A

PROJECT REPORT ON

SUBMITTED TO:
BY

SUBMITTED

DR SYED HAIDER ALI

TRIPATHI

ANAND KUMAR
MBA 2

SEMESTER

SECTION A

ACKNOWLEDGEMENT

Behind every study there stands a myriad of people whose help and
contribution make it successful. Since such a list will be prohibitively long, We
may be excused for important omissions.
We would like to express my heart-felt gratitude to our

respected DR.SYED

HAIDER ALI , for his invaluable guidance and encouragement.

We would also like to record our sincere gratitude to all those who have
helped us directly or indirectly in the fulfillment of this study.

ANAND KUMAR TRIPATHI

TABLE OF CONTENTS
Chapter-1
pageno#
INTRODUCTION....................................................................6
1.1
1.2
1.3

About Paytm..6
Achievements.....8
Technical Architecture Of Paytm...9

Chapter-2
WORKING AND TECHNOLOGIES OF PAYTM.............10
2.1 Supply Chain Management Of Paytm10
3

2.2 Web Technologies Of Paytm.11

2.3 Web Based Tool Of Paytm....13

Chapter- 3
REVENUE MODEL OF PAYTM..................15
3.1
3.2
3.3
3.4
3.5

Registration Process For Merchants In Paytm..17

Overview: How Merchants Sell Their Product ...19
Subscription Charges From The Merchants....20
Revenue Model Adopted By Paytm...22
Why People Attract Towards Paytm.26

Chapter- 4
E-COMMERCE SECURITY AND PAYTTM.....................30
4.1
4.2
4.3
4.4
4.5
4.6
4.7

What is E-Commerce Security.....30

E-Commerce Threats..31
Procedure That Recognizes, Reduces, Eliminates Threat..34
Security Infrastructure...35
Porters Five Forces43
Security, Awareness, Policies.46
Techniques Used For Security..48
4

Chapter- 5
ELECTRONIC PAYMENT SYSTEM......50
5.1

How To Do Recharge On Paytm......53

Chapter- 6
BIBLIOGRAPHY....................................................................57

CHAPTER-1
INTRODUCTION

1.1 ABOUT PAYTM:

5

Paytm means Pay through Mobile. It is one of the largest is one of the fastest growing
Indian e-commerce shopping websites launched in 2010. The name of the company who
launched the Paytm is One97 communication. Initially it is focused on Mobile and DTH
recharging. The Company headquartered in Noida, India. It gradually provided recharging and
bill payment of various portals including electricity bills, gas bills as well as telephone bills.
In 2014 Paytm has started the business same like as the facilities are getting from the other ECommerce company such as Flipkart, Amazon, and Snapdeal. Today, it is India's most popular
online destination for prepaid mobile & DTH recharges and shopping, and its Android and iOS
apps have been ranked among the most popular apps. In only 3 years since the founding, the
company created a user base of 25 million wallet users and 10 million app downloads.

SERVICE:

In 2014, the company launched Paytm Wallet, India's largest mobile payment

service platform with over 40 million wallets. The service became the preferred mode of
payment across leading consumer internet companies such as Uber, Bookmyshow, Makemytrip.

FUNDING:

Paytm

got

major

boost

in

e-commerce

when

Indian

industrialist RatanTata made personal investment in the firm in March 2015.In the same month,
the

company

received

$575

million

investment

from

Chinese

e-commerce

company AlibabaGroup, after Ant Financial Services Group, an Alibaba Group affiliate, took
25% stake in One97 as part of a strategic agreement.

PARTNER: Paytm works with all mobile operators in all states in India for prepaid mobile,
DTH and Data card recharges and postpaid mobile, landline and Data card bill payments. Its
partners with the multiple national banks, for credit card, debit card and net banking payments.
Pay tm also works with various billers for utility bill payments.
Fig 1#: Screen shot introduction to paytm

1.2 ACHIVEMENTS:
2014 Paytm is Gold Winner at the MMA Smarties in the
Mobile App category.
2014 Paytm is Silver Winner at the MMA Smarties in the
mCommerce category
2014 Paytm wins the Best Mobile Money product at the
4th India Digital Awards.
2013 Paytm wins Knowledge Faber Best Mobile Wallet
Program Award.
2013 Paytm wins a special mention in m Billionth
Awards in mCommerce/mBusiness category.
2013 Paytm is Gold Winner at the MMA Smarties for ECommerce.
2012 Paytm is recognized as the Most Innovative Startup
of the Year at the Entrepreneur India event organized by
Franchise India.
1.3 TECHNICAL ARCHITECTURE OF PAYTM:
7

Figure 2#: A high-level architecture for electronic commerce.

There are three components to this architecture: the Internet, a firewall, and your organization.
The Internet is where you will interact electronically with your customers, your firewall will
provide you with reasonable protection against people who wish you harm, and your
organizations systems will process the business transactions generated on the WWW by your
customers.

CHAPTER-2
WORKING AND TECHNOLOGIES OF PAYTM

2.1 SUPPLY CHAIN MANAGEMENT OF PAYTM:

It is the management of flow of goods and services to the customer. Supply chain management
has been defined as the "design, planning, execution, control, and monitoring of supply chain
activities with the objective of creating net value, building a competitive infrastructure,
leveraging worldwide logistics, synchronizing supply with demand and measuring performance
globally.

Fig 3#: SCM of paytm

2.2 WEB TECHONOLOGY OF PAYTM:

SERVER SIDE PROGRAMMING LANGUAGE

JAVASCRIPT

CLIENT SIDE PROGRAMMING LANGUAGE

JAVASCRIPT

MARKUP LANGUAGE

HTML

CHARACTER ENCODING
UTF-8: UTF-8 (8-bit Unicode Transformation Format) is a variable-length character
encoding for Unicode, which is backwards compatible with ASCII.
EXTERNAL CSS

External Cascading Style Sheets define style rules in a separate CSS file.

EMBEDDED CSS

Embedded Cascading Style Sheets define a set of style rules in a <style> element within a
web page.

INLINE CSS

Inline Cascading Style Sheets define style rules directly within an (X)HTML element
using the style attribute.

SESSION COOKIES

Session cookies are temporary cookies, which are deleted when the user closes the
browser.

EXTERNAL CSS
10

External Cascading Style Sheets define style rules in a separate CSS file.

EMBEDDED CSS

Embedded Cascading Style Sheets define a set of style rules in a <style> element within a
web page.

INLINE CSS

Inline Cascading Style Sheets define style rules directly within an (X)HTML element
using the style attribute.

SESSION COOKIES

Session cookies are temporary cookies, which are deleted when the user closes the
browser

HTTPONLY COOKIES

Http Only cookies are used only in the HTTP protocol and not in client side scripts,
which may increase security.

NON-HTTPONLY COOKIES

Non-Http Only cookies are used in the HTTP protocol and also in client side scripts,
which may be a security threat.

SECURE COOKIES

Secure cookies are used only via an encrypted connections, which may increase security.

HTTP STIRCT TRANSPORT SECURTIY

HTTP Strict Transport Security (HSTS) defines a mechanism enabling web sites to
declare themselves

SSL CERTIFICATE AUTHORITY

GeoTrust is a SSL certificate authority owned by Symantec. This includes SSL

certificates issues by the certification branch of Equifax, which was acquired by
GeoTrust.
11

WEB SERVER

NGINX - Nginx (pronounced as "engine X") is a lightweight open source web server.

NODE.JS - Node.js is a server-side JavaScript environment for writing network programs

such as web servers.

TOP LEVEL DOMAIN

.COM - Commercial entities

2.3 WEB BASED TOOLS OF PAYTM

The basic requirement for a merchant to have a Web presence or have an electronic commerce
site, is

a connection to the Internet, and

a Web server in the company network.

The two main ingredients in a Web server are its hardware and software.

2.3.1 WEB SERVER HARDWARE:

A merchant should think carefully when making a decision on the Web server computer. The
decision depends on factors such as:

Operating system of the network. UNIX operating system is found to be more rugged
than that of Windows, but UNIX is more complex to manage than Windows.

Hardware requirement of the Web server software. A PC with a midrange CPU, small
hard drive, and 32 megabytes of memory will perform poorly when compared with a
high-end workstation or a powerful UNIX-based computer.

12

Expected traffic or the number of transaction per unit time. Running a large, enterpriseclass application server (such as an ERP system) on a personal computer is not feasible.

Other software running on the same computer. For example, running a Web server and a
database server can significantly slow down the performance of a computer.

Scalability of the hardware -- meaning upgrade of components such memory, disk space,
disk mirroring, or even connect additional Web servers if necessary.

2.3.2 Benchmarking Web Server Hardware and Software:

A benchmark test considers several factors such as:

The computer hardware

The Web server software
Network connection: A Web server on a T3 connection can deliver Web pages to clients

much faster than it could on a T1 connection.

Throughput: It is the number of HTTP requests that a particular hardware and software

combination can process in a unit of time.

Response Time: It is the amount of time that a server requires to process one request.
Type of Web page: A server that delivers mostly static Web pages will perform better than
the same server that delivers dynamic Web pages. A dynamic page is a Web page whose
content is shaped by a program in response to user request (such as a database query),
versus a static page, which is just a plain HTML page.

2.3.3 Web Server Software Feature Sets

All Web server software provides some basic features which can be classified as:

Core capabilities
13

Site management
Application Construction, and
Electronic commerce

CORE CAPABILITIES:

IP-Sharing or Virtual Server

Logical file
Security
FTP
Site Analysis
Searching

SITE MANAGEMENT:

A Web server provides tools to manage multiple Web sites, file security, virtual file, and

log file analysis.

Administration of a Web server can be performed from a remote computer in the
network.

APPLICATION DEVELOPMENT:
Application development includes Web editors and extensions to produce Web pages either
static or dynamic. These include HTML editors such as FrontPage for static Web pages. For
dynamic Web pages, there are protocols such as Common Gateway Interface (CGI) and
Application programming Interface (API) that are used by programs such as Java and C++ to
develop dynamic Web pages.

ELECTRONIC COMMERCE:
Some Web servers provide advanced services that support online selling and buying (such as
shopping cart and catalog services). An electronic commerce software can provide templates
and other tools to quickly develop an e-commerce site. This might include templates for product
browsing, shopping carts, and credit card processing.
14

CHAPTER-3
REVENUE MODEL OF PAYTM

Paytm earn their revenue through the market place model. They work on market place model and
they belive in the market place model for their revenue, they give to opportunity to vendors to
sell or listed their products on paytm webside, so the buyer are comes and buy the products. In
this activity paytm charge commission from the seller so this is a some part how they generate
their revenue. They do also some more activity to generate their revenue.
Paytm knows that Revenue model is framework of revenue.it is a description How a business
generate income, profit,or an average earning in a business.and they fully concentration their
revenue model.
Thats belive also purely marketing strategy, they get earnings from sponsored advertisers, showing
ads, they give coupons (from sponsors), so inorder to gain some popularity and to bare the
competition they are giving the cashback. So they attract more visitors as well as get more
sponsors, ultimately making them profitable. its a most profitable strategy of paytm.
15

Fig#4 : Screen shot of paytm market place : they give the opportunity to sell their product on
paytm web site.

3.1 Registration Process For Merchants In Paytm Website:

Paytm provide market place for merchants .this is a registration process for merchants to register
themselves in paytm website. They provide simple registration for merchants to sign up in the
site, the mandatory fill up are show red star(*) they must fill up by merchants. The form process
is very simple you fill up are some neccerary things like: name ,email-id, mobile number, city
,business name, category(business), business address. And all completion you press the submit
botton and after you can business in the paytm website . this a activity of paytm to earn their
revenue through the merchants,

16

Fig 5#
After completion this process paytm offer to merchants choose the subscription
plan this is the way paytm earn the revenue from the merchants.through the
subscription model. This is the part of subscription model of paytm.

17

3.2 Overview: How Merchants Sell Their Products Through

Paytm Site:
This screenshot shows the seller name , product description that is filled by the seller, product
images, and the price of the product that all this filled are set by the seller.if the buyer buy this
product from the site so seller paid commission to paytm on every sell.

18

Fig 6# : This is the activity the paytm earn revenue from the seller as a commission when seller
products are sold in this site. This is the best strategy for paytm to earn their revenue part.

3.3 The Subscription Charges From The Merchants:

This is the annually subscription plan they charge by paytm fron their seller, they divided their
subscription charges into four category:

Silver plan
Gold plan
Platinum plan
Budget (zero setup plan)
This plan have own their benefits ,highest plan is platinum plan give more benefits to
seller to sell their product in site. In other hand silver plan give less benefits as
comparative to platinum or gold plan. This all the plan are charge by the seller one time
in the annually

19

Fig 7#
The paytm charge also additional charges through the seller like: annual maintenance
charge (AMD) that is 2500 annually, and 12.38% charges if its applicable. Its a part of
paytm subscription model to generate their revenue. In this strategy paytm give the more
opportunity(plan) to its merchant and give the diffrent benefits to the seller .

3.3.1 Top Merchants They Use Paytm Wallet:

This all are merchants with paytm wallet, this merchants are contribute revenue for paytm to
provide paytm wallet facility to buyer. This is also the way the paytm earn the revenue from the
buyers. All this are big e-business site they are done huze transeaction daily. This merchants
20

avail the facility paytm wallet which is provided by paytm. The famous merchants in the
paytm are: dominos, jabong.com, book my show, ebay, uber, and haldiram.

Fig 8#

3.4 REVENUE MODEL ADOPTED BY PAYTM:

They are some models they are adopted by the paytm to generate their revenue thae model are
shown below:

21

Fig 9#

22

3.4.1 ADVERTISING REVENUE MODEL:

In this model paytym allow to merchants shows their advertisement on paytm websites and
charges some amount for this advertisement.this is the way the paytm used to generate their
revenue. This method for generate revenue are covered under the advertising revenue model.
This model is more beneficial for paytm to generate their revenue.the charges are charger by
them they advertised their product on paytm site.
The yippee noodles show their advertisment on the paytm site and thet paid some money to
paytm . this is a way paytm generate the revenue from the advertisment revenue model.

23

Fig 10# : Its a screen shot shows how yippee noodles show their advertisment on paytm site

3.4.2 SUBSCRIPTION REVENUE MODEL:

Paytm also use the subscription model. They charge the subscription amount from the seller
annually and generate their revenue. they categorized their subscription into four categories all
are mention and discuss early in this project. They charge annually maintenance charges also as a
commission that is RS 2500. This whole process is comes under the subscription model of
paytm through them they generate their revenue. The subscription model is most beneficial for
paytm because all the seller who are register themselves into paytm all are paid subscription
charges to run their business in paytm site. Basically the paytm adopt the paid circulation
24

subscription revenue model to generate the revenue in their business.this is the most beneficial
model as comparative to others model to generate the revenue.

3.4.3 TRANSACTION REVENUE MODEL:

paytm also charge their revenue through the buyer as well as seller transactions. Through this
model paytm charge some amount from buyer and seller when they transact in the paytm site
and avail the paytm facility. This screen shot shows that what charges paytm charges when
the buyer are transact through paytm wallet.

If you loading your money into the wallet, paytm charges nothing amount in this transeaction,
If you purchase any product at merchant site the paytm also charge nothingin this transeaction.
If you transfer the money into one wallet to other person wallet, on this transaction paytm also
not charge any amount. but if you transfer the money from paytm wallet to bank paytm
charge 4% of the amount that you are transfer into bank . this is the transeaction revenue
model of paytm .
25

3.4.4 ADVANCE PAYMENT REVENUE MODEL:

In this model paytm received the interest on the payment of customer until they are not transfer
the money into seller account. When the paytm received amount from the customer they are not
instantly transfer on seller account. They hold the amount and gain the interest on this amount.
Through this process paytm generate their revenue from the advance payment revenue model.
This model is very beneficial for paytm to generate the revenue this all process is also called
escrow account process.

3.4.5 COMMISION REVENUE MODEL:

IN this model paytm charge commission from the seller for their listed product in paytm
websites. And they charge commission on every sale on the site of paytm from the seller. This
commission is totally based on the sell of the product if buyer buy the product from the paytm
site so paytm charge the commission from the seller for each sell in their website. Through this
process paytm generate their revenue. The commission based model are also beneficial for
generate the revenue .the commison based model are also trend in ever e-business site, paytm
also adopt this revenue model to generate their revenue.

3.4.6 They Are Some Other Activity The Paytm Earn The Revenue:

Paytm escrow: through escrow account paytm received intrest,when buyer payment
to their purchase that amount hold by paytm untill customer not confirm it.if customer

26

not confirm in next 7 days paytm expect buyer satisfied with the product and they
transfer the money seller account.

Paytm earn by advertising other products on websites.

Patym charges annual subscription fees to the sellers who list their products on website

Introducing Paytm Wallet, a secure digital wallet where you can store money and use it
to make quick recharges, pay bills, do shopping on Paytm. You can also send money to
friends & pay for various services like Uber, MakeMyTrip, BookMyShow & many more.

3.5 WHY PEOPLE ATTRACT TOWARD PAYTM:

Easy Accessible:
The paytm side easy to accessible they are much easy as compare to other site people are
like them for their easy accessible specialty .paytm also available on the mobile, tablets,
laptops , and for paytm the high speed data connection is not required .it is easily work on
mobile without any problem.

Chat Facility:
Paytm provide chat facility to their buyer so they can bargain the product price from the
seller..through very easy steps they can avail the facilty of paytam chat facility. This screen
shot define how a customer bargain to the seller:

27

Fig 11#

Mobile Friendly:
paytm service is also available in mobile so you can easily download and use this application
in your mobile anywhere. On other hand we can say that its a mobile friendly application.
They are available on many store:

28

Fig 12#

Safe And Secure Payment:

paytm uses many trusted software for their security purpose they used many security
application they provided best security when any transaction are done, they uses 256 bit of
encryption for their security purpose.

Fig 13# This are the application/ software paytm use for their security purpose

RBI Approved Digital Wallet:

Their digital wallet are approver by the reserve bank of India(RBI). So people are trusted
on their paytm wallet service. That means They follow all the rules and regulation they are
required to work e-wallet.

They provide 45+ banks for net banking.(one of the largest Payment Gateways in India.)

You canalso Rs 1 lakh plus money transfer (follow the KYC(know your customer ) rule
and regulation) otherwise its RS 10000 .
29

 Seller Opportunity In Paytm:

Fig 14# : A consumer can also sell or do business with the help of paytm

Partner With Paytm:

Fig 15#

CHAPTER-4
E-COMMERCE SECURITY & PAYTM

30

4.1 WHAT IS E-COMMERCE SECURITY:

Computer security refers to the technological and managerial procedures applied to computer systems to
ensure the availability, integrity, and confidentiality of information managed by the computer system
against unauthorised access, modification, or destruction. It deals with the transmission of data in a
secured environment to the people sitting thousand miles away from each other. Intruders penetrate into
the computer using different ways; they make use of malicious programs to cause destruction and breach
privacy. Security experts make use of firewall and cryptography techniques to prevent suspicious data
from reaching to the host computer and use algorithms to encrypt the data while sending it across the
network. Computer security refers to the protection given to computers and the information contained in
them from unauthorised access. It involves the measures and controls that ensure confidentiality, integrity,
and availability of the information, processed and stored by a computer. These three aspects are
responsible for effective computer security.
With an increasing amount of people getting connected to networks, the security threats that cause
massive harm are increasing also. Network security is a major part of a network that needs to be
maintained because information is being passed between computers etc and is very vulnerable to attack.
Over the past five years people that manage network security have seen a massive increase of hackers and
criminals creating malicious threats that have been pumped into networks across the world
E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or
destruction of data. More than $388 billion globally per year attributed to cyber crime and a large
portion of that is related to e-commerce.

4.1.1 Six Dimensions Of E-Commerce Security :

Integrity: prevention against unauthorized data modification

Nonrepudiation: prevention against any one party from reneging on an agreement after

the fact
Authenticity: authentication of data source
Confidentiality: protection against unauthorized data disclosure
Privacy: provision of data control and disclosure
Availability: prevention against data delays or removal
31

4.2 E-COMMERCE THREATS:

Intellectual Property Threats:

These are those use existing materials found on the Internet without the owner's

permission, e.g., music downloading, domain name (cyber squatting), software pirating.

Client Computer Threats:

Trojan horse : Appears benign, but does something other than expected.
Bots: Covertly installed on computer; respond to external commands sent by attacker to
create a network of compromised computers for sending spam, generating a DDoS

attack, and stealing info from computers.

Viruses : Replicate and spread to other files; most deliver payload (destructive or

benign) Macro viruses, file-infecting viruses, script viruses.

Worms: Designed to spread from computer to computer Can replicate without being
executed by a user or program like virus.

4.2.1 Unwanted Programmes Installed Without Users Informed:

Browser parasites : Can monitor and change settings of a users browser

Adware : Calls for unwanted pop-up ads
Spyware : Can be used to obtain information, such as a users keystrokes, e-mail, IMs, etc.

Communication Channel Threats:

Sniffer Program : Eavesdropping program that monitors information traveling

over a network.
32

 Phishing : Deceptive online attempt to obtain confidential information

E-Mail Scams:

Spoofing Legitimate Web Sites:

Misrepresenting oneself by using fake e-mail

addresses or masquerading as someone else Spoofing a Web site is called pharming,

redirecting a Web link to another IP address different from the real one Threatens
integrity (steal business from true site, or alter orders and send to true site), and
authenticity (difficult to distinguish between true and fake Web address) Carried out by
hacking local DNS servers.

Denial-of-service (DOS) Attack : Hackers flood Web site with useless traffic to
inundate and overwhelm network. Use of bot networks built from hundreds of
compromised workstations.

Distributed Denial Of Service (Ddos) Attack : Hackers use multiple

computers to attack target network from numerous launch points Microsoft and Yahoo
have experienced such attacks.

Fig 16#

Server Threats:
Hacking : Hackers are those Individual who intends to gain unauthorized
access to computer systems. Where as Crackers are those Hacker with criminal intent. Types of
hackers:
33

White hats hired by corporate to find weaknesses in the firms computer system
Black hats hackers with intention of causing harm
Grey hats hackers breaking in and revealing system flaws without disrupting site or attempting to profit
from their finds.

Cybervandalism: Intentionally disrupting, defacing, destroying Web site.

Data Breach : When organizations lose control over corporate information to

outsiders.

Credit Card Fraud: Fear of stolen credit card information deters online

purchases.
USs federal law limits liability of individuals to $50 for a stolen credit card.
Hackers target credit card files and other customer information files on
merchant servers; use stolen data to establish credit under false identity.
Online companies at higher risk than offline due to difficulty of
guarenteeing true identity of customers.
E-Sign law giving digital signatures same authority as hand-written ones
applies only to large corporations, but not to B2C e-commerce.
Spoofing (Pharming) : Misrepresenting oneself by using fake e-mail addresses or

masquerading as someone else . Spoofing a Web site is called pharming, redirecting a Web
link to another IP address different from the real one. Threatens integrity (steal business from true
site, or alter orders and send to true site), and authenticity (difficult to
distinguish between true and fake Web address) Carried out by hacking local DNS servers
.

Spam (Junk) Web Sites : Collection of advertisements for other sites, some of which
containing malicious code. Appears on search results, hiding their identities by using
domain names similar to legitimate ones, and redirecting traffic to spammer domains.

34

4.2.2 OTHER SECURITY THREATS :

Sniffing : Eavesdropping program that monitors information traveling over a network.
Insider Jobs: Single largest financial threat.
Poorly Designed Server And Client Software : Due to increase in

complexity and size of OS, application software, and browsers.

Social Network Security : Social engineering attacks tempting visitors to FB

pages to click on bad-behavior links.

Mobile Platform Threats : Same risks as any Internet device Malware, botnets,
vishing/smishing.

4.3 A PROCEDURE THAT RECOGNIZES, REDUCES,

OR ELIMINATES A THREAT:
Intellectual Property Protection
Legislature
Authentication

4.4 SECURITY INFRASTRUCTURE :

35

Fig 17#
The security infrastructure is the implementation of the security policy. The security
infrastructure is the technology which is chosen to secure the e-business and the rules by

which it operates. Some examples of this include

Enforcing password aging and expiration.
Enforcing the complexity of passwords.
Blocking prohibited outbound connections from the firewall.
Requiring digital certificates to authenticate.
Remote access connections to an organizations network

4.4.1 Client Computer Protection:

Digital Certificates and Public Key Infrastructure (PKI) :

36

Still missing a way to verify identity of Web sites. We can do this by using
digital document issued by a trusted third party called certificate authority
(CA).
Digital Certificate Includes:

Name of subject/company
Subjects public key
Digital certificate serial number
Expiration date, issuance date
Digital signature of CA

Public Key Infrastructure (PKI):

CAs and digital certificate procedures that are accepted by all parties is Pretty Good Privacy
(PGP) a widely used e-mail public key encryption software [go to pgpi.org to download it].

Fig 18#

Browser Protection :
Browser security is the application of Internet security to web browsers in order
to protect networked data and computer systems from breaches of privacy
or malware. Security exploits of browsers often use JavaScript - sometimes
with cross-site scripting (XSS)] - sometimes with a secondary payload
37

using Adobe Flash. Security exploits can also take advantage

of vulnerabilities (security holes) that are commonly exploited in
all browsers (including Mozilla Firefox, Google Chrome, Opera, Microsoft
Internet Explorer, and Safari).

Anti-virus software:
It is the Easiest and least expensive way to prevent threats to system integrity.

What it requires is daily updates.

4.4.2 COMMUNICATION CHANNEL PROTECTION:

Encryption :
Transforms plain text data into cipher text readable only by sender and receiver. Their

purpose is to Secures stored information and information transmission .

It Provides 4 of 6 key dimensions of e-commerce security:
Message integrity assurance that message hasnt been altered.
Nonrepudiation prevents user from denying sending the message.
Authentication verification of identity of person (computer) sending the msg.
Confidentiality assurance that msg. was not read by.

Public-Key Encryption (Asymmetric) Vs Private-Key

Encryption (Symmetric):

38

Fig 19#

Secure Sockets Layer (SSL): Establishes a secure, negotiated client-server

session in which URL of requested document, along with contents, is encrypted
Designed to establish a secure connection between two computers.
39

Virtual Private Network (VPN): Allows remote users to securely access

internal network via the Internet, using Point-to-Point.

Fig 20#

40

 Secure Hypertext Transfer Protocol (S-Http) :

41

42

 Digital Signature :
Digital signature refers to the igitized images of paper signature used to verify the
authenticity of electronic document. In other words, digital signatures play the role of
physical signatures in verifying electronic documents. A signature is not part of the
substance of a transaction, but is a representation.

Fig 21#
It is a mathematical technique used to validate the authenticity and integrity of a message,
software or digital document.

Firewall
It is a network security system that controls the incoming and outgoing network traffic
based on an applied rule set. A firewall establishes a barrier between a trusted, secure
internal network and another network (e.g., the Internet) that is assumed not to be secure
and trusted. Firewalls exist both as software to run on general purpose hardware and as a

43

hardware appliance. Many hardware-based firewalls also offer other functionality to the
internal network they protect, such as acting as a DHCP server for that network.

Fig 22#

Proxy Servers (Proxies) :

Software servers that handle all communications originating from or being
sent to the Internet. Initially for limiting access of internal clients to external
Internet servers Can be used to restrict access to certain types of sites, such
as porno, auction, or stock-trading sites, or to cache frequently-accessed
Web pages to reduce download times.

44

Fig 23#

4.5 PORTERS FIVE FORCES :

Porter five forces analysis is a framework to analyze level of competition within an industry
and business strategy development. It draws upon industrial organization (IO) economics to
derive five forces that determine the competitive intensity and therefore attractiveness of an
Industry. Named after Michael E. porter, this model identifies analyzes 5 competitive forces that
shape every industries, and help determine an industrys weaknesses and strengths .
1.
2.
3.
4.
5.

Bargaining power of suppliers

bargaining power of customers (buyers)
intensity of competitive rivalry
Threat of substitute products or services
Threat of new entrants

45

Fig 24# PORTERS FIVE FORES FOR ONLINE RETAILER PAYTM

BARGAINING POWER OF SUPPLIERS:

The bargaining power of suppliers is also described as the market of inputs.
Suppliers are the manufacturers of finished products. For any products there are many
suppliers online, so they cant show power on online retail companies. For example, if
you take computer category, there are many suppliers like HP, Apple, Lenevo, and
Toshiba everyone wants to sell their products through online retails like Paytm. Selling
online saves a lot of money for the manufacturers, and as many people now a days prefer
purchasing products through online stores, companies cannot afford to lose this channel.
So in this industry the supplier power is low.

BARGAINING POWER OF CUSTOMERS (BUYERS):

The bargaining power of customers is also described as the market of outputs.
Buyers in this industry are customers who purchase product online. Since this industry is
flooded with so many players, buyers are having lot of option to choose. With many
competitiors like amazon.com, Snapdeal, Flipkart, Shopclues, etc. customers get a wide
46

range of choices. Customer would prefer the one who would provide goods at reasonable
price, deliver it fast and provide them with other benefits like COD, EMI facilities, others
offers etc. here buyers have more power.

INTENSITY OF COMPETITIVE RIVALRY:

For most industries the intensity of competitive rivalry is the major determinant
of the competitiveness of the industry. Competition is very high in this industry with so
many players like Homeshop18, Snapdeal, Amazon, etc. many competitiors means more
choices for the customer to choose from. This also increases the cost incurred by the
company to stay in the customers mind i.e. on promotions and advertisements etc. giving
the customers better deals, making customers experience delightful and continuous
innovation can help a company to stay at top even with tons of competitors around.

THREAT OF SUBSTITUTE PRODUCTS OR SERVICES:

Substitute for this industry as of now is physical stores. Their threat is very low
for this industry because customers are going for online purchases instead of
going to physical stores as it will saves time, effort, and money. With the advent
and penetration of internet and smartphones, future in retail belongs to online

retail.
When we compare relative quality, relative price of product a person buys online
with physical stores, both are almost same and in some cases, online retail stores
offers mores discounts and this attracts the customer to purchase products online.

THREAT OF NEW ENTRANTS:

Threat of new entrants is very high in this online retail industry because of
following reason:
47

There are very less barriers to entry like less capital required to start a
business, less amount of infrastructure required to start business. All you need
is to tie up with suppliers or products and you need to develop a website to
display products so that customers can order products, and a tie up with online

payment gateway provider like bill desk.

Indian government helps allowed 51% FDI in multi-brand online retail and
100% FDI in single brand online retail. So, this means foreign companies can

come and start their own online retail companies.

Industry is also going to grow at a rapid rate. It is going to touch $83 billion
by 2022. Industy is going to experience an exponential growth rate. So,
obviously no one wants to miss this big opportunity.

With the new entrants like Jabong, Snapdeal, Flipkart, Shopclues etc rapidly racing
towards the top position, Paytm needs to devise new strategies to avoid this threat from new
entrants.

4.6 SECURITY AWARENESS AND POLICIES :

A need for security awareness and training is required to implement computer security in an
organisation. The main purpose behind security awareness is to enhance security by
improving awareness of the need to protect system resources, developing skills, and
knowledge so that computer users can perform their jobs more securely and build knowledge
needed to design, implement, or operate security programs for organisations and systems. A
security policy is a formal statement of the rules for people who are given access to an
organisations technology and information assets. The main purpose of security policy is to
inform users, staff, and managers of their obligatory requirements for protecting technology
and information assets. To retain the value and genuineness of the policy, it must include
these components: computer technology purchasing guidelines, privacy policy, access policy,

48

accountability policy, authentication policy, information technology system and network

maintenance policy and violations reporting policies.

4.6.1 Security Policy, Procedures, and Practices

A Security Policy Is A Formal Statement Of The Rules :
high-level description of the technical environment of the site, the legal
environment (governing laws), the authority of the policy.
risk analysis identifying the site's assets, the threats existing against those assets,
and the costs of asset loss
guidelines for reacting to a site compromise (e.g., whether to trace the intruder or
shutdown and rebuild the system) .

Security-Related Procedure:
Procedures address such topics as connecting to the site's system from home or while
traveling, retrieving programs from the network, using encryption, authentication for
issuing accounts, configuration, and monitoring.

Security Practices:
49

 Implement a one-time password system. Ensure that all accounts have a password and
these passwords are difficult to guess.
Use strong cryptographic techniques to ensure the integrity of system software on a
regular basis.
Keep the systems current with upgrades and patches.
Audit systems and networks, and regularly check logs for detecting an intrusion.

4.6.2

HOW TO
MINIMIZE SECURITY THREATS:

Making Your Business Less Of A Target

- consider what needs to be

on public or shared systems and, where possible, remove sensitive business

information.
Increasing The Perception Of Your Business As Secure - ensure
that all aspects of security appear to be installed and well managed.

Ensuring That Warning Signs- on your website are clearly displayed

to any user who attempts to access secure parts of it.

Not Providing Any Publicly Available Information- regarding the

security systems or operating systems in use.

50

 Making Certain That Your Employees Are Well-trained- In

proper email and internet usage, eg not opening unfamiliar attachments or
clicking on suspicious links.

4.7 TECHNIQUES USED FOR SECURITY:

Server Security: Use firewalls and proxy servers.
Message Privacy (or confidentiality): assures that the
communication between trading parties are not revealed to other,
therefore unauthorized party can not read or understand the message .

Message integrity: assures that the communication between trading

parties are not alerted by an enemy.

Authentication: The term authentication determines the user of

the computer is actually who he/she claims. The term authentication of
the receiver: allows the sender to be sure that the party he/she intend to
get the

message is the one who is receives it.

Authorization: Ensures that the trading party has the authority of
transaction.

51

Fig 25# : The whole security goes within for e-commerce site like to paytm

CHAPTER-5
52

ELECTRONIC PAYMENT SYSTEM

Fig 26#

53

 INTERNET BANKING:
Banking thorugh bank official websites. User ID & Passward is must with
register mobile number for OTP.

DEBIT/CREDIT CARDS :
Online transaction on PAYTM is secure with the highest levels of
transaction security currently available on the Internet. PAYTM uses 256-bit
encryption technology to protect your card information while securely
transmitting it to the respective banks for payment processing.

E-VOUCHERS(eGV):
The e-Gift Vouchers (EGV) can be redeemed online against Sellers listed on
www.PAYTM.com only. EGVs can be redeemed by selecting the payment
mode as e-Gift Voucher.

IMPS (Immediate Payment Service ):

IMPS is Immediate Payment Service that enables you to make payment
through your bank account via mobile.
What is MMID?
MMID (mobile money identifier) is 7-digit number issued by bank to
customer for IMPS transactions.

54

What is OTP?
OTP is one-time password issued by bank to customer for payment
transaction through IMPS.

What is ItzCash Cash Card?

ItzCash is now the leading cash card provider and a holistic payments solution
company.
Features of ItzGift Cash Card:
ItzCash cash cards have a good number of features that make them a good
option for cashless transactions. Some of them include:
Secured transactions: Cash cards involve secure procedures that make the
transactions reliable and heavily secured. It is hard to make a transaction
without the card.

Quick processing: Cash cards function similar to an ATM machine that can
transact money with a single swipe on the machine.

Added discounts: Many brands tie up with cash card companies to come
up with exclusive limited offers on products. These apply to only cash card
users and no one else.

Convenient and hassle free gift option: A corporate cash card can be
used as a gifting option for employees during gifting occasions. ItzGift cards
from ItzCash carry the flag for a cashless gift card.

55

5.1 HOW TO DO RECHARGE ON PAYTM?

Step 1: Login to Paytm.com

56

Fig 27#

Step 2: Enter your mobile number in the desired box.

57

58

Fig 28#

Step 3: Select Proceed to recharge.

Fig 29#

Step 4 : Select the payment option.

Fig 30#

Recharge is done.

CHAPTER-6

BIBLIOGRAPHY

WWW.WIKIPEDIA.COM
WWW.PAYTM.COM
59

 WWW.SLIDESHARE.NET
PAYTM------COMPANY IN NOIDA

60