A PROJECT REPORT ON

Submitted in partial fulfilment of the requirements for the award of

degree of Master of Business Administration (M.B.A) (To Guru Gobind
Singh Indraprastha University, Delhi ) S

UBMITTED TO: SUBMITTED BY: Dr. SUSHIL

CHABRA SHWETU KUMAR DEAN (M.B.A) VIJAY YADAV
PERIYAR MANAGEMENT ATIQU-UR-RAHMAN AND
COMPUTER COLLEGE ADITI BANSAL FARUKH MBA-2ND
SEMESTER 2014 – 16

1
DECLARATION

We, SWHETU KUMAR, VIJAY YADAV, ATIQU, ADITI BANSAL

and FARUKH bonafide students of PERIYAR MANAGEMENT AND
COMPUTER COLLEGE , JASOLA(GURU GOBIND SINGH
INDRAPRASTHA UNIVERSIY). I hereby declare that the research title
over “PAYTM”, has been done by the undersigned with full devotion
for partial fulfilment of degree of M.B.A. We also declare that the facts
mentioned are true to date and best of my knowledge; any discrepancies
have been avoided for the same. SHWETU KUMAR VIJAY YADAV
ATIQU-UR-RAHMAN ADITI BANSAL FARUK

2
3. 3 AACCKKNNOOWWLLEEDDGGEEMMEENNTT Behind every
study there stands a myriad of people whose help and contribution make
it successful. Since sucha list will be prohibitively long, We may be
excusedfor important omissions. We would like to express my heart-felt
gratitude to our dean respected DR.SUSHIL CHABRA , for his
invaluable guidance and encouragement. We would also like to record
our sincere gratitude to all those who have helped us directly or
indirectly in the fulfillment of this study. SHWETU KUMAR VIJAY
YADAV ATIQU-UR-RAHMAN ADITI BANSAL FARUK

3
4. 4 TABLE OF CONTENTS

Chapter-1 pageno#
INTRODUCTION....................................................................6

1.1 About Paytm……………………………………………..……6

1.2 Achievements……………………………………………….....8

1.3 Technical Architecture Of Paytm……………………….…..9

Chapter-2

WORKING AND TECHNOLOGIES OF PAYTM.............10

2.1 Supply Chain Management Of Paytm………………………10

2.2 Web Technologies Of Paytm……………………………….…11

2.3 Web Based Tool Of Paytm…………………………………....13

Chapter- 3

REVENUE MODEL OF PAYTM………………..................15

3.1 Registration Process For Merchants In Paytm.…………….17

3.2 Overview: How Merchants Sell Their Product ..…………….19

3.3 Subscription Charges From The Merchants………………....20

3.4 Revenue Model Adopted By Paytm……………………..…….22

3.5 Why People Attract Towards Paytm………………………….26

4
5. 5 Chapter- 4

E-COMMERCE SECURITY AND PAYTTM.....................30

4.1 What is E-Commerce Security………………...……………..30

4.2 E-Commerce Threats…………………………………………..31

4.3 Procedure That Recognizes, Reduces, Eliminates Threat…..34

4.4 Security Infrastructure…..…………………………………….35

4.5 Porter’s Five Forces……………………………………………43

4.6 Security, Awareness, Policies………………………………….46

4.7 Techniques Used For Security………………………………..48

Chapter- 5

ELECTRONIC PAYMENT SYSTEM…………………......50

5.1 How To Do Recharge On Paytm……………...………….…..53

Chapter- 6

BIBLIOGRAPHY....................................................................57

5
 CHAPTER-1

INTRODUCTION

1.1 ABOUT PAYTM:

Paytm means “Pay through Mobile”. It is one of the largest is one of the
fastest growing Indian e-commerce shopping websites launched in 2010.
The name of the company who launched the Paytm is One97
communication. Initially it is focused on Mobile and DTH recharging.
The Company headquartered in Noida, India. It gradually provided
recharging and bill payment of various portals including electricity bills,
gas bills as well as telephone bills. In 2014 Paytm has started the
business same like as the facilities are getting from the other E-
Commerce company such as Flipkart, Amazon, and Snapdeal. Today, it
is India's most popular online destination for prepaid mobile & DTH
recharges and shopping, and its Android and iOS apps have been ranked
among the most popular apps. In only 3 years since the founding, the
company created a user base of 25 million wallet users and 10 million
app downloads.

SERVICE: In 2014, the company launched Paytm Wallet, India's

largest mobile payment service platform with over 40 million wallets.
The service became the preferred mode of payment across leading
consumer internet companies such as Uber, Bookmyshow, Makemytrip.
FUNDING: Paytm got a major boost in e-commerce when Indian

6
industrialist RatanTata made personal investment in the firm in March
2015.In the same month, the company received a $575 million
investment from Chinese e-commerce company AlibabaGroup, after Ant
Financial Services Group, an Alibaba Group affiliate, took 25% stake in
One97 as part of a strategic agreement. PARTNER: Paytm works with
all mobile operators in all states in India for prepaid mobile, DTH and
Data card recharges and postpaid mobile, landline and Data card bill
payments. Its partners with the multiple national banks, for credit card,
debit card and net banking payments. Pay tm also works with various
billers for utility bill payments.

7. 7 Paytm– #1

RechargeDestination Rechargeswereneverso simple! Excitingcoupons

Over300,000 transactions daily Over100,000 offers powereddaily Fig
1#: Screen shot introduction to paytm

7
8. 8 1.2 ACHIVEMENTS: 2014 – Paytm is Gold Winner at the MMA
Smarties in the Mobile App category. 2014 – Paytm is Silver Winner at
the MMA Smarties in the mCommerce category 2014 – Paytm wins the
Best Mobile Money product at the 4th India Digital Awards. 2013 –
Paytm wins Knowledge Faber Best Mobile Wallet Program Award.
2013 – Paytm wins a special mention in m Billionth Awards in
mCommerce/mBusiness category. 2013 – Paytm is Gold Winner at the
MMA Smarties for E- Commerce. 2012 – Paytm is recognized as the
Most Innovative Startup of the Year at the Entrepreneur India event
organized by Franchise India.

8
9. 9 1.3 TECHNICAL ARCHITECTURE OF PAYTM: Figure 2#: A
high-level architecture for electronic commerce. There are three
components to this architecture: the Internet, a firewall, and your
organization. The Internet is where you will interact electronically with
your customers, your firewall will provide you with reasonable
protection against people who wish you harm, and your organization’s
systems will process the business transactions generated on the WWW
by your customers.

9
10. 10 CHAPTER-2 WORKING AND TECHNOLOGIES OF PAYTM
2.1 SUPPLY CHAIN MANAGEMENT OF PAYTM: It is the
management of flow of goods and services to the customer. Supply
chain management has been defined as the "design, planning, execution,
control, and monitoring of supply chain activities with the objective of
creating net value, building a competitive infrastructure, leveraging
worldwide logistics, synchronizing supply with demand and measuring
performance globally. Fig 3#: SCM of paytm

10
11. Embedded Cascading Style Sheets define a set of style rules in a
External Cascading Style Sheets define style rules in a separate CSS file.
EMBEDDED CSS  UTF-8: UTF-8 (8-bit Unicode Transformation
Format) is a variable-length character encoding for Unicode, which is
backwards compatible with ASCII. EXTERNAL CSS  HTML
CHARACTER ENCODING  JAVASCRIPT MARKUP LANGUAGE
 JAVASCRIPT CLIENT SIDE PROGRAMMING LANGUAGE 11
2.2 WEB TECHONOLOGY OF PAYTM: SERVER SIDE
PROGRAMMING LANGUAGE <style> Embedded Cascading Style
Sheets define a set of style rules in a External Cascading Style Sheets
define style rules in a separate CSS file. EMBEDDED CSS  Session
cookies are temporary cookies, which are deleted when the user closes
the browser. EXTERNAL CSS  Inline Cascading Style Sheets define
style rules directly within an (X)HTML element using the style attribute.
SESSION COOKIES element within a web page. INLINE CSS
<style> element within a web page.

11
12. .COM - Commercial entities NODE.JS - Node.js is a server-side
JavaScript environment for writing network programs such as web
servers. TOP LEVEL DOMAIN  NGINX - Nginx (pronounced as
"engine X") is a lightweight open source web server.  GeoTrust is a
SSL certificate authority owned by Symantec. This includes SSL
certificates issues by the certification branch of Equifax, which was
acquired by GeoTrust. WEB SERVER  HTTP Strict Transport Security
(HSTS) defines a mechanism enabling web sites to declare themselves
SSL CERTIFICATE AUTHORITY  Secure cookies are used only via
an encrypted connections, which may increase security. HTTP STIRCT
TRANSPORT SECURTIY  Non-Http Only cookies are used in the
HTTP protocol and also in client side scripts, which may be a security
threat. SECURE COOKIES  Http Only cookies are used only in the
HTTP protocol and not in client side scripts, which may increase
security. NON-HTTPONLY COOKIES  Session cookies are temporary
cookies, which are deleted when the user closes the browser
HTTPONLY COOKIES  Inline Cascading Style Sheets define style
rules directly within an (X)HTML element using the style attribute.
SESSION COOKIES 12 INLINE CSS

12
13. a Web server in the company network. The two main ingredients in
a Web server are its hardware and software. 2.3.1 WEB SERVER
HARDWARE: A merchant should think carefully when making a
decision on the Web server computer. The decision depends on factors
such as: Operating system of the network. UNIX operating system is
found to be more rugged than that of Windows, but UNIX is more
complex to manage than Windows. Hardware requirement of the Web
server software. A PC with a midrange CPU, small hard drive, and 32
megabytes of memory will perform poorly when compared with a high-
end workstation or a powerful UNIX-based computer. Expected traffic
or the number of transaction per unit time. Running a large, enterprise-
class application server (such as an ERP system) on a personal computer
is not feasible. Other software running on the same computer. For
example, running a Web server and a database server can significantly
slow down the performance of a computer. Scalability of the hardware --
meaning upgrade of components such memory, disk space, disk
mirroring, or even connect additional Web servers if necessary. a
connection to the Internet, and 13 2.3 WEB BASED TOOLS OF
PAYTM The basic requirement for a merchant to have a Web presence
or have an electronic commerce site, is

13
14. 14 2.3.2 Benchmarking Web Server Hardware and Software: A
benchmark test considers several factors such as: Type of Web page: A
server that delivers mostly static Web pages will perform better than the
same server that delivers dynamic Web pages. A dynamic page is a Web
page whose content is shaped by a program in response to user request
(such as a database query), versus a static page, which is just a plain
HTML page. 2.3.3 Web Server Software Feature Sets All Web server
software provides some basic features which can be classified as: Core
capabilities Site management Application Construction, and Electronic
commerce CORE CAPABILITIES: IP-Sharing or Virtual Server Logical
file Security FTP Site Analysis Searching Response Time: It is the
amount of time that a server requires to process one request. 
Throughput: It is the number of HTTP requests that a particular
hardware and software combination can process in a unit of time. 
Network connection: A Web server on a T3 connection can deliver Web
pages to clients much faster than it could on a T1 connection.  The Web
server software  The computer hardware 

14
15. Administration of a Web server can be performed from a remote
computer in the network. APPLICATION DEVELOPMENT:
Application development includes Web editors and extensions to
produce Web pages – either static or dynamic. These include HTML
editors such as FrontPage for static Web pages. For dynamic Web pages,
there are protocols such as Common Gateway Interface (CGI) and
Application programming Interface (API) that are used by programs
such as Java and C++ to develop dynamic Web pages. ELECTRONIC
COMMERCE: Some Web servers provide advanced services that
support online selling and buying (such as shopping cart and catalog
services). An electronic commerce software can provide templates and
other tools to quickly develop an e-commerce site. This might include
templates for product browsing, shopping carts, and credit card
processing. A Web server provides tools to manage multiple Web sites,
file security, virtual file, and log file analysis. 15 SITE
MANAGEMENT:

15
16. 16 CHAPTER-3

REVENUE MODEL OF PAYTM

Paytm earn their revenue through the market place model. They work on
market place model and they belive in the market place model for their
revenue, they give to opportunity to vendors to sell or listed their
products on paytm webside, so the buyer are comes and buy the
products. In this activity paytm charge commission from the seller so
this is a some part how they generate their revenue. They do also some
more activity to generate their revenue. Paytm knows that Revenue
model is framework of revenue.it is a description How a business
generate income, profit,or an average earning in a business.and they
fully concentration their revenue model. That’s belive also purely
marketing strategy, they get earnings from sponsored advertisers,
showing ads, they give coupons (from sponsors), so inorder to gain some
popularity and to bare the competition they are giving the cashback. So
they attract more visitors as well as get more sponsors, ultimately
making them profitable. its a most profitable strategy of paytm.

16
17. 17 Fig#4 : Screen shot of paytm market place : they give the
opportunity to sell their product on paytm web site. 3.1 Registration
Process For Merchants In Paytm Website: Paytm provide market place
for merchants .this is a registration process for merchants to register
themselves in paytm website. They provide simple registration for
merchants to sign up in the site, the mandatory fill up are show red
star(*) they must fill up by merchants. The form process is very simple
you fill up are some neccerary things like: name ,email-id, mobile
number, city ,business name, category(business), business address. And
all completion you press the submit botton and after you can business in
the paytm website . this a activity of paytm to earn their revenue through
the merchants,

17
18. 18 Fig 5# After completion this process paytm offer to merchants
choosethe subscription plan this is the way paytm earn the revenue from
the merchants.through the subscription model. This is the part of
subscription model of paytm.

18
19. 19 3.2 Overview: How Merchants Sell Their Products Through
Paytm Site: This screenshot shows the seller name , product description
that is filled by the seller, product images, and the price of the product
that all this filled are set by the seller.if the buyer buy this product from
the site so seller paid commission to paytm on every sell. Fig 6# : This is
the activity the paytm earn revenue from the seller as a commission
when seller products are sold in this site. This is the best strategy for
paytm to earn their revenue part.

19
20. 20 3.3 The Subscription Charges From The Merchants: This is the
annually subscription plan they charge by paytm fron their seller, they
divided their subscription charges into four category:- Silver plan Gold
plan Platinum plan Budget (zero setup plan) This plan have own their
benefits ,highest plan is platinum plan give more benefits to seller to sell
their product in site. In other hand silver plan give less benefits as
comparative to platinum or gold plan. This all the plan are charge by the
seller one time in the annually Fig 7#

20
21. 21 The paytm charge also additional charges through the sellerlike:
annual maintenance charge (AMD) that is 2500 annually, and 12.38%
charges if its applicable. It’s a part of paytm subscription model to
generate their revenue. In this strategy paytm give the more
opportunity(plan) to its merchant and give the diffrent benefits to the
seller . 3.3.1 Top Merchants They Use Paytm Wallet: This all are
merchants with paytm wallet, this merchants are contribute revenue for
paytm to provide paytm wallet facility to buyer. This is also the way the
paytm earn the revenue from the buyers. All this are big e-business site
they are done huze transeaction daily. This merchants avail the facility
paytm wallet which is provided by paytm. The famous merchants in the
paytm are: dominos, jabong.com, book my show, ebay, uber, and
haldiram. Fig 8#

21
22. 22 3.4 REVENUE MODEL ADOPTED BY PAYTM: They are
some models they are adopted by the paytm to generate their revenue
thae model are shown below: Fig 9#

22
23. 23 3.4.1 ADVERTISING REVENUE MODEL: In this model
paytym allow to merchants shows their advertisement on paytm websites
and charges some amount for this advertisement.this is the way the
paytm used to generate their revenue. This method for generate revenue
are covered under the advertising revenue model. This model is more
beneficial for paytm to generate their revenue.the charges are charger by
them they advertised their product on paytm site. The yippee noodles
show their advertisment on the paytm site and thet paid some money to
paytm . this is a way paytm generate the revenue from the advertisment
revenue model. Fig 10# : It’s a screen shot shows how yippee noodles
show their advertisment on paytm site

23
24. 24 3.4.2 SUBSCRIPTION REVENUE MODEL: Paytm also use the
subscription model. They charge the subscription amount from the seller
annually and generate their revenue. they categorized their subscription
into four categories all are mention and discuss early in this project.
They charge annually maintenance charges also as a commission that is
RS 2500. This whole process is comes under the subscription model of
paytm through them they generate their revenue. The subscription model
is most beneficial for paytm because all the seller who are register
themselves into paytm all are paid subscription charges to run their
business in paytm site. Basically the paytm adopt the paid circulation
subscription revenue model to generate the revenue in their business.this
is the most beneficial model as comparative to others model to generate
the revenue. 3.4.3 TRANSACTION REVENUE MODEL: paytm also
charge their revenue through the buyer as well as seller transactions.
Through this model paytm charge some amount from buyer and seller
when they transact in the paytm site and avail the paytm facility. This
screen shot shows that what charges paytm charges when the buyer are
transact through paytm wallet.

24
25. 25 If you loading your money into the wallet, paytm charges nothing
amount in this transeaction, If you purchase any product at merchant site
the paytm also charge nothingin this transeaction. If you transfer the
money into one wallet to other person wallet, on this transaction paytm
also not charge any amount. but if you transfer the money from paytm
wallet to bank paytm charge 4% of the amount that you are transfer into
bank . this is the transeaction revenue model of paytm . 3.4.4
ADVANCE PAYMENT REVENUE MODEL: In this model paytm
received the interest on the payment of customer until they are not
transfer the money into seller account. When the paytm received amount
from the customer they are not instantly transfer on seller account. They
hold the amount and gain the interest on this amount. Through this
process paytm generate their revenue from the advance payment revenue
model. This model is very beneficial for paytm to generate the revenue
this all process is also called escrow account process. 3.4.5
COMMISION REVENUE MODEL: IN this model paytm charge
commission from the seller for their listed product in paytm websites.
And they charge commission on every sale on the site of paytm from the
seller. This commission is totally based on the sell of the product if
buyer buy the product from the paytm site so paytm charge the
commission from the seller for each sell in their website. Through this
process paytm generate their revenue. The commission based model are
also beneficial for generate the revenue .the commison based model are

25
also trend in ever e-business site, paytm also adopt this revenue model to
generate their revenue.

26. 26 3.4.6 They Are Some Other Activity The Paytm Earn The
Revenue: • Paytm escrow:through escrow account paytm received
intrest,when buyer payment to their purchase that amount hold by paytm
untill customer not confirm it.if customer not confirm in next 7 days
paytm expect buyer satisfied with the product and they transfer the
money seller account. • Paytm earn by advertising other products on
websites. • Patym charges annual subscription fees to the sellers who list
their products on website • Introducing Paytm Wallet, a secure digital
wallet where you can store money and use it to make quick recharges,
pay bills, do shopping on Paytm. You can also send money to friends &
pay for various services like Uber, MakeMyTrip, BookMyShow & many
more. 3.5 WHY PEOPLE ATTRACT TOWARD PAYTM: Easy
Accessible: The paytm side easy to accessible they are much easy as
compare to other site people are like them for their easy accessible
specialty .paytm also available on the mobile, tablets, laptops , and for
paytm the high speed data connection is not required .it is easily work on
mobile without any problem. Chat Facility: Paytm provide chat facility
to their buyer so they can bargain the product price from the
seller..through very easy steps they can avail the facilty of paytam chat
facility. This screen shot define how a customer bargain to the seller:

26
27. 27 Fig 11# Mobile Friendly: paytm service is also available in
mobile so you can easily download and use this application in your
mobile anywhere. On other hand we can say that it’s a mobile friendly
application. They are available on many store: Fig 12#

27
28. 28 Safe And Secure Payment: paytm uses many trusted software for
their security purpose they used many security application they provided
best security when any transaction are done, they uses 256 bit of
encryption for their security purpose. Fig 13# This are the application/
software paytm use for their security purpose RBI Approved Digital
Wallet: Their digital wallet are approver by the reserve bank of
India(RBI). So people are trusted on their paytm wallet service. That
means They follow all the rules and regulation they are required to work
e-wallet. They provide 45+ banks for net banking.(one of the largest
Payment Gateways in India.) You canalso Rs 1 lakh plus money transfer
(follow the KYC(know your customer ) rule and regulation) otherwise
its RS 10000 .

28
29. 29 Seller Opportunity In Paytm: SELLER OPPORTUNITY IN
PAYTM Fig 14# : A consumer can also sell or do business with the help
of paytm Partner With Paytm: Fig 15#

29
30. 30 CHAPTER-4 E-COMMERCE SECURITY & PAYTM 4.1
WHAT IS E-COMMERCE SECURITY: Computer security refers to the
technological and managerial procedures applied to computer systems to
ensure the availability, integrity, and confidentiality of information
managed by the computer system against unauthorised
access,modification, or destruction. It deals with the transmission of data
in a secured environment to the people sitting thousand miles away from
each other. Intruders penetrate into the computer using different ways;
they make use of malicious programs to cause destruction and breach
privacy. Security experts make use of firewall and cryptography
techniques to prevent suspicious data from reaching to the host computer
and use algorithms to encrypt the data while sending it across the
network. Computer security refers to the protection given to computers
and the information contained in them from unauthorised access. It
involves the measures and controls that ensure confidentiality, integrity,
and availability of the information, processed and stored by a computer.
These three aspects are responsible for effective computer security. With
an increasing amount of people getting connected to networks, the
security threats that cause massive harm are increasing also. Network
security is a major part of a network that needs to be maintained because
information is being passed between computers etc and is very
vulnerable to attack. Over the past five years people that manage
network security have seen a massive increase of hackers and criminals

30
creating malicious threats that have been pumped into networks across
the world E-commerce security is the protection of e-commerce assets
from unauthorized access, use,alteration, or destruction of data. More
than $388 billion globally per year attributed to cyber crime and a large
portion of that is related to e-commerce. 4.1.1 Six Dimensions Of E-
Commerce Security : Integrity: prevention against unauthorized data
modification Nonrepudiation: prevention against any one party from
reneging on an agreement after the fact Authenticity: authentication of
data source

31. Worms: Designed to spread from computer to computer Can

replicate without being executed by a user or program like virus. 4.2.1
Unwanted Programmes Installed Without User’s Informed:
Browserparasites : Can monitor and change settings of a user’s browser
Adware : Calls for unwanted pop-up ads Spyware : Can be used to
obtain information, such as a user’s keystrokes, e-mail, IMs, etc.
Viruses : Replicate and spread to other files; most deliver “payload”
(destructive or benign) Macro viruses, file-infecting viruses, script
viruses.  Bots: Covertly installed on computer; respond to external
commands sent by attacker to create a network of compromised
computers for sending spam, generating a DDoS attack, and stealing
info from computers.  Trojan horse : Appears benign, but does
something other than expected. 31 Confidentiality: protection against
unauthorized data disclosure Privacy: provision of data control and
31
disclosure Availability: prevention against data delays or removal 4.2 E-
COMMERCE THREATS: Intellectual Property Threats: These are those
use existing materials found on the Internet without the owner's
permission, e.g., music downloading, domain name (cyber squatting),
software pirating. Client Computer Threats:

32. E-Mail Scams: Spoofing Legitimate Web Sites: Misrepresenting

oneself by using fake e-mail addresses or masquerading as someone else
Spoofing a Web site is called “pharming,” redirecting a Web link to
another IP address different from the real one Threatens integrity (steal
business from true site, or alter orders and send to true site), and
authenticity (difficult to distinguish between true and fake Web address)
Carried out by hacking local DNS servers. Denial-of-service (DOS)
Attack : Hackers flood Web site with useless traffic to inundate and
overwhelm network. Use of bot networks built from hundreds of
compromised workstations. Distributed Denial Of Service (Ddos) Attack
: Hackers use multiple computers to attack target network from
numerous launch points Microsoft and Yahoo have experienced such
attacks. Fig 16# Phishing : Deceptive online attempt to obtain
confidential information  Sniffer Program: Eavesdropping program that
monitors information traveling over a network. 32 Communication
Channel Threats:

32
33. E-Sign” law giving digital signatures same authority as hand-written
ones applies only to large corporations, but not to B2C e-commerce.
Spoofing (Pharming) : Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else . Spoofing a Web site is
called “pharming,” redirecting a Web link to another IP address different
from the realone. Threatens integrity (stealbusiness from true site, or
alter orders and send to true site), and authenticity (difficult to Online
companies at higher risk than offline due to difficulty of guarenteeing
true identity of customers.  Hackers target credit card files and other
customer information files on merchant servers; use stolen data to
establish credit under false identity.  US’s federal law limits liability of
individuals to $50 for a stolen credit card.  Grey hats – hackers
breaking in and revealing systemflaws without disrupting site or
attempting to profit from their finds. Cybervandalism: Intentionally
disrupting, defacing, destroying Web site. Data Breach: When
organizations lose control over corporate information to outsiders. Credit
Card Fraud: Fear of stolen credit card information deters online
purchases.  Black hats – hackers with intention of causing harm 
White hats – hired by corporate to find weaknesses in the firm’s
computer system 33 Server Threats: Hacking : Hackers are those
Individual who intends to gain unauthorized access to computer systems.
Where as Crackers are those Hacker with criminal intent. Types of
hackers:

33
34. Authentication Legislature 34 distinguish between true and fake
Web address) Carried out by hacking local DNS servers . Spam (Junk)
Web Sites : Collection of advertisements for other sites, some of which
containing malicious code. Appears on search results, hiding their
identities by using domain names similar to legitimate ones, and
redirecting traffic to spammer domains. 4.2.2 OTHER SECURITY
THREATS : Sniffing : Eavesdropping program that monitors
information traveling over a network. Insider Jobs: Single largest
financial threat. Poorly Designed Server And Client Software : Due to
increase in complexity and size of OS, application software, and
browsers. Social Network Security : Social engineering attacks tempting
visitors to FB pages to click on “bad-behavior” links. Mobile Platform
Threats : Same risks as any Internet device Malware, botnets,
vishing/smishing. 4.3 A PROCEDURE THAT RECOGNIZES,
REDUCES, OR ELIMINATES A THREAT: Intellectual Property
Protection

34
35. 35 4.4 SECURITY INFRASTRUCTURE : Fig 17# The security
infrastructure is the implementation of the security policy. The security
infrastructure is the technology which is chosen to secure the e-business
and the rules by which it operates. Some examples of this include
Enforcing password aging and expiration. Enforcing the complexity of
passwords. Blocking prohibited outbound connections from the firewall.
Requiring digital certificates to authenticate. Remote access connections
to an organization’s network

35
36. 36 4.4.1 Client Computer Protection: Digital Certificates and Public
Key Infrastructure (PKI) : Still missing a way to verify identity of Web
sites. We can do this by using digital document issued by a trusted third
party called certificate authority (CA). Digital Certificate Includes:
Name of subject/company Subject’s public key Digital certificate serial
number Expiration date, issuance date Digital signature of CA Public
Key Infrastructure (PKI): CAs and digital certificate procedures that are
accepted by all parties is Pretty Good Privacy (PGP) – a widely used e-
mail public key encryption software [go to pgpi.org to download it]. Fig
18#

36
37. Confidentiality – assurance that msg. was not read by.
Authentication – verification of identity of person (computer) sending
the msg.  Nonrepudiation – prevents user from denying sending the
message.  Message integrity – assurance that message hasn’t been
altered. 37 Browser Protection : Browser security is the application of
Internet security to web browsers in order to protect networked data and
computer systems from breaches of privacy or malware. Security
exploits of browsers often use JavaScript - sometimes with cross-site
scripting (XSS)] - sometimes with a secondary payload using Adobe
Flash. Security exploits can also take advantage of vulnerabilities
(security holes) that are commonly exploited in all browsers (including
Mozilla Firefox, Google Chrome, Opera, Microsoft Internet Explorer,
and Safari). Anti-virus software: It is the Easiest and least expensive
way to prevent threats to system integrity. What it requires is daily
updates. 4.4.2 COMMUNICATION CHANNEL PROTECTION:
Encryption : Transforms plain text data into cipher text readable only by
sender and receiver. Their purpose is to Secures stored information and
information transmission . It Provides 4 of 6 key dimensions of e-
commerce security:

37
38. 38 Public-Key Encryption (Asymmetric) Vs Private-Key Encryption
(Symmetric): Fig 19#

38
39. 39 Secure Sockets Layer (SSL): Establishes a secure, negotiated
client-server session in which URL of requested document, along with
contents, is encrypted Designed to establish a secure connection between
two computers. Virtual Private Network (VPN): Allows remote users to
securely access internal network via the Internet, using Point-to-Point.
Fig 20#

39
40. 40 Secure Hypertext Transfer Protocol (S-Http) :

40
41. 41 Digital Signature : Digital signature refers to the 41igitized
images of paper signature used to verify the authenticity of electronic
document. In other words, digital signatures play the role of physical
signatures in verifying electronic documents. A signature is not part of
the substance of a transaction, but is a representation. Fig 21# It is a
mathematical technique used to validate the authenticity and integrity of
a message, software or digital document. Firewall It is a network
security system that controls the incoming and outgoing network traffic
based on an applied rule set. A firewall establishes a barrier between a
trusted, secure internal network and another network (e.g., the Internet)
that is assumed not to be secure and trusted. Firewalls exist both as
software to run on general purpose hardware and as a hardware
appliance. Many hardware-based firewalls also offer other functionality
to the internal network they protect, such as acting as a DHCP server for
that network.

41
42. 42 Fig 22# Proxy Servers (Proxies) : Software servers that handle all
communications originating from or being sent to the Internet. Initially
for limiting access ofinternal clients to external Internet servers Can be
used to restrict access to certain types of sites, such as porno, auction, or
stock-trading sites, or to cache frequently-accessed Web pages to reduce
download times. Fig 23#

42
43. 43 4.5 PORTER’S FIVE FORCES : Porter five forces analysis is a
framework to analyze level of competition within an industry and
business strategy development. It draws upon industrial organization
(IO) economics to derive five forces that determine the competitive
intensity and therefore attractiveness of an Industry. Named after
Michael E. porter, this model identifies analyzes 5 competitive forces
that shape every industries, and help determine an industry‘s weaknesses
and strengths . 1. Bargaining power of suppliers 2. bargaining power of
customers (buyers) 3. intensity of competitive rivalry 4. Threat of
substitute products or services 5. Threat of new entrants Fig 24#
PORTER’S FIVE FORES FOR ONLINE RETAILER ” PAYTM”
BARGAINING POWER OF SUPPLIERS: The bargaining power of
suppliers is also described as the market of inputs. Suppliers are the
manufacturers of finished products. For any products there are many
suppliers online, so they can’t show power on online retail companies.
For example, if

43
44. 44 you take computer category, there are many suppliers like HP,
Apple, Lenevo, and Toshiba everyone wants to sell their products
through online retails like Paytm. Selling online saves a lot of money for
the manufacturers, and as many people now a days prefer purchasing
products through online stores, companies cannot afford to lose this
channel. So in this industry the supplier power is low. BARGAINING
POWER OF CUSTOMERS (BUYERS): The bargaining power of
customers is also described as the market of outputs. Buyers in this
industry are customers who purchase product online. Since this industry
is flooded with so many players, buyers are having lot of option to
choose. With many competitior’s like amazon.com, Snapdeal, Flipkart,
Shopclues, etc. customers get a wide range of choices. Customer would
prefer the one who would provide goods at reasonable price, deliver it
fast and provide them with other benefits like COD, EMI facilities,
others offers etc. here buyers have more power. INTENSITY OF
COMPETITIVE RIVALRY: For most industries the intensity of
competitive rivalry is the major determinant of the competitiveness of
the industry. Competition is very high in this industry with so many
players like Homeshop18, Snapdeal, Amazon, etc. many competitiors
means more choices for the customer to choose from. This also increases
the cost incurred by the company to stay in the customers mind i.e. on
promotions and advertisements etc. giving the customers better deals,

44
making customers experience delightful and continuous innovation can
help a company to stay at top even with tons of competitors around.

45. Industry is also going to grow at a rapid rate. It is going to touch $83
billion by 2022. Industy is going to experience an exponential growth
rate. So, obviously no one wants to miss this big opportunity. With the
new entrants like Jabong, Snapdeal, Flipkart, Shopclues etc rapidly
racing towards the top position, Paytm needs to devise new strategies to
avoid this threat from new entrants. Indian government helps allowed
51% FDI in multi-brand online retail and 100% FDI in single brand
online retail. So, this means foreign companies can come and start their
own online retail companies.  There are very less barriers to entry like
less capital required to start a business, less amount of infrastructure
required to start business. All you need is to tie up with suppliers or
products and you need to develop a website to display products so that
customers can order products, and a tie up with online payment gateway
provider like bill desk.  When we compare relative quality, relative
price of product a person buys online with physical stores, both are
almost same and in some cases, online retail stores offers mores
discounts and this attracts the customer to purchase products online.
THREAT OF NEW ENTRANTS: Threat of new entrants is very high in
this online retail industry because of following reason:  Substitute for
this industry as of now is physical stores. Their threat is very low for this
industry because customers are going for online purchases instead of
45
going to physical stores as it will saves time, effort, and money. With the
advent and penetration of internet and smartphones, future in retail
belongs to online retail. 45 THREAT OF SUBSTITUTE PRODUCTS
OR SERVICES:

46. guidelines for reacting to a site compromise (e.g., whether to trace

the intruder or shutdown and rebuild the system) . risk analysis
identifying the site's assets, the threats existing against those assets, and
the costs of asset loss  high-level description of the technical
environment of the site, the legal environment (governing laws), the
authority of the policy. 46 4.6 SECURITY AWARENESS AND
POLICIES : A need for security awareness and training is required to
implement computer security in an organisation. The main purpose
behind security awareness is to enhance security by improving
awareness of the need to protect system resources, developing skills, and
knowledge so that computer users can perform their jobs more securely
and build knowledge needed to design, implement, or operate security
programs for organisations and systems. A security policy is a formal
statement of the rules for people who are given access to an
organisation’s technology and information assets. The main purpose of
security policy is to inform users, staff, and managers of their obligatory
requirements for protecting technology and information assets. To retain
the value and genuineness of the policy, it must include these
components: computer technology purchasing guidelines, privacy
46
policy, access policy, accountability policy, authentication policy,
information technology system and network maintenance policy and
violations reporting policies. 4.6.1 Security Policy, Procedures, and
Practices A Security PolicyIs A Formal StatementOf The Rules :

47. Audit systems and networks, and regularly check logs for detecting
an intrusion. 4.6.2 HOW TO MINIMIZE SECURITY THREATS:
Making Your Business Less Of A Target - consider what needs to be on
public or shared systems and, where possible, remove sensitive business
information. Increasing The Perception Of Your Business As Secure -
ensure that all aspects of security appear to be installed and well
managed. Ensuring That Warning Signs- on your website are clearly
displayed to any user who attempts to access secureparts of it. Keep the
systems current with upgrades and patches.  Use strong cryptographic
techniques to ensure the integrity of system software on a regular basis.
 Implement a one-time password system. Ensure that all accounts have
a password and these passwords are difficult to guess.  Procedures
address such topics as connecting to the site's system from home or
while traveling, retrieving programs from the network, using encryption,
authentication for issuing accounts, configuration, and monitoring.
Security Practices: 47 Security-RelatedProcedure:

47
48. 48 Not Providing Any Publicly Available Information- regarding the
security systems or operating systems in use. Making Certain That Your
Employees Are Well-trained- In properemail and internet usage, eg not
opening unfamiliar attachments or clicking on suspicious links. 4.7
TECHNIQUES USED FOR SECURITY: Server Security: Use firewalls
and proxy servers. Message Privacy (or confidentiality): assures that the
communication between trading parties are not revealed to other,
therefore unauthorized party can not read or understand the message .
Message integrity: assures that the communication between trading
parties are not alerted by an enemy. Authentication: The term
“authentication”determines the user of the computer is actually who
he/she claims. The term “authenticationof the receiver”:allows the
sender to be sure that the party he/she intend to get the message is the
one who is receives it.

48
49. 49 Authorization: Ensures that the trading party has the authority of
transaction. Fig 25# : The whole security goes within for e-commerce
site like to paytm

49
50. 50 CHAPTER-5 ELECTRONIC PAYMENT SYSTEM Fig 26#

50
51. 51 INTERNET BANKING: Banking thorugh bank official websites.
User ID & Passward is must with register mobile number for OTP.
DEBIT/CREDIT CARDS : Online transaction on PAYTM is secure
with the highest levels of transaction security currently available on the
Internet. PAYTM uses 256-bit encryption technology to protect your
card information while securely transmitting it to the respective banks
for payment processing. E-VOUCHERS(eGV): The e-Gift Vouchers
(EGV) can be redeemed online against Sellers listed on
www.PAYTM.com only. EGVs can be redeemed by selecting the
payment mode as e-Gift Voucher. IMPS (Immediate Payment Service ):
IMPS is Immediate Payment Service that enables you to make payment
through your bank account via mobile. What is MMID? MMID (mobile
money identifier) is 7-digit number issued by bank to customer for IMPS
transactions. What is OTP? OTP is one-time password issued by bank to
customer for payment transaction through IMPS.

51
52. Quick processing: Cash cards function similar to an ATM machine
that can t Secured transactions: Cash cards involve secure procedures
that make the transactions reliable and heavily secured. It is hard to
make a transaction without the card. 52 What is ItzCash Cash Card?
ItzCash is now the leading cash card provider and a holistic payments
solution company. Features of ItzGift Cash Card: ItzCash cash cards
have a good number of features that make them a good option for
cashless transactions. Some of them include: Convenient and hassle free
gift option: A corporate cash card can be used as a gifting option for
employees during gifting occasions. ItzGift cards from ItzCash carry the
flag for a cashless gift card. Added discounts: Many brands tie up with
cash card companies to come up with exclusive limited offers on
products. These apply to only cash card users and no one else. ransact
money with a single swipe on the machine.

52
53. 53 5.1 HOW TO DO RECHARGE ON PAYTM? Step 1: Login to
Paytm.com Fig 27#

53
54. 54 Step 2: Enter your mobile number in the desired box. Fig 28#

54
55. 55 Step 3: Select Proceed to recharge. Fig 29#

55
56. 56 Step 4 : Select the payment option. Fig 30# Recharge is done.

56
57. 57 CHAPTER-6 BIBLIOGRAPHY WWW.WIKIPEDIA.COM
WWW.PAYTM.COM WWW.SLIDESHARE.NET PAYTM------
COMPANYIN NOIDA

57