Unit 3

World Wide Web (WWW)

WWW stands for World Wide Web and is commonly known as the Web. The WWW was
started by CERN in 1989. WWW is defined as the collection of different websites around the
world, containing different information shared via local servers (or computers).

Web pages are linked together using hyperlinks which are HTML-formatted and, also referred
to as hypertext, these are the fundamental units of the Internet and are accessed
through Hypertext Transfer Protocol(HTTP). Such digital connections, or links, allow users to
easily access desired information by connecting relevant pieces of information.

Working of WWW

A Web browser is used to access web pages. Web browsers can be defined as programs which
display text, data, pictures, animation and video on the Internet. Hyperlinked resources on the
World Wide Web can be accessed using software interfaces provided by Web browsers.
Initially, Web browsers were used only for surfing the Web but now they have become more
universal.

The below diagram indicates how the Web operates just like client-server architecture of the
internet. When users request web pages or other information, then the web browser of your
system request to the server for the information and then the web server provide requested
services to web browser back and finally the requested service is utilized by the user who made
the request.

World Wide Web

Web browsers can be used for several tasks including conducting searches, mailing,
transferring files, and much more. Some of the commonly used browsers are Internet Explorer,
Opera Mini, and Google Chrome.

Features of WWW
• WWW is open source.

• It is a distributed system spread across various websites.

• It is a Hypertext Information System.

• It is Cross-Platform.
 • Uses Web Browsers to provide a single interface for many services.

• Dynamic, Interactive and Evolving.

Difference Between WWW and Internet

WWW Internet

It is originated in 1989. It is originated in 1960.

WWW is an interconnected network of websites and Internet is used to connect a computer with
documents that can be accessed via the Internet. another computer.

WWW used protocols such as HTTP Internet used protocols such as TCP/IP

It is based on software. It is based on hardware.

It is a service contained inside an infrastructure. There is an entire infrastructure in internet.

Challenges of the World Wide Web

• Privacy Concerns: Personal data is often collected and misused.

• Security Risks: Vulnerable to hacking, phishing, and malware.

• Digital Divide: Unequal access to the internet globally.

• Misinformation: Spread of fake news and unreliable content.

• Cyberbullying: Online harassment and abuse.

• Addiction: Overuse of the web leading to reduced productivity.

• Dependence: Heavy reliance on the web for daily activities.

• Copyright Issues: Unauthorized sharing of copyrighted material.

• Environmental Impact: High energy consumption of servers and data centers.

• Complexity of Regulation: Difficult to enforce laws across countries.

 Web Security
Web security is a broad category of security solutions that protect your users, devices, and
wider network against internet-based cyberattacks—malware, phishing, and more—that
can lead to breaches and data loss. It reduces the security risk to your organization when
your users accidentally access malicious files and websites through some combination of
firewall inspection, intrusion prevention system (IPS) scanning, sandboxing, URL filtering,
and various other security and access controls.

For a modern enterprise, effective web security has broad technical and human benefits:

• Protect your business and stay compliant by preventing loss of sensitive data

• Protect customers and employees by securing their private information

• Avoid costly service interruptions by preventing infections and exploits

• Offer a better user experience by helping your users stay safe and productive

• Maintain customer loyalty and trust by staying secure and out of the news

Web Security Protection

Web security casts a wide net to protect users and endpoints from malicious emails,
encrypted threats, malicious or compromised websites and databases, malicious redirects,
hijacking, and more. Let’s look at a few of the most common threats in more detail:

• Ransomware: These attacks encrypt data, and then demand a ransom payment in
exchange for a decryption key. In a double-extortion attack, your data is also exfiltrated.

• General malware: Countless variants of malware exist that can lead to anything from
data leaks, spying, and unauthorized access to lockouts, errors, and system crashes.
• Phishing: Often carried out through email, text messages, or malicious websites, these
attacks trick users into things like divulging login credentials or downloading spyware.
• SQL injection: These attacks exploit an input vulnerability in a database server,
allowing an attacker to execute commands that let them retrieve, manipulate, or delete
data.

• Denial of service (DoS): These attacks slow or even shut down a network device such
as a server by sending it more data than it can process. In distributed DoS—that is, a
DDoS attack—this is carried out by many hijacked devices at once.

• Cross-site scripting (XSS): In this type of injection attack, an attacker introduces

malicious code to a trusted website by entering it in an unprotected user input field.
 Web Security Working
Web security functions sit between your environment’s endpoints and the internet. From
there, they inspect traffic and requests traveling in both directions. No single technology
monitors or inspects all traffic, but a “stack” of appliances—or a cloud-delivered platform
of services, more effective today—provides holistic coverage to prevent policy violations,
malware infections, data loss, credential theft, and so on.

Many solutions are available today, and some are more comprehensive than others. In a full
stack, web security includes the following technologies:

• Secure web gateway (SWG) provides threat protection and policy enforcement for
users accessing the web to prevent infections and block unwanted traffic.

• Firewall/IPS provides network security, app control, and visibility. Cloud firewalls stay
up to date and scale to handle demand or encryption, making them a more practical
option.

• URL filtering screens and blocks inappropriate access or content, also offering
protection from web-borne malware.

• Sandboxing isolates software in an environment where it can be scanned and executed

without the risk of infecting a system or other applications.

• Browser isolation loads webpages or apps in a remote browser and only sends the user
pixels, preventing the downloading, copying, pasting, and printing of data or
documents.
• DNS controls define rules that control requests and responses related to DNS traffic,
allowing you to detect and prevent DNS abuses such as tunneling.

• Antivirus detects and neutralizes trojans, spyware, ransomware, and more. Many
offerings also protect against threats such as malicious URLs, phishing, and DDoS.

• TLS/SSL decryption breaks open inbound and outbound encrypted traffic to inspect its
contents, and then re-encrypts it to continue to its destination.

Data Encryption
Data encryption is the process of converting readable information (plaintext) into an
unreadable format (ciphertext) to protect it from unauthorized access. It is a method of
preserving data confidentiality by transforming it into ciphertext, which can only be
decoded using a unique decryption key produced at the time of the encryption or before it.
The conversion of plaintext into ciphertext is known as encryption.
This approach ensures that sensitive information such as personal details, financial data, or
confidential communications remains secure as it travels over networks or is stored on
devices.
Key Objective of Encryption Data

• Confidentiality: Encryption ensures that only authorized parties can get access to data
and recognize the information.

• Data Integrity: Encryption can also provide data integrity by making sure that the
encrypted data remains unchanged during transmission. Any unauthorized changes to
the encrypted information will render it undecipherable or will fail integrity checks.

• Authentication: Encryption may be used as part of authentication mechanisms to

verify the identification of the communication party.

• Non-Repudiation: Through encryption, events can make sure that they cannot deny
their involvement in growing or sending a selected piece of data.

Types of Data Encryption

Symmetric and Asymmetric encryption are the two types of data encryption.

1. Symmetric Key Encryption

For encryption and decryption processes, some algorithms employ a unique key. In such
operations, the unique key must be secured since the system or person who knows the key
has complete authentication to decode the message for reading. This approach is known as
“symmetric encryption” in the field of network encryption.

2. Asymmetric Key Encryption

Some cryptography methods employ one key for data encryption and another key for data
decryption. As a result, anyone who has access to such a public communication will be
unable to decode or read it. This type of cryptography, known as “public-key” encryption,
is used in the majority of internet security protocols. The term “asymmetric encryption” is
used to describe this type of encryption.
Advantages of Data Encryption

• Data encryption keeps information distinct from the security of the device on which it
is stored. Encryption provides security by allowing administrators to store and send
data via insecure channels.

• If the password or key is lost, the user will be unable to open the encrypted file. Using
simpler keys in data encryption, on the other hand, makes the data insecure, and
anybody may access it at any time.
• Encryption improves the security of our information.

Disadvantages of Data Encryption

• If the password or key is lost, the user will be unable to open the encrypted file. Using
simpler keys in data encryption, on the other hand, makes the data insecure, and
anybody may access it at any time.
• Data encryption is a valuable data security approach that necessitates a lot of resources,
such as data processing, time consumption, and the use of numerous encryption and
decryption algorithms. As a result, it is a somewhat costly approach.

• Data protection solutions might be difficult to utilize when the user layers them for
contemporary systems and applications. This might have a negative influence on the
device’s normal operations.

• If a company fails to realize any of the restrictions imposed by encryption techniques,

it is possible to set arbitrary expectations and requirements that might undermine data
encryption protection.

Difference between Encryption and Decryption

Encryption is the process of converting a normal message (plain text) into a meaningless
message (ciphertext) Data can be secured with encryption by being changed into an
unintelligible format that can only be interpreted by a person with the proper decryption
key. Sensitive data, including financial and personal information as well as communications
over the internet, is frequently protected with it.
Decryption is the process of converting a meaningless message (ciphertext) into its original
form (plaintext). The major distinction between secret writing and associated secret writing
is the conversion of a message into an unintelligible kind that’s undecipherable unless
decrypted. whereas secret writing is the recovery of the first message from the encrypted
information.
Application of Encryption

Many different fields employ encryption, including:

• Online Banking: To secure transactions, use online banking.

• Email security: To safeguard the contents of emails.

• Secure Messaging: To protect the privacy of discussions.

• Data Storage: To prevent unwanted access to data that has been stored.

Real-Life Examples of Encryption and Decryption

• WhatsApp Messaging: It encrypts It encrypts communications from beginning to end

so that only the sender and recipient can read them.

• HTTPS websites: Encrypt user data to prevent third parties from intercepting it.
• Encrypted Email Services: Email services that use encryption, like ProtonMail, protect
email contents.

Importance of Encryption and Decryption

Maintaining privacy, securing communications, and shielding sensitive data from cyber
dangers all depend on encryption and decryption. They are crucial instruments for
cybersecurity and aid in maintaining the privacy and integrity of data.

Encryption converts data into a format that is unreadable without a key, while decryption
reverses the process to make the data readable again.

Encryption Decryption

Encryption is the process of converting a normal While decryption is the process of converting
message into a meaningless message. meaningless messages into their original form,.
 Encryption Decryption

Encryption is the process that takes place at the While decryption is the process that takes place
sender’s end. at the receiver’s end,.

Its major task is to convert the plain text into While its main task is to convert the cipher text
cipher text. into plain text,.

Whereas the encrypted message can be

Any message can be encrypted with either a secret
decrypted with either a secret key or a
key or a public key.
private key,.

Whereas in the decryption process, the receiver

In the encryption process, the sender sends the
receives the information (cipher text) and
data to the receiver after encrypting it.
converts it into plain text.

The only single algorithm used for encryption

The same algorithm with the same key is used for
and decryption is a pair of keys, each used for
the encryption-decryption process.
encryption and decryption.

Encryption is used to protect the confidentiality of Decryption is used to reverse the encryption
data by converting it into an unreadable form that process and convert the ciphertext back into
can only be read by authorized parties. plaintext.

The output of encryption is a ciphertext that is

The output of decryption is the original
unintelligible to anyone who does not have the
plaintext message.
decryption key.

Transaction security
Transaction security, also known as payment security, refers to a category of practices,
protocols, tools and other security measures used during and after business transactions to
protect sensitive information and ensure the safe and secure transfer of customer data.

While online transactions pose unique challenges for transaction security, they are critical for
both online and offline businesses in building consumer trust, mitigating fraud and maintaining
regulatory compliance.
Coinciding with the accelerated rise of e-commerce and online transactions, transaction
security has become a major concern for any business that handles payments and the transfer
of valuable assets, such as financial institutions, cryptocurrency exchanges and retailers

To prevent financial losses resulting from fraudulent transactions and provide a trustworthy
user experience for customers and clients sharing their personal data, common transaction
security measures include advanced modern data encryption, multi-factor authentication
(MFA) and digital signatures. These security protocols mitigate the risk of payment fraud and
customer data theft resulting from a security breach, for which many businesses might be
legally liable, depending on their jurisdiction.

Transaction security threats

Threats to transaction security often intersect or contribute to broader cybersecurity threats.

The following is a brief list of some of the most prevalent transaction security threats.

Phishing

Phishing scams, in which cybercriminals use fraudulent messages to manipulate targets into
revealing sensitive information, pose a threat to both customers and businesses. Phishing scams
often target consumers in an attempt to directly steal their credit card information for use in
fraudulent transactions. They can also target businesses in an attempt to steal customer payment
information in bulk.
Card-not-present fraud

While in-person transactions typically require a physical credit card, transactions made online
or over the phone often require only a credit card number. This loophole can open up online or
telephone-based transactions to card-not-present fraud, in which fraudsters use stolen numbers
to make fraudulent transactions. While a customer may still retain their physical credit card,
they may be totally unaware that their card details have been stolen.

Account takeover fraud

Another risk posed by phishing is account takeover fraud. Fraudsters may use phishing or other
means to seize unauthorized access to a consumer’s banking or online shopping account and
proceed to make unauthorized purchases.

Business email compromise (BEC) scams

BEC scams are also a common consequence of successful phishing schemes. When a
cybercriminal gains access to a compromised business email account, they might impersonate
an authorized employee or vendor and attempt to request a fraudulent wire transfer.

Synthetic identity fraud (SIF)

Yet another risk resulting from successful phishing attacks, SIF is a type of fraud in which
scammers use a combination of real, stolen personally identifiable information (PII) to create
fabricated identities for various fraudulent activities, such as payment default schemes in which
a scammer purchases a product on credit or layaway with no intention of making future
payments.

Man-in-the-middle attacks (MITM)

A well-known form of cyberattack, during a MITM attack, a hacker will surreptitiously

position themselves between two parties who believe they have a private connection. The
attacker may attempt to manipulate their transferred data or simply eavesdrop to steal any
private payment information that may be shared.

Types of transaction security

With the continued advancement of new technologies, as well as the constantly evolving attack
strategies of cybercriminals, experts are constantly working to improve transaction security
through all available vectors. The following are a few of the most common methods for
bolstering transaction security:

Encryption

The backbone of data privacy, businesses and customers rely on data encryption to protect
sensitive information during and after transactions. Commonly used encryption standards like
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are frequently used during
online transactions to prevent unauthorized access, tampering and theft.

Tokenization

Tokenization is a process that replaces sensitive customer data, like credit card numbers, with
unique tokens that can neither be used to make fraudulent transactions nor reverse engineer the
original payment information. These tokens are then used to reference the original payment
information, which is stored in a secure token vault. Tokenization both reduces the risk
associated with data breaches and simplifies regulatory compliance since the tokens
themselves are useless even if they fall into the wrong hands.

Authentication

As a foundational form of transaction security, authentication practices long predate the internet
age. Whereas in the past a merchant might request a form of photo identification before
accepting a personal check, modern digital authentication measures have increased in
sophistication. Single-factor authentication (SFA) requires one form of identification, such as
a password or a pin; two-factor authentication (2FA) requires additional forms of identification,
such as a one-time passcode sent to a registered device or email. Other standard authentication
methods include requiring a card verification value (CVV) for credit card payments and
biometric authentication (such as facial recognition or fingerprint scanning).
Secure payment gateways

Secure payment gateways are a crucial part in establishing strong transaction security and
building and maintaining customer trust. These gateways enable transaction processing
between the customer, business and payment processor or acquiring bank. Secure payment
gateways often combine various transaction security techniques, including encryption,
tokenization and authentication, to ensure data security.

Secret Key encryption

A secret key is information used in symmetric encryption algorithms to perform encryption and
decryption. In symmetric encryption, the very same secret key needs to be in the possession of
the sender and the receiver, who should take care of its confidentiality if the security of the
encrypted information is to be guaranteed.

Key Features of Secret Key

• Single Key Usage: The secret key cryptography, widely known as symmetric
encryption, utilizes the same key in both processes that are used for encryption and
decryption. This means that the key used at the time of encryption is the same as that
used in decryption. The main advantage of this approach is simplicity because it doesn’t
require any complex management of key pairs. However, this also means that the key
has to be kept secret and safe; once the key is compromised, both the data will be
encrypted and the key will be threatened.

• Fast Performance: Generally, symmetric algorithms entail faster performances rather

than asymmetric or public-key algorithms. This efficiency comes from the simpler
mathematical operations involved in symmetric encryption. Algorithms like AES are
designed to process large quantities of data quickly and are suitable for applications
requiring high-speed data encryption and decryption. This speed advantage will make
symmetric encryption well-suited both for encrypting large volumes of data and in
resource-constrained environments.

• Data Confidentiality: Secret key cryptography protects information. The encrypted

information can only be accessed by any person or system through the use of the secret
key. During the encryption process, data is converted from a readable form called
plaintext to an unreadable one called ciphertext, which can be converted to its original
form using the correct key. This forms the very backbone of confidentiality, which is
crucial in protecting sensitive information from unauthorized access and securing data
during storage and transmission.

• Key Management: Keys need to be dealt with appropriately. Part of this correct key
management includes security in the process of key distribution, its life cycle, storage,
and protection against theft or unauthorized access. In managing such keys, good key
management practices include generating strong keys, implementing key rotation
policies, and using HSM (Hardware Security Modules) as a secure key storage solution.
 Effective key management ensures that the key remains confidential and effective
throughout its lifetime of use in order to protect the encrypted data and the overall
security of the system.

Need for Secret Key

Secret key cryptography provides something particularly important in securing data because it
provides:

• Confidentiality: Secret key cryptography is essential in data confidentiality, which

refers to a situation where only those possessing the secret key will be able to read and
access encrypted data. In secret key cryptography, the same key is used in both
encryption and decryption in the transformation of plaintext into an unreadable
ciphertext. Thus, the process is very vital in keeping sensitive information out of reach
and private data secure from unauthorized persons, whether it is related to storage or
transmission over networks.
• Performance: One of the major benefits of symmetric key cryptography is
performance. For instance, symmetric encryption algorithms like AES are faster and
more efficient as compared to asymmetric encryption algorithms. The reason is that the
mathematical operations involved in symmetric encryption are less complex. In fact,
this makes it even more useful if either a very large volume of data needs to be
processed or the underlying environment necessitates a quick processing case typical
for real-time communication systems or high-performance computation scenarios.

• Simplicity: Key cryptography is comparatively easier to implement and manage than

Public Key Cryptography. Since the same key is used for encryption and decryption,
the management of cryptographic processes is much more direct. It is this simplicity
that makes symmetric encryption quite an attractive option in a wide variety of
applications, ranging from securing files on a disk to encrypting communications
between systems. Its wide application in many security solutions also stems from the
ease of implementation and lower computational overhead.

Benefits of Secret Key

• Efficiency: Secret key cryptography is said to be efficient symmetric encryption. Most

symmetric algorithms, such as AES, are relatively faster and use fewer computational
resources compared with asymmetric algorithms-also called public-key algorithms.
This makes them particularly suitable for handling large volumes of data, or
applications that have to ensure speedy processing, like real-time systems or
constrained devices.

• Simplicity: Because secret key encryption uses one key to both encrypt and decrypt
data, implementations, and maintenance are usually easier than those in asymmetric
 encryption. The process is therefore easier and less resource-intensive to maintain,
hence suitable for everything from simple file storage security to system-to-system
transmission security.

• Data Integrity: Secret key encryption not only provides confidentiality of data but also
ensures integrity. Since the data is encrypted, it cannot be tampered with or altered by
unauthorized parties. The integrity entails that the received data shall be what is sent,
with the assurance that it will not be modified in transit.

Challenges in Secret Key Management

• Key Distribution: One of the main difficulties with secret key cryptography is the
problem of key distribution. Because both encryption and decryption are performed
with the same key, this key must be distributed to the authorized parties in such a way
that unauthorized entities will not intercept or gain access to it. In many cases, proper
key distribution necessitates additional security measures, such as encrypted channels
or key exchange protocols.

• Key Storage: The very foundation of security lies in the secure storage of keys for
encryption. An insecure key store or incorrect storage would make them potentially
susceptible to theft and exposure. Protected key stores, like HSMs, are what safeguard
the key against unauthorized access or tampering.

• Key Compromise: If the secret key is compromised, then all the data encrypted under
that key would be at risk of being decrypted by unauthorized parties. This is quite a
significant security concern in secret-key cryptography. Therefore, it is essential to
apply policies of key rotation, frequent updates of keys, and procedures for the
immediate replacement of compromised keys in order to reduce potential damage.

Public Key Encryption

Public key encryption is an encryption method that uses a pair of keys, a public key and a
private key, to encrypt and decrypt data, respectively. The public key is available to anyone
who wants to send an encrypted message to the owner of the private key. It is used to encrypt
the data and can be shared freely. The private key, conversely, is kept secret and is used to
decrypt the encrypted message.

In public key encryption, a user generates a public-private key pair using a cryptographic
algorithm. When a user wants to send a message to the owner of the private key, they use the
public key to encrypt the message, which can only be decrypted using the private key.

Advantages of Public Key Encryption

Public key, or asymmetric, encryption offers several advantages over traditional symmetric
encryption methods, including:
 • Secure Communication: Public key encryption ensures that sensitive
communication between two parties remains secure, even if intercepted by hackers. The
public key is used to encrypt the message, and the recipient’s private key is used for
decryption. This ensures that only the intended recipient can read the message.
• Confidentiality: Public key encryption ensures that confidential information is kept
confidential and can only be accessed by authorized persons. This is especially
important for sensitive information such as financial transactions, trade secrets, and
other personal data.

• Scalability: Public key encryption is scalable to large numbers of users and can be used
for secure communication among a large number of people. This makes it ideal for use
in business environments, government agencies, and other organizations.

• Non-repudiation: Public key encryption provides non-repudiation, which means that

the sender of a message cannot deny having sent the message once it has been sent.
This is important in legal and financial scenarios where proof of identity and
authenticity is required.

• Integrity: Public key encryption ensures the integrity of the message, which means that
the message cannot be altered during transmission without being detected by the
recipient. This ensures that the message remains intact and has not been tampered with.

• Convenience: Public key encryption is convenient to use. Unlike symmetric

encryption, public key encryption does not require the exchange of keys before the
communication. It is easy to use in web applications and for secure email
communication, etc.

Limitations of Public Key Encryption

While public key encryption is a popular and powerful method of securing data and
communications, it has its limitations. One of the main limitations of public key encryption is
the potential for security breaches. If a hacker gains access to the private key, they can decrypt
all the data that was encrypted with the corresponding public key.

Another limitation is the potential for man-in-the-middle (MITM) attacks, where an attacker
intercepts communication and impersonates one of the parties to gain access to the private key.
This can be prevented with proper authentication and verification protocols, but it adds
complexity to the encryption process.

Additionally, public key encryption can be slower and more resource-intensive than other
encryption methods, making it less suitable for large-scale data transfers or real-time
communication.
Comparison Between Public Key and Private(secret) Key Encryption

VPN
VPN is a short name for Virtual Private Network. VPN is a private network that protects your
store from malicious attacks. VPN connects you to a private network and encrypts your data
so there is no risk of vulnerable attacks. VPN helps you to stay private on the internet and hide
your online activities.

VPN helps prevent cybersecurity attacks and financial losses that emerge from insecure
networks. VPN hides your IP address so others cannot trace your browsing history. You can set
up a VPN on desktops, tablets, and smartphones.
How does a VPN protect you?

The internet connection you use to perform online activities is not as secure as you think.
Anyone can see your IP address and find out what you are doing on the internet. Your Internet
Service Provider (ISP) can track your movements online even if you use a private browser.
Your ISP has all the data that you store and submit online. ISP may sell your data to third-party
companies to earn extra money. As a business owner, if your customer data gets spread out,
they start receiving targeted ads. Customers feel that their data is unsafe after doing business
with you and distrust you.

Thus, VPN is a vital cybersecurity tool to protect your online business. When you connect to a
VPN server, no one can access your browsing history and data as the connection gets diverted
to a secure tunnel. Through VPN, your connection is encrypted and online activity is kept
secret.
Benefits of Using a VPN for Your E-Commerce Business

It’s already clear how beneficial VPN is for your eCommerce business. Let’s discuss some of
the benefits that you will acquire while using a VPN for your eCommerce business:

Data Protection

With the advancement in technology, not only businesses are equipped with new tools but also
hackers. Hence, in modern times data protection cannot be overlooked by business owners.

VPN helps to strengthen data security due to encryption. Even if the hackers hack your data,
they will have no access as the data is encoded. Cyber attacks are also prevented by using VPN
as the hackers cannot track your IP address.

Adding a layer of data security helps to gain the trust of customers. Customers who are hesitant
to add their credit card details or new customers will gain confidence with your secure network.

Secure File Sharing

File sharing is a common practice nowadays. People share important files via emails,
messaging apps, the cloud, or other tools. Sharing files is an essential component of
eCommerce business for its functioning. However, without proper security measures, your files
are not secure and anyone can have access to the information inside it.
File-sharing activity becomes smooth and secure by setting up a VPN for your eCommerce
business. With VPN, only authorized persons are permitted to access the files and information
shared online. However, there is no additional work to be done in order to secure the files.

Secure Financial Transactions

As the pandemic enforced social distancing, people are making online transactions even more.
eCommerce business accepts online payments through bank accounts, cards, UPI, e-wallets,
and more. Financial transactions need surplus security as cyberattacks are usually associated
with financial operations.

VPN can work well for financial transactions activity on your eCommerce business. It assures
that all the transactions are made secretly and no one can have access to it. With financial
security, customers do not hesitate to make online payments when they purchase from your
website.
 Unit 4
Electronic Payment System

Electronic Payment System allows people to make online payments for their purchases of
goods and services without the physical transfer of cash and cheques, irrespective of time and
location. The key components of this payment system are the payers and payees, financial
institutions, electronic devices, communication networks, payment gateways, and mobile
payment apps. As the global economy continues to evolve, the dependency on physical modes
of payment is gradually giving way to digital alternatives that offer speed, convenience, and
efficiency. These systems facilitate a diverse range of financial activities, from online purchases
and bill payments to person-to-person transfers.

Types of Electronic Payment System

The prominent types of Electronic Payment Systems in India range from the Unified Payments
Interface (UPI) to Debit and Credit cards. Listed below are the types of Electronic Payment
Systems:
1. Unified Payments Interface (UPI):

UPI has become a widely adopted and popular electronic payment system in India. It enables
users to link multiple bank accounts to a single mobile application, allowing seamless and
instant fund transfers between individuals and merchants.
2. Mobile Wallets:

Mobile Wallet services like Paytm, PhonePe, and Google Pay have gained widespread
acceptance. Users can load money into these digital wallets and use the balance for various
transactions, including mobile recharge, bill payments, and online shopping.

3. Debit and Credit Cards:

Debit and Credit card usage is prevalent in India, with various banks issuing these cards for
electronic transactions. Cards are commonly used for Point-of-Sale (POS) transactions, online
purchases, and cash withdrawals from ATMs.

4. Immediate Payment Service (IMPS):

IMPS enables instant interbank electronic fund transfers through mobile phones, internet
banking, or ATMs. It is particularly useful for peer-to-peer transactions and small-value
payments.

5. National Electronic Funds Transfer (NEFT):

NEFT is a nationwide electronic payment system that facilitates one-to-one funds transfer
between bank accounts. It operates on a deferred settlement basis and is widely used for both
individual and corporate transactions.
6. Real-Time Gross Settlement (RTGS):
RTGS is another electronic fund transfer system that allows real-time settlement of large-value
transactions. It is typically used for high-value interbank transfers.

7. Prepaid Instruments:

Prepaid Instruments, including prepaid cards and gift cards, provide users with a convenient
way to make electronic payments with a pre-loaded amount.

Advantages of Electronic Payment System

• 24/7 Accessibility: Electronic Payments can be made at any time, providing round-the-
clock access to financial transactions.

• Global Accessibility: Users can make payments and transfer funds globally without
being restricted by geographical boundaries.

• Instant Transactions: Electronic Payments are processed quickly, allowing for near-
instantaneous transfer of funds between accounts.

• Faster Settlement: Compared to traditional payment methods, electronic transactions

often result in faster settlement times.

• Record-Keeping and Tracking: Electronic Payment Systems facilitate easy record-

keeping for both businesses and individuals.

• Encryption and Authentication: Electronic Payment Systems employ robust

encryption and authentication protocols to secure transactions and protect sensitive
information.
Disadvantages of Electronic Payment System

• Security Concerns: Electronic Payment Systems are susceptible to security breaches,

including hacking, phishing, and identity theft.
• Technical Issues: Electronic Payment Systems rely on technology, and technical
glitches or system failures can disrupt transactions.
• Fraud Risk: Despite security measures, Electronic Payment Systems are not immune
to fraud. Unauthorized transactions, stolen credentials, or fraudulent activities can
occur, leading to financial losses for individuals and businesses.

• Privacy Concerns: Users may be concerned about the collection and storage of
personal information by electronic payment providers.

• Transaction Fees: Some electronic payment systems impose transaction fees, which
can add up over time.
 Smart Card
Smart cards, also known as integrated circuits, are portable devices that provide secure storage
and processing of data. Smart cards are used in multiple fields such as the banking sector,
medical sector, identification, and transport. A smart card is a plastic card that has an integrated
circuit in it on which data is processed. It may be a microprocessor chip memory chip. Thus,
smart cards can be used as an identification and authentication medium, storage of data, as well
as secure monetary transactions.

Key Terminologies of Smart Card

• Integrated Circuit (IC): An integrated circuit is a combination of various electronic

circuits which is referred to as a chip and is made of a semiconductor material in most
cases it is silicon. This is a microprocessor that is inserted inside the smart card, its main
function being to process and store information.

• Contact Smart Card: A contact smart card is a type of card that has an attached gold
chip still on the visible face of the card. It has to be inserted into a smart card reader,
that creates a direct link with the card’s microchip.
• Contactless Smart Card: A contactless smart card works through radio-frequency
identification (RFID) where the card interacts with the reader.

• Microprocessor Card: A microprocessor card contains a microprocessor & memory

and, therefore, can process data.

• Memory Card: A memory card is something that holds only volatile memory and some
special security features.

Smart Cards Working

1. Using a Contact Smart Card

• Insert the Card: Stay on the ‘Home’ page of the program and insert the contact smart
card into the smart card reader.
• Authentication: To allow the user to access the system, it utilizes the card’s chip reader
to verify the card owner.
• Data Processing: Transaction or Application data is processed by the chip on the card.

• Transaction Completion: Once the data is being taken then the transaction is said to
be complete and the card need not be required anymore.

2. Using a Contactless Smart Card

• Approach the Reader: To read the data from the contactless smart card, you should
take the card and bring it closer to the RFID reader.
 • Authentication: The reader uses radio waves to verify the user, and the reader is
connected to a processing system, which ensures that all the activities done on the card
are correct.

• Data Processing: The transaction or application data is then transmitted wirelessly by

the microprocessor located in the card’s chip.

• Transaction Completion: It is a transaction that takes place within the sweater of

conducting the activity.

Types of Smart Cards

• Contact Smart Cards: These cards have an insert that may be seen on the exterior of
the card and need to be inserted in the slot for reading the card.

• Contactless Smart Cards: These cards utilize RFID and do not require the holder to
place the card on a Card Reader for it to work.
• Dual-Interface Smart Cards: These cards operate at the same time as the contact
cards and non-contact cards Card capabilities make it possible to use them in various
ways.
• Memory Smart Cards: These cards have memory and some security logic processing
capability but unlike smart cards do not have a microprocessor. These are utilized in
easier applications.

• Microprocessor Smart Cards: These cards possess a microprocessor and can thus
perform more robust activities and data processing as compared to the former.

Uses of Smart Cards

• Banking and Financial Services: It mainly applies to credit/debit cards, making

secure online purchases, and getting the ATM PIN.

• Healthcare: They are mainly retained to store patient data records, medical history, and
insurance particulars.

• Identification and Access Control: It is used in personal identification, employee ID

cards, and government identification.

• Transportation: It is applied to the payment of fares in passenger transport services.

• Telecommunications: They are preferably used in the little cards in mobile phones
commonly known as SIM cards.

Examples of Smart Cards

• Credit/Debit Cards: It is employed in secured money transactions.
 • SIM Cards: It is widely applied in the construction of mobile phones to store
subscriber information.

• Health Insurance Cards: Employed to retain patient records of health and his
insurance specifics.

• ID Cards: They are applied for identification purposes and for securing access to
certain definite facilities, offices, agencies, etc.

• Public Transport Cards: They are employed in the payment of fares in buses, trains,
and subways.

Advantages of Smart Card

• Data Encryption: Smart card uses much higher encryption techniques to regulate the
information that is contained in the smart card and this makes it very hard for other
persons who do not have a right of entry into the smart card to do so.
• Authentication: It has been established that smart cards depict some risks of Identity
theft and fraud characterized as low because the tool guarantees the necessary
assurances of the user's identity.

• Storage Capacity: Smart cards possess details that might not be visible and these
include details such as; personal information, certificates, encrypted keys, and others.

• Portability: Smart cards are small that they can be carried anywhere and they are
portable hence making it easy for one to access the services and do his or her
transactions.

Disadvantages of Smart Card

• Implementation: Implementing a smart card can be a complex task.

• Maintenance: That makes the cost of the system high because regular service and
updating of the system are essential all the time

• Standardization: As it is with most products in the technology market, some smart

card systems cannot work with other systems hence inter-connectivity issues.

• Data Breaches: Smart cards sometimes lead to data breaches.

• Lost or Stolen Cards: As for smart cards the problem of losing the card or having it
stolen is the fact that information stored on the card can be easily retrieved by other
people.

Credit Card
Payment using credit card is one of most common mode of electronic payment. Credit card is
small plastic card with a unique number attached with an account. It has also a magnetic strip
embedded in it which is used to read credit card via card readers. When a customer purchases
a product via credit card, credit card issuer bank pays on behalf of the customer and customer
has a certain time period after which he/she can pay the credit card bill. It is usually credit card
monthly payment cycle. Following are the actors in the credit card system.
• The card holder − Customer

• The merchant − seller of product who can accept credit card payments.

• The card issuer bank − card holder's bank

• The acquirer bank − the merchant's bank

• The card brand − for example , visa or Mastercard.

Credit Card Payment Proces

Step Description

Step 1 Bank issues and activates a credit card to the customer on his/her request.

The customer presents the credit card information to the merchant site or to the
Step 2
merchant from whom he/she wants to purchase a product/service.

Merchant validates the customer's identity by asking for approval from the card
Step 3
brand company.

Card brand company authenticates the credit card and pays the transaction by
Step 4
credit. Merchant keeps the sales slip.

Merchant submits the sales slip to acquirer banks and gets the service charges paid
Step 5
to him/her.

Acquirer bank requests the card brand company to clear the credit amount and gets
Step 6
the payment.

Now the card brand company asks to clear the amount from the issuer bank and
Step 6
the amount gets transferred to the card brand company.
 Debit Card
Debit card, like credit card, is a small plastic card with a unique number mapped with the bank
account number. It is required to have a bank account before getting a debit card from the bank.
The major difference between a debit card and a credit card is that in case of payment through
debit card, the amount gets deducted from the card's bank account immediately and there
should be sufficient balance in the bank account for the transaction to get completed; whereas
in case of a credit card transaction, there is no such compulsion.

Debit cards free the customer to carry cash and cheques. Even merchants accept a debit card
readily. Having a restriction on the amount that can be withdrawn in a day using a debit card
helps the customer to keep a check on his/her spending.

Online Banking
Online banking lets you manage your finances anywhere you have a computer or laptop and
an internet connection. What you can do online depends on how robust your bank's digital
banking platform is. Generally, you can complete basic banking activities like viewing recent
transactions and transferring money between accounts.

While you can also do many of the same banking activities at a physical, brick-and-mortar
bank branch, online banking is a convenient alternative for most transactions.

Key Takeaways
• Online banking lets you complete financial transactions on the internet instead of at a
bank or credit union. It’s faster, more convenient, and available 24/7.

• Online banking is done from a desktop or laptop, while mobile banking takes place on
portable electronic devices like smartphones and tablets.

• Online-only banks are gaining popularity for their comprehensive digital features and
better interest rates on deposit accounts. But you may need to visit a brick-and-mortar
bank or credit union once in a blue moon.

Online Banking Working

Online banking lets you make financial transactions from a web browser instead of trudging to
the nearest bank. Mobile banking is similar, but it’s digital banking designed for portable
electronics with smaller screens, such as smartphones and tablets.

You can access your bank’s online banking system by going to your bank’s website and logging
in to your account. Mobile banking is accessible through your bank’s app or mobile-friendly
web browser. Brick-and-mortar banks, online-only banks, credit unions, and neobanks all have
online banking options.
Here are the types of things you can do with online banking:

Payments and Transfers

• Transfer money to internal or external bank accounts

• Send domestic or international wire transfers

• Send money to others via Zelle or other payment platforms

• Pay bills

• Schedule future payments for people and bills

Manage Finances

• Check account balances

• View transaction history

• Download account statements

• Set up account alerts for balances falling below a dollar value or purchases over a
certain amount

Manage Your Debit Card and Account

• Freeze or lock your card

• Request a card replacement

• Update your address

• Monitor and manage fraud alerts

• Notify your bank of travel dates

Saving and Budgeting

• Open new accounts

• Set up savings goals

• Use budgeting tools

• Analyze your spending

Manage Credit and Loans

• Make and track payments and balances

• Track your credit score, if credit monitoring is included

Even if you mostly do online banking, it can be a good idea to maintain a bank account at a
brick-and-mortar financial institution. You may find yourself needing to visit a branch for
things like:
 • Getting a cashier’s check quickly for a used car down payment.

• Completing a wire transfer for a home down payment because it exceeds your account's
online daily wire transfer limit.

• Depositing a check that wasn’t accepted for mobile banking.

Pros and Cons of Online Banking

Online banking is embraced by many people because of how convenient it usually is, even if
it lacks some features, like cash deposits. You also tend to get the best interest rates for deposit
accounts (checking, savings, certificates of deposit) with online-only banks and credit unions,
so online banking can help you grow your money.

Here are some more advantages and disadvantages of online banking.

Pros

• Convenience: Being able to manage your money anytime, anywhere there’s a safe
internet connection is generally much more convenient than visiting a bank. That’s
especially true for simple tasks like transferring money between accounts or paying
bills.

• Real-time account monitoring: Logging in to your account lets you check your
balance, review transactions, set account alerts, and more. This easy access helps you
stay on top of your finances and spot any potential issues early.
• Fast transactions: Paying bills online is quicker than mailing checks, and transfers
between internal accounts, such as from your checking account to your savings account,
are instant.

Cons

• Internet and tech dependence: While online banking is convenient, it might not work
if the internet is down or the connection is bad. People less familiar with technology
might struggle to use online banking.

• No cash deposits: There’s no way to deposit cash with online banking. For that, you
still need a trip to a bank or a cash-accepting ATM that’s part of your bank’s network.

• Security risks: Online banking is secure, but there’s always a risk of hacking, phishing
scams, or identity theft.