Security Issues Concerned With E Commerce Information Technology Essay

Rapid advancements in technology is allowing everyone to send and receive information from anywhere in the world. Initially people used to share information but slowly this technology started emerging to business areas such as marketing, buying and selling, is called E-commerce. In which all the business transactions are made online. E-commerce is providing many comforts to everyone at the same time there is a chance of misusing the technology. In this essay, E-commerce is discussed in detail about the security issues associated with that. Familiarity with securities increases the benefits of E-commerce to a maximum extent. 

INTRODUCTION

E-commerce is a type of business model for a small or larger business that enables a firm or individual to conduct business using electronic media such as internet. It can be divided into four major areas based on type of business and the parties involved in business. They are business to business, business to consumer, consumer to consumer and consumer to business. This essay explains about E-commerce, importance of E-commerce, latest applications, advantages and draw backs. This is also explains in detail about current security issues, E-commerce threats, risks and privacy issues related to various areas of e commerce.

IMPORTANCE OF E-COMMERCE:

In e-commerce, time plays a vital role in both the businesses and consumers. From the business point of view, with less time spent during each transaction, more transaction can be attained on the same day. As for the consumer, they will save up more time during their transaction. Because of this, Ecommerce steps in and replaced the traditional commerce method where a single transaction can cost both parties a lot of valuable time. For example, a banking transaction can be completed through the Internet within a few minutes compared to the traditional banking method which may take up to hours. This fact clearly proves that Ecommerce is beneficial to both business and consumer wise as payment and documentations can be completed with greater efficiency.

APPLICATIONS OF E-COMMERCE:

Now a day’s development of E-commerce applications is taking place rapidly. This is mainly due to the increased number of internet users and awareness of technology in people. Many people using internet to shop online, make bills payment and money transfers etc.

ADVANTAGES OF E-COMMERCE APPLICATIONS:

People paying more attention to do electronic transaction using internet because, they can do these from any place in the world at any time they wish. This is saving lot of time and effort and providing comfort.  The other important advantage of e commerce is the cheapest means of doing business. From the buyer’s perspective also ecommerce offers a lot of real advantages.

Reduction in buyer’s sorting out time.

Better buyer decisions

Less time is spent in resolving invoice and order discrepancies.

Increased opportunities for buying alternative products.

DIS ADVANTAGES OF E-COMMERCE:

However there are several benefits of E-commerce applications, there are few limitations and risks involved in using those applications. The main disadvantage of E-commerce is the lack of a business model, lack of trust and key public infrastructure, slow navigation on the Internet, the high risk of buying unsatisfactory products, and most of all lack of security. It has a great impact on traditional business system. For example, telephone bill payment in traditional method was expensive and time consuming than the recent online payment. Of course, the recent online payment system is cost effective but, can’t provide employment in the transportation system like traditional payment method. So the major disadvantage of E-commerce applications is, it perpetuates unemployment. In some way it can provide employment to few people like data base administrator, internet security providers etc. where as privacy, security, payment, identity, contract comes under drawbacks of the e- commerce.

SECURITY ISSUES CONCERNED WITH E-COMMERCE:

In spite of its advantages and limitations E-commerce has got some security issues in practical. E-commerce security is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction.  Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day.  There are two types of important cryptography we follow for secured E-commerce transactions.

Symmetric (private-key) cryptography: This is an encryption system in which sender and receiver possess the same key. The key used to encrypt a message is also used to decrypt the encrypted message from the sender.

Asymmetric (public-key) cryptography:  In this method the actual message is encoded and decoded using two different mathematically related keys, one of them is called public key and the other is called private key.

To provide the maximum security using cryptography we target the following five areas:

1.      Integrity

2.      Non-repudiation

3.      Authenticity

4.      Confidentiality

5.      Privacy

INTEGRITY:

Integrity is nothing but message must not be altered or tampered with. There are several chances for damage of data integrity in the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is being transmitted from one computer to another. Data could be modified or theft because of software bugs or viruses. Data could be lost due to the unexpected hardware damages like server or disk crashes. There is possibility of data loss due to the natural disasters like fire accidents.

There are many ways to minimize these threats to data integrity. We can maintain the Back up of our data efficiently by updating regularly.  Modern technology provides us various security mechanisms to controlling access to data.  We can improve the data integrity through designing user interfaces that prevent the input of invalid data, for example menu driven applications which allow user to choose particular they are looking for.  We can use the error detection and correction software when transmitting data to develop integrity.

 NONREPUDIATION:

Prevention against any one party from reneging on an agreement after the fact. For E-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure; that the parties are who they say they are (authentication), and that the transaction is verified as final. Systems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employ Digital Signatures, which will not only validate the sender, but will also ‘time stamp’ the transaction, so it cannot be claimed subsequently that the transaction was not authorized or not valid etc.

AUTHENTICATION:

In E-commerce, authentication is a process through seller validates the information provided by the buyer like credit card information. In this process verification of both the cardholder’s identity and the payment card’s details are checked. In E-commerce transactions sellers must be very careful and responsible to provide good payment authentication services. A well developed and implemented transaction authentication process will decrease the number of customer disputes and charged-back transactions. If the E-commerce website do not have the good authentication system could lead a great loss of both data and money. 

 CONFIDENTIALITY:

Confidentiality is protecting our data from unauthorized users. That means whatever the data or information shared by the merchant and the customers should be accessed by those two parties only. No other should be able to access such data. To maximize the confidentiality we must follow good encryption and decryption methods, proper authentication and authorization procedures. We must use good antivirus or software error detections system.

PRIVACY:

Privacy is a major concern in E-commerce area which tells the E-commerce user how long his or her personal information is going to be stored in web site owner’s database, how safely they delete such personal information and what are the legal actions will be taken if the ecommerce website is misused. In online transactions, the website owner or service provider will have the ability to keep a record of all the purchases made by a consumer. Each E-commerce website has its own privacy policy, as per the needs of the organization.  So the customers must go through the privacy policy before they utilize E-commerce website for online shopping. Otherwise the customers have to phase big problem as the seller has the legal rights to take an action on customer for misusing their website. To get rid of this problem now a days we are able to use many tools like filtering website with low privacy ratings

In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. I will explain each and every concept with detail explanation.

Digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived intact.

Digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users’ public keys.

In Security socket layer, Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client agree to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates.

Some of the protecting networks are fire wall and proxy servers. Fire wall is to protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees where as proxy servers (proxies) is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server.

E-COMMERCE SECURITY THREATS:

However we follow security measures, there are is a chance of threats in several ways. We can classify such threats in to four types.

1.   Intellectual property threats:  Some browsers use the information personally from a website without permission of the website owner. For example, music downloads, software pirating etc. To get rid of this problem website owners have to use secured authentication system

2.  Client computer threats:  Sometimes client computers may impose for electronic threats like Trojan horse, viruses. Which enters the client computer without user’s knowledge, steal the data and destroy or crash the client computer. To avoid these types of threats we need to use good antivirus system which should be updated regularly. The website owners should implement a strong privacy policy. 

3.  Communication channel threats: As internet allows anyone to send and receive information through many networks. Data may be stolen, modified by unauthorized users of hackers. Hackers can develop software to steal the user Identification and pass words as well. Spoofing is another major threat while data is being transmitted electronically. Denial of service is also one of communication channel threat, where hackers’ sends unlimited number of requests to the target server, which big number of requests may not be handled by the server. Obviously the genuine user will find websites of that server are always busy.  

We can overcome the communication channel threats using public key encryption and private key encryption.  We can also use proper protocols to get rid of communication channel threats.

Digital signatures are another way we can follow to minimize these kinds of threats. Where the actual message which we need to send is decrypted and bound with sender’s private key and a signature is added to that will be send to the receiver. The receiver uses sender’s public key and signature for decryption to see the actual message.

4.  Server threats: Denial of service is a major threat for the servers, where hackers generate a program which sends many requests from the client side that cannot be handled by the server. Spamming is another important threat for the servers. To protect our server from the above threats we can use authentication for web access, digital signatures and firewalls. Firewalls check the incoming requests packets and if anything which does not match with the server related data, they simply reject those requests.

Some of the tools to achieve the security they are encryption, firewalls, security tools, access controls, proxy systems, authentication and intrusion detection.

HOW TO DEVELOP AN E-COMMERCE SECURITY PLAN:

Perform a risk assessment

Develop a security policy

Develop an implementation plan

Create a security organization

Perform a security audit

Firstly, security plan starts with risk assessment which means an assessment of the risks and points of vulnerability. Secondly, security policy is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets where as in the implementation plan it will take to achieve the security plan goals. Thirdly, security organization educates and train users, keeps management ware of security threats and breakdown, and maintains the tools chosen to implement security. Lastly, security audit involves the routine review of access logs.

MANAGING RISK IN E-COMMERCE:

To be able to manage the risk in E-commerce first step is identify the risk factor whether it is intellectual property threat, communication channel threat, client computer threat   or server threat. Then we take a counter action against the relevant risk as explained above. If we don’t do this regularly, E-commerce may mislead the customer because of the data stealing of modification. Customers and the website owners may lose valuable account numbers; pass words and other personal information. As E-commerce is worldwide, it could lead for the global loss for both customers and sellers.

CONCLUSION

E-commerce is a type of business model for a small or larger business that enables a firm or individual to conduct business using electronic media such as internet. In e-commerce, time plays a vital role in both the businesses and consumers. E-commerce security is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction. Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day. In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. To develop a security plan five major steps have to be considered they are risk assessment, developing security policy, implementation plan, create a security organization and performing a security audit. To reduce the risk from the Trojans, worms every one should implement the security plan.