E-COMMERCE SECURITY ISSUES
- Integrity: Integrity is nothing but a message that must not be altered or tampered with. There are several chances for damage to data integrity in the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is being transmitted from one computer to another. Data could be modified or theft because of software bugs or viruses. Data could be lost due to the unexpected hardware damages like server or disk crashes
- Nonrepudiation: Prevention against any one party from reneging on an agreement after the fact. For E-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure; that the parties are who they say they are (authentication), and that the transaction is verified as final. Systems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employ Digital Signatures, which will not only validate the sender but will also 'time stamp' the transaction, so it cannot be claimed subsequently that the transaction was not authorized or not valid, etc AICTE approved MBA college in Bangalore
- Authentication: In E-commerce, authentication is a process through seller validates the information provided by the buyer like credit card information. In this process verification of both the cardholder's identity and the payment card's details are checked. In E-commerce transactions, sellers must be very careful and responsible to provide good payment authentication services. A well-developed and implemented transaction authentication process will decrease the number of customer disputes and charged-back transactions. If the E-commerce website does not have a good authentication system could lead to a great loss of both data and money.
- Confidentiality: Confidentiality is protecting our data from unauthorized users. That means whatever the data or information shared by the merchant and the customers should be accessed by those two parties only. No other should be able to access such data. To maximize the confidentiality we must follow good encryption and decryption methods, proper authentication, and authorization procedures. We must use good antivirus or software error detection system.
- Privacy: Privacy is a major concern in the E-commerce area which tells the E-commerce user how long his or her personal information is going to be stored in the website owner's database, how safely they delete such personal information, and what are the legal actions will be taken if the eCommerce website is misused. In online transactions, the website owner or service provider will have the ability to keep a record of all the purchases made by a consumer. Each E-commerce website has its own privacy policy, as per the needs of the organization. So the customers must go through the privacy policy before they utilize an E-commerce website for online shopping. Otherwise, the customers have to phase big problems as the seller has the legal right to take any action against the customer for misusing their website. Best MBA college in Bangalore
- Phishing Attacks: Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing scams generally are carried out by emailing the victim with a ‘fraudulent’ email from what purports to be a legitimate organization requesting sensitive information. When the victim follows the link embedded within the email they are brought to an elaborate and sophisticated duplicate of the legitimate organization's website. Phishing attacks generally target bank customers, online auction sites (such as eBay), online retailers (such as Amazon), and services providers (such as PayPal)
- Social Engineering: Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering techniques include pre-texting (where the fraudster creates an invented scenario to get the victim to divulge information), Interactive voice recording (IVR) or phone phishing (where the fraudster gets the victim to divulge sensitive information over the phone), and baiting with Trojans horses (where the fraudster ‘baits’ the victim to load malware unto a system). Social engineering has become a serious threat to e-commerce security since it is difficult to detect and combat as it involves ‘human’ factors which cannot be patched akin to hardware or software, albeit staff training and education can somewhat thwart the attack.
ETHICAL ISSUES IN E-COMMERCE
- Domain name: The competition over domain names is another legal issue. Internet addresses are known as domain names and they appear in levels. A top-level name is qburst.com or microsoft.com. A second-level name will be qburst.com/blog. Top-level domain names are assigned by a central non-profit organization that also checks for conflicts or possible infringement of trademarks. Problems arise when several companies having similar names compete over the same domain name.
- Copyright: The copyright laws protect Intellectual property in its various forms, and cannot be used freely. It is very difficult to protect Intellectual property in E-Commerce. For example, if you buy software you have the right to use it and not the right to distribute it. The distribution rights are with the copyright holder. Also, copying content from the website also violates copyright laws.
- Fraud on the internet: E-commerce fraud popped out with the rapid increase in the popularity of websites. It is a hot issue for both cyber and click-and-mortar merchants. The swindlers are active mainly in the area of stocks. The small investors are lured by the promise of false profits by the stock promoters. Auctions are also conducive to fraud, by both sellers and buyers. The availability of e-mails and pop-up ads has paved the way for financial criminals to have access to many people. Other areas of potential fraud include phantom business opportunities and bogus investments.
- Web tracking: E-businesses draw information on how visitors use a site through log files. Analysis of log files means turning log data into an application service or installing software that can pluck relevant information from files in-house. Companies track individuals’ movement through the tracking software and cookie analysis. Programs such as cookies raise a batch of privacy concerns. The tracking history is stored on your PC’s hard disk, and any time you revisit a website, the computer knows it. Many smart end-users install programs such as Cookie cutters, Spam Butcher, etc which can provide users some control over the cookies.
- Email Spamming E-mail spamming, also known as unsolicited commercial e-mail (UCE) involves using e-mail to send or broadcast unwanted advertisements or correspondence over the Internet. The individuals who spam their e-mail are usually called spammers. Many spammers broadcast their emails for the purpose of trying to get people’s financial information such as credit card or account bank numbers in order to defraud them. An example of fraud using e-mail is spammers will lure consumers to enter their personal information on fake websites using e-mail, forged to look like it is from an authorized organization such as a bank. The content of e-mail often directs the consumers to the fake website in order to lure them to fill in their personal information such as credit card or bank account details.
- Online Piracy: Online piracy can be defined as unauthorized copyright of electronic intellectual property such as e-books, music, or videos. This unethical activity occurs when Internet users use software and hardware technology in an illicit manner to transfer electronic intellectual property over the Internet.
- Privacy Invasion: This issue is related to consumers. Privacy invasion occurs when the personal details belonging to consumers are exposed to an unauthorized party. It may occur in THREE ways. i. Electronic commerce businesses buy information about individuals such as their personal details, shopping habits, and web page visitation listings. ii. The personal information of consumers being transmitted may be intercepted by anyone other than the person to whom it is intended. iii. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies.
MEASURES TO OVERCOME SECURITY ISSUES IN E-COMMERCE
Audit ability − Data should be recorded in such a way that it can be audited for integrity requirements.
Encryption − It is a very effective and practical way to safeguard the data being transmitted over the network. The sender of the information encrypts the data using a secret code and only the specified receiver can decrypt the data using the same or a different secret code
Digital Signature − Digital signature ensures the authenticity of the information. A digital signature is an e-signature authenticated through encryption and password.
Security Certificates − A security certificate is a unique digital id used to verify the identity of an individual website or user.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication, and a digital signature over the internet. Secure HTTP supports multiple security mechanisms, providing security to the end-users. SHTTP works by negotiating encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is the best security protocol. It has the following components −
- Card Holder's Digital Wallet Software − Digital Wallet allows the cardholder to make secure purchases online via a point and click interface.
- Merchant Software − This software helps merchants to communicate with potential customers and financial institutions in a secure manner.
- Payment Gateway Server Software − The payment gateway provides an automatic and standard payment process. It supports the process for merchant certificate requests.
- Certificate Authority Software − This software is used by financial institutions to issue digital certificates to cardholders and merchants, and to enable them to register their account agreements for secure electronic commerce.
See Also:
- Customer Satisfaction: Benefits, Examples & Importance | NAAC accredited MBA college in Bangalor
- Potential of Rural Marketing in India | ABM Colleges in Bangalore
- Business Promotional Strategies | Top MBA college in Bangalore
- Talent Management | Top Ranked MBA college in Bangalore
- Benefits of the Social Media in the Marketing Arena | Best MBA College in Bangalore
- SWIFT Payments and its Pros and Cons | Best MBA college in Bangalore