E-business transactions, which is popularly known as E-commerce is defined as the purchasing and selling of services or products over some form of electronic systems such as the Internet (Laudon, 2013). It would generally be considered as the commercial function and sales within the strategy of E-commerce. With the widespread spread of Internet, there has been a huge level of increase within the increase of sales for businesses.
A vast variety of the transactions of e-commerce is mainly conducted on the internet platform. This would include the management of supply chain, transfer of electronic funds, internet based marketing, electronic data interchange (EDI), online processing of transactions and automated systems the collection of data (Nicolaou, Ibrahim & Van Heck, 2013).
The high amount of increase within the uptake of e-commerce business model has led to the intake of several associated threats related to security. Each of the e-commerce based systems should meet for essential requirements related to the security of the transactions such as integrity, privacy of information, authentication of the online form of transactions and non-repudiation. Some of these basic requirements are essential for securing the online based business transactions. The E-commerce service providers should also protect themselves from several other kind of threats related to the security of the devices such as Denial of Service (DoS) attacks (Niranjanamurthy & Chahar, 2013).
The perceived amount of lack within the security within the process of transaction and communication within the online business model could be viewed as a major obstacle within the uptake of the e-commerce model. The rapid form of advancements within the technology of e-commerce has forced the business models to upgrade their pattern of implementation of the security patches within their websites.
2.1 The Objectives of E-business Security
There are innumerable ways in which a setup of e-business could be attacked by different groups of hackers. Most of the common form of threats are viruses, Trojan horses, hacking, masquerading, eavesdropping and many others. From the perspective of the strategy of the business, it could be said that the Denial of Service (DoS) attacks would appear to be as a serious form of threat to any model of e-business (Peltier, 2016).
These kinds of DoS attacks would primarily comprise of malicious acts that would be able to prevent various access to different kinds of resources. Though the data would not be lost from the e-commerce transactions, yet the incurred financial based losses would be of a much higher value. In order to address these kind of issues, a well-planned strategy would be needed.
2.2 Security Concerns related to E-Business Transactions
Despite the several form of limitations and advantages based on E-Commerce business model, there are some issues related to the security within the model. The security concerning the use of e-commerce business model is mainly related to prevent the potential loss and thus be able to protect the financial areas and unauthorized access of information. Due to the fast developments within the inbuilt technologies, hence the risks involved within the transactions are also increasing (Niranjanamurthy et al., 2013). Hence, there should be proper measures in order to avoid the individual as well as organizational losses. In order to secure the digital based transactions, two kinds of important methods of cryptography would be needed to follow. These include:
Symmetric (Private-Key) Cryptography – This is such kind of system of cryptography in which the receiver and the sender would possess the same key. This key would be able to encrypt a particular message and the same key would be used to decrypt the same encrypted message from the sender of the message (Mandal, Bhattacharyya & Bandyopadhyay, 2013).
Asymmetric (Public-Key) Cryptography – In this kind of method of cryptography, the original message would be encoded and then decoded with the help of mathematically related key. One of the keys is a public key while the other is a private key (Tripathi & Agrawal, 2014).
In order to provide the maximum amount of security with the help of cryptography, the following areas should be taken into deep consideration:
2.2.1 Integrity – In this method, it is extremely vital to note that the encrypted message does not gets tampered or altered. There are a huge number of chances for the damage of the integrity of data within the area of e-commerce (Sharma & Lijuan, 2014). There might be cases when there would be several errors while entering the data in a manual process. There might also be cases of errors when vital data would be transmitted from one computing device to another. The data could either be modified or stolen due to viruses or bugs within the softwares, which are used. There could also be loss of data due to unexpected damages to hardware systems such as disk crashes or errors within server. There is also a high amount of possibility for the loss of data due to natural disasters such as fire accidents (Akter & Wamba, 2016).
2.2.2 Non-Repudiation – This method could be defined as the prevention of one party from reneging based on a certain agreement after a certain fact. In the cases of e-commerce transactions and various other forms of electronic based transactions that would include ATM cash machines. Every party that would be engaged within the process of transaction should be confident about the security of the transaction. They should also ensure the authenticity of the transaction and should also keep a check that the final transaction is verified. The systems based on transaction should ensure that the party would not reject a certain transaction (Cherdantseva & Hilton, 2013).
2.2.3 Authentication – In the field of E-commerce, the process of authentication is needed when the seller would validate the information that would be provided by the purchaser such as the information of the credit card. Within this process, there should be a complete verification of the identity of the cardholder and the details of the payment card that would be responsible for the transaction. In these transactions, the seller should be extremely careful and they should hold the responsibility to provide the best authentication services based on the payment methods (Hartono et al., 2014).
2.2.4 Confidentiality – This process defines the protecting of personal data from the access of unauthorized users. This would mean that the entire information that would be shared between the merchant and the customers should only be accessible in between both the concerned parties. It should be checked that no other third party should be able to access the shared information. The most primary goals of the security within the e-business is confidentiality and privacy. These two aspects would involve the making of the accessibility of information to the unauthorized parties (Sila, 2013).
The web based technology would simplify the process of the collection of information of the user. With the increase of web technology, greater form of convenience should be created in order to prevent the loss of vital data. Users often leave trails of information that could be used for the determination of the internet history of the user, their track of online purchases, the people with they might have corresponded. The data, which would be found from the browser history of an individual could be collected easily and then it could be sold to different advertising companies (Gevaers, Van de Voorde & Vanelslander, 2014).
2.2.5 Privacy – The concern of privacy is one of the major concern within the area of e-commerce. In the cases of online based transactions, the owner of the website or the service provider should have the ability to track records of each purchases that would be made by the consumer. Conducting the transactions of business with the help of Internet has raised the need implementing the concerns of privacy within the network (Bennett & Raab, 2017).
Each of the website based on e-commerce model have their own policy related to privacy as per the needs of the organization. Hence it would be advisable to the consumers in order to keep a check of the privacy policies before they could proceed with the transactions. Violating the norms of privacy might lead to severe consequences on the part of consumer as the seller would then have the rights to impose actions on consumers for violating the norms of the website (Acquisti, Brandimarte & Loewenstein, 2015).
There are some major areas, which are also needed to be considered within the issue such as certificates, digital signature, firewalls and secure socket layers.
A digital certificate is an electronic form of ‘credit card’ that would establish the credentials of the consumer while performing business transactions on the internet. This certificate is mainly issued by the certification authority (CA). The digital certificate would contain the name of the user, a serial number, date of expiry, a copy of the public key of the certificate holder and the digital signature of the authority that would issue the digital certificate. This would be done for the benefit of the recipient as they would be able to verify whether the certificate is authentic. The digital certificates could be kept in different registries such that the authenticating users would be able to look into the public keys of the users (Zhang, Hu & Raja, 2014).
The digital signature could be defined as the electronic form of signature, which could be used in order to maintain the authenticity of the identity of the sender of a particular message or the person who would sign the document. This would also be necessary for ensuring that the original content of the document or message is not unchanged during the process of transaction. A digital signature could be used with any form of message irrespective of the fact that it would be encrypted or not. This would be helpful for the surety of the receiver that the sender is authentic and that the message would be intact (Kou, 2013).
Some of the networks, which are mainly protected are based on proxy servers and firewalls. The main focus of a firewall is to secure and protect a server, a particular form of network or an individual PC from various forms of attacks that are posed by hackers and viruses. There is also an equal importance from malicious softwares or carelessness within the computing system. Many of the companies make use of the Kerberos protocol that makes use of the symmetric secret key cryptography in order to restrict the access for the unauthorized employees.
A proxy server is a kind of server that would act as a go-between for several kind of requests that are sent from clients who would seek different resources from several other kind of servers. A client would connect to a proxy server from where they would request some kind of service that might include files, webpages, connections or any other form of resources that might be available from different other servers (Masood et al., 2013).
The Security Sockets Layer (SSL) ensures that the information that would be sent over the internet would commonly make use of the different set of rules such as TCP/IP (Transmission Control Protocol/Internet Protocol). The information, which is sent from the sender would be broken into packets and then these packets would be numbered in a sequential manner along with an attached error control. The SSL makes use of the PKI and various forms of digital certificates for the purpose of ensuring the authentication and privacy.
The procedure occurs with the initiation that a client would send a particular message to the server that would reply with a digital certificate. With the help of PKI, the server and the respective client would agree for the creation of session keys that are symmetrical secret keys, which are created especially for the purpose of the particular transaction. Once the session keys are confirmed, the communication would be able to continue with the help of the digital certificates and the session keys (Sherif, 2016).
2.3 Security Threats of E-Business
Though various kinds of security measures are taken, however there would still be some kinds of threats within the e-business transactions. These would include:
- Client Computer Threats – There might at times when the client-side computer might impose severe form of threats such as viruses and Trojan horses. These threats impacts the client computer without the prior knowledge of the client. They might steal the data of the user, destroy the computer of the user and thus would crash the computer of the client.
- Intellectual Property Threats – Most of the browsers make use of the personal information from a website without the prior permission of the owner of the website. These might include the pirating of softwares, download of music and many others. The owners of websites should make use of secured form of authentication system so as to get rid of the problem (Grant et al., 2014).
- Communication Channel Threats – The internet gives the permissibility to everyone for sending and receiving of information through various networks. The data might get stole and then modified by several group of hackers. These hackers are able to develop new form of software in order to steal the identification and passwords of the user. Spoofing is another form of major threat that would occur during the transmission of data in an electronic format. The Denial of Service (DoS) is another form of threat on the communication channel in which hackers would send unlimited requests to the targeted server. These big number of requests might not be able to be handled by the server.
- Server Threats – DoS is another form of major threats to the server. The hackers would generate a program that would send end number of requests from the client side, which might not be able to be handled by the server. Spamming is another form of important threat to the servers.
From the above discussion, it could be concluded that the e-business is a form of business model that is meant for small and larger businesses. This form of business ensures that an individual or business firm would be able to conduct their processes of business with the help of the electronic media such as the internet. Time would play a major role for both consumers and businesses. The security within the processes of e-business is meant to prevent loss and thus would be able to secure those areas in times of financial crisis or from unauthorized access to information.
The rapid form of developments within the e-commerce business model has led to the intake of various kinds of risks within the technology and the measures of security. These are meant to avoid the individual and organizational losses. Some of the issues such as digital signatures, digital certificates, firewalls and security socket layers should also be taken into consideration. Five major types of security plan that includes the assessment of risks, development of a security policy, plan of implementation, creation of a security organization and performing of a security audit.
The securing of the wireless form of transactions with high level of encryption methodologies would impact the security of the e-business transactions. The mobile devices are also a high concern for security as they are very easy to be misplaced. Hence, these measures would help in the ease of the security within the e-business transactions.
Based on the gathered conclusions from the above discussions, there could be several recommendations for securing the electronic method of e-business transactions. In order to be able to manage the various potential risks, the primary step would be to identify the different factors of risks that would include the intellectual threat to property, threat to the communication channel, threats to server and the client side computer. Based on the assessment of threats, a counter action plan must be properly designed and then it should be implemented (Da Veiga & Martins, 2015).
The integrity within the transactions could be made by improving the user interfaces that would prevent the input of invalid data. The error detection and correction software could also be implemented during the transmission of data. A well planned process of transaction would be able to decrease the disputes of customers based on fraud transactions. The amount of confidentiality within the softwares could be increased by following good methods of encryption and decryption, proper procedures of authorization and authentication. A good antivirus software should also be used in order to prevent the attacks from viruses and Trojan horses within the computing devices.
The privacy policies of each organization should be properly revised at proper time intervals. They should also make use of several useful tools such as filtering website contents that would have low privacy ratings. A proper plan for the security should be made (Toufaily, Souiden & Ladhari, 2013). The security policy should be able to identify the various mechanisms, which would help in achieving of the goals concerning the security. The organization of security should provide training sessions to the computer users so that they would be independent in dealing with the security issues and thus ensure a healthy and secure e-business environment.
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509-514.
Akter, S., & Wamba, S. F. (2016). Big data analytics in E-commerce: a systematic review and agenda for future research. Electronic Markets, 26(2), 173-194.
Bennett, C. J., & Raab, C. D. (2017). The governance of privacy: Policy instruments in global perspective. Routledge.
Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information assurance & security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-555). IEEE.
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.
Gevaers, R., Van de Voorde, E., & Vanelslander, T. (2014). Cost modelling and simulation of last-mile characteristics in an innovative B2C supply chain environment with implications on urban areas and cities. Procedia-Social and Behavioral Sciences, 125, 398-411.
Grant, K., Edgar, D., Sukumar, A., & Meyer, M. (2014). ‘Risky business’: Perceptions of e-business risk by UK small and medium sized enterprises (SMEs). International Journal of Information Management, 34(2), 99-122.
Hartono, E., Holsapple, C. W., Kim, K. Y., Na, K. S., & Simpson, J. T. (2014). Measuring perceived security in B2C electronic commerce website usage: A respecification and validation. Decision Support Systems, 62, 11-21.
Kou, W. (Ed.). (2013). Payment technologies for e-commerce. Springer Science & Business Media.
Laudon, K. C., & Traver, C. G. (2013). E-commerce. Pearson.
Mandal, B. K., Bhattacharyya, D., & Bandyopadhyay, S. K. (2013, April). Designing and performance analysis of a proposed symmetric cryptography algorithm. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 453-461). IEEE.
Masood, M., Anwar, Z., Raza, S. A., & Hur, M. A. (2013, December). Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In Multi Topic Conference (INMIC), 2013 16th International (pp. 37-42). IEEE.
Nicolaou, A. I., Ibrahim, M., & Van Heck, E. (2013). Information quality, trust, and risk perceptions in electronic data exchanges. Decision support systems, 54(2), 986-996.
Niranjanamurthy, M., & Chahar, D. D. (2013). The study of e-commerce security issues and solutions. International Journal of Advanced Research in Computer and Communication Engineering, 2(7).
Niranjanamurthy, M., Kavyashree, N., Jagannath, S., & Chahar, D. (2013). Analysis of e-commerce and m-commerce: advantages, limitations and security issues. International Journal of Advanced Research in Computer and Communication Engineering, 2(6).
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Sharma, G., & Lijuan, W. (2014). Ethical perspectives on e-commerce: an empirical investigation. Internet Research, 24(4), 414-435.
Sherif, M. H. (2016). Protocols for secure electronic commerce. CRC press.
Sila, I. (2013). Factors affecting the adoption of B2B e-commerce technologies. Electronic commerce research, 13(2), 199-236.
Toufaily, E., Souiden, N., & Ladhari, R. (2013). Consumer trust toward retail websites: Comparison between pure click and click-and-brick retailers. Journal of Retailing and Consumer Services, 20(6), 538-548.
Tripathi, R., & Agrawal, S. (2014). Comparative study of symmetric and asymmetric cryptography techniques. International Journal of Advance Foundation and Research in Computer (IJAFRC), 1(6), 68-76.
Zhang, J., Hu, N., & Raja, M. K. (2014). Digital certificate management: Optimal pricing and CRL releasing strategies. Decision Support Systems, 58, 74-78.