E-COMMERCE

UNIT 7:
E-COMMERCE SECURITY
LECTURER: MBOM 1
GENERAL OBJECTIVES

At the end of this topic the learner should be able to:

1. Explain the challenges of stopping E-commerce crimes
2. Explain the terms confidentiality, integrity and availability
3. Explain the security tools both hardware and software
4. Describe the meaning of cybersecurity
5. Explain the different types of cybersecurity threats and attacks both
Technical and Non-technical
6. Explain how E-commerce communications can be secured

LECTURER: MBOM 2
CHALLENGES OF STOPPING E-
COMMERCE CRIMES

1. Strong e-commerce security makes online shopping

inconvenient and demanding on customers.
2. Lack of cooperation from credit card issuers and
foreign ISPs-cheaper to block cards than pursue
criminals
3. Online shoppers are to blame for not taking necessary
precautions to avoid becoming a victim.
4. Poor planning of security at the design stage

LECTURER: MBOM 3
CONFIDENTIALITY, INTEGRITY AND
AVAILABILITY.

Confidentiality
Information should not be disclosed without authorization.
Integrity
Information should not be altered without authorization
Availability
Ensures that information and all its assets is accessible to legitimate users at
an acceptable level of service.
Note
All the Confidentiality, integrity availability functions depend on
Authentication, Authorization and Nonrepudiation
Nonrepudiation
It is an assurance that online customers cannot falsely deny (repudiate) their
transactions.

LECTURER: MBOM 4
CYBERSECURITY

Cybersecurity is the art of protecting networks, devices

and data from unauthorized access or digital attacks
(cyberattacks) and the practice of ensuring confidentiality,
integrity, and availability of information.
The cyberattacks may include the following
1. Tampering with systems and the data stored within them
2. Unauthorized access to sensitive information
3. Disrupting business processes
4. Using ransomware to encrypt data and obtain money
from victims

LECTURER: MBOM 5
CYBERSECURITY THREATS AND ATTACKS

Cybersecurity attacks or threats can be classified as technical

and nontechnical
Nontechnical attacks are those in which a perpetrator uses
some form of deception or persuasion to trick people into
revealing information or performing actions that can
compromise the security of a network. The attackers do not
require technical knowledge of methods of system
intrusion. Examples include social engineering, shoulder
surfing, keyboard sniffing and dumpster diving
Technical attacks are attacks perpetrated using software and
systems knowledge or expertise examples include denial of
service, malware, ransomware, man-in-the–middle attack etc

LECTURER: MBOM 6
SOCIAL ENGINEERING ATTACK

Social engineering involves email or other communication that

invokes urgency, fear, or similar emotions in the victim, leading the
victim to reveal sensitive information, click a malicious link or open a
malicious file.

Common forms of digital social engineering include:

a) Baiting that uses a false promise to lure users into a trap that
steals their personal information
b) Scareware involves victims being bombarded with false alarms
and fictitious threats prompting them to install non genuine
software
c) Pretexting where an attacker obtains information through a series
of cleverly crafted lies after establishing trust with the victim
d) Phishing where an attacker steals user data, including login
credentials and creditLECTURER:
card numbers.
MBOM 7
SOCIAL ENGINEERING ATTACK

Social engineering prevention.

1. Don’t open emails and attachments from suspicious
sources.
2. Use multifactor authentication
3. Be wary of tempting offers
4. Keep your antivirus/antimalware software updated

LECTURER: MBOM 8
MALWARE ATTACK

Malware or malicious software is the software that is intended to

damage or disable computer systems.

The various types of malware include:

Virus – this is the type of malware that “infects” other files.
Worms – these are self-replicating and can spread without any
end-user action.
Trojans – these programs are disguised as something legitimate,
but hide malicious instructions.
Adware – a common type of malware that exposes the victim to
unwanted (and sometimes malicious) advertisements.
Spyware – used to “spy on” the keystrokes of the victim and
gain access to passwords or intellectual property.
LECTURER: MBOM 9
RANSOMWARE ATTACK

Ransomware is a type of threat that locks and encrypts a

victim's data, files, devices or systems, rendering them
inaccessible and unusable until the attacker receives a
ransom payment.

Types of ransomware include

1. Locker ransomware locks victims out of their data or
systems entirely.
2. Crypto ransomware encrypts all or some of victims'
files.
3. Scareware scares victims into believing their devices
are infected with ransomware when they might not be.
LECTURER: MBOM 10
MAN-IN-THE-MIDDLE ATTACK

A man-in-the-middle (MITM) attack is a cyber attack in

which a threat actor puts themselves in the middle of two
parties, typically a user and an application, to intercept
their communications and data exchanges and use them for
malicious purposes like making unauthorized purchases or
hacking.
Man-in-the-middle attacks offer hackers a path to intercept
sensitive information such as usernames, passwords, credit
card numbers, and bank account details.

LECTURER: MBOM 11
DENIAL-OF-SERVICE ATTACK
Denial of Service (DoS) attacks happen when an attacker
(or attack group) bombards a network or individual system
with a large amount of traffic or data requests. By
overloading a system with false traffic, it can render that
system inoperable to users trying to legitimately access it.
A distributed denial-of-service (DDoS) attack occurs
when multiple machines are operating together to attack
one target. DDoS attackers often leverage the use of a
botnet—a group of hijacked internet-connected devices to
carry out large scale attacks.

LECTURER: MBOM 12
CYBER SECURITY TIPS FOR
ORGANIZATIONS
1. Build up security awareness throughout your
organization.
2. Control access to your company information
3. Keep backups of important company data.
4. Implement and maintain strong password policies.
5. Protect your network and the devices within it from
cyber threats.

LECTURER: MBOM 13
SECURING E-COMMERCE NETWORKS
Several technologies exist that ensure that an
organization’s network boundaries are secure from attacks
including
1. Use of firewalls
2. Use of data encryption
3. Use of virtual private networks
4. Use of intrusion detection systems (IDS)
5. Use of access control methods
6. Training of e-commerce users

LECTURER: MBOM 14