Impact Of Security Risks On E Commerce Information Technology Essay

A security risk often can be represented as the event that compromises the assets, operations of an organization. The impact of the security risks is different on different kind of systems depending on the environment in which they are being utilized. That mean the impact on server systems is different to that of the impact on the client systems. Because of its openness and convenience Internet has become the biggest and most important market for people to do business and transactions. The security risks are mainly due to Intruders, viruses, worms, Trojans which have their own impact on the data systems.

So here the scope of this research paper covers the security issues and their impact on the e-commerce. This focuses on a risk in case of e-commerce and it is defined as a function by security business professionals and the impact on the systems because of various security threats and vulnerabilities with real time examples and scenarios. These security issues are basically consists of various vicious attacks, these attacks, from a technical view can be sort into some categories; Loss of Confidentiality, Loss of Integrity, Loss of Availability, Loss of Accountability. And there are some threats that affect the computer systems such as; Web Server threats, Database threats, Programming threats, Threats to physical security of Web Servers which also affects the e-commerce.

INDEX

Introduction

Risk in e-commerce

Risk as a function

Literature review

Findings and discussions on typical Impact of risks on e-commerce systems

Conclusion

References

1.Introduction:

With the development of Internet is still on the fast track even after the .COM bubble burst, more and more companies, enterprises especially small and medium size companies came to realize the opportunity that electronic commerce can brought to them. Therefore, they are trying to catch up with those forth goes in this area. In the meantime, quite a lot of companies that are in the leading position of e-commerce implementation are caring more on how to strategically avoid, reduce and manage the potential risks behind the  e-commerce stage. Here this paper narrates; what is a risk in case of e-commerce? How it is defined as a function by security business professionals? What is the impact on the systems because of various security threats and vulnerabilities with real time examples and scenarios?

In early days of using computer systems, most of the systems are standalone and the security was accomplished by the physical controls over the access to the computers. Burglar alarms, alarmed doors, security guards, security badges, cameras allowed the people to the most secured and sensitive areas.

The interaction with the systems at that time is very less and it’s confined to very limited numbers i.e. to enter the data, manipulate it. The network of the systems is also confined to limited number of terminals and the security of it is in the hands of a limited persons. But now the condition has changed extra-ordinarily that millions of people around the globe are able to access to the network at a single moment of time effectively.

So as the information from one place is being accessed by someone in another place over the computer networks, the security issue arises. Lots and lots of sensitive information are being accessed over the both private and public networks. So along with the fast growing technology the security threats are also increasing day to day.

2. Risk in e-commerce:

‘What is risk in case of e-commerce’?

A risk may be defined as a security breach in which there might be a loss or theft of some information or assets containing the secret issues. The E-commerce systems are depending upon internet use, which provides open, flexible and provides a way for easy communications on a global basis. However, may be because of any reason the internet is unregulated, unmanaged and uncontrolled, so it posses many and wide range of risks and threats which in turn will affect with a great impact to the systems operating on it.

Anecdotal evidence indicates that the main risks which are associated with e-commerce concern intruders, hackers, viruses, worms and interception of credit card numbers which are passing over the telecommunication lines or channels. These risks can lead to the events resulting in the deliberate or inadvertent loss of many assets and this deliberate loss of assets can result from disclosing of the information, fraud, and deliberate disruption of service. 

3. Risk is a function of three factors:

‘Risk as a function’

Most of the security professionals will see that risk is a function of three primary factors: threats; vulnerabilities; and their business impact.

Combining all these provides a standard formula for the risk that is often used in security and business continuity planning. So, E-commerce has had a big impact on all these three factors.

Threats:

Threats are naturally increased with the exposure. The more exposed a system is to people or other systems, the greater will be the odds that someone or something or some system will attack that system like Cyber squatting, Eavesdropping, Web Jacking, Denial of service attacks. E-commerce magnifies this exposure of systems by making various business services available via the Internet or other kind of networks and by integrating them with the back-office systems, such as some software’s, mainframes and by using enterprise resource planning software.

Vulnerabilities:

Vulnerabilities are those which increase with complexity. If the system is more complex, then there would be a greater likelihood of software defects, system defects or configuration defects/flaws that make that system susceptible to compromise. E-commerce increases complexity by promoting the more use of Web services, distributed databases, security zones, multi-tiered applications and other sophisticated technologies.

Impact:

Here comes the main subject of this research paper, the impact can be of any type-business or personal. Business impact is the one which increases with the business value of the system, as well as the amount or the length of time the system is compromised during an attack. There is some relationship that exists between these-business impact, its value and length of time of attack.

The relationship between business impact and its value is almost linear, where as the relationship between business impact and the length of time is very rarely linear i.e. the maximum loss of the information or anything may be incurred instantaneously.

For example, consider an attacker may steal the information of 100 credit card numbers and the associated customer profiles very quickly after compromising a bank’s or financial institution’s database server. Here the E-commerce affects the business and its value directly on bottom line.

4. Literature Review:

While the concept of e-commerce is no longer be considered as a new concept, an important part of E-commerce which is still relatively new is the issues of security risks that greatly affect the economy of the e-commerce business that directly connects with the customers to sell the products and services. The main trend in the E-commerce is to rely greatly and heavily on the network of computers connecting with all the databases. And they have the ability to provide a connection directly with the customers regardless of location and in the way that builds loyal and trust relationships between a customer and seller. However, it is important to examine a full range of issues related to the e-commerce strategy of the security risks as a way to attempt to connect with customers and increase their revenues. There are issues such as the issue of the impact of the security risks due to viruses, worms, bugs, attacks, frauds around the world, and even the way in which these attacks and frauds on the e-commerce systems affecting the revenue and making the trust of customers towards the business sites to decrease to a great extent. The information about the actual success of e-commerce methods and strategies that are based around business networking and an idea that the customers insight has been reduced because of the ease with which people can communicate will also is examined.

In this review of the recent academic literature regarding E-commerce related to the use and impact of security risks and frauds, information about the reduction of customer’s insight into the commerce websites due to frauds and the impact on E-commerce strategies due to which the revenue is reduced is also reviewed. Even more, with the academic literature that is seen and reviewed, the strategies and variables that are very important for E-commerce companies i.e. how the security risks will affect the revenue and how the customers lost their information due to frauds will also be discussed.

5. Findings and discussions on typical Impact of risks on e-commerce systems:

There are various threats to the e-commerce systems: threats posed to files, databases by viruses, Trojans, botnets etc, card payment frauds, malicious attacks from in and out of the business, hacker threats etc. So now we see the findings based on the function of the risks i.e. we see threats like web bugs, active content, integrity threats: Cyber vandalism, spoofing , Necessity threats: denial of service, web server threats, database threats and vulnerabilities and the impact of them on their business and systems.

Impact by Trojans, viruses and botnets- Viruses and worms are the computer programs that spread across the computers and networks by making multiple copies of themselves i.e. usually without the knowledge of a computer or system user. A Trojan horse is a type of program which appears to be a legitimate but it actually contains another type of program or block of undesired malicious, infected code, disguised and hidden in a block of the desirable code. It can be used to infect a computer with a virus. A back-door Trojan is a program that allows a remote user or hacker to bypass the normal access controls of a computer and gain unauthorized control over it. Typically, the virus is used to place a back-door Trojan into a computer, and once it is online, the person who sent that Trojan can run programs on the infected computer, access personal files, and modify and upload files. So these merely affect the computer systems which are involved in the transactions, these by installing themselves into the computers make some mess with the data in it or make it vulnerable for other type of attacks and in case of a Trojan the impact is very high that the attacker can bypass the access to the resources for the unauthorized use.

Example: “There has been a new wave of malware attack that has started affecting BlackBerry and it has originated from Poland. The aim is to extract banking passwords.” So by this the attackers can affect the e-commerce transactions by using the credit card or bank details.

A botnet is one of the infected vaults which are a group of infected, remotely-controlled computers. The hacker sends out a virus, Trojan or worm to ordinary computers. These computers can then be used to launch denial of service attacks, distribute spam e-mails and commit click fraud, identity theft and thefts of log-in details and credit card numbers.

The impact due to the web bugs makes the user or customer to feel bad about some companies which involve e-commerce. This is because the attackers who attack with web bugs gains the information of the ISP’s of the system, so the web bugs are introduced in the e-mails and makes that e-mail address a valid one.

Active content is the content which is used by the e-commerce sites to display their items, perform check out tasks and calculate tax and shipping information etc. This active content may include java applets and java scripts. Many websites have the options to control the active content but despite the attacker use this active content to impose their code into the website. By this the attacker can do a mess with the content of the website and can gain some private information about the customers. So the impact is very risky that the user’s details such as the card details etc can be by passed to other attacker’s terminal.

The impact of the Cyber vandalism is very bad that the customer may get disgusted by the web site presence which in turn makes the customer never come back to this web site thereby decreasing the business of this website. This is because the attacker will replace or defaces the content of the website with his own content such as with porn content. So this cyber vandalism made a serious dent in the customer confidence in internet based e-commerce. This is a type of integrity attack in which the impact is majorly on the information present in the website.

Example: When the Internet was new for the home users, the young hackers would gleefully deface websites; they break into corporate, e-commerce computer networks and try to outdo each other at how much mischief they could cause for the corporate networks, looking for fame among their contemporaries. (Husted, 2011)

Spoofing is another type of attack by which many websites are victims and its impact is great on the economy of the e-commerce websites. In this type of attack the perpetrators make use of the loop holes in the DNS servers and make their fictitious website as a real and original website to spoof the website visitors, so when the visitors have submitted their credit card details or any private information the attackers use these details to order the items and make them to ship to other addresses. Even the big e-commerce companies such as Amazon.com, AOL, eBay are the victims of this attack.

Example: Recently many of the individuals are getting the e-mails that found to be legitimate from the original e-commerce websites such as Dell, Amazon that these e-mails will encourage the victims to click and submit usernames, passwords and some of their private information like card details, so then boom, they are spoofed i.e. the attackers now use their credit card details and can do all the mess which may be expected.

The impact of the Denial of Service on the e-commerce is great that the websites which are attacked with this delay in service cannot handle the requests given by the customers thereby decreasing the sales and commerce. The attackers will keep the central server that handles the request very busy by sending the inappropriate requests. This makes the customers of a particular e-commerce website disgusting and they automatically go for the other competitor website. This can also be seen in the credit card payment gateway in the websites making the customers waiting for longer times and leave the website.

Example: On December 8, 2010, a group called anonymous launched a Denial of Service attack on organizations such as Mastercard.com, PayPal, Visa.com and Post Finance and made the payment gateways as dead for many hours irritating the customers of many e-commerce websites.( Addley, Esther; Halliday, Josh, 2010)

The web server’s threats also had a great bad impact on the e-commerce business. Actually the web servers are responsible for delivering the web pages upon the request through http protocols. So here when there are vulnerabilities the attackers will do mess and in affect the e-commerce business degrades. Web servers can compromise the security by prompting the users to enter their usernames and passwords when the user visits multiple pages in the same web server’s protected area. The passwords that the user selects can be a threat. They select the simple passwords. If the file containing the private details is compromised, an intruder can enter into the privileged areas, and obtain the usernames and passwords.

The database threats also pose a great impact on the e-commerce business. Besides storing the information the database servers also connected to the web servers which contain valuable private information that could damage the whole company irreparably if disclosed or altered. And most of the database servers rely on the username and password security that if compromised can cause a great impact on the whole website. Generally the database that contains the usernames and passwords are encrypted but some of the databases of some company’s may not be encrypted, so if the unauthorized users obtain the authorization information then they can masquerade as the original database users and can get the confidential and potential valuable information like bank details etc. Once if the database of a certain company is compromised then the attackers may play with these details that they can use the card details and can buy the things they want in the e-commerce websites and can ship to their addresses.

The impact by Server Root exploits refer to techniques that gain a super user access to the server. This has a very big impact on the e-business because it is the most coveted type of attack and the possibilities are limitless i.e. the attacker can play what he wants. When the attacker attacks a shopper or his personal computer, he can only affect that single individual. But with this kind of root exploit, the attacker can gain control of the merchants, sellers and all the shoppers’ information that has links with the site. The attacker uses are two main types of root exploits: buffer overflow attacks and executing scripts against a server. The consequences may be very high that the attacker can do a mess with the website.

In a buffer overflow attack, the hacker here takes the advantage of a specific type of computer program may be a bug that involves the allocation of storage of information during the program execution. This technique involves tricking of the server into executing a code written by an attacker. The other technique uses the knowledge of scripts that are executed by the server. This step is easily and freely found in the programming guides for the server. The attacker then tries to write the scripts in URL of a browser to retrieve information from his server. This type of technique is frequently used when the attacker is trying to retrieve data from the server’s database and after getting he or she may misuse the details of the users who shop through online. This will intern make the customers not to visit the particular site again as they got crapped by it.

Example: AS MANY as 9000 New Zealanders may have had their credit card and personal details stolen after a Lush cosmetics website was hacked. This company has urged its online customers in New Zealand and Australia to contact their banks to discuss cancelling their credit cards (Rogers, 2011).

In 2007, IC3 – Internet Crime and Complaint Center received 219,553 complaints that totaled $239,090,000 in financial losses in the form of assets or in form of theft. The average loss per complaint is around a $1000.

C:UsersBharathDesktop2007_ic3report.jpg

Source: Internet Crime and Complaint Center 2007 Report

6.Conclusion:

This article outlined the key security attacks and impacts in an E-commerce system. The Current technology allows for secure website design. The rise of user’s identity theft and the fraud that attackers do and it has long been seen as a threat to e-commerce revenue growth. With the complaints of identity theft, loss of private information and phishing attacks on the rise, many customers may shy away from buying goods and services online.

It is up to the site developing team to be both proactive and reactive in handling the security threats to reduce the high impact on the e-commerce business, and up to the shopper to be more responsible and vigilant when shopping online.