E-BUSINESS

UNIT - 4

PRESENTED BY

K.BALASRI PRASAD
B.Sc(KU), M.B.A(OU), NET(UGC), (Ph.D)(MGU)
ASSISTANT PROFESSOR IN MANAGEMENT

VISHWA VISHWANI INSTITUTIONS, Hyderabad.

Unit – 4: E-Business Payments and Security
E-Payments
Characteristics of payment systems
Protocols, E-Cash, E-Cheque
Micro Payment systems – internet security
Cryptography
Security Protocols
Network Security
 E-Payments
 E-payments, short for electronic payments, refer to the process of making
financial transactions digitally, without the need for physical currency or checks.
 E-payments utilize electronic channels and technologies to transfer funds securely
and efficiently between parties.
Here are some common types and methods of e-payments:
1. Credit/Debit Cards: Credit and debit cards are widely used for online and offline
payments. When making a purchase, cardholders enter their card details (card
number, expiration date, CVV) into a payment gateway on the merchant's website
or point-of-sale terminal.
 The transaction is processed electronically, and funds are transferred from the
cardholder's bank account to the merchant's account.
2. Mobile Payments: Mobile payments allow users to make payments using their
smartphones or mobile devices.
 This includes various methods such as mobile wallets (e.g., Apple Pay, Google
Pay, Samsung Pay), where users store their payment information securely on their
devices and can make contactless payments at stores or online.
 Mobile payments can also involve person-to-person (P2P) transfers using apps
like Venmo, PayPal, or Zelle.
3. Online Banking: Online banking enables customers to transfer funds, pay
bills, and make purchases directly from their bank accounts through internet
banking portals or mobile banking apps.
Payments are initiated by the customer, who logs into their bank account
and authorizes the transfer of funds to the recipient's account.
4. E-Wallets: E-wallets or digital wallets are virtual wallets that store
payment information, such as credit/debit card details, bank account
information, and loyalty cards, securely in one place.
Users can make payments online or in-store by accessing their e-wallet and
selecting the desired payment method.
Examples of e-wallets include PayPal, Skrill, and Alipay.
5. Cryptocurrency: Cryptocurrency payments involve using digital
currencies, such as Bitcoin, Ethereum, or Litecoin, to make transactions.
Cryptocurrency payments are decentralized and typically use blockchain
technology to facilitate secure and transparent transactions between parties.
Merchants can accept cryptocurrency payments by integrating payment
processors or wallets that support cryptocurrencies.
6. ACH Transfers: Automated Clearing House (ACH) transfers are electronic bank-to-bank transfers that
enable businesses and individuals to send funds electronically.
ACH payments are commonly used for direct deposits, bill payments, and recurring payments such as
payroll or subscription fees.
ACH transfers are processed through the ACH network, which facilitates batch transactions between
financial institutions.
7. Contactless Payments: Contactless payments allow users to make secure transactions by tapping or
waving their contactless-enabled cards, smartphones, or wearable devices near a contactless-enabled
terminal.
Contactless payments use Near Field Communication (NFC) technology to transmit payment data
wirelessly between the payment device and the terminal.
8. QR Code Payments: QR code payments involve scanning a QR code displayed at the point of sale or
on a mobile device to initiate a payment.
Users scan the QR code using their smartphone camera and authorize the transaction through a mobile
banking app or payment wallet.
QR code payments are popular in markets like China, where apps like WeChat Pay and Alipay
dominate.

E-payments offer convenience, speed, and security compared to traditional payment methods, making
them increasingly popular for both consumers and businesses in today's digital economy.
However, it's essential for users to follow best practices for securing their payment information and
protecting against fraud and unauthorized transactions.
 Characteristics of payment systems
 Payment systems exhibit several key characteristics that define their
functionality, efficiency, and suitability for various purposes.
Here are some important characteristics of payment systems:
1. Accessibility: Payment systems should be accessible to all parties
involved in a transaction, including buyers, sellers, financial
institutions, and payment service providers.
 Accessibility ensures that transactions can be conducted conveniently
and efficiently, regardless of geographical location or technological
infrastructure.
2. Security: Security is paramount in payment systems to protect
sensitive financial information and prevent fraud, unauthorized access,
and data breaches.
 Payment systems employ various security measures such as
encryption, tokenization, biometric authentication, and fraud detection
algorithms to safeguard transactions and customer data.
3. Reliability: Payment systems must be reliable and resilient, ensuring that
transactions are processed accurately and efficiently without disruptions or
downtime.
Reliability is crucial for maintaining trust and confidence in the payment
system among users and stakeholders.
4. Speed: Speed is an essential characteristic of payment systems,
particularly in today's fast-paced digital economy.
Users expect payments to be processed quickly and efficiently, enabling
instant or near-instant transfer of funds between parties.
Faster payment processing enhances liquidity, reduces settlement times,
and improves overall transaction efficiency.
5. Cost-effectiveness: Payment systems should be cost-effective for both
users and service providers, offering competitive pricing structures and
minimizing transaction fees, processing costs, and other overhead expenses.
Cost-effective payment systems enable businesses to reduce operational
costs and improve profitability while providing affordable payment options
for consumers.
6. Scalability: Payment systems should be scalable to accommodate
growth in transaction volume, user base, and technological
advancements.
Scalability ensures that payment systems can handle increasing demand
and remain efficient and reliable as transaction volumes expand.
7. Interoperability: Interoperability refers to the ability of different
payment systems, networks, and platforms to work together seamlessly,
enabling interoperable transactions between users of different systems.
Interoperability promotes market efficiency, competition, and
innovation while ensuring compatibility and connectivity across the
payment ecosystem.
8. Regulatory Compliance: Payment systems must comply with
applicable laws, regulations, and industry standards to ensure legality,
transparency, and consumer protection.
Regulatory compliance helps mitigate risks, prevent financial crimes,
and maintain trust and integrity in the payment system.
9. User Experience: User experience encompasses the ease of use,
convenience, and satisfaction of users interacting with the payment
system.
Payment systems should offer intuitive interfaces, streamlined
processes, and responsive customer support to enhance the user
experience and promote adoption and usage.
10. Innovation and Adaptability: Payment systems should embrace
innovation and adapt to evolving technological trends, market
dynamics, and user preferences.
Continuous innovation enables payment systems to introduce new
features, services, and capabilities that enhance functionality,
efficiency, and value for users.

Overall, effective payment systems exhibit a balance of these

characteristics to meet the diverse needs and requirements of users,
businesses, and regulators while promoting financial inclusion,
economic growth, and digital transformation.
 E-cash and e-cheque
 E-cash and e-cheque are electronic forms of payment that enable digital
transactions without the need for physical currency or paper checks. Here's a brief
overview of each:
1. E-Cash (Electronic Cash):
E-cash, also known as digital cash or electronic money, is a digital representation of
physical currency that can be used for online transactions. E-cash systems
typically involve the issuance of digital tokens or credits by a trusted authority,
such as a bank or financial institution, which can be stored on electronic devices
or accessed through online accounts.
Characteristics of e-cash include:
a. Secure Transactions: E-cash transactions are encrypted and authenticated to ensure
security and prevent counterfeiting or double-spending.
b. Offline and Online Usage: E-cash can be used for both online transactions (e.g.,
shopping on e-commerce websites) and offline transactions (e.g., using a mobile
wallet to make purchases at physical stores).
c. Privacy: E-cash systems may offer varying levels of privacy and anonymity for
users, depending on the design and implementation of the system.
d. Immediate Settlement: E-cash transactions typically settle instantly, allowing for
immediate transfer of funds between parties.
Examples of e-cash systems include digital wallets like PayPal,
cryptocurrencies such as Bitcoin, and centralized digital currencies issued
by central banks (e.g., Central Bank Digital Currencies or CBDCs).
2. E-Cheque (Electronic Cheque): E-cheque, also known as digital
cheque or electronic cheque, is an electronic version of a traditional paper
cheque that is used for online payments. E-cheques enable users to
authorize payments electronically, without the need for physical cheque
books or paper-based processing.
Characteristics of e-cheque include:
a. Digital Authorization: E-cheques are authorized digitally using electronic
signatures or authentication methods, eliminating the need for physical
signatures.
b. Secure Transactions: E-cheque transactions are encrypted and
authenticated to ensure security and prevent fraud.
c. Clearing and Settlement: E-cheques undergo digital clearing and
settlement processes, which may involve verification and validation by
financial institutions before funds are transferred.
d. Traceability: E-cheque transactions can be traced and tracked
electronically, providing a digital trail of payment activities.
 E-cheques are commonly used for business-to-business (B2B)
transactions, recurring payments, and electronic bill payments.
 They are often processed through electronic payment networks or
banking platforms that support e-cheque processing.

 Both e-cash and e-cheque offer convenient, secure, and efficient

alternatives to traditional cash and cheque payments, enabling
individuals and businesses to conduct digital transactions in today's
digital economy.
 Micro Payment systems
 Micro payment systems are payment solutions designed to facilitate small-
value transactions, typically ranging from a fraction of a cent to a few
dollars.
 These systems are particularly well-suited for digital content, services, or
products that have low price points or are consumed in small increments.
Here are some characteristics and examples of micro payment systems:
1. Low Transaction Costs: Micro payment systems are optimized to handle
high volumes of small-value transactions cost-effectively.
 They often have low per-transaction fees or commission rates compared to
traditional payment methods, making them economically viable for small-
value transactions.
2. Fast and Seamless Transactions: Micro payment systems enable quick
and frictionless transactions, allowing users to make purchases or
payments with minimal effort and delay.
 The streamlined process enhances user experience and encourages impulse
purchases or microtransactions.
3. Digital Content and Services: Micro payment systems are
commonly used for purchasing digital content, such as e-books,
articles, music, videos, games, and software downloads.
They also support access to online services, subscriptions,
memberships, and pay-per-use models for digital products or
platforms.
4. Micropayments in Gaming: Micro payment systems are prevalent
in the gaming industry, where users can make small payments for in-
game virtual items, upgrades, features, or currency.
These microtransactions enhance gameplay experience and
monetization for game developers.
5. Mobile Payments: Micro payment systems leverage mobile
payment technologies to enable convenient and secure transactions
using smartphones, tablets, or other mobile devices.
Mobile wallets and apps facilitate micro payments for goods,
services, or digital content, both online and in-store.
6. Digital Wallets and Payment Platforms: Digital wallets and payment
platforms offer micro payment capabilities, allowing users to store funds,
make small-value transactions, and manage their digital assets efficiently.
These platforms provide a centralized and convenient way to handle
microtransactions across various merchants and services.
7. Blockchain and Cryptocurrency: Blockchain technology and
cryptocurrencies facilitate micro payments by enabling peer-to-peer
transactions with low fees and fast processing times.
Cryptocurrencies like Bitcoin, Ethereum, and Litecoin are used for
microtransactions in decentralized applications (DApps), online tipping,
content monetization, and micropayment platforms.
8. APIs and Payment Aggregators: Some micro payment systems provide
APIs (Application Programming Interfaces) and payment aggregation
services that allow developers and businesses to integrate micro payment
functionality into their applications, websites, or platforms.
These APIs streamline payment processing and enable monetization
strategies based on microtransactions.
9. Content Monetization: Micro payment systems offer content
creators, publishers, and digital platforms alternative revenue models
based on microtransactions.
Users can access premium content, articles, videos, or features by
paying small fees or micropayments, thereby supporting content
monetization and creators' sustainability.

Examples of micro payment systems include PayPal

Micropayments, Stripe, Apple Pay, Google Pay, Amazon Pay,
Patreon, Flattr, Brave Rewards, and various blockchain-based
micropayment solutions.
These systems empower businesses, creators, and developers to
monetize digital content, services, and products efficiently while
providing consumers with convenient and affordable payment
options for microtransactions.
 Internet Security
 Internet security and cryptography are closely related fields that play crucial roles in ensuring the
confidentiality, integrity, and authenticity of data transmitted over the internet.
Let's explore each concept in more detail:
1. Internet Security: Internet security encompasses a range of practices, technologies, and measures
designed to protect networks, systems, and data from unauthorized access, cyber threats, and malicious
activities.
 It involves safeguarding information assets, ensuring privacy, and maintaining the availability and
reliability of internet-connected resources.
 Key components of internet security include:
a. Firewalls: Firewalls are security devices or software that monitor and control incoming and
outgoing network traffic based on predefined security rules.
They act as barriers between internal networks and the internet, preventing unauthorized access
and protecting against cyber attacks.
b. Antivirus and Antimalware Software: Antivirus and antimalware software detect, prevent, and
remove malicious software (malware) such as viruses, worms, Trojans, and spyware.
They scan files, emails, and web traffic for known threats and suspicious behavior to protect
against malware infections.
c. Encryption: Encryption transforms plaintext data into ciphertext using cryptographic algorithms
and keys, making it unreadable to unauthorized parties.
Encryption protects data confidentiality and ensures secure communication over untrusted
networks, such as the internet.
Secure protocols like SSL/TLS are commonly used to encrypt web traffic (HTTPS).
d. Authentication and Access Control: Authentication mechanisms verify the identities
of users, devices, or entities before granting access to resources or services.
Access control policies enforce permissions and privileges based on user roles, group
memberships, or security policies, limiting access to authorized users and preventing
unauthorized activities.
e. Intrusion Detection and Prevention Systems (IDPS): IDPS monitor network traffic,
system activities, and user behavior to detect and respond to security incidents,
anomalies, or suspicious activities.
They identify and block unauthorized access attempts, intrusions, or attacks in real-
time, enhancing network security posture.
f. Security Awareness and Training: Security awareness programs educate users and
employees about common security risks, best practices, and policies to prevent security
breaches, social engineering attacks, and human errors.
Training helps raise awareness, promote a security-conscious culture, and mitigate
security vulnerabilities.
g. Incident Response and Disaster Recovery: Incident response plans outline
procedures and protocols for responding to security incidents, breaches, or emergencies
effectively.
Disaster recovery plans ensure business continuity and data recovery in the event of
cyber attacks, natural disasters, or system failures.
 Cryptography
 Cryptography is the science and practice of securing communication and data by encoding,
encrypting, and protecting information using mathematical algorithms and cryptographic
techniques.
 Cryptography enables confidentiality, integrity, authentication, and non-repudiation in
communication and digital transactions.
Key aspects of cryptography include:
a. Encryption: Encryption algorithms transform plaintext data into ciphertext using cryptographic
keys, rendering it unintelligible to unauthorized parties.
 Symmetric encryption uses the same key for both encryption and decryption, while asymmetric
encryption uses pairs of public and private keys.
b. Hash Functions: Hash functions generate fixed-length hash values or digests from arbitrary
input data, such as messages or files.
 Hashing ensures data integrity and authenticity by detecting any changes or tampering in the
original data.
 Cryptographic hash functions are one-way and deterministic, making them suitable for data
verification and digital signatures.
c. Digital Signatures: Digital signatures provide authentication and non-repudiation in electronic
transactions by associating digital signatures with messages or documents.
 Digital signatures use asymmetric encryption to create unique signatures that can be verified by
recipients using corresponding public keys, ensuring message integrity and sender authenticity.
d. Public Key Infrastructure (PKI): PKI is a framework of policies, procedures,
and technologies used to manage digital certificates, public and private keys, and
cryptographic operations in a trusted manner.
PKI enables secure communication, authentication, and key management in digital
environments, supporting applications like SSL/TLS, S/MIME, and code signing.
e. Cryptographic Protocols: Cryptographic protocols define standardized methods
and procedures for secure communication, key exchange, and authentication in
network protocols and applications.
Examples include SSL/TLS for secure web browsing, IPsec for secure network
communication, and SSH for secure remote access.

 Cryptography serves as the foundation for many internet security mechanisms

and protocols, providing essential tools and techniques for protecting data
confidentiality, integrity, and authenticity in digital environments.
 Effective internet security practices leverage cryptography alongside other
security measures to mitigate risks, defend against threats, and ensure the security
of internet-connected systems and networks.
 Security Protocols
 Security protocols are standardized sets of rules and procedures that govern the secure
exchange of data and communication between parties in a networked environment.
 These protocols ensure confidentiality, integrity, authentication, and other security
properties in various networked systems and applications.
Here are some commonly used security protocols:
1. Transport Layer Security (TLS) / Secure Sockets Layer (SSL): TLS and its
predecessor SSL are cryptographic protocols that provide secure communication over
a network, typically the internet.
 They establish an encrypted connection between a client and a server, ensuring data
confidentiality and integrity during transmission.
 TLS/SSL protocols are commonly used for securing web traffic (HTTPS), email
communication (SMTPS, POP3S, IMAPS), and other network protocols.
2. Internet Protocol Security (IPsec): IPsec is a suite of protocols used to secure IP
communication by encrypting and authenticating IP packets.
 IPsec provides security at the network layer, enabling secure VPN (Virtual Private
Network) connections between networks, remote access to networks (Remote Access
VPN), and secure communication between hosts (Host-to-Host VPN).
 IPsec operates in two main modes: Transport mode and Tunnel mode.
3. Secure Shell (SSH): SSH is a cryptographic network protocol that provides secure
remote login, command execution, and file transfer over an unsecured network.
SSH encrypts data transmitted between a client and a server, preventing eavesdropping
and tampering by attackers.
SSH is widely used for remote administration of servers and secure file transfer
(SFTP).
4. Simple Mail Transfer Protocol Secure (SMTPS) / Post Office Protocol 3 Secure
(POP3S) / Internet Message Access Protocol Secure (IMAPS): SMTPS, POP3S, and
IMAPS are extensions of their respective email protocols (SMTP, POP3, IMAP) that add
encryption and authentication mechanisms to secure email communication.
These protocols enable secure transmission of emails between mail servers and clients,
protecting sensitive information from interception and unauthorized access.
5. Domain Name System Security Extensions (DNSSEC): DNSSEC is a set of
extensions to the Domain Name System (DNS) that provides authentication and data
integrity for DNS responses.
DNSSEC uses digital signatures to verify the authenticity of DNS records, preventing
DNS spoofing, cache poisoning, and other DNS-related attacks.
DNSSEC enhances the security and trustworthiness of DNS infrastructure.
6. Wireless Security Protocols: Wireless security protocols such as Wi-Fi Protected Access
(WPA) and WPA2/WPA3 provide encryption and authentication mechanisms to secure wireless
networks.
These protocols prevent unauthorized access, eavesdropping, and attacks on wireless
communication, ensuring the confidentiality and integrity of data transmitted over Wi-Fi networks.
7. Kerberos: Kerberos is a network authentication protocol that enables secure authentication
between clients and servers in a distributed environment.
Kerberos uses symmetric key cryptography to authenticate users and services, preventing
unauthorized access and credential theft.
Kerberos is commonly used in enterprise environments for single sign-on (SSO) and centralized
authentication.
8. OAuth / OpenID Connect: OAuth and OpenID Connect are authentication and authorization
protocols used for secure access to web APIs and resources.
OAuth allows users to grant third-party applications limited access to their resources without
sharing their credentials, while OpenID Connect provides identity federation and single sign-on
capabilities for web applications.
These are just a few examples of security protocols used to protect data and communication in
various networked environments.
Each protocol has its own set of features, strengths, and use cases, and they are often used in
combination to provide layered security and defense-in-depth against cyber threats.
 Network Security
 Network security refers to the practice of implementing measures and protocols
to protect a computer network from unauthorized access, misuse, modification, or
disruption.
 It encompasses various technologies, processes, and policies designed to ensure
the confidentiality, integrity, and availability of network resources and data.
Here are some key aspects and components of network security:
1. Firewalls: Firewalls are security devices or software that monitor and control
incoming and outgoing network traffic based on predefined security rules.
 They act as a barrier between an organization's internal network and external
networks (e.g., the internet), preventing unauthorized access and protecting
against cyber threats such as malware, hackers, and denial-of-service (DoS)
attacks.
2. Intrusion Detection and Prevention Systems (IDPS): IDPS are security tools
that monitor network traffic, system activities, and user behavior to detect and
respond to security incidents, anomalies, or suspicious activities.
 They identify and block unauthorized access attempts, intrusions, or attacks in
real-time, helping to safeguard network assets and data.
3. Virtual Private Networks (VPNs): VPNs establish secure encrypted tunnels
over untrusted networks, such as the internet, to enable secure remote access,
data transmission, and communication.
VPNs protect sensitive information from eavesdropping, interception, and
tampering by encrypting data traffic between remote users and corporate
networks or between networked sites.
4. Access Control: Access control mechanisms enforce security policies and
permissions to regulate user access to network resources, systems, and data.
Authentication mechanisms verify the identities of users and devices, while
authorization mechanisms determine their privileges and rights based on
predefined policies.
Access control measures include user authentication, role-based access control
(RBAC), access lists, and permissions management.
5. Network Segmentation: Network segmentation divides a large network into
smaller, isolated segments or subnetworks to reduce the attack surface and
contain potential security breaches.
Segmentation helps prevent lateral movement of threats, limit the spread of
malware, and enforce stricter access controls within individual network
segments.
6. Encryption: Encryption protects data confidentiality and integrity by
encoding plaintext data into ciphertext using cryptographic algorithms and keys.
Encrypted communication channels, such as SSL/TLS for web traffic or IPsec
for network communication, ensure secure transmission of sensitive information
over untrusted networks, preventing unauthorized interception and
eavesdropping.
7. Security Monitoring and Logging: Security monitoring involves
continuously monitoring network traffic, system logs, and security events to
detect, analyze, and respond to security incidents and anomalies.
Logging mechanisms record and store audit trails, system activities, and
security events for forensic analysis, compliance auditing, and incident
investigation purposes.
8. Patch Management: Patch management processes ensure that network
devices, servers, and software applications are promptly updated with the latest
security patches, fixes, and updates to address known vulnerabilities and
weaknesses.
Regular patching helps mitigate security risks, prevent exploitation of
vulnerabilities, and maintain the overall security posture of the network.
9. Security Policies and Training: Security policies define the rules, guidelines,
and best practices for securing network resources, systems, and data.
Security awareness training educates users and employees about security risks,
threats, and procedures to promote a security-conscious culture, minimize human
errors, and enhance compliance with security policies.
10. Incident Response and Disaster Recovery: Incident response plans outline
procedures and protocols for detecting, analyzing, and responding to security
incidents, breaches, or emergencies effectively.
Disaster recovery plans ensure business continuity and data recovery in the event
of cyber attacks, natural disasters, or system failures, minimizing the impact of
disruptions on network operations.

By implementing a comprehensive network security strategy that incorporates

these components and best practices, organizations can strengthen their defenses,
mitigate security risks, and protect their network infrastructure and assets from a
wide range of cyber threats.