1.CASH ON DELIVERY (COD)
-COD is an exclusive service we provide to our customers for certain postal codes. We deliver through our logistics partners Ta-q-bin or GDEX.
-You need to pay the Cash On Delivery amount before opening your parcel and trying on your items. This is for security and anonymity purposes. If you don’t like the products or the size doesn’t fit for you, you can always return the items afterward.
-Online banking is a service provided by iPay88. It is an Internet Payment Switching Gateway through credit card, Internet Banking (or E-Debit) & Electronic Wallet (E-Wallet), developed by Mobile88.Com Sdn. Bhd.
-It is the same Online Payment Gateway System currently provided by many licensed Financial Institutions. For that reason, you can be certain of iPay88’s security. iPay88 also complies with PCI Data Security Standard and Malaysia Payment System Act
?Hong Leong Bank
-PayPal is a payment method for online purchases that allows users to send and receive money online. PayPal offers a fast, safe and easy method of payment without disclosing your credit card or other financial information to the merchant.
4.My Store Credit
-‘My Store Credit’ is a feature on ZALORA which allows you to accumulate store credit you have received via your returns or E-Gift cards! If you have balance Store Credit in your ZALORA account, it will be automatically used as the preferred payment method. Should there be an outstanding amount after your Store Credit deduction, you may select one of the other payment options to complete your purchase.
-Ensure you are logged in to your account and the amount will be displayed when you click on “MENU” and simply click on ‘My Store Credit’.
-If left unused past the expiration date (3 years), they will automatically be removed from your account.
1.Protect against XSS attacks
-Could run in every other user’s browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment.
-his is similar to defending against SQL injection. When dynamically generating HTML, use functions that explicitly make the changes you’re looking for browser or use functions in your templating tool that automatically do appropriate escaping
2.Content Security Policy
-Also known as CSP
-This makes it harder for an attacker’s scripts to work, even if they can get them into Zalora page.
3.Beware of error messages
-Provide only minimal errors to the users, to ensure they don’t leak secrets present on your server
-Does not provide full exception details either, as these can make complex attacks like SQL injection far easier.
-Keep detailed errors in your server logs, and show users only the information they need.
4.Avoid file uploads
-It was a big website security risk to allow users to upload files to your website.
-The risk is that any file uploaded, however innocent it may look, could contain a script that when they executed on the server, completely opens up to the website.
-If allowing users to upload images, they cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked.
5. Use HTTPS
-HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are talking to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.
-An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.
-Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. Insecure HTTP is on its way out, and now’s the time to upgrade.
6.Watch out for SQL injection
-SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate the database.
-When Zalora use standard Transact SQL it is easy to unknowingly insert rogue code into our query that could be used to change tables, get information and delete data.
-They can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
As a conclusion, customers find it easy to have online shopping and also more time saving. Marketers can benefit by making more effective marketing mix and target on the perception of the ease of use aspect, which can expand customer base and customer retention. ZALORA offers many unique conditions, which attract customer to engage with them. ZALORA have more than 300 local and international brands with expensive catalogue of menswear, women wear, beauty product, cosmetic with various styles and categories with different price range. The most highlighted offer provided by ZALORA is the free shipping within Malaysia and 30 days return policy. ZALORA is committed to provide an enjoyable shopping experience along with great customer service. There are some review papers, which shows the e-commerce objectives for each designing principle layer give focus for the identification of the user preferences, building community and to develop conversation, provides high quality websites, motivates users. Therefore, Zalora has no signification relationship to consumer trust in e-commerce as international e-commerce shop. While other variables such as security, guarantee, customer service, website, information and price have signification trust in e-commerce in Zalora