This document provides guidance on e-commerce best practices. It begins with an introduction to payment gateways and various online payment methods like internet banking. It then discusses security issues like denial of service attacks, phishing and social engineering. The document provides recommendations on simplifying the checkout process, emphasizing security, listing policies clearly and following up with customers without spamming. The goal is to help users get introduced to the world of e-commerce and understand related concepts, risks and strategies.
2. CONTENTS
1. Introduction to Payment portals
2. Different modes of online payments
3. Internet Banking
4. Security issues, Phishing etc
5. Do’s and Don’ts
3. 1. INTRODUCTION TO PAYMENT GATEWAYS
• A PAYMENT GATEWAY IS AN E-COMMERCE APPLICATION
SERVICE PROVIDER SERVICE THAT AUTHORIZES CREDIT
CARD PAYMENTS FOR E-BUSINESSES, ONLINE
RETAILERS, BRICKS AND CLICKS, OR TRADITIONAL BRICK
AND MORTAR.
• A PAYMENT GATEWAY FACILITATES THE TRANSFER OF
INFORMATION BETWEEN A PAYMENT PORTAL (SUCH AS A
WEBSITE, MOBILE PHONE OR INTERACTIVE VOICE
RESPONSE SERVICE) AND THE FRONT END PROCESSOR OR
6. 3. Internet Banking
Online banking is an electronic payment system that enables customers of
a financial institution to conduct financial transactions on a website operated
by the institution, such as a retail bank, virtual bank, credit union or building
society. Online banking is also referred as internet banking, e-
banking, virtual banking and by other terms.
To access online banking, a customer visits the financial institution's secure
website, and enters the online banking facility using the customer number
and credentials previously setup. Online banking services usually include
viewing and downloading balances and statements, and may include the
ability to initiate payments, transfers and other transactions, as well as
interacting with the bank in other ways.
7. Features of Internet Banking
• A bank customer can perform non-transactional tasks through online banking, including -
• Viewing account balances
• Viewing recent transactions
• Downloading bank statements, for example in PDF format
• Viewing images of paid cheques
• Ordering cheque books
• Download periodic account statements
• Downloading applications for M-banking, E-banking etc.
• Bank customers can transact banking tasks through online banking, including-
• Funds transfers between the customer's linked accounts
• Paying third parties, including bill payments (see, e.g., BPAY) and third party fund transfers (see, e.g., FAST)
• Investment purchase or sale
• Loan applications and transactions, such as repayments of enrollments
• Credit card applications
• Register utility billers and make bill payments
• Financial institution administration
• Management of multiple users having varying levels of authority
• Transaction approval process
8. 4. Security Issues in E-Commerce
Denial of Service Attacks
ICMP Flood (Smurf Attack)
Teardrop Attack
Phlashing
Distributed Denial-of-Service Attacks
Brute Force Attacks
9. Cyber Threat intelligence Report
First Quarter 2014
The number of stolen
Credit card information has
Increased by 48%
Credit card information
Theft via Point of Sales
infections have
Increased by 700%
The number of userID
and password thefts
has increased
By 410%
Incidents and financial impacts continue to grow
9
11. Computer-based Social Engineering:
Phishing
‘ ’ Phishing is the attempt to acquire sensitive
information such as usernames, passwords,
and credit card details (and sometimes,
indirectly, money) by masquerading as a trustworthy
entity in an electronic communication ’ ’
11
13. What is a Denial of service attack?
In a Denial of service attack (DoS) attackers flood a victim system with
Non-legitimate service requests or traffic to overload its resources
Normal Traffic
Attack Traffic
13
14. What are Destributed Denial of service attacks?
A DDoS attack involves a multitude of compromised systems
attacking a singel target
To launch a Ddos attack,an attacker uses
Botnets and attacks a single system
14
15. What are Botnets ?
Botnets are software applications that run aytomated tasks
Over the internet and perform simple repetitive tasks
A Botnet is a huge network of compromised systems 15
17. What is SQL injection?
SQL injection is a technique used to take advantage of non-validated
Input vulnerabilities to pass SQL commands through a web App
For execution by a backend database
17
18. Do’s and Don’ts
Initially, customers are simply browsing your products. They haven’t decided whether to purchase, or which
items they want. Entice them, inform them, and let them have fun.
Do focus on photography. Use unique angles and backdrops to photograph your products. Make sure your
space is well-lit, and capture the details of the item. Utilize the detailed view capability of your CMS, so
that users can zoom in and see the item more closely. Provide multiple images for each product, and if
the item is very small, add something next to the item (like a coin) to indicate scale.
Do categorize products. Categorize your products to make it easy for your customers to find what
they’re looking for. Generally, you’ll want to start with broad categories and then narrow in on specific
products. Group items by large differentiating factors such as gender, then move to more specifics such as
style or function. Your categories will vary significantly depending on your business—discover how your
customers browse by doing a quick competitive analysis.
Do keep shipping costs as low as you can. Research indicates that customers often abandon their
shopping carts during checkout because of unexpected shipping costs. Studies have also shown that users
are two times more likely to respond to free shipping offers than price discounts. Take into consideration
that shipping costs can be a major deterrent—or enticement—to online shoppers, and determine
a shipping cost strategy that offers the lowest shipping costs possible.
Don’t inflate product descriptions. Be detailed when writing your product descriptions, but avoid
hyperbole and exaggeration. Add details such as product dimensions, materials, weight, color, sizing,
origin, and manufacturing specifications. Be transparent during the early stages of your customers’
shopping experience.
Shopping
19. Checkout
Do emphasize security. Offer safe and secure payment options that shoppers know and
trust, such as Paypal. Display security certifications throughout the checkout process. You
can add links to detailed security information that appears in a pop out window.
Do simplify the checkout process. If you can, add a function so shoppers can see where
they are in the checkout process. Keep the number of pages a customer has to navigate
through as small as possible. Require customers to provide only the essential information
you need to process the order, and make all other fields optional.
Do list your policies. Clearly list your return, exchange, and shipping policies. Be detailed
and forthcoming about any timelines for returns, final sales, and an estimated shipping
date. Provide contact information for customer support as well.
Don’t use the checkout process as a promotional opportunity. Keep the shopping cart and
checkout phase for that purpose only. Add easy navigation back to product landing pages so
customers can access last minute items, but avoid using this space to promote your latest
blog post, or cram in unnecessary information. You don’t want to distract customers from
completing their purchase.
20. Follow up
Stay in touch with your customers and gain their loyalty. Build a relationship with your audience, and
take pride in seeing how it grows.
Do incentivize customers to come back. In your follow up communications, whether with your
confirmation page or your email newsletter, encourage your customers to come back. Offer discount
codes during holidays or sales. Give loyal customers sneak previews of new merchandise, and offer
presale opportunities. You want your best customers to feel appreciated.
Do suggest popular and trending products. Position yourself as a thought leader by telling users
what’s trending and which popular products you think they might like.
Do communicate. Request feedback from your customers about their purchase and experience.
Respond quickly to order questions or quality issues. Give clear instructions for refund, return, or
exchange requests.
Don’t spam. Having your customer’s contact information is a privilege, and one they will quickly
revoke if you overwhelm them with emails, social media posts, print mail, or catalogs. If you’re not
sure how frequently you should be reaching out, check out my social media engagement
guidelines for helpful tips.