Information security and buyer protection and the challenge of data protection are expanding in degree and trouble. While online businesses have since a long time ago expected to shield their clients' security and private data, changes in information transforming and plans of action present new dangers and new regulations.
As part of your report, you are required to assess different protection and security issues experienced by customers and online businesses, including security strategies by which these issues are currently being addressed.
Privacy and security in the realm of e commerce are the two critical factors of concern that determine the course of online business. E commerce security is considered to be a small part of the wider dimension of information security framework. There are two main areas of focus namely computer security including all kinds of internet thefts and data security that pertains to privacy issues of personal data (Udo, 2001). The security of e commerce is the highly visible form of security component affecting daily routine of the payment interactions and transactions. The thesis developed in the study would dwell deeper into the dynamic dimensions of e commerce security namely authenticity, confidentiality, non repudiation, integrity, privacy and availability (Ghosh, 1998). Hence, the realm of e commerce security is an essential requirement for all the managements and technical domains for effective transactions over the internet. The study would discuss about some of the pertinent security issues that are posing threat to the privacy of the customers. The security issues are also discussed with some technical jargon used. Another area of discussions would be the measures that can be taken to prevent this threat and risk over e commerce in the form of information security. The study would also discuss some of the major laws that support the cause of business management and online transactions.
Threats to e commerce
The main security crunches and the relevant issues pertain to verifying the identity of the person involved in business transactions and ensuring correct and timely delivery of messages without tampering. Networks at both the ends of customers and business vendors are at risk with hackers demanding ransoms to reveal credit card information (Ghosh, 2001). But the conflict of ease of use versus the security is heavier on the side of convenience. The virus attacks against the software Microsoft Outlook that there have been quick proliferation of these viruses and worms (Hassler, 2002) throughout the internet network. All the sites that are directly, or remotely associated with e commerce site must adequately arrange security services due to widespread attacks of Distributed Denial of Service. Code Red worm and NIMDA have successfully penetrated the system and have leaked sensitive security information (Awad, 2004) without the permission of the customers. Viruses and Trojan horse programs are main threats to the client server model of e commerce websites. Viruses are naturally disruptive but Trojan horse programs facilitate breaking into the system in addition to permit the attacks of data integrity. Therefore, Trojan horses are serious threats that remotely control some of the programs and are difficult to resolve. Spamming is another security threat that is sending of unconsolidated email threats (Belanger, 2002) and mailers to individuals leading to situations of email bombing. Hackers also place software agents to get into the system. The unauthorized access security measure is the illegal access into the system with active and passive modes. The passive mode is overhearing of some communication or overlooking some transactions while active mode refers to modification of the information or intended changes in the message. It also includes forms of masquerading that is to send messages in a fake form in the terms of spoofing. Hackers also take advantage of the operating system security holes. Theft and fraud cases also overpower the e commerce world of online business. In technical terms, there are some other attacks such as smurf attacks (These are ICMP attacks where a large number of IP packets are send with fake source address quickly using up network’s bandwidth and easing up breach to the required destination), teardrop attack (sending of distorted fragments with oversized and overlapping payloads along with a bug leading to improper handling of fragments and crashing them ultimately), phlashing (this is a form of permanent denial of service damaging the system to a greater extent that would require reinstallation of even the hardware and sometimes making it completely unusable) and brute force attacks (to defeat a cryptographic scheme), phishing attacks (it is a criminally fraudulent process to acquire sensitive information in e communication mainly targeting online auction sites, bank customers, service providers and online retailers), social engineering (manipulating people by pretexting, phone phishing, baiting with Trojan horse, interactive voice recording) (Sindre, 2005).
Social engineering is an open area of research nowadays with various mental models and motivations. The management of software is also another pertinent issue with the e commerce security guidelines and policies. There have to be balance among all the domains of data on e commerce websites and without the accomplishment of this equilibrium, e commerce security will remain as an issue of concern and a problem of all the times.
There can be numerous measures that can be taken in order to mitigate the risks associated with the e commerce security and threats. Encryption in the form of public key or private key can be used to secure the arrangements in the process of transactions. An algorithm is a key for encoding and decoding the message (Ford, 2000). The process of key protects the contents of the message and the associated technology of digital signatures can prove the true identity of the authorized sender too. In other terms, it is a digitally signed certificate for electronic identification. There are certain laws in UK pertaining to electronic signatures like Electronic Communications Act of 2000. Digital signatures are replaced by electronic signatures and are validated by the government. This directive focuses over guidelines for use of electronic signatures, establish a legal criteria for the implementation of these signatures. UK Regulation of Investigatory Powers Act monitors the powers of the police authorities to intercept any kind of electronic message that is seeming to be dangerous. The police authorities may also demand for encryption keys if necessary (Thomson, 1998). The data Protection Act of 1998 gives out eight principles to control data either personal or of government use. The controls common for security of data and other information are information security policy document, reporting security credentials, business continuity management, allocation of information for security responsibility, and information for security of education and training (Alter, 2001).
There are some other guidelines that can be followed by the customers to safeguard their online transactions and the pathway of e commerce. They must ensure that they are shopping at secure web sites having an https in the header indicating secure. The company can be researched prior to ordering the goods and the services. It is quite essential to read the privacy codes and security policies of the web site and look for a membership in web based program. The customers need to be aware about the presence of cookies on a website and can block them if desired and on the other hand they must be prepared about the behavioral marketing that is being adopted by various e commerce websites nowadays. The mode of payment via the means of credit card is the most secure one out of other means as it is protected under Fair Credit Billing Act (Joshi, 2001). The copies of the orders must be saved or printed for future correspondence purpose and the tracking information or the shipping facts must be paid attention to. In case there is any kind of merchant side cancellation, return or any kind of complaint handling, the policies of the websites must be checked. A single use card number can be used all the times in case of transactions and every time while handling the card number, virtual keypad should be used.
Customers and business experts must understand the sales responsibility and should have a knowledge about the taxes that have to be paid online. The dynamic pricing strategies should also be used in the favor of online services requested by the users. The need of the hour is to protect the e commerce websites from the common mistakes done by the people handling them and the hackers who are having a keen eye over the whole network and the end points of the network.
E commerce industry hence is facing a challenging future in terms of risks and security threats. The criminals of internet and e commerce are becoming more sophisticated for the attacks and deceptions over the e commerce gateway. Awareness about all the potential risks and execution of multi layered protocols for security purpose and strong authentication for encryption and other preventive and corrective measures will ensure a bit of a compromise for the risks and safeguard the net for the future use of e commerce pathway. It is also essential to educate the consumers of e commerce website to dwell into the security architecture of the system. Orientation programs and training programs need to be conducted for the staff for enhancing the security awareness for the internet. Financial audit groups and IT services within the domain of e commerce (Siau, 2001) should form an alliance to implement security measures at business level.
1. Udo, G. J. 2001, ‘Privacy and security concerns as major barriers for e-commerce: a survey study’, Information Management & Computer Security, vol. 9, no. 4, pp. 165-174.
2. Ghosh, A. K. 1998, E-commerce security: weak links, best defenses, Wiley.
3. Ghosh, A. K., & Swaminatha, T. M. 2001, ‘Software security and privacy risks in mobile e-commerce’, Communications of the ACM, vol. 44, no. 2, pp. 51-57.
4. Hassler, V. 2002, ‘Security Fundamentals for E-commerce’, info, vol. 4, no. 2, pp. 49-50.
5. Awad, E. M. 2004, Electronic commerce: From vision to fulfillment.
6. Belanger, F., Hiller, J. S., & Smith, W. J. 2002, ‘Trustworthiness in electronic commerce: the role of privacy, security, and site attributes’, The Journal of Strategic Information Systems, vol. 11, no. 3, pp. 245-270.
7. Sindre, G., & Opdahl, A. L. 2005, ‘Eliciting security requirements with misuse cases’, Requirements engineering, vol. 10, no. 1, pp. 34-44.
8. Ford, W., & Baum, M. S. 2000, Secure electronic commerce: building the infrastructure for digital signatures and encryption, Prentice Hall PTR.
9. Thomson, M. E., & von Solms, R. 1998, ‘Information security awareness: educating your users effectively’, Information management & computer security, vol. 6, no. 4, pp. 167-173.
10. Alter, S. 2001, Information systems: foundation of e-business, Prentice Hall PTR.
11. Joshi, J. B., Aref, W. G., Ghafoor, A., & Spafford, E. H. 2001, ‘Security models for web-based applications’, Communications of the ACM, vol. 44, no. 2, pp. 38-44.
12. Siau, K., Lim, E. P., & Shen, Z. 2001, ‘Mobile commerce: Promises, challenges and research agenda’, Journal of Database Management (JDM), vol. 12, no. 3, pp. 4-13.