plays a critical aspect in our daily routine; whether it is for getting access
to the bank account or it is for paying the bill over the network. At present, on
this technology of digitalization, personal information vulnerabilities have
increased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, including
strong authentication, encryption and digital signatures; each ensuring that
our valuable information is available only to those who have authorized access
rights. These security measures are very capable to prevent unauthorized access
of personal data. There are 2 major concerns for both e-commerce customers and
websites; Privacy is the control over one’s own data whereas Security
is the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data is
compromised at any level.
due to its ubiquitous nature, E-Commerce sites are accessed by anyone at
anywhere. As customers increases the risk have also increased in such a way
that we need to considered security as a major challenge. This paper would throw
light on E-commerce security, its purpose, different security issues and challenges
and the way they affect trust and behavior of a customer within the environment
of purchasing or buying the product.
E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security
or electronic commerce is broadly considered as buying and selling the goods
and services over the network. It includes significant business area such as
shopping, banking, tickets booking, paying bills and taxes, food delivery and
much more other option available. E-commerce is subdivided into three categories: business
to business or B2B (Cisco), consumer to consumer or C2C (eBay) and business to consumer
or B2C (Amazon). E-commerce Security is a part of the Information Security
framework and is in particular carried out to the components that affect
e-commerce that include Computer Security, Data security and other wider realms
of the Information Security framework.
e-commerce applications that take care of payments such as electronic
transactions using credit cards or debit cards, online banking, PayPal or other
tokens have more compliance issues and are at increased risk from being
targeted than other websites as they suffer greater consequences if there is
data loss or alteration. Mule, Trojan horse and worms if launched against
client systems, pose the greatest threat to e-commerce privacy and security
because they can subvert most of the authorization and authentication
mechanisms used in an ecommerce transaction. Trust has always been an important
element in influencing consumer behavior toward merchants and has been proven
to be of high significance in uncertain environments such as Internet-based environments.
While a variety of factors such as branding and store reputation may influence
trust, one missing factor is the face-to-face communication and lack of touch
and feels which is present in physical interactions. Therefore, it has been
argued that trust would be favorably influenced by increase in perceptions of
security and privacy in E-commerce transactions.
How e-commerce works?
A customer wants to order a product online by
his/her computer. Web browser then communicate with the web server that
manages the e-commerce store’s website.The Web server sends the order to the order
manager which is the central computer that operates orders from submission
to dispatch through every stage of processing.The order manager then queries the store
database to check whether the customer wants is actually in stock or not.If the item is not found in stock database then the
system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock
database then the order manager continues to process it. Next it communicates with the merchant system
to make payment using the customer’s credit or debit card number. The bank computer confirms whether the
customer has enough funds.The merchant system authorizes the transaction to go
ahead after done with payment.Then merchant system contacts to order manager after
payment being done.The order manager confirms that the transaction has
been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that order
has been processed and the transaction has been complete to the customer. The order manager then request to the warehouse to
dispatch the goods to the customer.A dispatch truck then collects the goods from the
warehouse.Once the goods have been dispatched, the warehouse
computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.
behind choose data security is following-
To understand the
process behind online shopping.
To deal with the
purpose of security in e-commerce
To discuss the
different security issues in e-commerce
To discuss various
of Security in E-Commerce:
security is a crucial part of any online transactions that happens often and
takes place over the network. There are various dimensions of e-commerce
It refers to prevention against unauthorized data modification.
That means information or data should not be altered during its transmission
which takes place online.
It refers to prevention against the denial of order or payment. Once a sender
sends her transaction details, the sender should not be able to deny sending
the message. Similarly, the receiver of message
should not be able to deny the receipt.
It refers to authentication of data source. There should be a mechanism to give
authentication only authorized person or user.
It refers to protection against unauthorized data disclosure.
That means data or information should not be accessible or available to an
unauthorized person. The data has to be between the client and server only. It
should not be intercepted over the transmission.
It refers to provision of data control and disclosure of data.
It refers to prevention against data delays or removal of data. Information
should be available whenever and wherever it required.
Issues in E-commerce:
Data is transferred over the
network by login or by transaction details. To secure those data from
unauthorized access, E-commerce security provides a protection layer on
e-commerce assets. Consumers hesitate by the fear of losing their financial
data and e-commerce sites frighten about their financial losses and that
results to bad impact on publicity. There are many security issues associated
with e-commerce such as critical issues, social issues and organizational
issues. An online transaction requires a customer to disclose sensitive
information to the vendor in order to make purchase, placing him at significant
risk. Transaction security is concerned with providing privacy in transactions
to the buyers and sellers and protecting the network from breakdowns and third
party attack. It basically deals with-
Issues related with customers or Clients
Security – if their data is not secured over the network, then it is an
issue to think about. Organization has to provide security feature and take
guarantee that data is secured by them. Techniques and practices that protect
user privacy and integrity of the computing system.
Issue related with Server Security
– to protect web server, software and associated hardware from break-ins,
vandalism from attacks. If there is an error in that software which implements
security and by any reason it is not providing that security so it is the
second case which also takes seriously.
Issue related with Transactions Security
– to provide guarantee protection against eavesdropping and intentional message
modification such ad tapping, intercepting and diverting the intended data.
A. Security threats – The
various types of security threats exist in e-commerce.
– it is harmful code that harms the computer system and makes it useless after
attack. It includes virus, worms, Trojan horse etc.
Phishing and Identity Theft
– it is a type of attack in which user data such as login credentials and
credit and debit card numbers steal by the attacker by providing an email,
instant message. By clicking in this malicious link and providing his/her
details then, their data hack easily by the intruder.
it includes illegal access to data or systems for some malicious purpose. Two
types of attack are included for unauthorized access, one is passive
unauthorized access, in which the hacker keeps his eye only on the data that is
over the network and further used it for their own illegal ambitions. However,
in active unauthorized access the hacker modifies the data with the intention
to manipulate it. Home computer, point-of-sale and handheld devices can easily
get affected by this attack.
Denial of service-
hackers flood a website with useless traffic to target a computer or a network
and to stop them working properly. It may occur by spamming and virus. Spamming
is an unusual email bombing on the targeted device by the hacker. By sending
thousands of email one after the other, the system is affected by this attack.
Theft and fraud-
fraud occurs when the stolen data is used or modified for illegal action.
Hackers break into insecure merchant web servers to harvest archives of credit
card numbers generally stored along with personal information when a consumer
makes an online purchase. The merchant back-end and database is also
susceptible for theft from third party fulfillment centers and other processing
B. Defensive measures
against security threats
The defensive measures used in
transactions security are:
– it’s far the system of converting plain text or information into cipher text
that can’t be examined by using every person except the sender and receiver. It
is accomplished with the help of mathematical algorithm the key’s required to
decode the message. In an asymmetric key encryption each the sender and
receiver use the same key to encrypt and decrypt the messages whereas symmetric
or public key encryption makes use of two digital keys which are public and private
to encrypt and decrypt the messages.
Secure Socket Layer
– the SSL protocol provides data encryption, server authentication, client
authentication and message integrity for TCP/IP connections. It prevents
eavesdropping, tampering or forgery when data is transported over the internet
between two applications. It is system networking protocol for
securing connections between network application clients and servers over an
insecure network, such as the internet.
Secure hypertext transfer protocol
– An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP)
traffic. Secure Hypertext Transfer Protocol (S-HTTP) is an application-level
protocol that extends the HTTP protocol by adding encryption to Web pages. It
additionally gives mechanisms for authentication and signatures of messages.
Digital Signature –
A Digital Signature Certificate (DSC) is a secure digital key that certifies
the identity of the holder, issued by a Certifying Authority (CA). It typically
contains your identity (name, email, country, APNIC account name and your
public key). Digital Certificates use Public Key Infrastructure meaning data
that has been digitally signed or encrypted by a private key can only be
decrypted by its corresponding public key. A digital certificate is an
electronic “credit card” that establishes your credentials when doing
business or other transactions on the Web.
E-commerce is widely taken into consideration the buying
and selling of goods and services over the internet, however any digital transaction
that is completed entirely through digital measures can be considered in e-commerce.
Day by day E-commerce playing very good role in online retail marketing and
peoples using this technology day by day increasing all over the world. E-commerce security is the protection of e-commerce assets
from unauthorized access, use, alteration, or destruction.
only must e-commerce sites and consumers judge security vulnerabilities and assess
potential technical solutions, they must also assess, evaluate, and resolve the
risks involved. A networked application cannot offer complete measures of
connectivity, security, and ease-of-use, all at the same time; there appears to
be an intrinsic trade-off here, and some sacrifice is unavoidable. For that
reason, the first security concern from an e-commerce merchant’s perspective
should be to keep the web servers’ archives of recent orders not on the
front-end web servers but behind the firewall. Furthermore, sensitive servers
should be kept highly specialized, by turning off and removing all inessential
services and applications (e.g., ftp, email). Until e-commerce vendors achieve
the necessary delicate balance of privacy, trust and security, effective and
quantitative ecommerce transactions will remain a problem. Therefore the
mechanisms of encryption, protection, verification and authentication indeed
influence perceptions of security. The marketplace can be trustworthy only when
consumers sense trust in transacting in that surroundings.