lOMoARcPSD|21264036

CAB notes

Bachelor of commerce (bcom) (University of Calicut)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Dheeraj S (dheerajs6238@gmail.com)
 lOMoARcPSD|21264036

MODULE 5
SECURITY THREATS IN INTERNET AND E-COMMERCE.
1.computer virus
A computer virus is a kind of malicious computer program, which when executed,
replicates itself and inserts its own code. When the replication is done, this code
infects the other files and program present on your system.
These computer viruses are present in various types and each of them can infect a
device in a different manner.
2.computer worm
A computer worm is a subset of the Trojan horse malware that can propagate or
self-replicate from one computer to another without human activation after
breaching a system. Typically, a worm spreads across a network through your
Internet or LAN (Local Area Network) connection.

3.Trojan horse

(In Greek mythology) a hollow wooden statue of a horse in which the Greeks are
said to have concealed themselves in order to enter the city of Troy. A Trojan
horse or Trojan is a type of malware that is often disguised as legitimate software.
Trojans can be employed by cyber-thieves and hackers trying to gain access to
users' systems. Users are typically tricked by some form of social engineering into
loading and executing Trojans on their systems.

4.Phishing

Phishing is a cybercrime in which a target or targets are contacted by email,

telephone or text message by someone posing as a legitimate institution to lure
individuals into providing sensitive data such as personally identifiable
information, banking and credit card details, and passwords.

5.Hacking

Hacking is the process of gaining unauthorized access into a computer system, or

group of computer systems. This is done through cracking of passwords and codes
which gives access to the systems. Cracking is the term which specifies the method
by which the password or code is obtained. The person who undertakes hacking is
known as the hacker. The hacking can be done on single systems, a group of

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

systems, an entire LAN network, a website or a social media site or an email

account. The access to a password is obtained by the hacker through password
cracking algorithms programs.
It goes without saying that most of the individuals, as well as business associations,
use computers and laptops for all their daily needs. Especially for organizations (of
any form), it is essential to have a computer network, domain or website, Wide
Area Network (WAN) for a seamless flow of information and business
applications. Consequently, these networks are under a high-risk exposure to the
outside world of hacking and hackers.
1. Black Hat Hackers: These types of hackers, often known as crackers and
always have a malicious motive and gain illegal access to computer networks
and websites. Their goal is to make money by stealing secret organizational
data, stealing funds from online bank accounts, violating privacy rights to
benefit criminal organizations, and so on. In today’s world, the majority of
hackers fall into this category and conduct their business in a murky manner.
Black hat hackers are nefarious individuals who aim to utilize their technical
expertise to exploit and harm others. They usually have the expertise and
training to get into computer networks without the consent of the owners,
attack security holes, and circumvent security procedures. With the malevolent
goal of gaining unauthorized access to networks and systems, they attack to
steal data, spread malware causing damage to systems.
2. White Hat Hackers/Ethical Hackers: White hat hackers (sometimes referred to
as ethical hackers) are the polar opposites of black hat hackers. They employ
their technical expertise to defend the planet against malicious hackers. White
hats are employed by businesses and government agencies as data security
analysts, researchers, security specialists, etc. White hat hackers, with the
permission of the system owner and with good motives, use the same hacking
tactics that the black hackers use. They can work as contractors, freelancers,
or in-house for the companies. They assist their customers in resolving
security flaws before they are exploited by criminal hackers

Types of Hacking

We can segregate hacking into different categories, based on what is being hacked.
Here is a set of examples −
• Website Hacking − Hacking a website means taking unauthorized control
over a web server and its associated software such as databases and other
interfaces.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

• Network Hacking − Hacking a network means gathering information about a

network by using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc.
with the intent to harm the network system and hamper its operation.
• Email Hacking − It includes getting unauthorized access on an Email
account and using it without taking the consent of its owner.
• Ethical Hacking − Ethical hacking involves finding weaknesses in a
computer or network system for testing purpose and finally getting them
fixed.
• Password Hacking − This is the process of recovering secret passwords from
data that has been stored in or transmitted by a computer system.
• Computer Hacking − This is the process of stealing computer ID and
password by applying hacking methods and getting unauthorized access to a
computer system.

6.Spyware
• Spyware is loosely defined as malicious software designed to enter your
computer device, gather data about you, and forward it to a third-party
without your consent. Spyware can also refer to legitimate software that
monitors your data for commercial purposes like advertising. However,
malicious spyware is explicitly used to profit from stolen data.
• Whether legitimate or based in fraud, spyware’s surveillance activity leaves
you open to data breaches and misuse of your private data. Spyware also
affects network and device performance, slowing down daily user activities.

7.Malware
Malware is intrusive software that is designed to damage and destroy
computers and computer systems. Malware is a contraction for “malicious
software.” Examples of common malware includes viruses, worms, Trojan
viruses, spyware, adware, and ransomware.

8.Spam

Spam is any kind of unwanted, unsolicited digital communication that gets

sent out in bulk. Often spam is sent via email, but it can also be distributed
via text messages, phone calls, or social media.

9.INTERNET HOAX

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

The traditional definition of a hoax is “an act meant to trick or deceive.”

(Merriam-Webster.com). But the process of being “hoaxed” can often involve so
much more. The hoax definition can range from virus warnings to email hoaxes
meant to solicit money or information, to a hoax website that masquerades as a
legitimate business.Hoaxes often follow a distinctive pattern in their appeals to the
public for donations or offers of free money. And the hoaxes can range from an
appeal to the natural inclination to be greedy or to the charitable impulse when
confronted with a heartbreaking or pitiable situation. Often the scam involves
donations for a sick child or the victim of a natural disaster. Or it may be the offer
of a quick money scheme.

SECURITY MEASURES

1.Antivirus Program

Software that is created specifically to help detect, prevent and remove malware
(malicious software).Antivirus is a kind of software used to prevent, scan, detect
and delete viruses from a computer. Once installed, most antivirus software runs
automatically in the background to provide real-time protection against virus
attacks.Comprehensive virus protection programs help protect your files and
hardware from malware such as worms, Trojan horses and spyware, and may also
offer additional protection such as customizable firewalls and website blocking.

2.Firewalls

A firewall is a computer network security system that restricts internet traffic in to,
out of, or within a private network.This software or dedicated hardware-software
unit functions by selectively blocking or allowing data packets. It is typically
intended to help prevent malicious activity and to prevent anyone—inside or
outside a private network—from engaging in unauthorized web activities.Firewalls
can be viewed as gated borders or gateways that manage the travel of permitted
and prohibited web activity in a private network. The term comes from the concept
of physical walls being barriers to slow the spread of fire until emergency services
can extinguish it.

3.Encryption

Encryption is a way of scrambling data so that only authorized parties can

understand the information. In technical terms, it is the process of converting
human-readable plaintext to incomprehensible text, also known as ciphertext. In
simpler terms, encryption takes readable data and alters it so that it appears

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

random. Encryption requires the use of a cryptographic key: a set of mathematical

values that both the sender and the recipient of an encrypted message agree on.

Cryptography

Cryptography is technique of securing information and communications through

use of codes so that only those person for whom the information is intended can
understand it and process it. Thus preventing unauthorized access to information.
The prefix “crypt” means “hidden” and suffix graphy means “writing”.
In Cryptography the techniques which are use to protect information are obtained
from mathematical concepts and a set of rule based calculations known as
algorithms to convert messages in ways that make it hard to decode it. These
algorithms are used for cryptographic key generation, digital signing, verification
to protect data privacy, web browsing on internet and to protect confidential
transactions such as credit card and debit card transactions.
Techniques used For Cryptography:
In today’s age of computers cryptography is often associated with the process
where an ordinary plain text is converted to cipher text which is the text made
such that intended receiver of the text can only decode it and hence this process is
known as encryption. The process of conversion of cipher text to plain text this is
known as decryption.
Types Of Cryptography:
In general there are three types Of cryptography:
1. Symmetric Key Cryptography:
It is an encryption system where the sender and receiver of message use a
single common key to encrypt and decrypt messages. Symmetric Key Systems
are faster and simpler but the problem is that sender and receiver have to
somehow exchange key in a secure manner. The most popular symmetric key
cryptography system is Data Encryption System(DES).
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length
is calculated as per the plain text which makes it impossible for contents of
plain text to be recovered. Many operating systems use hash functions to
encrypt passwords.
3. Asymmetric Key Cryptography:
Under this system a pair of keys is used to encrypt and decrypt information. A
public key is used for encryption and a private key is used for decryption.
Public key and Private Key are different. Even if the public key is known by

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

everyone the intended receiver can only decode it because he alone knows the
private key.

4.SSL(Secure Socket Layer)

Secure Sockets Layer, a computing protocol that ensures the security of data sent
via the internet by using encryption.SSL provides security to the data that is
transferred between web browser and server. SSL encrypts the link between a
web server and a browser which ensures that all data passed between them
remain private and free from attack.

5.SET(Secure electronic transaction)

Secure electronic transaction (SET) was an early communications protocol used

by e-commerce websites to secure electronic debit and credit card payments.
Secure electronic transaction was used to facilitate the secure transmission of
consumer card information via electronic portals on the internet. Secure electronic
transaction protocols were responsible for blocking out the personal details of card
information, thus preventing merchants, hackers, and electronic thieves from
accessing consumer information.

6.BIOMETRICS

Biometrics is measure of biological or behavioral features which are used for

identification of individuals. Most of these features are inherit and cannot be
guessed or stolen. It is a system that takes an individual’s physiological,
behavioral or both traits as input, analyzes it and identifies the individual as
legitimate or malicious user.
TYPES OF BIOMETRICS

• Fingerprint: Fingerprints are unique for every individual. They can be

measured in several ways. Minutiae-based measurement uses graphs to match
ridges whereas image-based measurement finds similarities between the
individuals’ fingertips image and fingerprint images present in the database. It
has high level of security and used both for identification and verification.
However, due to old age or diseases/injury, fingerprint may get altered.
Common usage: in mobiles for verification, in offices for identification.
• Facial Recognition: Features of the face like distance between nose, mouth,
ears, length of face, skin color, are used for verification and identification.
Accuracy can be affected by fog, sunglasses, aging, etc.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

• Iris and Retina:Patterns found in the eye are unique and can be used for both
identification and recognition. Devices to analyze retina are expensive and
hence it is less common. Diseases like cataract may alter iris patterns
• Voice Recognition: The pitch, voice modulation, and tone, among other
things are measured. Security is medium, due to the similarity in voice of
people, hence used mostly for verification. The accuracy can be hindered due
to the presence of noise, or due to aging or illness.
• DNA: DNA is unique and persistent throughout lifetime. Thus security is high
and can be used for both identification and verification
• Signature: Signature is one of the most commonly used biometrics. They
are used to verify checks by matching the signature of the check against the
signature present in the database. Signature tablets and special pens are
used to compare the signatures. Duration required to write the signature
can also be used to increase accuracy. Signatures are mostly used for
verification.
• Keystroke Dynamics: This technique measures the behavior of a person
when typing on a keyboard. Some of the characteristics take into account
are:
• Typing speed.
• Frequency of errors
• Duration of key depressions

7.DIGITAL SIGNATURES

A digital signature is a mathematical technique used to validate the authenticity

and integrity of a message, software or digital document. It's the digital equivalent
of a handwritten signature or stamped seal, but it offers far more inherent security.
A digital signature is intended to solve the problem of tampering and
impersonation in digital communications.Digital signatures can provide evidence
of origin, identity and status of electronic documents, transactions or digital
messages. Signers can also use them to acknowledge informed consent.

8.DIGITAL CERTIFICATES

A digital certificate is a file or electronic password that proves the authenticity of a

device, server, or user through the use of cryptography and the public key
infrastructure (PKI). Digital certificate authentication helps organizations ensure
that only trusted devices and users can connect to their networks. Another common
use of digital certificates is to confirm the authenticity of a website to a web
browser, which is also known as a secure sockets layer or SSL certificate. A digital

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

certificate contains identifiable information, such as a user’s name, company, or

department and a device’s Internet Protocol (IP) address or serial number. Digital
certificates contain a copy of a public key from the certificate holder, which needs
to be matched to a corresponding private key to verify it is real. A public key
certificate is issued by certificate authorities (CAs), which sign certificates to
verify the identity of the requesting device or user.

Digital certificates can be requested by individuals, organizations, and websites. To

do so, they provide the information to be validated and a public key through a
certificate signing request. The information is validated by a publicly trusted CA,
which signs it with a key that provides a chain of trust to the certificate. This
enables the certificate to be used to prove the authenticity of a document, for client
authentication, or to provide proof of a website’s credential.

MODULE 4
E-commerce
E-commerce (electronic commerce) is the activity of electronically buying or
selling of products on online services or over the Internet. Electronic commerce
draws on technologies such as mobile commerce, electronic funds transfer, supply
chain management, Internet marketing, online transaction processing, electronic
data interchange (EDI), inventory management systems, and automated data
collection systems.

E-commerce business models can generally be categorized into the following

categories.
• Business - to - Business (B2B)
• Business - to - Consumer (B2C)
• Consumer - to - Consumer (C2C)
• Consumer - to - Business (C2B)
• Business - to - Government (B2G)
• Government - to - Business (G2B)
• Government - to - Citizen (G2C)

Business - to - Business

A website following the B2B business model sells its products to an intermediate
buyer who then sells the product to the final customer. As an example, a

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

wholesaler places an order from a company's website and after receiving the
consignment, sells the endproduct to the final customer who comes to buy the
product at one of its retail outlets.

Business - to - Consumer

A website following the B2C business model sells its products directly to a
customer. A customer can view the products shown on the website. The customer
can choose a product and order the same. The website will then send a notification
to the business organization via email and the organization will dispatch the
product/goods to the customer.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

Consumer - to - Consumer

A website following the C2C business model helps consumers to sell their assets
like residential property, cars, motorcycles, etc., or rent a room by publishing their
information on the website. Website may or may not charge the consumer for its
services. Another consumer may opt to buy the product of the first customer by
viewing the post/advertisement on the website.

Consumer - to - Business

In this model, a consumer approaches a website showing multiple business

organizations for a particular service. The consumer places an estimate of amount
he/she wants to spend for a particular service. For example, the comparison of
interest rates of personal loan/car loan provided by various banks via websites. A
business organization who fulfills the consumer's requirement within the specified
budget, approaches the customer and provides its services.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

Business - to - Government

B2G model is a variant of B2B model. Such websites are used by governments to
trade and exchange information with various business organizations. Such websites
are accredited by the government and provide a medium to businesses to submit
application forms to the government.

Government - to - Business

Governments use B2G model websites to approach business organizations. Such

websites support auctions, tenders, and application submission functionalities.

Government - to - Citizen

Governments use G2C model websites to approach citizen in general. Such

websites support auctions of vehicles, machinery, or any other material. Such
website also provides services like registration for birth, marriage or death

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

certificates. The main objective of G2C websites is to reduce the average time for
fulfilling citizen’s requests for various government services.

Various Online Payment Systems

1. Electronic Tokens
An Electronic token is a digital analog of various forms of payment backed by a
bank or financial institution. There are two types of tokens:-
1] Real Time (or Pre-paid tokens) – These are exchanged between buyer and
seller, their users pre-pay for tokens that serve as currency. Transactions are settled
with the exchange of these tokens. Eg. Digicash , Debit Cards, Electronic Purse
etc.
2] Post Paid Tokens – are used with fund transfer instructions between the buyer
and seller. Eg. Electronic Cheques, Credit card data etc.
2] Electronic or Digital Cash
This combines computerized convenience with security and privacy that improve
upon paper cash. Cash is still the dominant form of payment as : The consumer
still mistrusts the banks. The non cash transactions are inefficiently cleared. The
properties of Digital cash are :-
Must have a monetary value
It must be backed by cash [currency],bank authorized credit or a bank certified
cashier’s check
Digital cash is based on cryptographic systems called “Digital Signatures”
similar to the signatures used by banks on paper cheques to authenticate a
customer.
Maintenance of sufficient money in the account is required to back any
purchase.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

Must be interoperable or exchangeable as payment for other digital cash, paper

cash, goods or services, lines of credit, bank notes or obligations, electronic benefit
transfers and the like.
3. Electronic Cheques
The electronic cheques are modeled on paper checks, except that they are initiated
electronically. They use digital signatures for signing and endorsing and require
the use of digital certificates to authenticate the payer, the payer’s bank and bank
account. They are delivered either by direct transmission using telephone lines or
by public networks such as the Internet. Integration of the banking and the
information technology industry has benefitted the consumers in many aspects
with respect to time, cost and operational efficiency
PREPAID AND POST PAID PAYMENT SYSTEMS
Electronic payment systems are broadly classified in to prepaid and post paid
payment systems:
A] Prepaid payment systems
It provides a service that is paid prior to usage. Here the customer is allowed to
spend only up to the amount that have pre-determined into the account. This type
of payment system is highly useful to those customers who would like to control
overspending. E.g. Prepaid debit cards or prepaid creditcards. Prepaid payment
system is taken by the customer by depositing money with the credit given
company. It can be deposited in the savings account or the
current account. Once the money is deposited, the card is used as a regular credit
card. It is very effective card as it doesn’t put in to debt. Once the money is
exhausted in the account, the credit card cannot be used. There is no interest
charges related to this card.
Benefits of the pre-paid payment system
1. It is accepted at the entire merchant establishment worldwide according to the
of the credit given company.
2. It can be used to withdraw cash from the ATMs
3. Reloadable anytime anywhere
4. It can be used to withdraw cash in any international currency

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

5. It is usually backed up by personal accident insurance cover

6. Customer has the facility to get online and track spending , check balance,
change pin

Post paid Payment System

This system is like a credit card used to make incremental purchases through the
web site. As purchases are made, the accumulated debt on the post paid credit
instrument increase until a credit limit is reached, or until an arrangement has made
to settle the debt such as monthly payment. Normally all credit cards are post paid
cards. The customer gets the eligibility of spending through the income statement
and credit history produced before the credit card company. The customer gets a
credit limit and a credit period by which the customer is supposed to pay back the
money to the credit card company.
Features of Post paid payment system
Global acceptance – accepted by all the merchant establishments according to
the network set by the credit card company.
Balance transfer option – It is possible to transfer outstanding funds from one
card to other cards with low interest rates.
Revolver facility – Customer can pay only a small amount of the total
outstanding and revolve the rest for the payment o the next month.
Cash advance facility – Customer can withdraw around 30% of the credit limit
at any ATM connected to the credit card company
Teledraft – These facilities are available at the door steps of the customer
Other services – Credit card can be used for railway tickets and airline ticket
purchase
Convenience – as the customer is not required to carry cash for any purchase
Easy availability – holder can load prepaid credit cards at anytime they need.
E-Cash or Electronic cash
E-Cash or Electronic Cash is a new concept to execute cash payment using
computers connected with network. E-cash is an electronic medium for making

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

payments. The primary function of e-cash is to facilitate transactions on the

Internet. Many of these transactions may be small in size and would not be cost
efficient through other payment medium such as credit cards. Electronic money
[also known as e-currency, e-money, electronic cash, electronic currency, digital
money, digital cash or digital currency] refers to money or scrip which is
exchanged only electronically. Typically, this involves the use of computer
networks, the internet and digital stored value systems.Electronic Fund Transfer
and direct Deposit are all examples of electronic money.
E-cash is a system of purchasing cash credits in relatively small amounts, storing
the credits in our computer, and then spending them when making electronic
purchases over the Internet. The e-cash is the creation of electronicmoney or
tokens, usually by a bank, which buyers and sellers trade for goodsand services. It
consists of a token, which may be authenticated independently ofthe issuer. This is
commonly achieved through the use of self-authenticatingtokens or tamper proof
hardware. It includes credit cards, smart cards, debitcards, electronic fund transfer
etc.
An e-cash system must have the following properties:-
Digital cash must have a monetary value. It must be backed by cash
Digital cash must be exchangeable.
It should be storable and retrievable
It should not be easy to copy or tamper with while it is being exchanged
E-cash can be used for making or receiving payments between buyer and seller.
The bank’s server computer sends a secure e-cash packet to the customer effect the
network currency server of the bank is issuing a bank note with a serial number for
a specified amount. The bank uses its private key to digitally sign such a bank note.
2. Electronic Cheque
E-cheques are a mode of electronic payments. Integration of the banking and the
information technology industry has benefitted the customers in many aspects with
respect to time, cost and operational efficiency. E-cheques work the same way as
paper cheques and are a binding promise to pay. Electronic cheques are gathered
by banks and cleared through existing banking channels, such as automated
clearing houses.
The advantages of Electronic cheques are :-

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

The online merchants could receive payments instantly

Similar to traditional cheques and eliminates need for customer education
Much faster
Less chance for cheque bouncing
Cost – effective manner
3. Credit Cards
They are the convenient method of making online payment. Credit cards work
around the globe regardless of the location of country of the issuing bank. They
also handle multiple currencies through a series of clearing houses. The credit card
holders can purchase goods and services either offline or online without making
immediate payment. Payment to the merchant’s will be made by the customer’s
Bank. The credit card is a financial instrument which can be used more than once
to borrow money or buy products and services on credit. It also contains a validity
period and other important particulars. To accept a credit card for payment, we
have to open a merchant account with our bank. A merchant account allows sellers
to accept and process credit card transactions. In these transactions, the card
number and transaction details are processed with no identification of the buyer.
To implement the payments over the internet, the web merchant needs some form
of secure and encrypted line using the Secure sockets Layer [SSL] that is standard
on Netscape and Microsoft browsers. The merchant server needs an encryption key
for the purpose.
4. Smart Card
A smart card is a plastic card about the size of a credit card, with an embedded
microchip that can be loaded with data, used for telephone calling, electronic cash
payments, and other applications and then periodically refreshed for additional use.
A smart card, chip card, or integrated circuit card [ICC] is any pocket sized card
with embedded integrated circuits which can process data. The card connects to a
reader with direct physical contact or with a remote contactless radio frequency
interface. Smart card technology conforms to international standards and is
available in a variety of form factors, including plastic cards, fobs, subscriber
identification modules [SIMs] used in GSM Mobile phones and USB based tokens.
These cards can be used to purchase goods and services. Smart cards are very
useful to merchants and consumers to settle the transaction between them. Smart
card provides a lot of benefits to consumers. It helps to manage expenditures more
effectively, reduce the paper work and ability to access multiple services and the

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

Internet. A multiple application card can support services like health care, travel
and financial data access.
The benefits of smart cards for the consumer are the following:-
1. Security – unauthorized access is prevented by a lock function
2. Convenience
3. Flexibility
4. Control
5. International use
6. Interest free loan
5. Debit Cards
It is a popular method of making payment. Banks issue debit cards to their
customers who have maintained an account in the balance with sufficient credit
balance. Each time the customer makes a purchase, an equal amount of the
purchase is debited in his account. The transaction works much like a credit card
transaction. For Eg. A customer gives an ATM card to the seller for the purchase.
The merchant read the card through a transaction terminal and the customer enters
his personal identification number. Then the terminal route the transaction through
the ATM networks back to the customer’s bank for authorization against
customer’s deposit account. The funds, are approved, are transferred from the
customer’s bank to the sellers bank.
6. Electronic Purse
Electronic Purse is a card with a microchip that can be used instead of cash and
coins for everything from vending machines to public transportation. The
Electronic Purse would consist of micro- chip embedded in a credit card, debit
card, or stand alone card to store value electronically. The card would replace cash
and coins for small ticket purchases such as gasoline stations, pay phones,
road/bridge tolls, video games, school cafeterias, fast food restaurants, convenience
stores, and cash lanes at supermarkets. Cardholders can “reload” the microchip and
control the amount of value stored in the card’s memory. The Electronic Purse
provides cardholders with the security and convenience of carrying less cash and
coins, eliminating the need for exact change. Electronic purse is a term applied to a
number of formats, each with different applications. At the moment, smart card
based systems are used as a direct replacement for money that the user would have

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

in his pocket and software based systems are used for online purchases. The e-
purse is an electronic / cash less payment option for making small purchases within
the campus.
To load an electronic purse, the user must be able to operate an ATM or card
loading machine. Usually this requires the user to be able to read a visual display,
but methods for alleviating this problem have been developed. To use the
electronic purse, the user hands the card to the shop assistant who inserts the card
in a terminal and keys in the amount of the transaction. This is displayed visually
to the customer. Once again, the person must be able to read a display screen. The
customer confirms that the amount is correct, and the money is transferred from
the card to the terminal. In some systems the customer need to key in their PIN
[Personal Identification Number] before the transaction can be completed.
Security issues on Electronic Payment System
Data in computers are more liable to destruction, fraud, error and misuse. Since
payment information is so valuable its security is all the more important than other
kinds of tangible assets in the organizational context.
Security refers to the policies, procedures and technical measures and to prevent
unauthorized access, alteration, theft or physical damage to information systems.
The basic objective of information security is the protection of interests of those
involved in online business. All electronic information processing systems are
vulnerable to denial of service attacks where the attacker employs any one of a
variety of methods to prevent a client using a service a provider offers. Such
attacks can have the effect of closing down a business. Some of the attacks were as
follows:-
Development of a method of obtaining the goods or services without making the
appropriate payment
Compromise of clients’ financial details credit card number, etc, which may
result in the unauthorized transfer of funds and or political embarrassment by their
publication.
Illicit modification of the electronic goods offered by the merchant or of the
descriptions of the other goods or services on the merchant server
Other methods permitting the unauthorized transfer of funds.

Point of Sale Terminal

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

A point of sale (POS) is defined as a location where customers provide payment

for goods and services. Most points of sale take place at a point of sale terminal, a
physical machine or virtual application (often run through another device) used to
take payments from customers. Point of sale terminals can be found at most
businesses. They are used to add up the total price of the goods or services being
purchased and accept the customer's preferred payment method, either by cash,
debit, or credit.
For any goods or services, payment is required either before or after the product is
given to the customer. Point of sale terminals typically include three main
components:

• A primary computer, where a cashier or clerk scans or enters the goods or

services being purchased
• A cash register to facilitate physical monetary transactions (dollar bills and
coins)
• Other supporting software such as a chip reader for credit cards or a receipt
printer linked to the primary point of sale computer

mobile POS
A mobile POS system (mPOS) is a portable hardware and software system that
processes sales. An mPOS is nearly the same as a traditional POS system, except
that it doesn’t have to be anchored to one checkout counter.

With a mobile POS system, you can install POS software onto a tablet or
smartphone and serve customers wherever they are. Because your checkout moves
wherever you need it, your shop doesn’t even necessarily need a checkout counter.

virtual point of sale (VPOS)

A virtual point of sale (VPOS) is a system that allows a merchant to accept credit
card payments without installing any hardware or software. Instead, the merchant
logs in to the provider's website in order to process payments using the web
interface, typically by manually entering the customer's payment credentials.

USSD

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

USSD-based mobile banking can be used for fund transfers, checking account
balance, generating bank statement, among other uses. The main objective of the
innovative *99# payments service is to allow financial inclusion of the
underbanked and economically weaker sections of the society, and integrate them
into mainstream banking. In an effort to make this service accessible to all, the
service is available in 12 languages, including English and other Indian languages
such as Hindi, Tamil, Bengali, and Kannada, to name a few.USSD is a technology
platform through which information can be transmitted through a GSM network on
a basic phone. This service will be available on all mobile phones with SMS
facility. To use USSD mobile banking, users will have to simply dial *99# and use
the interactive menu. There are many banks in India that are currently providing
the *99# service.

NUUP
National Unified USSD Platform (NUUP) is a USSD based mobile banking
service provided by National Payment Cooperation of India (NPCI) that brings
together all the Banks and Telecom Service Providers in India. Unstructured
Supplementary Service Data (USSD) is a transmission protocol used by Global
System for Mobile Communications (GSM) cellular telephones to communicate
with the Telecom Service Providers (TSP). NUUP service does not require any
mobile internet connection or software to be downloaded on the mobile.
NUUP service can be availed by dialing *99#

AEPS

AEPS’s full form in banking is the Aadhaar enabled payment system. AEPS
banking is the new age of banking transactions which allows online interoperable
financial inclusion transactions through the business correspondence of any bank
using Aadhaar authentication. ‘In easy language, AEPS banking services is the best
cashless transaction service now a day which allows all bank customers to use
basic banking activities using Aadhaar card and fingerprint authentication. To use
AEPS services, the customer’s Aadhaar card must be linked with an Individual
bank account. If a customer’s Aadhaar card does not link with a bank account,
he/she cannot use AEPS banking services.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)

 lOMoARcPSD|21264036

There are many objectives of AEPS banking but here we discuss the main
objectives which make it more popular and favourable in the market.

• To empower banking customers to use Aadhaar cards as Identity to access

bank accounts to use basic banking activities
• AEPS banking provides the facility to use banking services in the rural area
where banks are unable to reach
• It provides safe and secure banking transactions under NPCI
• It offers centralized banking transactions under the eyes of RBI and NPCI
which leads eliminates the storage of black money
• To fulfill the goal of the government of India (GOI) and the National payment
corporation of India (NPCI) in furthering financial inclusion
• Help in creating a cashless society in India

UPI

• A Unified Payment Interface (UPI) is a smartphone application that allows

users to transfer money between bank accounts. It is a single-window
mobile payment system developed by the National Payments Corporation of
India (NPCI). It eliminates the need to enter bank details or other sensitive
information each time a customer initiates a transaction.
• The Unified Payment Interface is a real-time payment system. It is designed
to enable peer-to-peer inter-bank transfers through a single two-click factor
authentication process. The interface is regulated by the Reserve Bank of
India (RBI), India's central bank. It works by transferring money between
two bank accounts along with a mobile platform.
• The system is said to be a safe and secure method of transferring money
between two parties and eliminates the need to transact with
physical cash or through a bank. The pilot system was launched in India on
April 11, 2016. Banks across the country started to upload their interface in
August 2016.

Downloaded by Dheeraj S (dheerajs6238@gmail.com)