronic data
exchanges, interdepartmental communication systems, shared databases, and collaborative platforms that
facilitate information sharing, policy coordination, and joint decision-making among government organizations.
G2G e-governance aims to break down silos, promote interagency cooperation, and streamline government
processes by leveraging digital technologies.
Enables seamless interaction between various government entities.
This kind of interaction can be between various departments and agencies within government or between
two governments like the union and state governments or between state governments.
The primary aim is to increase efficiency, performance and output.

4. E-COMMERCE

E-commerce (electronic commerce) is the buying and selling of goods and services, or the transmitting of funds
or data, over an electronic network, primarily the internet.
These e-commerce transactions typically fall within four types: business-to-business (B2B), business-to-
consumer (B2C), consumer-to-consumer(C2C) or consumer-to-business(C2B).
The terms e-commerce and e-business are often used interchangeably. The term e-tail is also sometimes used in
reference to the transactional processes that make up online retail shopping.
E-commerce is powered by the internet. Customers use their own devices to access online stores. They can browse
products and services those stores offer and place orders.

As an order is placed, the customer's web browser communicates back and forth with the server hosting the e-
commerce website. Data pertaining to the order is relayed to a central computer known as the order manager. The
data is then forwarded to databases that manage inventory levels; a merchant system that manages payment
information using payment processing applications, such as PayPal; and a bank computer. Finally, it circles back
to the order manager. This ensures store inventory and customer funds are sufficient for the order to be processed.

After the order is validated, the order manager notifies the store's web server. It displays a message notifying the
customer that their order has been processed. The order manager then sends order data to the warehouse or
fulfillment department, letting it know the product or service can be dispatched to the customer. At this point,
tangible and digital products are sent to the customer, or access to a service is granted.

Platforms that host e-commerce transactions include online marketplaces that sellers sign up for, such as Amazon;
software as a service (SaaS) tools that let customers rent online store infrastructures; and open source tools that
companies manage using their in-house developers.
As an order is placed, the customer's web browser communicates back and forth with the server hosting the e-
commerce website. Data pertaining to the order is relayed to a central computer known as the order manager. The
data is then forwarded to databases that manage inventory levels; a merchant system that manages payment
information using payment processing applications, such as PayPal; and a bank computer. Finally, it circles back
to the order manager. This ensures store inventory and customer funds are sufficient for the order to be processed.

After the order is validated, the order manager notifies the store's web server. It displays a message notifying the
customer that their order has been processed. The order manager then sends order data to the warehouse or
fulfillment department, letting it know the product or service can be dispatched to the customer. At this point,
tangible and digital products are sent to the customer, or access to a service is granted.

Platforms that host e-commerce transactions include online marketplaces that sellers sign up for, such as Amazon;
software as a service (SaaS) tools that let customers rent online store infrastructures; and open source tools that
companies manage using their in-house developers.

❖ Advantages of e-commerce
The benefits of e-commerce include its availability, accessibility, speed of access, selection of goods and services
and international reach.

• Around-the-clock availability. Aside from outages and scheduled maintenance, e-commerce sites
are available 24/7, enabling visitors to browse and shop at any time. Brick-and-mortar businesses tend
to open for a fixed number of hours and even close entirely on certain days.

• Speed of access. While shoppers in a physical store can be slowed by crowds, e-commerce sites run
quickly, depending on compute and bandwidth considerations of both the consumer device and the e-
commerce site. Product, shopping cart and checkout pages load in a few seconds or less. A typical e-
commerce transaction requires a few clicks and takes less than five minutes.

• Wide selection. Amazon's first slogan was "Earth's Biggest Bookstore." It could make this claim
because it was an e-commerce site and not a physical store that had to stock each book on its shelves.
E-commerce enables brands to make an array of products available, which are then shipped from a
warehouse or various warehouses after a purchase is made. Customers are likely to have more success
finding what they want.

• Easy accessibility. Customers shopping in a physical store might have difficulty locating a particular
product. Website visitors can browse product category pages in real time and use the site's search
feature to find the product quickly.
 • International reach. Brick-and-mortar businesses sell to customers who physically visit their stores.
With e-commerce, businesses can sell to anyone who can access the web. E-commerce has the
potential to extend a business's customer base.

• Lower cost. Pure play e-commerce businesses avoid the costs of running physical stores, such as rent,
inventory and cashiers. They might incur shipping and warehouse costs, however.

• Personalization and product recommendations. E-commerce sites can track a visitor's browsing,
search and purchase histories. They can use this data to present personalized product recommendations
and obtain insights about target markets. Examples of how such insights are used include the sections
of Amazon product pages labeled "Frequently bought together" and "Customers who viewed this item
also viewed."
❖ Disadvantages of e-commerce
The perceived disadvantages of e-commerce include sometimes limited customer service, consumers not being
able to see or touch a product prior to purchase and the wait time for product shipping. Security issues can also
be a problem.

• Limited customer service. If customers have a question or issue in a physical store, they talk to a
clerk, cashier or store manager for help. In an e-commerce store, customer service can be limited. The
site might only provide support during certain hours and its online service options might be difficult
to navigate or not able to answer specific questions.

• Limited product experience. Viewing images on a webpage can provide a good sense of a product,
but it's different from experiencing the product directly, such as playing a guitar, assessing the picture
quality of a television or trying on a shirt or dress. E-commerce consumers can end up buying products
that differ from their expectations and have to be returned. In some cases, the customer must pay to
ship a returned item back to the retailer. Augmented reality is expected to improve customers' ability
to examine and test e-commerce products.

• Wait time. In a store, customers pay for a product and go home with it. With e-commerce, customers
must wait for the product to be shipped to them. Although shipping windows are decreasing as next-
day and even same-day delivery becomes common, it's not instantaneous.

• Security. Skilled hackers can create authentic-looking websites that claim to sell well-known
products. Instead, the site sends customers fake or imitation versions of those products -- or simply
steals credit card information. Legitimate e-commerce sites also carry risk, especially when customers
store their credit card information with the retailer to make future purchases easier. If the retailer's site
is hacked, threat actors may steal that credit card information. A data breach can damage a retailer's
reputation