In order to successfully manage an e commerce portal it is essential to understand about Transaction security and security issues in e commerce.
An online transaction requires a consumer to disclose sensitive information to the vendor in order to make a purchase, placing him-self at significant risk. Transaction Security is concerned with providing privacy in transactions to the buyers and sellers and protecting the client-server network from breakdowns and third party attacks. It basically deals with –
- Client security – Techniques and practices that protect user privacy and integrity of the computing system.
- Server security – Protect web server, software and associated hardware from break-ins, vandalism and DOS attacks.
- Secure transactions – Guarantee protection against eavesdropping and intentional message modification (tapping, intercepting, diverting)
Security Issues in E Commerce
1. Malicious Code – It includes a variety of threats such as virus, worms, Trojan horse etc.
- Virus – A virus is a computer programme that has the ability to replicate itself and spread to other files, deliver a pay load include micro virus, script virus, file infecting virus
- Worms – It is a virus designed to spread from computer to computer.
- Trojan horse – It appears to be a benign, but does something other than expected. It is often a way for a virus to enter a computer.
2. Unwanted programmes – There are programmes installed without the users consent.
- Browser parasites – Programmes used to monitor and change settings of a user`s browser
- Adware – Unwanted pop up ads
- Spyware – Programmes used to obtain personal information
3. Phishing and Identity theft – It refers to any deceptive, online attempt by a third party to obtain confidential information for a financial again.
4. Hacking –
- Hacker – An individual who intends to gain unauthorised access to computer systems.
- Cracker – A hacker with a criminal intent
- Cyber Vandalism – Intentionally, disrupting, defacing or destroying a website
5. Credit Card Fraud – It refers to use of stolen data to establish credit under false identity.
6. Spoofing – Hackers hide their identity, misrepresent themselves by using fake email addresses or masquerading as someone else this threatens integrity and authenticity of the hacked website
7. DOS (Denial of Service) – Hackers flood a website with useless traffic to inundate or overwhelm the network.
8. DDOS (Distributed Denial of Service) – Hackers use numerous networks from numerous launch points to send useless traffic to a website. This may cause a complete shutdown making it impossible for users to access the website.
9. Sniffing – A sniffer is a type of eavesdropping application that monitors information travelling over the network. It enables hackers to steal proprietary information from anywhere on a network including email, files, reports etc.
10. Insider jobs – It involves poorly designed server and client software and complexity of programmes which increase vulnerabilities for hackers to exploit.
Defensive measures against Security Issues in E commerce →
The defensive measures used in Transaction Security are:
1. Encryption – It is the process of transforming plain text or data into cipher text that cannot be read by anyone except the sender and receiver. It is done with a help of mathematical algorithm the key is required to decode the message.
In an Asymmetric Key Encryption both the sender and receiver use the same key to encrypt and decrypt the messages while Symmetric or Public key encryption uses two mathematically related digital keys which are public key and private key to encrypt and decrypt the messages.
2. Secure Socket Layer – The SSL protocol provides data encryption, server authentication, client authentication and message integrity for TCP/IP connections. It prevents eavesdropping, tampering or forgery when data is transported over the internet between two applications.
3. Secure hypertext transfer protocol – It is a secure message oriented communication protocol designed for use in conjunction with HTTP enabled secure connection and individual message transmission. Under SHTP a message may be signed, authenticated or encrypted.
4. Trust Seal Programmes – Trust seals have been developed to provide assurance about web businesses practices and policies.
5. Digital Signature – It is a signature in encrypted electronic code which is encrypted by the sender with his public key and can be decrypted only with the public key of the sender (by receiver).
6. Digital Certificate – It is a digital document issued by a trusted third party institution known as certificate authority that certifies the name and identifying information of the company. It is signed with the private key of the Certificate Authority. Therefore its authenticity can be known by knowing the public key.
A digital certificate contains the following information:
- The name of the company
- Public key of the company
- Digital Certificate serial number
- Expiry date/Date of Issue
- Digital Signature of the Certificate Authority