E-commerce Question Bank for PT2

1. Define the term Intellectual Property. Discuss the techniques to protect Intellectual
Properly in E-Commerce. 4/6
Answer:

Intellectual Property Rights (IPR) are legal protections given by the government to individuals or
companies for their original creations or inventions. These rights help creators protect their work from being
copied or used without permission. Intellectual property includes things like inventions, designs, brand
names, logos, and creative content.

There are four main types of intellectual property rights:

1. Copyright – It protects original works like books, music, computer software, website content, and
artistic material. The creator gets the right to control how their work is used or shared.
2. Patent – A patent gives the inventor the exclusive right to make, use, or sell their invention for a
certain number of years. The invention must be new, useful, and original.
3. Trademark – Trademarks protect names, logos, slogans, or symbols used to identify a brand or
product. For example, the Apple logo or McDonald’s "M" are protected by trademarks.
4. Trade Secret – This includes confidential business information like recipes, formulas, or processes.
A trade secret is protected as long as it remains secret and gives a business an advantage.

2. Describe six dimensions of Security in E-Commerce Also give example of each. 6

Answer:
There are six key dimensions to e-commerce security: integrity, non-repudiation, authenticity,
confidentiality, privacy, and availability.
a. Integrity
Integrity refers to the ability to ensure that information being displayed on a website, or transmitted or
received over the Internet, has not been altered in any way by an unauthorized party. It maintains the
consistency, accuracy, and trustworthiness of the information over its entire life cycle.
For example, if an unauthorized person intercepts and changes the contents of an online
communication, such as by redirecting a bank wire transfer into a different account, the integrity of the
message has been compromised because the communication no longer represents what the original
sender intended.

b. Non-repudiation
It refers to the ability to ensure that e-commerce participants do not deny (i.e., repudiate) their online
actions. Good business depends on both buyers and sellers. They must not deny any facts or rules
once they accept that there should not be any repudiation.
Example: When a merchant doesn’t have enough proof of customers who have ordered with them
during a credit card payment transaction, it will not be processed further to the merchant.

c. Authenticity
It refers to the ability to identify the identity of a person or entity with whom you are dealing on the
Internet. In ecommerce, since both the customer and seller need to trust each other, they must
remain as who they are in real. Both the seller and buyer must provide proof of their original identity
so that the ecommerce transaction can happen securely between them.
Example: Some users can use a fake email address to access any of the ecommerce services.
d. Confidentiality
Confidentiality refers to protecting information from being accessed by an unauthorized person on the
internet. In other words, only the people who are authorized can gain access to view or modify or use
the sensitive data of any customer or merchants.
Example: Ecommerce uses a username and password to login to their account. Let’s consider this case
for resetting the password, where an ecommerce site sends a one-time password to their customer in
email or phone number if someone else reads it.

e. Privacy
Privacy is used to control the usage of information by the customers that they have given to the
merchant. Privacy deals with the use of information shared during an online transaction.
Consumers want to limit the extent to which their personal information can be divulged to other
organizations, while merchants want to protect such information from falling into the wrong hands.
Example: If a hacker breaks into the ecommerce site, they can gain access to the customer credit card
details or any other customer information. This also violates information confidentiality and personal
privacy.

f. Availability
Continuous availability of the data is the key to provide a better customer experience in ecommerce.
Data which is present on the website must be secured and available 24x7x365 for the customer without
downtime.
Example: An ecommerce website can be flooded with useless traffic that causes to shut down your site,
making impossible for the user to access the site.

Describe briefly the working of protocols used in securing E-Commerce payment

transactions. 4/6 Answer:
1. SSL – secure socket layer
• SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an
internet connection secure and safeguarding any sensitive data that is being sent between two
systems, preventing criminals from reading and modifying any information transferred, including
potential personal details.
• The two systems can be a server and a client (for example, a shopping website and browser) or
server to server (for example, an application with personally identifiable information or with
payroll information).
• It does this by making sure that any data transferred between users and sites, or between two
systems remains impossible to read.
• It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it
is sent over the connection.

2. SET – secure electronic transaction

• Secure Electronic Transaction or SET is a system that ensures security and integrity of
electronic transactions done using credit cards in a scenario.
• SET is not some system that enables payment but it is a security protocol applied to those
payments.
 • It uses different encryption and hashing techniques to secure payments over the internet done
through credit cards.
• SET protocol restricts the revealing of credit card details to merchants thus keeping hackers
and thieves at bay.

3. TLS – transport layer security

• Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications
security over a computer network.
• The TLS protocol aims primarily to provide privacy and data integrity between two or more
communicating computer applications.
• It encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to
see what you transmit which is particularly useful for private and sensitive information such as
passwords, credit card numbers, and personal correspondence.
• TLS encryption can help protect web applications from data breaches and other attacks.

4. HTTPS – hypertext transfer protocol secure

• Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol
(HTTP).
• It is used for secure communication over a computer network and is widely used on the
Internet.
• The principal motivations for HTTPS are authentication of the accessed website, and protection
of the privacy and integrity of the exchanged data while in transit.
• It protects against man-in-the-middle attacks, and the bidirectional encryption of
communications between a client and server protects the communications against
eavesdropping and tampering.
4.
Describe any four threats of an E-Commerce website. Suggest the remedial actions for the same.
4/6
Answer:

1. Financial frauds
Ever since the first online businesses entered the world of the internet, financial fraudsters have been
giving businesses a headache. There are various kinds of Financial frauds prevalent in the e-
commerce industry
a. Credit Card Fraud
b. Fake Return & Refund Fraud

2. Phishing
Several e-commerce shops have received reports of their customers receiving messages or emails from
hackers masquerading to be the legitimate store owners. Such fraudsters present fake copies of your
website pages or another reputable website to trick the users into believing them. Remedies: Do not
click on any links listed in the email message, and do not open any attachments contained in a
suspicious email. Do not enter personal information in a pop-up screen

3. Spamming
Some bad players can send infected links via email or social media inboxes. They can also leave these
links in their comments or messages on blog posts and contact forms. Once you click on such links,
they will direct you to their spam websites, where you may end up a victim.
Remedies: Apart from lowering your website security, spamming also reduces its speed and severely
affects performance. Increase the security.

4. DOS & DDoS Attacks

Many e-commerce websites have incurred losses due to disruptions in their website and overall sales
because of DDoS (Distributed Denial of Service) attacks. What happens is that your servers receive a
deluge of requests from many untraceable IP addresses causing it to crash.
Remedies: Securing Your Network Infrastructure may reduce the chance of dos and ddos attacks
and also try the warning signals.

stages of E-Commerce Security plan with suitable diagram. 4/6

The five steps of developing an e-commerce security plan include:
1. Perform a risk assessment - involves looking at the possible risks that the website is exposed to.
The vulnerability of the website needs to be tested by professionals for the development of a security
policy that can be implemented in many ways.

2. Develop a security policy - involves the development of the different way in which different
security breaches will be dealt with on the e-commerce platform. It is depictive of the significant
analysis of the risk assessment and the possible ways of mitigating the identified risks of the e-
commerce platform.

3. Develop an implementation plan for the security policy - the implementation plan involves the
significant mitigation methods for the identified risks and how they can be actualized on the given
website or e-commerce platform. This would involve bringing in technical expertise on how to make
the security robust and ensure the privacy of user data and activity on the website.

4. Create a security organization - security of the e-commerce platform is a very significant issue that
needs an in-house IT department to take care of. There should be technicians on call to constantly
check the security of the e-commerce platform at all times. Their responsibilities will be dedicated to
maintaining the security of the e-commerce platform.

5. Perform a detailed security audit - a security audit majorly involves looking at the logs of the
transactions and user activity on the website to check for any fraudulent activity that could be
jeopardizing the user data or financial transaction data on the e-commerce platform in a way that
makes it available to unauthorized parties.

working of digital certificate (with suitable diagrams) in details. 4/6

i. Digital certificates, and the supporting public key infrastructure, are an attempt to solve this
problem of digital identity.
ii. A digital certificate is a digital document issued by a trusted third-party institution known
as a certification authority (CA) that contains the name of the subject or
company, the subject’s public key, a digital certificate serial number, expiration date, and
issuance date, the digital signature of the certification authority (the name of the CA
encrypted using the CA’s private key), and other identifying information.
iii. Worldwide, thousands of organizations issue CAs. A hierarchy of CAs has emerged with
lesswell-known CAs being certified by larger and better-known CAs, creating a community of
mutually verifying institutions.
iv. Public key infrastructure (PKI) refers to the CAs and digital certificate procedures that are
accepted by all parties.
v. When you sign into a “secure” site, the URL will begin with “HTTPS” and a closed lock icon will
appear on your browser. This means the site has a digital certificate issued by a trusted CA. vi.
To create a digital certificate, the user generates a public/private key pair and sends a request
for certification to a CA along with the user’s public key. vii. The CA verifies the information
(how this is accomplished differs from CA to CA). The CA issues a certificate containing the user’s
public key and other related information. viii. Finally, the CA creates a message digest from the
certificate itself (just like a hash digest) and signs it with the CA’s private key.
ix. This signed digest is called the signed certificate. We end up with a unique cypher text
document—there can be only one signed certificate like this in the world
 E- Cash Payment system with suitable diagram. discuss its merits and demerits.

1. E-cash or digital cash is a general term that describes any value storage and exchange system
created by a private (non-governmental) entity that does not use paper documents or coins
and that can serve as a substitute for government-issued physical currency.
2. There is a need for common standards among all electronic cash issuers so that one issuer’s
electronic cash can be accepted by another issuer. Small purchases are not profitable for
merchants that accept only credit cards for payment.
3. There is a market for small purchases on the Internet—purchases below $10. This is one
potentially significant market for electronic cash. With very low fixed costs, electronic cash
provides the promise of allowing users to spend, for example, 50 cents for an online
newspaper, or 80 cents to send an electronic greeting card.
Merits:
• We can transfer funds, purchase stocks, and offer a variety of other services without having to
handle physical cash or checks as long as bank is providing such services online.
• Consumers will have greater privacy when shopping on the Internet using electronic money instead
of ordinary credit cards.
Demerits :
• Hackers with good skill able to hack into bank accounts and illegally retrieve of banking records has
led to a widespread invasion of privacy and has promoted identity theft.
• Provides no audit trail. That is, it cannot be easily traced.

8. Debit cards 3
Answer:

1. A debit card is a payment card that deducts money directly from a consumer’s checking account
when it is used. Instead of charging purchases against a credit line, a debit card removes the
amount of the sale from the cardholder’s bank account and transfers it to the seller’s bank
account.
2. Debit cards are issued by the cardholder’s bank and usually carry the name of a major credit
card issuer, such as Visa or MasterCard, by agreement between the issuing bank and the credit
card issuer.
3. By branding their debit cards (with the Visa or MasterCard name), banks ensure that their debit
cards will be accepted by merchants who recognize the credit card brand names.
4. Debit Cards can be used to buy goods or services; or to get cash from an automated teller
machine or a merchant who'll let you add an extra amount onto a purchase.

9. Wallet 3 Answer:

An electronic wallet holds credit card numbers, electronic cash, owner identification, and owner
contact information and provides that information at an electronic commerce site’s checkout counter.
Electronic wallets give consumers the benefit of entering their information just once, instead of
having to enter their information at every site with which they want to do business. Electronic wallets
make shopping more efficient. When consumers select items to purchase, they can then click their
electronic wallet to order the items quickly.
Most important functions:
• Authenticate consumer through use of digital certificates or other encryption methods.
• Store and transfer value.
• Secure payment process from consumer to merchant.
• Electronic wallets fall into two categories based on where they are stored - A server-side electronic
wallet stores a customer’s information on a remote server belonging to a particular merchant or
wallet publisher. Examples: MSN Wallet, Microsoft’s Passport.
• A client-side electronic wallet stores a consumer’s information on his or her own computer.
Examples: Gator.com, MasterCard Wallet.

10. Credit cards 3/4 (payment options can be combined in one question)
Answer:
1. Transaction Processing:
o This stage involves collecting operational data from various customer touch points. These
touch points include telephone interactions, sales force interactions, website visits, in-store
purchases, social network engagements, and mail communications.
o The servers represent the infrastructure handling these transactions.
2. Data Aggregation:
o After collecting data, the system aggregates it. This process includes cleaning and organizing
the data. o The cleaned data is stored in a customer database or data warehouse (depicted by
the servers).
3. Business Intelligence:
o In this phase, analysts work with the aggregated data. o They perform tasks such as data
mining, analysis, reporting, and modelling.
o The insights gained from this process inform business decisions.
4. Marketing Campaign Management:
o The insights derived from business intelligence are applied here. o Marketers use
them to manage marketing campaigns effectively.
o This includes advertising campaign management and behavioural targeting.
5. Customer Touch Points:
o The icons below the main flow represent various channels through which customers interact
with the business:
▪ Telephone
▪ Sales force (people)
▪ Website (a webpage)
▪ In-store (shopping cart)
▪ Social networks (people connecting)
▪ Mail (a mail van)
11. Explain in brief CRM systems. 6
Answer:

1. Transaction Processing: Transaction processing involves the collection of operational data from
various customer touch points. These touch points can include interactions such as purchases made
via telephone, sales made by the sales force, orders placed on the website, in-store transactions,
engagements on social networks, and responses to mail campaigns. This data collection is essential
for businesses to understand customer behaviour, preferences, and trends.
2. Data Aggregation: Once the data is collected, it undergoes a process of cleaning and organization
before being stored in a central location such as a customer database or data warehouse. Data
cleaning involves tasks like removing duplicates, correcting errors, and standardizing formats to
ensure data accuracy and consistency. Aggregating the data into a centralized repository enables
businesses to access a comprehensive view of their customers' interactions and history.
3. Business Intelligence (BI): Business Intelligence refers to the technologies, processes, and tools used
by analysts and decision-makers to extract insights from the aggregated data. This involves data
mining techniques to discover patterns, analysis to derive meaningful conclusions, reporting to
visualize the findings, and modelling to predict future trends or outcomes. BI empowers businesses
to make informed decisions, optimize processes, and identify opportunities for growth based on
data-driven insights.
4. Marketing Campaign Management: The insights gained from business intelligence are crucial for
effective marketing campaign management. Marketers use these insights to plan, execute, and
evaluate marketing and advertising campaigns. This includes segmenting customers based on their
behaviour and preferences, creating personalized messaging through behavioural targeting, and
optimizing campaign performance through continuous analysis and refinement. By leveraging data
driven strategies, businesses can enhance customer engagement, drive conversions, and improve
overall marketing ROI.
12. Describe the importance of branding. 4 Answer:

• Branding is a marketing practice in which a company creates a name, symbol or design that is
easily identifiable as belonging to the company.
• This helps to identify a product and distinguish it from other products and services. Branding is
important because not only is it what makes a memorable impression on consumers but it
allows your customers and clients to know what to expect from your company.
• It is a way of distinguishing yourself from the competitors and clarifying what it is you offer
that makes you the better choice.
• Your brand is built to be a true representation of who you are as a business, and how you wish
to be perceived. Crafting a killer brand can have a massive impact on your business. It unites
everyone working on the project and gives the business a common goal and focus, beyond
selling product.
• If your ecommerce business has many competitors, a brand can help you stand out from the
rest and provide a competitive advantage. A known and respected brand name can present to
potential customers a powerful statement of quality, value, and other desirable qualities in
one recognizable element. Branded products are easier to advertise and promote, because
each product carries the reputation of the brand name. Some Other Importance of Branding
are
1. Creates Consumer Preference for The Product or Service Behind The Brand
2. Generates Increased Revenues and Market Share
3. Helps the Company Survive Temporary Crises
4. Expands the Organization’s Estimated Worth

13. Describe/enlist basic marketing concepts needed to understand

internet marketing.4/6 Answer:

Internet marketing refers to the strategies used to market products and services online and through
other digital means. Some of them are –
1. Search Engine Optimization (SEO): SEO It is the practice of adapting and creating web content to
result in higher search engine rankings. Since Google and other search engines never clearly state
how their algorithms work it’s a constant effort to keep websites up to date and ahead of the
pack.
2. Social media: Twitter, Facebook, LinkedIn, Instagram, YouTube, Tumblr are all forms of social
media. But to be a capable internet marketer you will need to learn how to use these platforms to
promote businesses.
3. Content Marketing: Understanding how you can create useful and shareable content to create
value for prospects is a key element that you should dedicate a lot of your study time to.
4. Email Marketing: It comprises building a subscribers list and sending emails to the target audience.
5. Content Optimization: Whether it is a website, social media platforms or emails, the quality,
consistency, relevance and frequency of updating of content plays a crucial role. Nobody likes
information which is poorly written in context and full of grammatical errors!
6. Pay-Per-Click (PPC) Advertising: Pay per Click is a common online advertising model where
payment is purely based on how many people click through (another term you need to
understand) from an ad.
 14. Identify and describe main technologies that support online marketing. 6
Answer:
• Web transaction logs-records that document user activity at a Web site

• Transaction logs-coupled with data from the registration forms and shopping cart database , these
represent a treasure trove of marketing information for both individual sites and the online industry as a
whole.

• Cookies-small text files that Web sites place on visitors' client computers every time they visit, and
during the visit, as specific pages are visited. Cookies provide Web marketers with a very quick means
of identifying the customer and understanding his or her prior behaviour at the site.

• Web bugs-tiny (1 pixel) graphic files hidden in marketing e-mail messages and on Web sites. Web
bugs are used to automatically transmit information about the user and the page being viewed to a
monitoring server.

• Databases, data warehouses, data mining, and "profiling"-technologies that allow marketers to
identify exactly who the online customer is and what they want, and then to present the customer
with exactly what they want, when they want it, for the right price.
• CRM systems-a repository of customer information that records all of the contacts that a customer
has with a firm and generates a customer profile available to everyone in the firm who has a need to
"know the customer."

15. Explain the working of firewall with suitable diagram. 6

Answer:

A firewall is a part of computer system or network that is designed to block unauthorized access while
permitting authorized communications. It is a device or set of devices configured to permit, deny,
encrypt, decrypt, or proxy all (in and out) computer traffic between different security domain based
upon a set rules and other criteria. Firewalls can be implemented in either hardware or software, or a
combination of both. Firewalls are frequently used to prevent unauthorized internet users from
accessing private networks connected to the internet, especially intranets. All messages entering or
 leaving the intranet pass through the firewall, which examines each messages and block those that do
not meet the specified security criteria. The firewall controls traffic to and from servers and clients,
forbidding communications from untrustworthy sources, and allowing other communications from
trusted sources to proceed. Firewall match the network traffic against the rule set defined in its table.
Once the rule is matched, associate action is applied to the network traffic.
16. Compare and contrast permission marketing and affiliate
marketing. 3/4 Answer:

Aspect Affiliate Marketing Permission Marketing

Marketing where firms pay commissions to Advertising where the audience opts
Definition other websites for sending customers to their in to receive promotional messages.
site.
Pay-for-performance (paid when users click Opt-in (audience chooses to receive
Payment Structure
on a link or make a purchase). messages).
Cost-effective as payment is based on actual Cost-effective as it targets interested
Cost-effectiveness
performance. audiences only.
Affiliate websites click on ads and direct users Opt-in email subscriptions for
Common Practices
to the advertiser's site. receiving updates.
Amazon pays affiliates a percentage of sales Opt-in email subscriptions for
Example
generated within 24 hours of a visitor's click. receiving marketing offers.

17. Describe product/customer based marketing strategies. 4/6

Answer:

Product-Based Strategies:
• Product-based marketing strategies focus on a company’s product offering rather than any
particular customer.
• General product-based marketing strategies are used by retail outlets and companies that wish
to sell a large selection of merchandise to a large swath of the consumer market.
• Since there are so many items and so many potential customers, more targeted techniques
would not be an efficient way to go.
• Examples of universal goods include toilet paper and Coca-Cola. All segments of the population
are potential customers for toilet paper, and Coca-Cola is the largest soft drink company on the
planet.
Customer-Based Strategies:
• Initially, the market of potential customers is divided into various segments based on criteria
that are meaningful to the company's brand. Demographics such as income, age, gender and
occupation are some of the most widely used market segmentation qualities.
• This market research finds the customers most likely to purchase the company's existing or
planned products, then builds a profile describing how to reach and engage those customers.
• The company's marketing mix, including the features of the product itself, are tailored toward
the customer segments chosen. General customer-based marketing attempts to create
relationships between the product and/or the brand and the consumer.
 • It may involve special discounts for repeat customers, high levels of customer service and loyalty
programs open to the general public.
• Example: Amazon greets registered visitors (based on cookie files) and recommends recent
books based on user preferences (stored in a user profile in their database) as well as what other
consumers purchased, and expedite checkout procedures based on prior purchases.

18. Working of SET protocol 6 Answer:

1. Customer Initiates Purchase:

• The process begins when a customer decides to make a purchase online.

• The customer selects items, adds them to the shopping cart, and proceeds to checkout.

2. Merchant’s Server and Payment Gateway:

• The customer’s payment information is sent to the merchant’s server.

• The merchant’s server communicates with the payment gateway, which securely handles the
transaction.

3. Payment Gateway Interaction:

 • The payment gateway interacts with the customer’s bank (issuer bank) and the merchant’s bank
(acquirer bank).

• It sends an authorization request to the customer’s bank to verify the card details and available
funds.

• The customer’s bank responds with an authorization code or decline message.

4. Merchant’s Response:

• The payment gateway informs the merchant’s server about the transaction status.

• If authorized, the merchant’s server processes the order and notifies the customer.

5. Merchant’s Bank Settlement:

• The merchant’s bank settles the transaction by transferring funds from the customer’s bank.

• Settlement involves debiting the customer’s account and crediting the merchant’s account.

6. Customer Receives Confirmation:

• The customer receives an order confirmation and payment receipt.

• The transaction is complete, and the customer can access the purchased goods or services.

19. Discuss common security threats for ecommerce transactions 4/6

Answer:

The most common and most damaging forms of security threats to e-commerce consumers and site
operators: malicious code, potentially unwanted programs, phishing, hacking and cyber vandalism,
credit card fraud/theft, spoofing, pharming, and spam (junk) Web sites (link farms), identity fraud,
Denial of Service (DoS) and DDoS attacks, sniffing, insider attacks, poorly designed server and client
software, social network security issues, mobile platform security issues, and finally, cloud security
issues.

• Malicious code
It includes a variety of threats such as viruses, worms, Trojan horses, ransomware, and bots. Some
malicious code sometimes referred to as an exploit, is designed to take advantage of software
vulnerabilities in a computer’s operating system, Web browser, applications, or other software
components.

• Pharming
Its objective is to convince you to visit a malicious and illegitimate website by redirecting the legitimate
URL. You may then give your personal information to this malicious person.

• Phishing
Phishing in unfortunately very easy to execute. It consists of fake emails or messages that look
exactly like emails from legitimate companies. You are deluded into thinking it’s the legitimate
company and you may enter your personal and financial information.

• Ransomware
 Hackers sneak into computers and restrict the access to your system and files. Then they ask for a
payment in exchange for regaining access to your system.

• Trojan Horse
A Trojan Horse is a malicious program that looks like a legitimate software. While installed on your
computer it runs automatically and will spy on your system, or delete your files.

• Distributed denial-of-service attack [DDOS]

The attack strategy is to contact a specific website or server over and over again. It increases the
volume of traffic and shuts down the website / server. The malicious user usually uses a network of
zombie computers.

• Malware
This is the common name given to several security threats that infiltrate and damage your computer.

• Virus
A virus is always hidden in a legitimate software or website and infects your computer as well as the
computers of everyone in your contact list.

20. Describe why Active X controls security is important? How is it done? 3/4
Answer:

ActiveX is a software framework from Microsoft that allows applications to share functionality and data
with one another through web browsers, regardless of what programming language they are written in
ActiveX add-ons allowed early web browsers to embed multimedia files or deliver software update to
users. Microsoft warns ActiveX controls can sometimes malfunction or give users content they want.
They can also be used to install software, virus malware or damage the data on your computer. For this
reason, it is important to only install Active X controls from source you trust.
ActiveX controls takes action against the local workstation such as copying, deleting or modifying
system files. ActiveX components can handle file download and installation for the computer user.
Although this is handy malware takes full advantage of it whenever it can.
For example, a manufacturing firm might build a web application to track product inventory and
provide managers with updated details about the inventory. To support this functionality, the
application could include an ActiveX control that gives users reports on inventory levels and trends.

21. Differentiate between worms and viruses. 3 Answer:

Viruses Worms
It is a program that latches itself onto an executable It is a standalone program and does not need an
file. executable file
A virus infects a file and uses it as a host from which A worm usually spreads from one computer to the
to infect other files. other
The rate of virus to spread is relatively slow Worms use the network usually to propagate
between computers.
 Viruses generally come from the shared or Worms generally comes from the downloaded files
downloaded files. or through a network connection.
It does not need human action to replicate. It needs human action to replicate
Example: Stuxnet virus - It was designed to target Example: Conficker worm - It emerged in 2008 and
Iran's nuclear program, specifically centrifuges used infected millions of computers worldwide by
for uranium enrichment exploiting vulnerabilities in Microsoft Windows.

22. Explain Client side and server-side threats to e-com websites. 3/4 Answer:

• Malicious Code:
• Virus: A virus is a computer program that has the ability to replicate or make copies of itself, and
spread to other files. In addition to the ability to replicate, most computer viruses
deliver a “payload.” The payload may be relatively benign, such as the display of a message or
image, or it may be highly destructive—destroying files, reformatting the computer’s hard drive,
or causing programs to run improperly.
• Worms spread from computer to comp without human intervention A worm does not necessarily
need to be activated by a user or program in order for it to replicate itself
• Ransomware (scareware) is a type of malware (often a worm) that locks your computer or files to
stop you from accessing them. Ransomware will often display a notice that says an authority such as
the FBI, Department of Justice, or IRS has detected illegal activity on your computer and demands
that you pay a fine in order to unlock the computer and avoid prosecution.
• A Trojan horse appears to be benign, but then does something other than expected. The Trojan
horse is not itself a virus because it does not replicate, but is often a way for viruses or other
malicious code such as bots or rootkits (a program whose aim is to subvert control of the
computer’s operating system) to be introduced into a computer system.

1. Phishing
2. Keylogging
3. Cross-Site Scripting (XSS)
4. Malware Injection

🛡️Server-Side Threats (4 names):

1. SQL Injection
2. Denial of Service (DoS/DDoS)
3. Man-in-the-Middle Attack (MITM)
4. Brute Force Attack
23. Define phishing. Suggest the remedial action for this threat. 3
Answer:

• Produce the Faked Website: The attacker creates a counterfeit website that mimics a legitimate
one to capture personal information.
• Install the Faked Website: This fake website is set up to be accessible to potential victims.
• Send the Email: The attacker sends an email to the user, which contains links or prompts leading to
the fake website.
• Connect the Faked Server: When the user interacts with the fake website, their personal
information is leaked and captured by the faked server.
• Derive Connection to Regular Server: The faked server may connect to a regular server to obscure
the attack’s trail.
• Steal the Personal Information: The attacker accesses the faked server to steal the user’s personal
information.
• Connect Finance Website: Using the stolen information, the attacker may attempt to access
financial websites to conduct fraudulent transactions.

24. Describe in details the working of SSL. 4/6

Answer:
Working of SSL protocol:

1. Handshake Initiation:
• The SSL handshake begins when a client (such as a web browser) sends a request to
establish a secure connection to a server. This request typically includes the URL of the
server and the SSL/TLS version supported by the client.
• The "Client Hello" message sent by the client contains cryptographic algorithms and cipher
suites it supports, allowing the server to choose the most secure option for communication.
• The client may include extensions in the "Client Hello" message, such as supported elliptic
curves or key lengths, to further negotiate the parameters of the SSL/TLS connection.

2. Server Response:
• Upon receiving the "Client Hello" message, the server responds with a "Server Hello"
message, selecting the highest SSL/TLS version and cipher suite that both the client and
server support.
• The server sends its digital certificate, which includes its public key and is signed by a trusted
Certificate Authority (CA). This certificate allows the client to verify the server's identity.
• The server may also include server-specific extensions in the "Server Hello" message, such
as session ticket information for session resumption or supported ALPN (Application-Layer
Protocol Negotiation) protocols.

3. Client Authentication (Optional):

• In cases where the server requires client authentication (mutual SSL), the server requests a
digital certificate from the client.
• The client sends its digital certificate, proving its identity to the server. The server verifies
this certificate using the CA's public key, ensuring the client's authenticity.
• If client authentication is not required, this step is skipped, and the SSL handshake proceeds
with the key exchange.
4. Key Exchange:
• After the server's identity is verified, it sends its public key to the client. The client uses this
key to encrypt a pre-master secret, ensuring that only the server can decrypt it.
• The client sends the encrypted pre-master secret to the server. Both client and server now
possess the pre-master secret, which is used to derive the session key.
• The key exchange process may use different algorithms, such as RSA, Diffie-Hellman, or
Elliptic Curve Diffie-Hellman (ECDH), based on the negotiated cipher suite.

5. Session Key Generation:

• Both client and server independently derive the session key from the pre-master secret
using a secure key derivation function, such as the Diffie-Hellman key exchange.
• The session key is unique to the SSL session and is not transmitted over the network,
ensuring its confidentiality.
• The session key may be periodically renegotiated or refreshed to enhance security and
prevent potential attacks based on long-term key compromise.

6. Secure Data Transfer:

• With the session key established, both client and server can communicate securely by
encrypting data using symmetric encryption algorithms (e.g., AES) with the session key.
• Data exchanged between client and server is encrypted before transmission and decrypted
upon receipt, ensuring the confidentiality and integrity of the communication throughout
the SSL session.
• The SSL/TLS protocol includes mechanisms for message authentication codes (MACs) and
secure record protocols to protect against tampering and replay attacks during data
transfer.

25. Enlist the factors affecting the consumer behaviour end explain in brief. 3
Answer:
Consumer behaviour a social science discipline that attempts to model and understand the behaviour of
humans in a marketplace. Models of consumer behaviour attempt to predict or explain what consumers
purchase, and where, when, how much, and why they buy. Factors that impact buying behaviour
include:
• Cultural factors
• Social factors
• Psychological factors
Cultural Factors:
• Culture shapes values, beliefs, and behaviours, influencing how individuals dress, eat, and
make purchasing decisions.
• Family and societal influences determine consumer habits, such as quantity buying in
combined or nuclear families.
Social Factors:
• Social influences, like status and reference groups, impact consumer behaviour.
• Purchase decisions are influenced by income levels, status, and the opinions of family, friends,
and peers.
Psychological Factors:
• Perception levels, influenced by needs, motivation, and learning, vary among consumers.
• Beliefs and attitudes affect buying decisions, emphasizing the importance of understanding
individual thinking patterns for marketers.

26. With a neat diagram, explain the process of electronic payment. 4 Answer:

1. Initiation: The process begins when a customer initiates a payment for goods or services purchased
online.
2. Merchant's Website: The customer visits the merchant's website and selects the items they want to
purchase.
3. Checkout: At the checkout page, the customer enters their payment information, which typically
includes credit/debit card details, e-wallet information, or bank account details.
4. Encryption: The payment information is encrypted to ensure secure transmission over the internet.
This step is crucial for protecting sensitive data from unauthorized access.
5. Payment Gateway: The encrypted payment data is then sent to a payment gateway. The payment
gateway acts as an intermediary between the merchant's website and the financial institutions
involved in the transaction.
6. Authorization: The payment gateway forwards the payment request to the customer's bank or card
issuer for authorization. The bank/card issuer checks the availability of funds and verifies the
transaction's legitimacy.
7. Approval/Decline: Based on the authorization response, the payment gateway either approves or
declines the transaction. If approved, the customer receives a confirmation of the successful
payment.
8. Transaction Settlement: The approved transaction is settled, meaning that the funds are
transferred from the customer's account to the merchant's account.
 9. Confirmation: Both the customer and the merchant receive confirmation of the completed
transaction.

Example Diagram

27. Discuss various forms of intellectual property and the challenges to protect it.
Answer:

Intellectual property (IP) refers to creations of the mind, such as inventions, literary and artistic works,
designs, symbols, names, and images used in commerce. In the context of e-commerce, there are
several forms of intellectual property that businesses need to protect:
• Trademarks: These are symbols, names, or slogans used to identify and distinguish products or services
in the market. Challenges in protecting trademarks in e-commerce include domain name squatting
(registering a domain name with the intent to profit from selling it) and counterfeiting (selling
counterfeit products under a well-known trademark).
• Copyrights: Copyright protects original works of authorship, such as writings, music, and artwork. In
ecommerce, challenges arise from digital piracy, where copyrighted material is illegally distributed or
reproduced without permission.
• Patents: Patents protect inventions and grant the inventor exclusive rights to use, make, and sell the
invention for a limited period. Challenges in patent protection for e-commerce include patent trolls
(entities that acquire patents solely to enforce them against alleged infringers for financial gain) and the
complexity of patenting software and business methods.
• Trade Secrets: These are confidential business information that provides a competitive advantage and is
not generally known to the public. Challenges in protecting trade secrets in e-commerce include the risk
of unauthorized access through cyber-attacks or insider threats.

28. Enlist and explain in brief the major social and ethical issues raised by E-commerce. 4
Answer:
The major ethical, social, and political issues that have developed around e-commerce over the past 10 years can
be loosely categorized into four major dimensions: information rights, property rights, governance, and
public safety and welfare. Some of the ethical, social, and political issues raised in each of these areas include
the following:
• Information rights: What rights to their own personal information do individuals have in a public
marketplace, or in their private homes, when Internet technologies make information collection so
pervasive and efficient? What rights do individuals have to access information about business firms and
other organizations?
• Property rights: How can traditional intellectual property rights be enforced in an Internet world where
perfect copies of protected works can be made and easily distributed worldwide in seconds? •
Governance: Should the Internet and e-commerce be subject to public laws? And if so, what law-making
bodies have jurisdiction—state, federal, and/or international?
• Public safety and welfare: What efforts should be undertaken to ensure equitable access to the Internet
and e-commerce channels? Should governments be respon sible for ensuring that schools and colleges
have access to the Internet? Are certain online content and activities—such as pornography and gambling
—a threat to public safety and welfare? Should mobile commerce be allowed from moving vehicles?

29. Describe the key features of internet audience in terms of marketing. 4/6
Answer:
• Intensity and scope of use. Both are increasing, with almost 70% of adult users in the United States
logging on in a typical day and engaging in a wider set of activities, including sending and reading e-mail,
gathering hobby-related information, catching up on news, browsing for fun, buying products, seeking
health information, conducting work-related research, and reviewing financial information.
• Demographics and access. Although the Internet population is growing increasingly diverse, some
demographic groups have much higher percentages of online usage than other groups, and different
patterns of usage exist across various groups.
• Gender. Although men accounted for the majority of Internet users in 2000, today a fairly equal
percentage of both men (71%) and women (70%) use the Internet.
• Ethnicity. Variation across ethnic groups is not as wide as across age groups. In 2007, Hispanics had the
highest Internet access rates, at 75%, with whites at 73% and African-Americans at 62%. Hispanics and
African-Americans are both going online at higher rates than whites.
• Education. Amount of education seems to make a difference when it comes to online access. Of those
individuals with less than a high school education, about 40% were online in 2007, while 91% of
individuals with a college degree or more were online.
• Lifestyle impacts. Intensive Internet use may cause a decline in traditional social activities. The social
development of children who use the Internet intensively instead of engaging in face-to-face
interactions or undirected play out of doors may also be negatively impacted.
• Media choices. The more time individuals spend using the Internet, the less time they spend using
traditional media.

30. Describe basic E-comm marketing and branding strategies. 4/6 Answer:
The marketing technologies described above have spawned a new generation of marketing
techniques and added power to some traditional techniques.

• Internet marketing strategies for market entry for new firms include pure clicks/first-mover and
mixed bricks-and-clicks/alliances; and for existing firms include pure clicks/fast-follower and mixed
bricks-and-clicks/brand extender.

• Online marketing techniques to online customers include the use of advertising networks, permission
marketing, affiliate marketing, viral marketing, blog marketing, social network marketing, and brand
leveraging.

• Online techniques for strengthening customer relationships include one-to-one marketing,

customization and customer co-production, transactive content, and customer service (such as
CRMS, FAQS, live chat, intelligent agents, and automated response systems).

• Online pricing strategies include offering products and services for free, versioning, bundling, and
dynamic pricing.
• Companies operating in the e-commerce environment must also have marketing strategies in place
to handle the possibility of channel conflict

31. With a neat diagram describe the “feature set” of Product/service for marketing. 4/6 Answer:

A central task of marketing is to identify and then communicate to the customer the unique,
differentiated capabilities and services of a product or service's feature set. Figure 6.7 illustrates the three
levels of a product or service: core, actual, and augmented. Although the example given is for a physical
product, the concept applies equally to a digital product or service.
The core product is at the center of the feature set. The core product is the core benefit the customer
receives from the product. Let's say, for example, that the core product is a cell phone. The actual product
is the set of characteristics designed to deliver the product's core benefits. Marketers must identify the
features of the cell phone that differentiate it from those of other manufacturers. In the case of a "cell
phone" like Apple's iPhone, the actual product is a cell phone and music player with a wide screen that
connects through wireless networks to the Internet. It comes with the Apple name and with certain
features and capabilities, such as high-speed network connectivity, large screen for Web browsing, design
ele- gance, extraordinary packaging, and selected utility programs. The augmented prod- uct is a product
with additional benefits to customers beyond the core benefits embodied in the actual product.
32. Discuss tools responsible for information gathering and their impact on the Privacy.
4/6 Answer:

Tools responsible for information gathering in e-commerce can have a significant impact on privacy. Here
are some key tools and their implications:
• Cookies: Cookies are small text files stored on a user's device by websites to track user behavior
and preferences. While they can improve user experience by remembering login information and
shopping cart contents, they raise privacy concerns as they can be used to track users across
different websites, leading to targeted advertising and potential data leakage.
• Web Bugs: Also known as web beacons or pixel tags, web bugs are small, invisible images
embedded in web pages or emails. They are used to track user activity, such as email opens,
 website visits, and interactions with content. While they provide valuable data for analytics and
marketing purposes, they can infringe on privacy if used without user consent or transparency.
• Active Content: Active content includes scripts, applets, and other executable code embedded in
web pages to provide interactive features. While these enhance user experience by enabling
dynamic content and functionality, they can also pose security and privacy risks if not properly
secured. Malicious scripts can exploit vulnerabilities to gather sensitive information without user
consent.
• Graphics and Plug-ins: Graphics and plug-ins, such as Adobe Flash and Java applets, are commonly
used to deliver multimedia content and interactive elements on websites. While they enhance
visual appeal and interactivity, they can also be exploited for tracking and data collection purposes.
Users may unknowingly expose their data to third parties through these technologies.

33. Identify and describe the main technologies to support online marketing. 4/6 Answer:
Q14

34. Define ethics. Write the principles of ethics 4 Answer:

Ethics: Ethics is the study of principles that individuals employ to discern between right and wrong courses
of action, guiding their moral decision-making. These principles shape ethical behavior and moral
reasoning, fostering integrity and responsibility in personal and professional conduct.

These basic ethical principles:

1. Responsibility: This principle emphasizes that as free moral agents, individuals, organizations, and
entities are accountable for the choices and actions they take. It means recognizing one's duty to
act ethically and in accordance with moral standards. In business and professional contexts,
responsibility extends to decisions that impact stakeholders, the environment, and society as a
whole.

2. Accountability: Accountability refers to the obligation of individuals, organizations, and society to

accept responsibility for their actions and decisions. It involves being answerable to others for the
outcomes of one's conduct. In ethical terms, accountability requires transparency, honesty, and the
willingness to take corrective measures when mistakes or unethical behavior occur.

3. Liability: Liability is a legal concept that relates to the responsibility for compensating others for
harm or damages caused by one's actions or negligence. In the context of ethics, liability intersects
with accountability and responsibility. It signifies the legal framework that allows individuals to
seek redress or compensation for injuries, losses, or injustices caused by the actions of others,
including organizations or systems.

35. Explain the online consumer behaviour 4 Answer:

Clickstream analysis shows us that people go online for many different reasons, at different times, and for
numerous purposes.

• About 68% of online users are "buyers" who actually purchase something entirely online. Another
13% of online users research products on the Web, but purchase them offline. This combined
group, referred to as "shoppers," constitutes approximately 81% of the online Internet audience.
• Online sales are divided roughly into two groups: small ticket and big ticket items. In the early days
of e-commerce, sales of small ticket items vastly out-numbered those of large ticket items.
 However, the recent growth of big ticket items such as computer hardware and consumer
electronic has changed the overall sales mix.

• There are a number of actions that e-commerce vendors could take to increase the likelihood that
shoppers and non-shoppers would purchase online increase frequently. These include better
security of credit card information and privacy of personal information, lower shipping costs, and
easier returns.

36. 5 stages of buyer decision & describe online & offline activities used to influence
each. 6
Answer:

In ecommerce, the buyer decision-making process typically involves five stages: awareness,
consideration, preference, purchase, and post-purchase evaluation. Here's how online and offline
activities can influence each stage:
1. Awareness Stage:
• Online Activities: Search engine optimization (SEO), content marketing (blog posts, videos),
social media advertising, influencer marketing, email campaigns.
• Offline Activities: Traditional advertising (TV, radio, billboards), events and sponsorships,
public relations (PR) activities, word-of-mouth referrals.
2. Consideration Stage:
• Online Activities: Paid search ads (Google Ads), comparison websites, product reviews and ratings,
retargeting ads, live chat support.
• Offline Activities: In-store displays, product demonstrations, sales promotions, direct mail
campaigns, store loyalty programs.
3. Preference Stage:
• Online Activities: Personalized recommendations, loyalty rewards programs, customer
testimonials and case studies, interactive product configurators.
• Offline Activities: Personal selling (in-store or through sales representatives), exclusive offers for
loyal customers, product trials or samples, customer service excellence.
4. Purchase Stage:
• Online Activities: Secure and user-friendly checkout process, multiple payment options, limited
time discounts or promotions, abandoned cart recovery emails.
• Offline Activities: Easy return and exchange policies, hassle-free payment methods (e.g., cash,
credit cards), in-store pickup options for online orders, post-purchase follow-ups.
5. Post-Purchase Evaluation Stage:
• Online Activities: Customer feedback surveys, email newsletters with post-purchase tips and
recommendations, loyalty program updates and rewards.
• Offline Activities: Follow-up calls or emails from sales representatives, thank-you notes or gifts,
in-store events for existing customers, loyalty program benefits and incentives.