Security and Payment in E-Business is a prime focus of any organisation engaged in e-business. This presentation helps you to improve your knowledge about online payments and online security
2. UNIT 3: E-Business Security & Payment
➢E-Business security, characteristics,
➢Security threats Client server, Web server threats, communication threats
➢Implementing E-Business security, protecting client computer
➢Cryptography, Decryption, SSL protocol, firewall
➢Electronic payment, types of electronic payment, credit card payment
➢Debit card payment, smart card, Net banking, digital wallet, Mobile
payment, digital cash, digital cheque,
➢Payment gateway
➢Case study
3. E-Business Security
E- Business security refers to the principles which guide safe electronic
transactions, allowing the buying and selling of goods and services through
the Internet, but with protocols in place to provide safety for those
involved.
4. Features of E-Business Security
Authentication
Authorisation
Encryption
Auditing
Integrity
Availability
Non-repudiability
5. Authentication
There should be a mechanism to authenticate a user before giving
him/her an access to the required information.
11. Non-repudiability
It is the protection against the denial of order or denial of payment.
Once a sender sends a message, the sender should not be able to
deny sending the message. Similarly, the recipient of message should
not be able to deny the receipt.
12. Security Threats
Security Threats have become very common these days
as the data used in the network has become so vital for
businesses.
Types of Threats
Client threats
Server threats
Communication channel threats
13. Client Threats
Active content: The content which is active in webpages. It is
transparent and visible to everyone.
Malicious codes: Viruses, worms and Trojans
Server side masquerading: A passive attack on client by
misrepresenting the server.
Hacking: Gaining of unauthorized access to data in a system or
computer.
14. Server Threats
Webserver Threats : Possible threats through HTTP
Commerce Server Threats : Threats through HTTP and
CGI
Database Threats: Unauthorized access could damage
data
Common Gateway Interface Threats: Defective or
malicious CGI pose threats
Password Hacking
15. Communication Channel Threats
Confidentiality threats: Breach of confidentiality through
unauthorized means
Integrity Threats: Unauthorized altering the message stream of
information in a webpage.
Availability Threats: Delay or denial of service to a user.
16. Implementing E-Business Security
Security requirement specification: Determining the security
requirements.
Security policy specification: Defining the security policy
Security infrastructure specification: Determining the software
and hardware
Security testing: Conducting a test run
Requirement validation: Validating security
17. Protecting Client Computer
Use strong passwords
Install and update antivirus
Use a firewall
Manage e-mails safely
Use safe internet browser
Back up your data
Delete the unwanted and temporary files
18. Encryption
Conversion of data into a form called a cipher text that
cannot be easily understood by unauthorised people.
It is the translation of data into access code.
Example: Cleartext: A P P L E
Ciphertext: E T T P I
It is two types
1) Secret key or symmetrical encryption
2) Public key or asymmetrical encryption
19. Secret Key Encryption
Same secret key is used to encrypt and decrypt the
message.
Shared key is used to encrypt and decrypt
Cleartext: A P P L E
Key: 4 4 4 4 4
Ciphertext: E T T P I
20.
21. Public Key Encryption
A form of cryptography in which the key used to
encrypt a message differs from the key used to decrypt
it.
In public key cryptography, a user has a pair of
cryptographic keys—a public key and a private key.
The private key is kept secret, while the public key may
be widely distributed.
22.
23. Decryption
Decryption is generally the reverse process of
encryption. It is the process of decoding the data
which has been encrypted into a secret format.
An authorized user can only decrypt data because
decryption requires a secret key or password.
24. SSL Protocol
SSL (Secure Sockets Layer) is a standard security
protocol for establishing encrypted links between a
web server and a browser in an online communication.
The usage of SSL technology ensures that all data
transmitted between the web server and browser
remains encrypted.
SSL was first developed by Netscape in 1994 and
became an internet standard in 1996.
SSL is a cryptographic protocol to secure network
25. Secure Socket Layer
SSL is a secure protocol which runs above
TCP/IP and allows users to encrypt data and
authenticate servers/vendors identity securely
Application
layer
Transport
layer
TCP/IP layer
SMTPS
FTPS
HTTPS
SECURE SOCKET LAYER
26. Functions of SSL
SSL uses TCP/IP on behalf of the higher-level protocols.
Allows an SSL-enabled server to authenticate itself to an SSL-enabled
client;
Allows the client to authenticate itself to the server;
Allows both machines to establish an encrypted connection.
Use public key encryption techniques to generate shared secret
27. Mechanism of SSL
The SSL protocol uses public key cryptography for
Internet Security. Public key encryption uses a pair of
asymmetric keys for encryption and decryption.
Each pair of keys consists of a public key and a private
key. The public key is made public by distributing it
widely; the private key is always kept secret.
Data encrypted with the public key can be decrypted
only with the private key, and vice versa.
28. Firewalls
Software or hardware and software combination installed on a network to
control packet traffic
Provides a defense between the network to be protected and the Internet,
or other network that could pose a threat
29. Characteristics
All traffic from inside to outside and from outside to inside the network must pass
through the firewall
Only authorized traffic is allowed to pass
Firewall itself is immune to penetration
30. Types of Firewalls
Packet-filter firewalls
Examine data flowing back and forth between a trusted network and the Internet
Gateway servers
Firewalls that filter traffic based on the application requested
Proxy server firewalls
Firewalls that communicate with the Internet on the private network’s behalf
31. Electronic Payment System
An electronic payment system is a way of making transactions or
paying for goods and services electronically without using cash or
checks. In order to accept funding and meet customer needs,
companies are accepting payments in many more forms than cash or
checks.
32. Types of Electronic Payment Channels/
Methods
Credit card
Debit card
Net banking
Smart card
Mobile payment
Digital wallet
E-cash
Digital cash
33. Credit Card
A credit card is a plastic card issued by a financial institution that
allows its user to borrow pre-approved funds at the point of sale in
order to complete a purchase.
A credit card comes with magnetic strip or chip, which helps to
authenticate the online payments.
The important players in credit system are customer, seller, issuer
bank, acquirer bank and card brand.
36. Terms used in Credit card payment
Customer: Holder of credit card
Merchant: The seller of a product
Acquirer: The seller’s bank
Issuer: The customers bank
Payment gateway: Facilitator
37.
38. Credit Card Payment Process
Step 1: The customer pays with credit card: The customer
purchases goods/services from a retailer.
Step 2: The payment is authenticated: The retailer point-of-
sale system captures the customer’s account information and
securely sends it to the acquirer.
Step 3: The transaction is submitted: The retailer acquirer
asks card brand to get an authorisation from the customer’s
issuing bank.
Step 4: Authorisation is requested: Card brand submits the
transaction to the issuer for authorisation.
Step 5: Authorisation response: The issuing bank authorises
the transaction and routes the response back to the retailer.
Step 6: Retailer payment: The issuing bank routes the
payment to the retailer’s acquirer who deposits the payment
into the retailer’s account
39. Advantages
You can make a large purchase now and pay it off in smaller chunks.
Your credit card statement makes budgeting easier.
It’s easier than carrying around a wad of cash
40. Disadvantages
Interest rates can make even a small debt seem larger over time.
Risk of access to personal information by third party.
41. Debit Card
Debit card is a payment card that deducts money directly from a
consumer’s checking account to pay for a purchase.
Debit cards eliminate the need to carry cash or physical checks to make
purchases.
The important players in credit system are customer, seller, issuer bank,
acquirer bank and card brand.
42. Terms used in Debit card payment
Customer: Holder of credit card
Merchant: The seller of a product
Acquirer: The seller’s bank
Issuer: The customers bank
Payment gateway: Facilitator
43.
44. Debit Card Payment Process
Step 1: Bank issues debit card to the customer
Step 2: The customer pays with debit card: The customer purchases
goods/services from a retailer.
Step 3: The payment is authenticated: The retailer point-of-sale
system captures the customer’s account information and securely sends
it to the acquirer.
Step 4: The transaction is submitted: The retailer acquirer asks card
brand to get an authorisation from the customer’s issuing bank.
Step 5: Authorisation is requested: Card brand submits the
transaction to the issuer for authorisation.
Step 6: Retailer payment: The issuing bank routes the payment to the
retailer’s acquirer who deposits the payment into the retailer’s account
47. Net banking
o It offers easy and instant access for making financial transactions from any
device (e.g PC, Labtop, Mobile phone) connected to the Internet.
o It also has 24 hour availability
o In the past time, you have to visit the bank and required to wait to request
a financial transaction or statement.
48. Net Banking Payment Process
Step 1: Making an order with seller
Step 2: Selecting the option to pay through net banking
Step 3: Login into the account with username and password
Step 4: Making the payment and confirming the same
Step 5: Transfer of funds to the account of seller.
49. Advantages
1. Easy to make payment to the seller as most of them accept this method
2. Avoids the risk of carrying a card.
51. Digital Wallet
A digital wallet refers to an electronic device that allows an individual to
make electronic transactions. This can include purchasing items on-line
with a computer or using a smartphone to purchase something at a store.
An individual's bank account can also be linked to the digital wallet. They
might also have their driver’s license, health card, loyalty card(s) and other
ID documents stored on the phone.
52. Digital Wallet Payment Process
Step 1: Download the application
Step 2: Deposit the amount from the bank account
Step 3: Make an order for products or services with seller
Step 4: Select the digital wallet and enter the credentials.
Step 5: Make the payment
55. Mobile Payment
It is a system where payments are made online with the help of mobile
devices.
Mobile payments, also known as “m-payment”, “mobile money” and
“mobile wallet”, are transactions made or received with mobile devices.
Simply put, you might use mobile pay in place of cash, check, or credit
cards.
56. Mobile Payment Systems
Mobile applications
Mobile wallets
Point of sale payment
Mobile card reader
57.
58. Smart Card
A smart card, typically a type of chip card, is a plastic card
that contains an embedded computer chip–either a
memory or microprocessor type–that stores and transacts
data.
This data is usually associated with either value,
information, or both and is stored and processed within
the card's chip. .
Smart cards can provide identification, authentication,
data storage and application processing.
61. E-cash
An anonymous electronic cash system; equivalent to "cash" or "printed
bank notes" except that it is transferred through networks with bits of
information
The way e-cash works is similar to that of electronic fund transfers done
between banks. The user first must have an e-cash software program and
an e-cash bank account from which e-cash can be withdrawn or deposited.
62. Digital Cheque
e-Cheque is the electronic counterpart of paper cheque, and is issued and
presented in digital form. The totally electronic operation process brings
you the following key benefits:
Added convenience
Better security
Increased flexibility
63.
64. Payment Gateway
A payment gateway is a merchant service provided by an e-commerce
application service provider that authorizes credit card or direct payments
processing for e-businesses, online retailers, bricks and clicks, or
traditional brick and mortar
66. RuPay
RuPay is an Indian domestic card scheme conceived and launched by the
National Payments Corporation of India (NPCI). It was created to fulfill
the Reserve Bank of India's desire to have a domestic, open loop, and
multilateral system of payments in India.
67. PayPal
PayPal Holdings, Inc. is an American company operating a worldwide
online payments system that supports online money transfers and serves
as an electronic alternative to traditional paper methods like checks and
money orders.
68. Questions
Section A
1) What is security in e-business?
2) What is a security threat?
3) What is phishing?
4) What do you mean by credit card?
5) Give the meaning of net banking.
6) What is a smart card?
7) What is encryption?
8) What is cryptography?
9) What is a payment gateway?
10) What is digital cheque?
69. Section B
1) Explain the components of security system.
2) Discuss about payment process of digital wallet.
3) Write a note on mobile payment
4) How a credit card is different from debit card?
5) Explain about payment gateways
6) How to protect client computer?
7) Explain the types of encryption.
8) Write a note on SSL protocol
70. Section C
1. Elaborate the process of credit card payment.
2. Discuss in detail the components of security in E-
Business.
3. Explore the method of making online payment
through net banking.