Rapid Growth And Proliferation Information Technology Essay
The rapid growth and proliferation of the internet has led to a revolution in the world of Information Technology by creating opportunities for developing and utilizing online applications on a large scale. As a result, companies and organizations are making huge and unprecedented investments in electronic commerce (henceforth e-commerce) applications but are still hard pressed to fully assess and evaluate the success rate of these e-commerce systems (DeLone and McLean, 2004). This is evident by the increasing concern of the security of web- based applications being employed over the internet (Joshi et al. 2001).
E-commerce is often thought to simply refer to buying and selling of goods and services using the internet where people immediately associate consumer retail purchases from companies such as e-bay and Amazon (Chaffey, 2002). However, e-commerce involves much more and a broad definition by the UK Government cabinet office (1999) to explain its scope defines e-commerce as "the exchange of information across electronic networks, at any stage in the supply chain, whether within an organization, between businesses, between businesses and consumers or between the public and private sector, whether paid or unpaid".
According to Kalakota and Whinston (1997), e-commerce has various definitions depending on the perspective in question as seen below:
From a Business process perspective, e-commerce is defined as "the application of technology toward the automation of business transactions and workflows".
From a Service perspective, e-commerce is "a tool that addresses the desire of firms, consumers and management to cut service costs while improving the quality of goods and increasing the speed of service delivery".
From a communications perspective, e-commerce is "the delivery of information, products and services, or payments via telephone lines, computer networks, or any other means".
From an online perspective, e-commerce "provides the capability of buying and selling products and information on the internet and other online services".
In recent times, it has been discovered that there has been a boom in e-commerce, as it is considered by many as an easy and convenient way to shop, with a projected market exceeding $1 trillion dollars over the next few years (Joshi et al. 2001). Part of the complexity in understanding e-commerce is that its growth is happening so quickly that even experts have to keep up with the pace and are often times at a loss to find already existing business models for comparison (Kalakota and Whinston, 1997). People have likened the rise of e-commerce to personal computers in the 1980s, video players in the 1970s, television in the 1950s and the radio industry in the 1920s. Although these technologies had a huge impact back then, they pale in comparison to the present day impact that e-commerce has especially in the business world where business is conducted more efficiently in addition to the creation of new business opportunities (Kalakota and Whinston, 1997).
Whilst e-commerce is widely trusted and used by many, there are issues surrounding this area such as impersonation, usage of peoples credit/debit cards by imposters to purchase goods online and bad implementation of the "what you see is what you get" phenomenon in terms of the products bought not meeting up to the expectation of the customer. All these have led to the concept of e-commerce being a security nightmare for both the business enterprise as well as the customers especially with recent and increasing episodes of unauthorized access to customers' credit card information when shopping online (Joshi et al. 2001). However, the success of e-commerce depends partly on the electronic systems with which the consumer has had no previous experience and also whether these consumers trust sellers and products they sometimes cannot see and often times cannot touch (Lee and Turban, 2001).
System administrator and customer user awareness is becoming more important in order to counter the attacks on e-commerce (Marchany and Tront, 2002). With consumers becoming increasingly aware of security features such as privacy statements by companies and encrypted web transactions, internet service providers are in turn becoming increasingly more responsive to complaints from customers about the abuse of the internet originating from their sites (Marchany and Tront, 2002).
1.2 Overview of the Research
This research aims at identifying and evaluating some of the security issues that affect e-commerce. For the purpose of this research, particular emphasis will be made on the communications and online perspectives of e-commerce as these tend to be the most common forms encountered by the everyday customer.
While e-commerce is increasingly becoming very popular, another reality is that some customers still prefer to shop in store than on the web. This research will also attempt to look at some of the reasons why some customers still opt for this regardless of the "more convenient" way of shopping online.
Primary and secondary research will be carried out in this report. Primary research in the sense that questionnaires will be given out to individuals to assess their knowledge and use of e-commerce systems; and secondary research in the sense that existing literature on e-commerce from standard databases will be searched for and reviewed to evaluate some of the security issues that seem to affect e-commerce.
1.3 Aim and Objectives
AIM: The overall aim of this project is to evaluate the current flaws in e-commerce systems and propose possible solutions to these problems.
OBJECTIVE 1: To review existing literature on e-commerce in order to identify some of the threats and risks currently being faced by e-commerce systems.
OBJECTIVE 2: To identify security issues that arise and assess the current existing security techniques.
OBJECTIVE 3: To identify lapses and strengths of existing security measures.
OBJECTIVE 4: To propose innovative ways to reduce security threats associated with e-commerce.
1.4 Key Research Questions
What are some of the risks associated with e-commerce systems and which security measures are already in place?
What are some of the trust issues associated with e-commerce i.e. how can a customer with basic knowledge of the internet detect if a website is safe enough to input their credit card details?
Which facilities can be put in place to ensure company and customer satisfaction?
CHAPTER 2: LITERATURE REVIEW
2.1 Chapter review
The principal objective of this chapter is to critically evaluate the literature available on e-commerce from standard databases reviewing the following areas: a brief history of the internet and its evolution (2.2), the internet as an e-commerce tool for transactions (2.3), Categorization of e-commerce (2.4), Risks associated with e-commerce: privacy and security (2.5), Customer trust issues with e-commerce (2.6), Customer satisfaction with e-commerce (2.7).
Keywords: e-commerce, internet, phishing, privacy, security, transactions, trust.
2.2 Brief history of the Internet and its evolution
Understanding the evolution of the internet requires a great appreciation of the system's architecture and the ways in which it has evolved (Cerf, 2004). Notably on many published papers on the subject, the internet has a core known as the "Internet Protocol" or IP "which provides the basic glue that holds the myriad networks of the internet together" (Cerf, 2004). Being the world's largest computer network, the internet, together with the World Wide Web  have stimulated a revolution in the communications industry which in turn have altered the way organizations and individuals use computers in a wide array of activities (Mowery & Simcoe, 2001).
Leiner et al (2009) have described the history of the internet revolving around 4 major aspects:
Technological Evolution aspect: which began with early research on the Advanced Research Projects Agency Network (ARPANET)  and packet switching  , where ongoing research still continues to broaden the horizon of the technology along several dimensions such as higher level functionality, scale and performance.
Operations and Management aspect: This looks at the complex and global operational and management aspects of the infrastructure.
Social aspect: This has led to a large community of Internauts  coming and working together to create as well as evolve the infrastructure.
Commercialization aspect: This has resulted in an effective and successful transition of research results into a widely used and available infrastructure (Leiner et al, 2009).
Expanding more on the history of the internet, it can be divided into 3 phases as shown in Table 1 below:
1960 - 1985
Invention of digital packet switching and associated standards and protocols
Birth of Internet self-governance institutions
1985 - 1995
Growth of the National Science Foundation Network (NSFNET)  and parallel private infrastructures
Growth in installed base of Personal computers (PCs) and Local-area networks (LANs)
1995 - date
Diffusion of the World Wide Web
Privatization of Internet infrastructure and commercialization of Internet content.
Table 1: Evolution of the Internet (Source: Mowery & Simcoe, 2002:p1372).
1960 - 1985: During this period, the internet was largely used by the research community and was a loosely organized communications technology. However as the number of users and applications grew, the organizational and technical challenges moved from further developing the internet as a network, to expanding its core infrastructure and thereby establishing a framework for more connectivity that could accommodate the fast growing demand for service.
1985 - 1995: In this period, there was a shift from public to private management of the internet with it experiencing organizational changes such as the introduction of the NSFNET and the beginning of a market for private internet access which utilized the public telecommunications infrastructure.
1995 and beyond: This phase saw the completion of NSFNET privatization and initial stock offerings of NETSCAPE  . With the fast diffusion of the Web, companies started to develop applications and commercial content for the rapidly growing network (Mowery & Simcoe, 2002).
Apart from the Internet known for delivering instant messaging, electronic mail (e-mail), entertainment applications and e-commerce to billions of people worldwide, businesses also stay in touch with their customers using online social networks such as facebook and twitter (Gaudin, 2009). With the ever increasing use of online tools, the internet continues to reach out not only to the technical aspects of computer communications, but to the general society as a whole without regard for geographic location (Leiner et al. 2009).
2.3 The Internet as an E-commerce Tool for Transactions
E-commerce, via the use of the internet has helped to improve the successful execution of business transactions which may result in more effective and efficient performance such as greater customer satisfaction, better quality and corporate decision making; lower costs thus greater economic efficiency; and added rapid exchange such as high speed or real-time interaction (Kalakota and Whinston,1997).
A business transaction is said to occur when a service or product is transferred from one economic entity to another i.e. between a client (customer) and the server (producer) (Kalakota and Whinston, 1997). In the electronic market place, when buyer and seller transactions occur, information is accessed, absorbed and sold in numerous ways as seen in figure 1 below:
Figure 1: Buyer and Seller Transactions (Source: Kalakota and Whinston, 1997).
So how exactly does the online transaction work? Typically, the buyer orders goods and services over the internet and pays for the goods using a credit, debit or other financial institution cards. During the transaction, the seller sends out an order form to the buyer requesting their personal details such as name and address; and credit / debit card information such as the card number and expiry date. The buyer then returns the filled order form containing the card details to the seller over the internet. On receipt of the form, the seller verifies the card details for validity and then charges the payment amount on the card (Franklin et al. 1999).
Figure 2 below shows a diagrammatic illustration of an online transaction. Here, an individual (for example, Sonia), orders a CD online which involves the following steps:
1) Order form is filled with Sonia's bank details included.
2) Order form is sent via a secure Internet service provider (ISP) to the online CD store web server.
3) Online CD store verifies credit card details from Sonia's bank.
4) After verification, a transfer of the payment amount is made from Sonia's bank to the CD store merchant bank via an Internet payment network system.
5) Order is printed at CD warehouse
6) Sonia receives CD 2-3days after order is received by the online CD store.
Figure 2: A typical online transaction (Source: Garfinkel & Spafford, 1997: p21)
2.4 Categorization of E-commerce
E-commerce has become a priority for many businesses whereby companies are connecting with their trading partners for "just in time" production and delivery, which in turn enhances their global competitiveness (Ngai & Wat, 2002). Belanger et al (2002) and Kalakota & Whinston (1997) have categorized e-commerce into the following:
Business-to-consumer e-commerce (B2C): defined as business transactions conducted between the corporations or organizations and the individual consumers, where goods and services are sold directly to consumers through the organization's website.
Business-to-business e-commerce (B2B): defined as electronic transactions between different organizations.
Consumer-to-business e-commerce (C2B): defined as the process where consumers identify the need for a particular product or service, and the organizations in turn compete amongst themselves to provide these products / services to the consumers.
Consumer-to-consumer e-commerce (C2C): defined as the process where individuals sell their goods and services to other individuals.
Government-to-constituent e-commerce (G2C): defined as the electronic relationship between governments and different constituents such as individuals, employees, businesses and other government agencies.
Collaborative commerce (c-commerce): defined as the process where business partners along the supply chain collaborate electronically between themselves.
Intra-organizational (Intra-business) e-commerce: defined as the process where organizations internally use e-commerce to improve their operations.
Mobile commerce (m-commerce): defined as the process where e-commerce is carried out in a wireless environment to access the internet i.e. with the use of mobile phones.
For the purpose of this study, B2C e-commerce is the category that will be focused on.
2.5 Risks associated with e-commerce: privacy and security
The issue of e-commerce and its risks cannot be over-emphasized. In the Information technology (IT) world, hardly a day goes by without a major news item on the privacy and security concerns of the IT users (Udo, 2001). Austin & Darby (2003) comment that despite the latest state-of-the-art technologies, a common belief is that perfectly safe and secure online transactions may still not be possible. For example, in 2003, Yang et al. carried out a study on internet users in Singapore which revealed that when shopping online, privacy and security are considered to be the most important factors.
The abuse of consumer privacy in e-commerce is increasingly becoming a huge concern at the government, business and consumer levels (Marchany & Tront, 2002). Marchany & Tront (2002) also state that if consumers are not assured of privacy i.e. if privacy is low or non-existent, then there will continue to be consumer resistance to participating in some types of e-commerce transactions. Udo (2001) also states that consumers are becoming increasingly aware of the fact that many organizations and companies collect consumer information for marketing or monitoring purposes in a way that could be perceived by consumers as being an intrusion of privacy.
There are various definitions and interpretations of privacy. In simple terms, Goodwin (2001) defined privacy as "the right to be left alone". Grandinetti (1996) also defined privacy as "the rights of individuals and organizations to determine for themselves when, how, and to what extent information about them is to be transmitted to others". Berman & Mulligan (1999) have also stated that privacy should incorporate 3 major expectations described as "the expectation of anonymity, the expectation of fairness and control over personal information, and the expectation of confidentiality".
The World Wide Web and the Internet have considerably widened the opportunities for individuals to communicate with companies and organizations without having physical contact. With the skyrocketing numbers of commercial websites over the years, companies that sponsor these websites have benefited from the advertisements they receive, in addition to selling their products to the global market (Metzger, 2004). Users of the internet also benefit from conveniently shopping online from home 24 hours a day and having increased access to competing firms, which subsequently facilitates price and brand comparisons of the goods and services they (internet users) are willing to purchase (Metzger, 2004).
However, for e-commerce to work, both internet consumers and online companies must be willing to disclose some amount of personal information about themselves (Hatlestad, 2001). Some of these personal information are necessary for almost all online transactions and these include customer or consumer name, home address, email address, telephone number and credit/debit card details. Other more detailed information may be required for website personalization and customization (Metzger, 2001). Hoffman et al. (1999) also comment that online shopping tends to allow commercial web providers, via their websites, to collect more information from the consumer than can be collected during most physical trips to stores. These extra information may include employment status, legal status, other internet sites visited and specific history of goods and services searched for.
However, not all customers are willing to divulge all this information for various reasons, and as a result, a lot of customers tend to shy away from e-commerce with the biggest barrier being the fear of online privacy and security (Metzger, 2004). It is also worth noting that almost 95% of web users, at one time or the other when asked, have declined to provide personal information to websites (Hoffman et al. 1999).
In 1997, a study carried out by the Nielson Media Research in the United States sampled about 1,555 web users aged 16 years and over, which projects to about 45million web users as at the time the study was carried out. The study concluded that although more than 45million individuals had used the web at least once, only about 10% (4.5million) had ever purchased a product or service online. Major online shopping concerns were related to information privacy and trust, which negatively influenced customers buying products and services online (see Figure 3 below).
Figure 3 shows the perceptions of Web Shopping and customers' likelihood of buying on the web. According to the study, majority of the web users did not feel safe to provide credit card information over the web and as a result are not at all likely to shop online.
Figure 3: Influence of Consumer attitudes to Web shopping (Source: Nielson Media Research, 1997, In: Hoffman et al, 1999).
Following up on the Berman & Mulligan (1999) description of privacy as having 3 major expectations, customers expect a certain amount of anonymity when surfing the web, as opposed to being observed by others when in-store. However, when surfing the web, the internet generates an elaborate data trail keeping up-to-date records of every stop the customer makes online, and this trail may be captured by the websites the customer visits (Berman & Mulligan, 1999).
Other technologies, such as "cookies"  which were designed for the harmless purpose of allowing websites recognize a frequent site visitor and act accordingly, can also be used to track an individual's online activities (Berman & Mulligan, 1999; Faja, 2005).
Smith et al. (1996) and Faja (2005) suggest that customer privacy concerns are classified into two sets of issues:
Contextual issues - relates to the type of information given, and the organization collecting the information.
Individual issues - stems from individual differences between consumers.
Looking at the contextual factors in-depth, Brown et al. (2005) have classified them into 5 main areas which are decribed below:
Collection of information: the customer perception that too much data is being requested for, and collected to be stored in a database.
Unauthorised secondary use of collected data: where personal data collected for one purpose is used without permission or authorisation, for another secondary purpose.
Errors: where personal data are mistakenly or intentionally altered, questioning the integrity of the database.
Improper access to data: where unauthorised individuals gain access to customers' personal data.
Invasion of privacy: where customers keep getting unwanted communications from other individuals and companies.
From the above list, the 3 most important issues to customers regarding privacy are the first three on the list; collection of information, unauthorised secondary use of collected data, and errors (Brown et al, 2005).
Looking more at the unauthorized secondary use of collected data, Smith et al. (1996) have categorised secondary usage into two: Internal and External.
Internal secondary usage - involves the use of collected information within an organization.
External secondary usage - involves disclosing collected information to other organizations.
Some studies have been done to explore customer attitudes and perception towards secondary use of collected data. For example, Culnan (1993) found that individuals with a lower concern for privacy tend not to be sensitive about secondary use of information. Also Dhillon & Moores (2001) carried out a study which revealed that selling of personal information by companies is considered to be the main privacy issue by internet users, which is also in line with the Nielson Media Research (1997) study where a high number of web users believed web sites could 'sell their name' during web shopping. However, Faja (2005) states that some customers may be willing to disclose much more personal information in order to receive a certain desired level of service requested for.
Security and Privacy are contemporaries, yet they both have their distinct features. Grandinetti (1996) defined Security as "the protection of data against accidental or intentional disclosure to unauthorized persons, or unauthorized modifications or destruction". Turner et al (2001) also defined security as "a company's ability to prevent unauthorized access to customer data and financial accounts". Being contemporaries, these definitions of Security fit into the contextual factors of privacy, as described by Brown et al. (2005).
When consumers visit a website to carry out an online transaction, they want proof that personal information sent cannot be retrieved and used by fraudsters. This is where SSL (Secure Sockets Layer)  plays a role (Bhiogade, 2002). The secure hypertext transfer protocol (https) transfers encrypted information over the internet. Thus, https is http using an SSL (Bhiogade, 2002).
Figure 4 below shows an unprotected login site without the SSL protocol as seen in the URL where the web address is given as http and not the secure https:
Figure 4: Unprotected login to a payment site (Source: Herzberg & Gbara, 2004:p12).
For an SSL connection to be made, the web server is required to have a digital certificate installed on it which contains the following information:
Domain for which certificate was issued
Owner of the certificate
Location of the owner
Validity dates of the certificate
Name of certifying authority that issued the certificate
Digital signature of certificate issuer (Bhiogade, 2002).
220.127.116.11 Cryptographic techniques: The security of an online transaction depends on the ability of the organization to ensure authenticity, availability, integrity, privacy and blocking of unwanted intrusions; which will in turn build up consumer confidence (Kalakota & Whinston, 1997). Similarly, Lamprecht et al (2006) further elaborated on these points by stating that securing transactions online typically require the following; sender authentication to ensure identity of the sender can be proved; non-repudiation where the sender cannot deny sending the message; message integrity where messages are not tampered with during transit; and message confidentiality where contents of the message remain secret.
In order to achieve all these, Lamprecht et al (2006) further state that "cryptographic techniques" ought to be made available, and are divided into the following:
A) Symmetric Cryptography: ensures confidentiality of the message by encrypting  the message (also known as the plain text message) using a secret key to produce another version of the message (known as the cipher text message), which is the encrypted version sent out instead of the plain text original message. This enhances message integrity as any alterations to the cipher text will result in a decrypted, illegible message. "Symmetric" simply means that the same secret key is also required at the recipient's end to decrypt the message. A major problem faced here is to find a highly secure way of transporting the secret key to the recipient from the sender as the same secret key used in encrypting the message is also used to decrypt it. (Lamprecht et al, 2006).
Examples of symmetric encryption algorithms include:
"DES - Data Encryption standard
Triple DES - DES applied three times
RC2 - Rivest encryption ciphers developed for RSA data security" (Bhiogade, 2002).
B) Asymmetric Cryptography: This further provides the non-repudiation guarantee in addition to providing the same message security features as the symmetric cryptography. "Asymmetric" simply means using different unique keys for encryption and decryption. It comprises of a secret key (which is secret) and a public key (which is made public). During the encryption process, the recipient's public key should be used to ensure confidentiality of the message as only the recipient is in possession of the necessary secret key for the message to be decrypted. On the other hand, if the sender's secret key is used to encrypt the message, the sender cannot deny sending the message as the secret key is only known to the sender (Lamprecht et al, 2006).
Examples of asymmetric encryption algorithms include:
"RSA - developed by Rivest, Shamir and Adleman. It is a public-key algorithm used for both encryption and authentication.
DSA - Digital Signature algorithm". (Bhiogade, 2002).
C) Hashing: This involves production of a condensed version of the message, which is unique to that message, known as the "message digest". Because the hashing algorithm is made known publicly, the same hash can be performed by the recipient on the received message, in order to produce another message digest. This newly produced message digest is compared to the previously received message digest to assess if the original message has been tampered with (Lamprecht et al, 2006).
Examples of hashing algorithms include:
"MD5 - Message digest algorithm developed by Rivest.
SHAH-1 - Secure hash algorithm, used by the US government" (Bhiogade, 2002).
18.104.22.168 Sniffer Programmes: Irrespective of these cryptographic techniques put into place to secure online transactions, Marchany & Tront (2002), state that transaction security can often be threatened by software devices known as "sniffer programmes" which are unauthorized network monitoring systems. Figure 5 below shows a diagrammatic illustration of "sniffer programmes" during an online transaction.
From the figure, it can be seen that there are various levels where the security of an online transaction can be breached which are described as follows:
Tapping line: A sniffer can be present right at the beginning of the transaction when the consumer fills out the order form with personal details and submits the order online. Here, the sniffer may find a way of gaining access to the consumer's web browser and reformat the consumer's hard disk such that personal information from the consumer's computer can be gathered by the sniffer.
Sniffer at ISP: The sniffer can breach an online transaction security at the level of the ISP when the order is submitted online. Also, at this level, the sniffer can gain access to sensitive information such as bank account and credit card numbers, social security numbers, access codes and so on which can be can be silently uploaded to other sites on the internet for future use.
Sniffer on Internet backbone: The internet backbone comprises of data routes interconnected between large networks in the internet and is another way in which the sniffer can breach an online transaction.
Sniffer at the point where submitted order just gets to the online store: Similar to the above level with sniffer on internet backbone.
Sniffer breaking into store database: Here, after the order has been successfully received by the online store, the sniffer can hack into the store's database gaining access to personal and confidential information.
Unfortunately, these sniffers can scan thousands of websites at the same time gaining access to personal information of millions of internet users worldwide because of the global nature of the internet (Marchany & Tront, 2002).
Figure 5: Sniffer programmes during an online transaction (Source: Garfinkel & Spafford, 1997: p25).
22.214.171.124 Firewalls: From the organization or online company's way of preventing sniffer attacks, firewalls  can be used which are configured to enable all outside connections going through an internal network to pass through few but well monitored locations. However, firewalls only provide a small sense of security as a number of attacks also come from dishonest employees within the organization, and not necessarily from outsiders (Garfinkel & Spafford, 1997). This is because a web server can be located between an internal firewall, an external firewall, or between both internal and external firewalls (Garfinkel & Spafford, 1997).
Figure 6 below shows an example of a web server located between both internal and external firewalls.
Figure 6: Web server located between an External and an Internal firewall (Source: Garfinkel & Spafford, 1997:p27).
Locating the web server outside the firewall is more ideal than locating it within the firewall. A reason for this is because of its availability and visibility, the web server is one of the most likely computers to be attacked by a sniffer or an outside attacker (Garfinkel & Spafford, 1997). Thus, locating the web server in the internal firewall provides little security externally making it a target for web attackers.
Some studies have been carried out on the perceptions of security issues by consumers. Turner et al (2001) carried out a study on security experts and ordinary consumers to determine their perceptions of security when making an online transaction.
From the Security experts' perspectives, the feelings of security when transacting online depended on the following factors: their deep technical knowledge, familiarity with good security processes, and the reputation of the company.
From the ordinary consumer's perspective, a number of them were unfamiliar with a number of basic security features, but their feelings of security when transacting online depended on the following factors: the reputation of the company, past experience with the website, and independent third party recommendations to ensure security (Turner et al, 2001).
Figure 7 below shows an example of a security feature encountered by consumers when making an online transaction:
Figure 7: Padlock symbol at the bottom of browser window (Source: Turner et al, 2001:p5).
Levi (2004) however states that although the closed padlock sign (shown in figure 5 above) generally depicts a secure connection, it does not necessarily always guarantee a totally risk-free secure connection. Levi (2004) further states that a closed padlock does not imply the commercial identity of the server and consumers must identify certificate details by clicking on the padlock sign in order to ascertain commercial identity of the server.
As mentioned above, third party recommendations also provided ordinary consumers with a feeling of security. An example of such third party recommendation is "TrustBar" whose goal is "to present highly visible, graphical interface, establishing securely the identity of the website" (Herzberg & Gbarra, 2004). TrustBar is located at the top of every browser window, controls a significant area, and "large enough to contain highly visible logos and other graphical icons for credentials" (Herzberg & Gbarra, 2004).
Figure 8 below shows an example of the login process of an e-banking service with UBS bank. It can be seen that the TrustBar is very visible and can identify the site and authority by name or by logo (i.e. the VeriSign logo in figure 8).
Figure 8: Secure login process in an e-banking service. (Source: Herzberg & Gbarra, 2004:p14).
TrustBar is also very important in preventing threats i.e. TrustBar displays a highly visible warning whenever a web site is not SSL protected as seen in figure 9 below:
Figure 9: TrustBar displaying a warning message in a non-SSL secure site (Source: Herzberg & Gbarra, 2004:p12).
126.96.36.199 Phishing: is defined as "a form of identity theft which occurs when a malicious website impersonates a legitimate one in order to acquire sensitive information such as passwords, account details, or credit card numbers" (Basnet et al, 2008). Successful phishers create and present a highly credible web presence so impressive that internet users fail to recognize standard security measures located in web browsers (Dhamija et al, 2006).
Phishing is on the rise and increasingly becoming a huge threat to internet users (Wu et al, 2006). A study carried out by Gartner Research in 2004 revealed that personal and financial information unintentionally disclosed to phishing websites resulted in direct losses for credit card users and US banks to the amount of $1.2billion (Litan 2004).
Wu et al, (2006) suggest that proposals for stopping phishing attacks largely rely on internet users paying more attention to the "security toolbar" seen at the top page of the web browser which displays security-related information or warnings in the web browser's interface. However, Basnet et al (2008) state that despite these security measures and anti-phishing techniques, phishers keep coming up with new techniques to counter the available techniques and software.
Figure 10 below shows a scam email which claims to have been sent from PayPal informing users that their account has been suspended, and prompting them to re-activate the suspended accounts as a security measure to prevent unauthorized charges to be made to the account.
Figure 10: Phishing email claiming to be from PayPal (Source: Gan et al, 2008:p135).
When this scam email is sent, the recipient might respond to it by clicking on the link provided in the email. On clicking the link, the internet user is re-directed to the phisher website, which unknown to the user, has been designed intentionally to look like that of the trusted company. The site would then request the user to disclose personal information such as credit card number and the three digit security code (usually located on the reverse side of the credit card), account number, and password. Once the user enters all the information, the phisher has succeeded in fraudulently gathering personal information which will be used to hijack the user's account, by using the acquired personal information to fraudulently purchase goods online (Gan et al, 2008).
A study carried out by Dhamija et al (2006) to determine if internet users could identify fraudulent websites from genuine ones revealed that 90% of the participants were fooled by good phishing websites. The study also revealed that existing anti-phishing browsing cues proved to be ineffective as 23% of the participants did not look at, or pay attention to the status bar, address bar, or other security indicators (Dhamija et al, 2006).
2.6 Customer Trust issues with e-commerce
A critical key to the success of e-commerce ventures is the ability to build and maintain trust (Murphy & Blessinger, 2003). The long-term survival of B2C e-commerce companies largely depends on the ability of the companies to convince online shoppers to shop online by clicking the purchase button. Clicking this button will be highly unlikely if the company is perceived as being untrustworthy (Murphy & Blessinger, 2003).
Mayer et al (1995:p712) defined trust as "the willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party". Broadly speaking, Gefen (2000) defined trust as "the confidence a person has in his or her favourable expectations of what other people will do, based, in many cases, on previous interactions".
2.6.1 Characteristics of Online Trust
These are described as follows by Wang & Emurian (2005):
Trustor and Trustee: In the online scenario, the Trustor is the consumer or internet user who is browsing an e-commerce website, while the Trustee is the online merchant the website represents, or the e-commerce website itself.
Vulnerability: Consumers are often unsure about associated risks and their consequences when transacting online. Consumers can also be vulnerable to specific trust violations such as loss of privacy, and loss of money when transacting online.
Produced actions: When consumers have developed trust in their online merchants, they either make an online purchase from the merchant, or they "window-shop" at the merchant's website, with both actions bringing actual or potential sales to the online merchant. For consumers to engage I such, they believe they have more to gain than lose from the online merchant as a result of trust.
Subjective matter: Online trust is a subjective matter with trust levels considered sufficient to make online transactions different for each individual.
According to Belanger et al (2002), it is expected that "higher levels of trust would emerge in exchange relationships where the consumer has the possibility of physical access to the online merchant". For example, returning an item bought in-store that is no longer desired by the consumer is both assuring and convenient. Such land purchases are likely to be perceived by the consumer as less risky purchases, irrespective of the online merchant's perceptions of trustworthiness from the website.
If reputable online merchants understand and enhance online trust, then there should be a substantial increase in the number of people who engage in e-commerce (Wang & Emurian, 2005).
2.7 Customer satisfaction with e-commerce
CHAPTER 3: METHODOLOGY
3.1 Search Strategy
A comprehensive search of major science, business and Information systems related databases was undertaken which include EBSCO, IEEE Explore, JSTOR and Science Direct. Books were used and Journals were specifically searched for which include International Journal of Electronic Commerce and Communications of the ACM. Google scholar, an internet search engine was also used.
Key search terms used include 'e-commerce', 'internet', 'phishing', 'privacy', 'security', 'online transactions', 'trust'. The Boolean operators such as 'OR' and 'AND' were used to combine words such as 'e-commerce' and 'security' e.g.
'e-commerce' AND 'privacy' AND 'security' (items containing all keywords will be searched for).
'e-commerce' OR 'online transactions' (OR is used to broaden a search).
Studies were selected for inclusion using three waves:
Wave One - this was done by retrieving titles of articles related to the key search terms mentioned above and those that seemed irrelevant to the research questions were discarded.
Wave Two - this was done by reading abstracts of the remaining articles from wave one to sift out articles that did not contain any information related to the research questions.
Wave Three - this was done by reading the full texts of the articles left from wave two.
The following were used to identify relevant articles by title and abstract:
Reference to 'e-commerce' or 'online transactions'
Reference to 'privacy' and 'security'
Reference to 'phishing', 'trust' and 'satisfaction'
Bibliographies of included studies were also hand-searched for other relevant articles that may not have been retrieved or may have been missed out during the database searches.
If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal: