Abstract:Dataplays a critical aspect in our daily routine; whether it is for getting accessto the bank account or it is for paying the bill over the network. At present, onthis technology of digitalization, personal information vulnerabilities haveincreased so far. So security becomes a crucial part in any online transaction.This information can keep private by various security measures, includingstrong authentication, encryption and digital signatures; each ensuring thatour valuable information is available only to those who have authorized accessrights. These security measures are very capable to prevent unauthorized accessof personal data.
There are 2 major concerns for both e-commerce customers andwebsites; Privacy is the control over one’s own data whereas Securityis the protection which prevents unauthorized access on the data over the network.Clients will lose their faith towards e-commerce if their valuable data iscompromised at any level.Today,due to its ubiquitous nature, E-Commerce sites are accessed by anyone atanywhere. As customers increases the risk have also increased in such a waythat we need to considered security as a major challenge. This paper would throwlight on E-commerce security, its purpose, different security issues and challengesand the way they affect trust and behavior of a customer within the environmentof purchasing or buying the product. Keywords:E-Commerce, Authentication, Encryption, Digital Signature, Privacy, SecurityIntroduction:E-Commerceor electronic commerce is broadly considered as buying and selling the goodsand services over the network. It includes significant business area such asshopping, banking, tickets booking, paying bills and taxes, food delivery andmuch more other option available.
E-commerce is subdivided into three categories: businessto business or B2B (Cisco), consumer to consumer or C2C (eBay) and business to consumeror B2C (Amazon). E-commerce Security is a part of the Information Securityframework and is in particular carried out to the components that affecte-commerce that include Computer Security, Data security and other wider realmsof the Information Security framework. Webe-commerce applications that take care of payments such as electronictransactions using credit cards or debit cards, online banking, PayPal or othertokens have more compliance issues and are at increased risk from beingtargeted than other websites as they suffer greater consequences if there isdata loss or alteration. Mule, Trojan horse and worms if launched againstclient systems, pose the greatest threat to e-commerce privacy and securitybecause they can subvert most of the authorization and authenticationmechanisms used in an ecommerce transaction. Trust has always been an importantelement in influencing consumer behavior toward merchants and has been provento be of high significance in uncertain environments such as Internet-based environments.While a variety of factors such as branding and store reputation may influencetrust, one missing factor is the face-to-face communication and lack of touchand feels which is present in physical interactions. Therefore, it has beenargued that trust would be favorably influenced by increase in perceptions ofsecurity and privacy in E-commerce transactions. How e-commerce works?A customer wants to order a product online by his/her computer.
Web browser then communicate with the web server that manages the e-commerce store’s website.The Web server sends the order to the order manager which is the central computer that operates orders from submission to dispatch through every stage of processing.The order manager then queries the store database to check whether the customer wants is actually in stock or not.If the item is not found in stock database then the system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock database then the order manager continues to process it. Next it communicates with the merchant system to make payment using the customer’s credit or debit card number. The bank computer confirms whether the customer has enough funds.
The merchant system authorizes the transaction to go ahead after done with payment.Then merchant system contacts to order manager after payment being done.The order manager confirms that the transaction has been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that order has been processed and the transaction has been complete to the customer. The order manager then request to the warehouse to dispatch the goods to the customer.A dispatch truck then collects the goods from the warehouse.Once the goods have been dispatched, the warehouse computer e-mails the customer to confirm that goods are on the way.
The goods are delivered to the customer.Purposeof Study:The purposebehind choose data security is following-· To understand theprocess behind online shopping.· To deal with thepurpose of security in e-commerce· To discuss thedifferent security issues in e-commerce· To discuss varioussecurity threats. Purposeof Security in E-Commerce:E-commercesecurity is a crucial part of any online transactions that happens often andtakes place over the network.
There are various dimensions of e-commercesecurity. ØIntegrity:It refers to prevention against unauthorized data modification.That means information or data should not be altered during its transmissionwhich takes place online. ØNo Repudiation:It refers to prevention against the denial of order or payment.
Once a sendersends her transaction details, the sender should not be able to deny sendingthe message. Similarly, the receiver of messageshould not be able to deny the receipt. ØAuthenticity:It refers to authentication of data source. There should be a mechanism to giveauthentication only authorized person or user. ØConfidentiality:It refers to protection against unauthorized data disclosure.That means data or information should not be accessible or available to anunauthorized person.
The data has to be between the client and server only. Itshould not be intercepted over the transmission.ØPrivacy:It refers to provision of data control and disclosure of data. ØAvailability:It refers to prevention against data delays or removal of data. Informationshould be available whenever and wherever it required. SecurityIssues in E-commerce:Data is transferred over thenetwork by login or by transaction details. To secure those data fromunauthorized access, E-commerce security provides a protection layer one-commerce assets. Consumers hesitate by the fear of losing their financialdata and e-commerce sites frighten about their financial losses and thatresults to bad impact on publicity.
There are many security issues associatedwith e-commerce such as critical issues, social issues and organizationalissues. An online transaction requires a customer to disclose sensitiveinformation to the vendor in order to make purchase, placing him at significantrisk. Transaction security is concerned with providing privacy in transactionsto the buyers and sellers and protecting the network from breakdowns and thirdparty attack. It basically deals with-1. Issues related with customers or ClientsSecurity – if their data is not secured over the network, then it is anissue to think about.
Organization has to provide security feature and takeguarantee that data is secured by them. Techniques and practices that protectuser privacy and integrity of the computing system.2.
Issue related with Server Security– to protect web server, software and associated hardware from break-ins,vandalism from attacks. If there is an error in that software which implementssecurity and by any reason it is not providing that security so it is thesecond case which also takes seriously.3.
Issue related with Transactions Security– to provide guarantee protection against eavesdropping and intentional messagemodification such ad tapping, intercepting and diverting the intended data. A. Security threats – Thevarious types of security threats exist in e-commerce.
1. Malicious Code– it is harmful code that harms the computer system and makes it useless afterattack. It includes virus, worms, Trojan horse etc. 2.
Phishing and Identity Theft– it is a type of attack in which user data such as login credentials andcredit and debit card numbers steal by the attacker by providing an email,instant message. By clicking in this malicious link and providing his/herdetails then, their data hack easily by the intruder.3. Unauthorized access-it includes illegal access to data or systems for some malicious purpose. Twotypes of attack are included for unauthorized access, one is passiveunauthorized access, in which the hacker keeps his eye only on the data that isover the network and further used it for their own illegal ambitions. However,in active unauthorized access the hacker modifies the data with the intentionto manipulate it. Home computer, point-of-sale and handheld devices can easilyget affected by this attack.
4. Denial of service-hackers flood a website with useless traffic to target a computer or a networkand to stop them working properly. It may occur by spamming and virus.
Spammingis an unusual email bombing on the targeted device by the hacker. By sendingthousands of email one after the other, the system is affected by this attack.5. Theft and fraud-fraud occurs when the stolen data is used or modified for illegal action.Hackers break into insecure merchant web servers to harvest archives of creditcard numbers generally stored along with personal information when a consumermakes an online purchase. The merchant back-end and database is alsosusceptible for theft from third party fulfillment centers and other processingagents.
B. Defensive measuresagainst security threatsThe defensive measures used intransactions security are:1. Encryption– it’s far the system of converting plain text or information into cipher textthat can’t be examined by using every person except the sender and receiver. Itis accomplished with the help of mathematical algorithm the key’s required todecode the message.
In an asymmetric key encryption each the sender andreceiver use the same key to encrypt and decrypt the messages whereas symmetricor public key encryption makes use of two digital keys which are public and privateto encrypt and decrypt the messages.2. Secure Socket Layer– the SSL protocol provides data encryption, server authentication, clientauthentication and message integrity for TCP/IP connections. It preventseavesdropping, tampering or forgery when data is transported over the internetbetween two applications. It is system networking protocol forsecuring connections between network application clients and servers over aninsecure network, such as the internet.3.
Secure hypertext transfer protocol- An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP)traffic. Secure Hypertext Transfer Protocol (S-HTTP) is an application-levelprotocol that extends the HTTP protocol by adding encryption to Web pages. Itadditionally gives mechanisms for authentication and signatures of messages.4. Digital Signature -A Digital Signature Certificate (DSC) is a secure digital key that certifiesthe identity of the holder, issued by a Certifying Authority (CA). It typicallycontains your identity (name, email, country, APNIC account name and yourpublic key). Digital Certificates use Public Key Infrastructure meaning datathat has been digitally signed or encrypted by a private key can only bedecrypted by its corresponding public key. A digital certificate is anelectronic “credit card” that establishes your credentials when doingbusiness or other transactions on the Web.
Challenges:Conclusion:E-commerce is widely taken into consideration the buyingand selling of goods and services over the internet, however any digital transactionthat is completed entirely through digital measures can be considered in e-commerce.Day by day E-commerce playing very good role in online retail marketing andpeoples using this technology day by day increasing all over the world. E-commerce security is the protection of e-commerce assetsfrom unauthorized access, use, alteration, or destruction. Notonly must e-commerce sites and consumers judge security vulnerabilities and assesspotential technical solutions, they must also assess, evaluate, and resolve therisks involved. A networked application cannot offer complete measures ofconnectivity, security, and ease-of-use, all at the same time; there appears tobe an intrinsic trade-off here, and some sacrifice is unavoidable.
For thatreason, the first security concern from an e-commerce merchant’s perspectiveshould be to keep the web servers’ archives of recent orders not on thefront-end web servers but behind the firewall. Furthermore, sensitive serversshould be kept highly specialized, by turning off and removing all inessentialservices and applications (e.g., ftp, email).
Until e-commerce vendors achievethe necessary delicate balance of privacy, trust and security, effective andquantitative ecommerce transactions will remain a problem. Therefore themechanisms of encryption, protection, verification and authentication indeedinfluence perceptions of security. The marketplace can be trustworthy only whenconsumers sense trust in transacting in that surroundings.