WEB SECURITY

Flipkart

Submited to

Madam Vardia Tariq

Date 1/23/2017

 Khaleeq Ahmed 13-Arid-2582

 Hammad Siddique 13-Arid-3070

 Malik Shehjarrar 13-Arid-2588

 Muhammad Farhan 13-Arid-2600

 Haseeb Rabbani 13-Arid-2564

1 What is E-Commerce?

 Communication Perspective

 Business Perspective

 Service Perspective

 Online Perspective

Communication perspective - electronic commerce is the delivery of information,

products/services, or payments via telephone lines, computer networks or any other digital mean,

Business perspective – application of technology toward the automation of business transactions

or workflows

Service perspective – a tool that addresses the desire of firms, consumers and management to cut
service cost and improve quality of goods and increasing the speed of service delivery

Online perspective – the capability of buying and selling products and information on the internet
and other online services

2 Major Concerns

3 Basic E-Commerce Security Issues

 Authentication

 Authorization

 EC security strategy

 Deterring measures

 Prevention measures

1
  Detection measures

 Information assurance (IA)

authentication

Process to verify (assure) the real identity of an individual, computer, computer program, or EC
website

authorization

Process of determining what the authenticated entity is allowed to access and what operations it is
allowed to perform

Auditing

An audit also includes a series of tests that guarantee that information security meets all expectations
and requirements within an organization. During this process, employees are interviewed regarding
security roles and other relevant details

Availability

nonrepudiation

Assurance that online customers or trading partners cannot falsely deny (repudiate) their
purchase or transaction

4 Technical Attack Methods

 VIRUSES

 WORMS

 TROJAN HORSES

Virus

A piece of software code that inserts itself into a host, including the operating systems, in order to
propagate;

it requires that its host program be run to activate it

Worm

A software program that runs independently, consuming the resources of its host in order to maintain
itself, that is capable of propagating a complete working version of itself onto another machine

TROJAN HORSES

A program that appears to have a useful function but that contains a hidden function that presents a
security risk.

5 Technical Attack Methods

denial-of-service (DoS) attack An attack on a website in which an attacker uses specialized
software to send a flood of data packets to the target computer with the aim of overloading its
resources

2
page hijacking Creating a rogue copy of a popular website that shows contents similar to the
original to a Web crawler; once there, an unsuspecting user is redirected to malicious
websites

botnet
A huge number (e.g., hundreds of thousands) of hijacked Internet computers that have
been set up to forward traffic, including spam and viruses, to other computers on the Internet

Malvertising
The use of online advertising to spread malware.

6 The Information Assurance Model and Defense Strategy

• Three security concepts important to information on the Internet: confidentiality,
integrity, and availability

confidentiality
Assurance of data privacy and accuracy; keeping private or sensitive information from being
disclosed to unauthorized individuals, entities, or processes

Assurance that stored data has not been modified without authorization; a message that was
sent is the same message as that which was received

availability
Assurance that access to data, the website, or other EC data service is timely, available,
reliable, and restricted to authorized users

penetration test (pen test)

A method of evaluating the security of a computer system or a network by simulating an
attack from a malicious source, (e.g., a cracker)

7 EC security programs
All the policies, procedures, documents, standards, hardware, software, training, and
personnel that work together to protect information, the ability to conduct business, and other
assets .

Encryption
Encryption
The process of scrambling (encrypting) a message in such a way that it is difficult, expensive,
or time-consuming for an unauthorized person to unscramble (decrypt) it .

Plaintext
An unencrypted message in human-readable form

3
ciphertext
A plaintext message after it has been encrypted into a machine-readable form.

Symmetric (private) key encryption

An encryption system that uses the same key to encrypt and decrypt the message.

8 The Defense strategy

Digital signature or digital certificate
Validates the sender and time stamp of a transaction so it cannot be later claimed that the
transaction was unauthorized or invalid

Digital envelope
The combination of the encrypted original message and the digital signature, using the
recipient’s public key

Certificate authorities (CAs)

Third parties that issue digital certificates

Secure Socket Layer (SSL

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted
link between a server and a client—typically a web server (website) and a browser, or a mail
server and a mail client.
Types of electronic payments

• Payment Cards
• Electronic Cash Systems
• Electronic wallets
• Electronic Check (E-check)/
• Electronic cheque
• Micro Payment System

4
 9 Now, In case Of Flipkart

9.1 Introduction

Flipkart went live in 2007 with the objective of making books easily available to anyone who
had internet access. They’re present across various categories including movies, music, games,
mobiles, cameras, computers, healthcare and personal products, home appliances and
electronics – and still counting! With over 11.5 million book titles, 11 different categories,
more than 2 million registered users and sale of 30000 items a day, they’re one of the leading
e-commerce players in the country.

According to Morgan Stanley the current market value of Flipkart is $5.54 billion as of
November 2016 .

9.1.2 Defense Strategy of Flipkart

Encryption
Flipkart uses 256-bit encryption technology to protect your card information while securely
transmitting it to the secure and trusted payment gateways managed by leading banks.
Report By Google

 Secure Connection
The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a
strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
Secure Resources
All resources on this page are served securely.
This page is secure (valid HTTPS) .

5
9.1.3 3D Secure password

The 3D Secure password is implemented by VISA and MasterCard in partnership with card
issuing banks under the "Verified by VISA" and "Mastercard SecureCode" services,
respectively.
The 3D Secure password adds an additional layer of security through identity verification for
your online credit/debit card transactions. This password, which is created by you, is known
only to you. This ensures that only you can use your card for online purchases.
9.1.4 Digital signature or digital certificate Of Flipkart

Certificate authorities (CAs)

Flipkart is certified by GoDaddy Class 2 Certification Authority Root Certificate - G2.

Secure Socket Layer (SSL

 SSL stands for Secure Socket Layer.
 SSL Certificates validate your website's identity, and
 encrypt the information visitors send to, or receive from, your site.

 They support up to 256-bit encryption and they're recognized by all of the major
desktop and mobile browsers on the market.

6
 9.1.5 Payment methods
 Cash on Delivery
 credit/debit card
 Visa
 MasterCard
 Maestro
 American Express
 Internet Banking
 Gift Card
 Flipkart Wallet
 Flipkart's credit card EMI option

Cash on Delivery
All items that have the "Cash on Delivery Available" icon are valid for order by Cash on
Delivery.
Add the item(s) to your cart and proceed to checkout. When prompted to choose a payment
option, select "Pay By Cash on Delivery". Enter the CAPTCHA text as shown, for validation.
Once verified and confirmed, your order will be processed for shipment in the time specified,
from the date of confirmation. You will be required to make a cash-only payment to our courier
partner at the time of delivery of your order to complete the payment.
Terms & Conditions:
 The maximum order value for C-o-D is ₹50,000
 Gift Cards or Store Credit cannot be used for C-o-D orders
 Cash-only payment at the time of delivery.
Credit/debit card
Credit cards
We accept payments made using Visa, MasterCard and American Express credit cards.
To pay using your credit card at checkout, you will need your card number, expiry date, three-
digit CVV number (found on the backside of your card). After entering these details, you will
be redirected to the bank's page for entering the online 3D Secure password.
Debit cards
We accept payments made using Visa, MasterCard and Maestro debit cards.
To pay using your debit card at checkout, you will need your card number, expiry date (optional
for Maestro cards), three-digit CVV number (optional for Maestro cards). You will then be
redirected to your bank's secure page for entering your online password (issued by your bank)
to complete the payment.
Internationally issued credit/debit cards cannot be used for Flyte, Wallet and eGV
payments/top-ups.

7
Your online transaction on Flipkart is secure with the highest levels of transaction security
currently available on the Internet. Flipkart uses 256-bit encryption technology to protect your
card information while securely transmitting it to the respective banks for payment processing.
All credit card and debit card payments on Flipkart are processed through secure and trusted
payment gateways managed by leading banks. Banks now use the 3D Secure password
service for online transactions, providing an additional layer of security through identity
verification.
9.1.6 Payment through credit card EMI option
With Flipkart's credit card EMI option, you can choose to pay in easy installments of 3, 6, 9,
12, 18*, or 24 months* with credit cards from the following banks:
 HDFC
 Citi
 ICICI
 Kotak
 Axis
 IndusInd
 SBI
 HSBC

How do I make a payment using Flipkart's credit card EMI option?

Once you've added the desired items to your Flipkart shopping cart, proceed with your order
as usual by entering your address. When you're prompted to choose a payment mode for your
order, select 'EMI' & follow these simple steps:
1. Choose your credit-card issuing bank you wish to pay from
2. Select the EMI plan of your preference
3. Enter your credit card details
4. Click 'Save and Pay'