TRIBHUWAN UNIVERSITY

NEPAL COMMERCE CAMPUS

A STUDY OF E-COMMERCE SITE

[Link]

In Partial Fulfillment of Course Objectives of E-Commerce

Submitted By:

Kunal Regmi, Kushal Basnet, Mandeep Bhattarai, Pukar Rana, Rishab Khatiwada

Submitted To:

Nagendra Dangal

Lecturer

Nepal Commerce Campus

New Baneshwor, Kathmandu

August, 2018

1|Page
ABSTRACT:

Sharesansar is a online web portal which allows investors to view their portfolio and get
information in a systematic way. After the establishment of Sharesansar in 2011, market
information is available to all the potential investors. Sharesansar was founded by the team of 3
members and today there are more than 20 dedicated staffs in it. Sharesansar working in B2C
model brings all the market information as well as other tools together in one web site that helps
the potential investors to analyze and invest in marketplace. Sharesansar is not a company itself
rather it is just a web portal running under IMS (Investment Management Services). Sharesansar
was established to support the principle of an “order driven market” as depicted by NEPSE in
which when there are two orders placed for a security in the market, the system matches the best
buy order with the best sell order. Clients must be registered in Sharesansar system to place an
order and the broker can facilitate them through Client Management Service as provided by
Sharesansar. There are brokerage firms, banks and financial institution, and customer base
associated with Sharesansar. It can be basically accessed by two modes: web and mobile.

2|Page
Table of Contents
ABSTRACT………………………………………………………………………………………………………………………………………………..2
STUDY ON ONLINE ACTIVITIES OF [Link].............................................................4
Unit-1: Introduction, Background of the Study.......................................................................................4
1-1: Introduction and Background of the [Link]..................................................................4
1-2: Problem Area...............................................................................................................................5
1-3: Research Objectives.....................................................................................................................5
1-4: Research Methodology.................................................................................................................5
Unit-2 [Link]: A Web Portal Platform....................................................................................6
2-1 Introduction To [Link].................................................................................................6
2-2 Online Technology........................................................................................................................6
2-3 Online Security..............................................................................................................................8
Unit-3 Data Analysis.............................................................................................................................11
3-1 SWOT Analysis...........................................................................................................................11
3-2 Security Analysis.........................................................................................................................12
Unit-4: Conclusion, Recommendations and Suggestions......................................................................14
4-1 Critical Analysis..........................................................................................................................14
4-2 Conclusion...................................................................................................................................14
4-3 Recommendations and Suggestions.............................................................................................14

3|Page
STUDY ON ONLINE ACTIVITIES OF
[Link]

Unit-1 Introduction, Background of the Study

1-1 Introduction and Background of [Link]:

Sharesansar is Nepal’s number 1 online financial portal that provides complete information of
share market. The objective of Sharesansar is to provide complete financial stock market
coverage with breaking news announcement, stock quotes, training, portfolio tracking, market
analysis tool, etc. Sharesansar was established in 2011 to support the principle of an “order
driven market” as depicted by NEPSE (Nepal Stock Exchange) in which when there are two
orders placed for a security in the market, the system matches the best buy order with the best
sell order. Sharesansar operates under Information Management Services (IMS) and the data is
managed by 3 dedicated servers located abroad. Sharesansar was founded by the team of 3
members and today there are more than 20 dedicated staffs in it and has contact with 50 brokers
for market related information and analysis. “Share market is all about information and
information is vital. Sharesansar facilitates the user with such information” says the CEO of
Sharesansar Mr. Sandip Bikram Rana. So, Sharesansar acts as information provider where in-
depth information about the listed companies, their financial statements and their prospects can
be studied and analyzed. The major source of revenue for the website is advertisements where
the banks and other financial institutions pay for the advertisements. Around 40,000 to 50,000
visitors visit the website and the growth rate of visitors is increasing by 8% to 12% per annum.

Clients must be registered in Sharesansar system to place an Order and the broker can facilitate
them through Client Management Service as provided by Sharesansar. Currently, it provides
following services:

1. News facilities covering the areas of share issue to all financial activities.
2. Market information including floorsheet, share price, total turnovers, etc.
3. IPO, FPO and other share issue offers of various financial transactions.

4|Page
 4. Listed companies in NEPSE, Mutual Funds, Mergers and acquisitions.
5. Online registration for share training programs.
6. Online discussion forum and portfolio.
7. Analysis tool like technical analysis, company analysis, 180-days average, etc.
8. Tools like Share Net Price Calculator, IPO Cost Calculator, etc.

1-2 Problem Area:

The online activities of [Link] is in the early growth phase. There needs a lot of
improvement in most of the online services provided by the company. Some of the problem area
of the company can be pointed as under:

i. Slow loading of the website at times.

ii. Sometimes the website is crashed due to poor network.
iii. Customers are not satisfied because the market updates are not available on time.

1-3 Research Objectives:

The research is primarily based on studying and evaluating the online security mechanism of and
online technology installed by Sharesansar. So we have pooled out following objectives of our
research study:

i. To study online services and online security mechanism of Sharesansar.

ii. To analyze online security system used by the website.
iii. To evaluate the effectiveness of security system installed by the website.

1-4 Research Methodology:

This research is based on primary as well as secondary source of data collection. Direct
observation, interview, websites/internet and focus group discussion were taken as techniques to
collect data for our research. To collect reliable and factual data we also used various instruments
such as voice recorder, cell phones, camera, computers, etc. in our data collection procedure.
Besides primary data, articles related to Sharesansar on various business magazines and
newspapers were also taken as a data source for our research as a secondary data source.

5|Page
Unit-2 [Link]: A Web Portal Platform
2-1 Introduction To [Link]:
Nepalese share market has great potential and it has been growing at the current period. Share
market was accessible only to the limited investors. But after the establishment of Sharesansar in
2011, market information is available to all the potential investors. Sharesansar Working in B2C
model brings all the market information as well as other tools together in one web site that helps
the potential investors to analyze and invest in the marketplace. Sharesansar is not a company
itself rather it is just a web portal running under IMS (Investment Management Services).

2-2 Online Technology:

Sharesansar uses various information technological tools to create, store and secure the data in its
website. Sharesansar uses CSS (Cascading Style Sheets) as the major software for developing the
layouts, colors and fonts of the website. The website also uses Ajax, JAVA and HTML to create
web applications. It uses cookies to store information about users and track their behavior in the
website. It uses Google Analytics to track and report the website traffic. It uses MySQL, SQL,
Normalization techniques to create and store the information in database. It mainly uses PCs,
laptops, CPUs as the main hardware and stores information on three dedicated servers located
abroad. Database used today has the capacity of 35-40 GB. The major technologies used by
Sharesansar to create information on the website are discussed below:-

2-2-1 Cascading Style Sheets:

Cascading Style Sheets (CSS) is a style sheet language used for describing presentation of a
document written in a markup language like HTML. CSS is a cornerstone technology for
Sharesansar alongside HTML and JavaScript which is designed to enable the separation of
presentation and content, including layout, colors and fonts. Sharesansar uses CSS as the major
tool for developing and presenting the contents on the webpage.

2-2-2 JavaScript:
JavaScript is a high-level, interpreted programming language characterized as dynamic, weakly
typed, prototype-based and multi-paradigm. Alongside CSS and HTML, JavaScript is one of the
three core technologies of the WWW for developing the webpages for Sharesansar. It enables

6|Page
interactive webpages and thus is a main programming language for web page development of
Sharesansar.

2-2-3 Hyper Text Markup Language:

Hyper Text Markup Language (HTML) is the main markup language used for creating web
pages and other informations on the WWW. With CSS and JavaScript it forms a triad of
cornerstone technologies for the WWW. Using HTML, it enables Sharesansar to create
structured documents by denoting structural semantics for texts, numbers, headings, paragraphs,
images, etc.

2-2-4 Cookies:
A cookie is a small text file (up to 4 KB) created by website that is stored in the user’s computer
either temporarily for that session only or permanently on the hard disk. Sharesansar uses
cookies to track and record the visitor’s browsing activity such as log in, names, addresses,
passwords, etc.

2-2-5 Structured Query Language:

Structured Query Language (SQL) is a standard computer language for relational database
management system (RDBMS) and is used to query, insert, update and modify data. Sharesansar
uses SQL to select, insert, update, delete statements as a syntax languages to create, update and
modify the data stored in the website.

2-2-6 Portfolio Tracker:

Portfolio tracker is a premium online stock and mutual fund tracking utility that provides the
users with intelligent tools that analyze the investor’s portfolio and track its movements even
during trading hours. Sharesansar provides facility to the visitors to track and evaluate their
portfolios. Its working mechanism can be portrayed by the following diagram:-

7|Page
Step-1: Users should add the shares to the portfolio account.

Step-2: Then, he/she can view their portfolios, current price, sales history, etc.

Step-3: Finally, the users can view the reports of the stock and analyze the performance of the
stocks on the basis of informations like final net worth, stock wise daily performance, etc.

2-2-7 Data Analysis Tool:

A new tool is likely to be introduced by Sharesansar for data analysis i.e. SS Pro. SS Pro is a data
analysis tool that will help both clients and the institution. Client based tool can be used to
analyze and evaluate any financial institution data and prepare a decision report by the user on
their own paid service.

2-3 Online Security:

As a leading websites for online securities Sharesansar has threats for various security threats.
So, there should be some security mechanism to secure the information about the users.
Sharesansar is dedicated to maintain the data security of its users. Data is stored on the cloud and
there is the threat of data manipulation and interception. Data modification is the unauthorized
changing of data or tampering with a service so that it no longer adheres to its original
specifications. Likewise, data interception is the situation that an unauthorized party has gained
access to a service or data. Sharesansar maintains dimensions of E-Commerce Security by
focusing mainly to data authenticity, confidentiality, integrity and privacy. Data authenticity
refers to the ability to identify the identity of a person or entity with whom the website is dealing
in the internet. Username and password system are used for the data authenticity regarding the
profile of the visitors. Data confidentiality refers to the ability to ensure that messages and data

8|Page
are available only to those authorized to view them. Public Key encryption technologies are used
to ensure that the data stored in the website is authentic and confidential. Data integrity is the
ability to ensure that information being displayed on a website or transmitted/received over the
internet has not been altered in any way by an unauthorized party. Similarly, for data integrity
the website uses SSL (Secure Socket Layer) as the main security technology. If you create an
account on the website of Sharesansar all the informations will be stored in encrypted form
which reduces the chances of data manipulation and ensures data integrity. Likewise, token
system is also used where server sends token to any Sharesansar user and when user fills form
for any facilities the token is sent along with the form and if the token is matched with the
original one then the information will be accessible to the users. Currently the website uses
HTTP as the main communication protocol. The major security technologies used in Sharesansar
includes the following:-

2-3-1 Secure Socket Layer:

Secure Socket Layer (SSL) is a standard technology for establishing an encrypted link between a
server and a client. SSL certificates create a foundation of trust by establishing a secure
connection. Sharesansar uses SSL to secure thousands of people’s data on the website every day,
especially while transmitting confidential information on the website.

2-3-2 Public Key Encryption:

Public key encryption (asymmetric cryptography) is a technology to encrypt and decrypt the data
using both the public as well as private keys. Public key is used to encrypt the message and
private key to decrypt the same message. It is illustrated in following diagram:-

9|Page
If customers make a request to the [Link], then it is encrypted by using public key
issued by the server. Encryption will lead to scrambled data or cipher text. Then the data is
converted to the original format using the private key which remains to the server. So, public key
encryption will ensure the integrity and confidentiality.

2-3-3 Virtual Private Network:

Virtual Private Network (VPN) is a private network technology that creates a secure network
connection over a public network such as the Internet to connect remote sites. VPN is used by
Sharesansar to allow remote users and the investors to securely access corporate applications and
other resources. It ensures authenticity, confidentiality and data integrity.

2-3-4 Firewall:
Firewall is a network security system designed to prevent unauthorized access to or from a
private network. Firewall protects a network from unauthorized access and prevents network
traffic. Sharesansar uses firewalls to control the traffic on the website by enforcing security
policies within the network or between networks to and from servers and clients.

So, Sharesansar as a web portal is currently one of the largest online website for the securities
investors. The website has maintained a well-managed security technology to ensure that the data
stored on the website are secured. It reduces the security threats like hacking, phising, pharming,
denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks as well.

10 | P a g e
Unit-3 Data Analysis

3-1 SWOT Analysis:

Every company has same variables determining its strength and weakness and the market brings
opportunities and threat. The strengths, weaknesses, opportunities and threats for Sharesansar are
as follows:

SWOT ANALYSIS

STRENGTHS 1. Able to scale up its business quickly after its inception.

2. Maintains strong database and uses SSL certificate to provide
security to the data.
3. Largely accepted by investor across Nepal which helps for
providing a notice about issue of IPO and FPO.
4. Various tool such as IPO calculator, portfolio tracker and so
on can benefit to the first time investors and laymen.

WEAKNESSES 1. Overloaded sites and slow servers lead to the crash of

website sometimes.
2. Sharesansar has diversified too much since its inception.
3. Sharesansar fails to clearly communicate privacy policy to its
customers.
4. No real time tracking of information leads to delayed
uploading of information in the website.

OPPORTUNITIES 1. Increasing mobile and internet users has led the websites to
reach to thousands of customers.
2. Attract and retain large number of investors providing
various facilities.
3. Analysis facilities such as company and technical analysis
have been provided so that investors can easily analyze the
company themselves.

11 | P a g e
 4. Has the ability to cater to a large investors at a same time.

THREATS 1. Connectivity problem makes it difficult for customers to

connect from remote areas.
2. Highly capable competitors are entering the market with
more specialized technology.
3. Sometimes gets incompatible with some web browsers and
operating systems.
4. Threat of vulnerabilities like hackers, crackers and sniffers
are always there.

3-2 Security Analysis:

Sharesansar has taken care of all the dimensions of e-commerce security. It is done as follows:

3-2-1 Confidentiality:
Sharesansar uses Secure Socket Layer (SSL) which creates an encrypted link between a server
and a client. It also uses Public Key Encryption technology which encrypts messages using a
public key and decrypts the message using private key which belongs to the server only. It
ensures the confidentiality of the communication.

3-2-2 Integrity:
The website uses hash function which converts the message into fixed length number i.e. a hash
or a message digest. Client uses hash function to create a hash digest and the server uses his
private key to authenticate the message by checking hash result with the original message which
ensures the integrity of the data.

3-2-3 Access Control:

Sharesansar uses biometric system for access control in order to prevent insider attacks by using
biometric control system i.e. fingerprint system for the employees. This helps to reduce the
vulnerabilities like insider attacks and social engineering.

12 | P a g e
3-2-4 Authentication:
The website uses username and password security measures to subscribed users who have
registered their portfolios into the database of the website. Username and password authenticates
the visitors and secures their data by storing users’ password in encrypted format.

3-2-5 Availability:
To ensure availability and to avoid damaging events and computer intrusion, Sharesansar uses
computer incident security management tool by monitoring and detecting security events on a
computer network and execution of networking events.

3-2-6 Payment and Settlements:

The website conducts payment activities using payment gateways like E-sewa and Khalti which
ensures their financial transactions using security mechanisms such as SSL, VPN and encryption
technologies.

13 | P a g e
Unit-4: Conclusion, Recommendations and Suggestions

4-1 Critical Analysis:

With the growing internet and mobile phone users in the field of securities, Sharesansar is a great
platform for such types of investors. Nepalese market has been adopting traditional method of
dealing with securities and portfolios. But recently, mushrooming of internet users has led to the
introduction of computer-based dealing of shares and other securities. Sharesansar as a web
portal has been playing vital role to do so. Meanwhile, as a leading website for such facilities it
has not been able to obtain the necessary information in real time and has to wait for the banks to
provide the information after certain delays. So, users are not able to track the real time
information. Frequent server failures, delayed market information, incompatibility with some
browsers and operating system, etc. are the major problems faced by the website time to time.
These vulnerabilities needs to be properly addressed otherwise the website might have to face
failures time and again.

4-2 Conclusion:
Sharesansar is a online web portal which allows the investors to view their portfolio and get
market information. As per the analysis, Sharesansar uses high security mechanisms like SSL,
VPN, encryption technologies to secure the online services and online transactions. So, both the
analyses depict that the online security mechanisms have been well defined by Sharesansar.

4-3 Recommendations and Suggestions:

Sharesansar operating under IMS has been grabbing the market opportunity as a leading website
in its respective field. However, after the analysis of website there are some lacking and gaps that
needs to be addressed to move forward. Some recommendations and suggestions for the website
are pointed as follows:

1. Real time tracking of information so that investors can make quick investment decisions.
2. Strong servers with highly standardized technology should be maintained to reduce
server failures.

14 | P a g e
3. S-HTTP should be used rather than HTTP to create a secure message-oriented
communications protocol.
4. Website should be made compatible to all browsers and operating system in order to
reach to customers using numerous browsers.
5. Vulnerabilities like hacking, sniffing, DoS attacks are increasing as the internet users are
increasing. These malicious codes should be taken care of.

15 | P a g e