Professional Documents
Culture Documents
Chapter 4. Security in E-Commerce: What Is Ecommerce Security?
Chapter 4. Security in E-Commerce: What Is Ecommerce Security?
Chapter 4. Security in E-Commerce: What Is Ecommerce Security?
Security in E-commerce
What is eCommerce Security?
eCommerce security refers to the principles which guide safe electronic
transactions, allowing the buying and selling of goods and services through the
Internet, but with protocols in place to provide safety for those involved.
Successful business online depends on the customers’ trust that a company
has eCommerce security basics in place.
PURPOSE OF SECURITY
1. Data Confidentiality – is provided by encryption /decryption.
3. Access Control – governs what resources a user may access on the system.
Uses valid IDs and passwords.
Privacy
One of the most obvious eCommerce security basics is privacy, which in this
situation means not sharing information with unauthorized parties. When you
shop online, your personal details or account information should not be
accessible to anyone except the seller you have chosen to share it with. Any
disclosure of that information by the merchant would be a breach of
confidentiality. The business is responsible to provide at least the minimum in
encryption, virus protection, and a firewall so that bank details and credit card
information remain private.
Integrity
A second concept which is crucial within secure eCommerce is the idea of
integrity—that none of the information shared online by the customer will be
altered in any way. This principle states that a secure transaction includes
unchanged data—that the business is only using exactly what was entered into
the Internet site by the buyer. Any tampering with information is breaking the
confidence of the buyer in the security of the transaction and the integrity of
the company in general.
Authentication
For eCommerce to take place, both seller and buyer have to be who they say
they are. A business cannot sell unless it’ s real, the products are real, and the
sale will go through as described online. The buyer must also provide proof of
identification so that the merchant can feel secure about the sale. In
eCommerce, fraudulent identification and authentication are possible, and
many businesses hire an expert to make sure these kinds of eCommerce
security basics are in place. Common solutions include technological
solutions—customer logins and passwords or additional credit card PINs.
Non-repudiation
Repudiation is denial, and good business depends on both buyers and sellers
following through on the part of the transaction which originated with
them—not denying those actions. Since eCommerce happens in cyberspace,
usually without any live video, it can feel less safe and sure. The legal principle
of non-repudiation adds another level of security by confirming that the
information which was sent between parties was indeed received and that a
purchase or email or signature cannot be denied by the person who completed
the transaction.
Customers who don’ t feel transactions are secure won’ t buy. Hesitation on
the part of the buyer will destroy eCommerce potential. Any breach will cost a
business in lost revenues and consumer trust. These eCommerce security
basics can guide any business owner regarding safe online transaction
protocol.
In Summary,
Integrity: prevention against unauthorized data modification
No repudiation: prevention against any one party from reneging on an
agreement after the fact
Authenticity: authentication of data source
Confidentiality: protection against unauthorized data disclosure
Privacy: provision of data control and disclosure
Availability: prevention against data delays or removal
SECURITY THREATS
There are various types of e-commerce threats. Some are accidental, some are
purposeful, and some of them are due to human error. The most common
security threats are phishing attacks, money thefts, data misuse, hacking,
credit card frauds and unprotected services.
c. Server threats
i. Web-server threats
iii. Database threats
iv. Common gateway interface threats
v. Password cracking
Viruses are normally external threats and can corrupt the files on the
website if they find their way in the internal network. They can be very
dangerous as they destroy the computer systems completely and can
damage the normal working of the computer. A virus always needs a host
as they cannot spread by themselves.
Worms are very much different and are more serious than viruses. It
places itself directly through the internet. It can infect millions of
computers in a matter of just few hours.
A Trojan horse is a programming code which can perform destructive
functions. They normally attack your computer when you download
something. So always check the source of the downloaded file.
Other threats-Some other threats which include are data packet sniffing, IP
spoofing, and port scanning. Data packet sniffing is also normally called as
sniffers. An intruder can use a sniffer to attack a data packet flow and scan
individual data packs. With IP spoofing it is very difficult to track the attacker.
The purpose here is to change the source address and give it such a look that it
should look as though it originated from another computer.
Folder Lock: While it’ s one of the priciest options, it shares the same
algorithm used by many government agencies. It offers relied-upon safety and
security, and extra features like file shredding, as well as its apparent ‘ stealth
mode.’
Secure IT: Touted as the easiest encryption program to use, this data
encryption software is one anyone can access, as it doesn’ t require a tech wiz
to set it up. This is a great option for business owners new to eCommerce, no
matter what your level of encryption understanding is. One benefit of using
Secure IT is that it compresses your files, saving you space.
Kruptos 2 Pro: This is another great option to keep your files and data safe
from thieves and hackers. It offers extras like file name changing as well as file
shredding. It also has a great help guide that makes itself known right from the
beginning, so you never feel lost or like you are on your own.
While these are some of the industry leaders, there are many other choices for
encryption software available. How do you choose the one that is right for you?
These are suggested: Performance, Security, Version compatibility and The
accessibility of the help and support desk
a. Use Familiar Websites. Use a trusted site rather than shopping with a
search engine. Search results can be rigged to lead you stray, especially when
you drift past the first few pages of links. If you know the site, chances are it's
less likely to be a rip off. Beware of misspellings or sites using a different top-
level domain (.net instead of .com, for example)—those are the oldest tricks in
the book. Yes, the sales on these sites might look enticing, but that's how they
trick you into giving up your info.
b. Look for the Lock. Never ever buy anything online using your credit card
from a site that doesn't have SSL (secure sockets layer) encryption installed—at
the very least. You'll know if the site has SSL because the URL for the site will
start with HTTPS:// (instead of just HTTP ://). An icon of a locked padlock will
appear, typically in the status bar at the bottom of your web browser, or right
next to the URL in the address bar. It depends on your browser. Never give
anyone your credit card over email.
c. Don't Tell All. No online shopping store needs your social security number or
your birthday to do business. However, if crooks get them, combined with your
credit card number for purchases, they can do a lot of damage. The more they
know, the easier it is to steal your identity. When possible, default to giving up
the least amount of information.
e. Use Strong Passwords. The best practice over online shopping is to change
the passwords in periodically. Our tips for password can come in handy during
a time of year when shopping around probably means creating new accounts
on all sorts of e-commerce sites.
f. Think Mobile. Most of the young generation when they are going to purchase
any product from online they start compare the products from various sites.
The National Retail Federation says that 5.7 percent of adults will use their
mobile devices to do comparison shopping before making a purchase.
g. Avoid Public Terminals. Hopefully we don't have to tell you it's a bad idea to
use a public computer to make purchases, but we still will. If you do, just
remember to log out every time you use a public terminal, even if you were just
checking email.
h. Don't Fall for "Phishing" Messages Identity thieves send massive numbers of
emails to Internet users that ask them to update the account information for
their banks, credit cards, online payment service, or popular shopping sites.
The email may state that your account information has expired, been
compromised or lost and that you need to immediately resend it to the
company. a Some emails sent as part of such ―phishing‖ expeditions often
contain links to official-looking Web pages. Other times the emails ask the
consumer to download and submit an electronic form.
I. Count the Cards. Gift cards are the most requested holiday gift every year.
Stick to the source when you buy one; scammers like to auction off gift cards
on sites like eBay with little or no funds on them.
j. Use Shopper's Intuition. Look at the site with a critical eye. And heed the old
adage, "If it looks too good to be true, it probably is." If any of these questions
trigger a warning bell in your head; it is wise to find another online merchant:
k. Before purchasing the goods on global sites make sure about the currency or
exchange rates.
l. Find the cost of delivery charges and whether the product is delivered to your
location or not.
m. If you are bidding on E-bay check out the buyers and sellers feedback. This
should become standard before you ever place a bid.
n. Find the FAQ‘s on the online shopping sites for more information and their
rules, acts and regulations.
o. If someone demands cash for a payment, ―say no‖. Use your credit card to
make your payment; this will protect you against fraud. Credit card companies
refund accounts where fraudulent activity transpires.
p. Read the full term and conditions briefly before placing an order and also
privacy policy of the e-commerce web site.
q. If you are unsure about a site, try doing a search with Google or any of the
other search engines. You may find comments posted about the shopping site
from other customers.