Dimensions of E – Commerce Security

 Integrity
 Non – Repudiation
 Authenticity
 Confidentiality
 Privacy
 Availability
Integrity: prevention against unauthorized
data modification

• This is the ability to ensure that information being displayed on a Web

site or being transmitted/received over the Internet has not been
altered in any way by an unauthorized party.
• Integrity ensures data remains as is from the sender to the receiver.
• Example 1:One type of integrity security breach would be an
unauthorized person intercepting and redirecting a bank wire transfer
into a different account.
Example 2:If someone added an extra bill to the envelope, which
contained your credit card bill, he has violated the integrity of the mail.
 Bank Wire & Bank Wire Transfer (just concept)

• An electronic message system allowing major banks to

communicate various actions or occurrences regarding client
accounts.
 For example, the purpose of a bank wire would be to notify a bank if a
client has deposited funds into its account.
 Bank Wire Transfer
 A wire transfer is a transfer of money from one bank
account to another. The actual transfer is done by
the bank, and neither the sender nor the recipient of
the money sees or touches the actual funds.
 http://www.ehow.com/how_2817_conduct-wire-transfer.htm
(more info)
 Example:3
<a href://www.shophive.com>Shophive</a>
<a href://www.shophivee.com>shophive</a>

 Ali is registered customer of shophive.com

 Shophive.com send a newletter to ali for the promotion of new products.

Shophive.com
Ali Newsletter

Newsletter
Newsletter Change Content
Hello Mr, Ali
Hello Mr, Ali We introduce new
We introduce new Product , Click for
Product , Click for Any other person More Detail
More Detail On the internet Shophive
Shophive
Customer & Merchant prospective on
Integrity dimension of e-commerce

Customer’s Prospective:
Has information I transmit or receive been altered?
Merchant’s Prospective:
Has data on the site been altered without
authorization? Is data being received from customers
valid?
Nonrepudiation: prevention against any one party from
reneging on an agreement after the fact

• the ability to ensure that e-commerce participants do

not deny their online actions.
Example 1:
• An example of a repudiation incident would be a
customer ordering merchandise online and later
denying that he or she had done so.
• The credit card issuer will usually side with the
customer because the merchant has no legally valid
proof that the customer ordered the merchandise.
Customer & Merchant prospective on Non –
Repudiation dimension of e-commerce

Customer’s Prospective:
Can a party to an action with me later deny
taking the action?
Merchant’s Prospective:
 Can a customer deny ordering products?
Authenticity: authentication of data
source
• Authenticity is the ability to identify the identity of a person
or entity you are transacting with on the Internet.
• Example 1: One instance of an authenticity security
breach is “spoofing,” in which someone uses a fake e-
mail address, or poses as someone else. This can also
involve redirecting a Web link to a different address.
• Example 2: One instance of an authenticity security
breach in which postman deliver the mail to a wrong
address.
 Example:
<a href://www.shophive.com>Shophive</a>
<a href://www.shophivee.com>Shophive</a>

 Ali is registered customer of shophive.com

 Shophive.com send a newletter to ali for the promotion of new products.
 Authentication shophive to ali is valid but ali is redirected to a spoofed site.

Shophive.com
Ali Newsletter

Newsletter
Change Content
Hello Mr, Ali
Newsletter
Shophivee.com We introduce new
Hello Mr, Ali
Spoofed Web Product , Click for
We introduce new Any other person More Detail
Product , Click for On the internet Shophive
More Detail
Shophive
Customer & Merchant prospective on
Authenticity dimension of e-commerce

Customer’s Prospective:
Who am I dealing with? How can I be
assured that the person or entity is who they
claim to be?
Merchant’s Prospective:
 What is the real identity of the customer?
Confidentiality: protection against
unauthorized data disclosure

• Privacy concerns people or control over information,

whereas confidentiality concerns data.
• Confidentiality: The ability to ensure that messages
and data are available only to authorized viewers. One
type of confidentiality security breach is “sniffing” in
which a program is used to steal proprietary
information on a network including e-mail messages,
company files, or confidential reports.
• Bank send credit card pin on your address but
someone (postman etc) read it. (it is breach of
confidentiality)
Customer & Merchant prospective on
Confidentiality dimension of e-commerce

Customer’s Prospective:
Can someone other than the intended recipient
read my messages?
Merchant’s Prospective:
 Are messages or confidential data accessible
to anyone other than those authorized to
view them?
Privacy: provision of data control
and disclosure

The ability to control the use of information a

customer provides about him or herself to an e-
commerce merchant.
An example of a privacy security breach is a
hacker breaking into an e-commerce site and
gaining access to credit card or other customer
information. This violates the confidentiality of
the data and also the privacy of the people who
supplied the data.
Customer & Merchant prospective on
Privacy dimension of e-commerce

Customer’s Prospective:
Can I control the use of information about myself
transmitted to an e-commerce merchant?
Merchant’s Prospective:
What use , if any, can be made of personal data
collected as part of an e-commerce transaction? Is
the personal information of customers being used in
an unauthorized manner?
Availability: prevention against data delays or
removal

• This is the ability to ensure that an e-commerce site continues to

function as intended.
• Availability ensures you have access and are authorized to
resources.
• Example 1 :One availability security breach is a DoS (Denial
of Service) attack in which hackers flood a Web site with useless
traffic that causes it to shut down, making it impossible for users to
access the site.
• Example 2:If the post office destroys your mail or the
postman takes one year to deliver your mail, he has impacted the
availability of your mail.
Customer & Merchant prospective on
Availability dimension of e-commerce

Customer’s Prospective:
Can I get access to the site?
Merchant’s Prospective:
Is the site Operational?