How secure is e-commerce?

By NOR AZEALA MOHD YUSOF and ISMA NORSHAHILA MOHAMMAD SHAH

The rapid growth of the Internet has deeply affected our daily lives, changing the way we communicate, manage, access, use and commercialise information to conduct business electronically.

Electronic commerce, also known as e-commerce or EC, is the process of buying and selling goods, services, and information on the Internet.

Today, e-commerce has become a powerful tool for business transformation, allowing companies to enhance their supply-chain operations, reach new markets and improve services for customers as well as providers.

There are several categories of e-commerce but the most common and popular is B2C or Business to Customer which allows businesses to sell goods or services to their customers.

Amongst the e-commerce applications are:

  • Online shopping, marketing and advertising

By using e-commerce, retailers need not worry about a physical store. They only need to advertise and place information about their products on their website, blog, or social networking sites. Customers can do online shopping from home on their computer, tablet PC and mobile phone.

Customers can choose from various online stores and place their orders by contacting the retailers using email or SMS. Payment can be made using debit cards, credit cards, or by cash on delivery when the product is delivered to their homes.

  • Online banking

Online banking is also known as home banking. It allows customers to operate, access and manage their accounts, including pay bills without going to the bank.

Customers only need to surf to the bank’s website and login as authorised account owners. For the authentication process, customers will need to prove their identities by providing their passwords or they will be asked pre-determined security questions. All the transactional data online is in encrypted form, so if a hacker tries to hack the information, he or she will not able to read the actual message.

Security issues

Many companies that offer products and services online face security risks that threaten their businesses. Many threats to e-commerce could potentially occur within the company or externally.

Here are some security issues which companies should address:

  • Client threats

This could come from malware (malicious software) with the ability to replicate and spread to other files and folders; worms designed to spread from computer to computer a Trojan horse to perform malicious and unexpected damage; bot programmes which can be covertly installed on computers and respond to external commands sent by the attacker; and server-side masquerading which lures a victim into believing that the entity with which it is communicating is a different entity.

  • Communication channel threats

This includes confidentiality threats where the user’s personal information is recorded without their knowledge.

It could also be in the form of integrity threats where an unauthorised party alters a message stream of information. It can alter vital financial, medical or military information.

  • Server threats

Web-server threats, commerce server threats, database threats, and common gateway interface threats can have security holes and bugs. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.

Another server threat is password hacking where a password-based system guesses a user’s password.

  • Unwanted programmes

Then there is the risk of adware (unwanted pop-up ads) and spyware (used to obtain information, such as a user’s keystrokes, email and IMs).

  • Phishing and identity theft

This is an attempt by a third party to obtain confidential information for financial gain. The most popular type is the email scam letter which asks the recipient to send money to a bank account.

  • Hacking and cyber vandalism

Hacker – an individual who intends to gain unauthorised access to computer systems.

Cracker – a hacker with criminal intent. (two terms often used interchangeably)

Cyber vandalism – the act of intentionally disrupting, defacing or destroying a website.

  • Credit card fraud

Credit card information can be stolen. Hackers target credit card files and other customer information files on merchant servers and use the stolen data to establish credit under false identities.

  • Spoofing (pharming) and spam (junk) websites

Spoofing – Presenting oneself by using a fake email address or masquerading as someone else.

Spam – Using domain names similar to legitimate ones, then redirecting traffic to spammer redirection domains.

  • DoS and DDoS Attacks

Denial of Service (DoS) attack – Hackers flood a website with useless traffic to inundate and overwhelm the network.

Distributed Denial of Services (DDoS) attack – Hackers use numerous computers to attack the target network from numerous launch points.

  • Other security threats

Sniffing – An eavesdropping programme that monitors information shifting over a network. It enables hackers to steal proprietary information from anywhere on a network.

Insider jobs – Single largest financial threat.

Poorly-designed server and client software – With the increased complexity of software programmes, this has led to an increase in vulnerabilities which hackers can exploit.

Lessen the risks

So, what can companies do about these security issues? There are many relevant technologies, including cryptographic technologies that can mitigate vulnerabilities. However, none is comprehensive on its own.

In the mass media, the most visible security technology is the encrypted algorithms. E-commerce software packages should also work with Secure Electronic Transfer, Secure Socket Layer, Public Key Infrastructure (PKI) and Secure E-commerce protocol technologies for encryption of data transmissions.

Before providing your personal information online or doing any online transaction, users should check if the website uses these security technologies.

Conclusion

E-commerce is growing rapidly and simultaneously giving rise to security issues in computer networks. There are many guidelines for securing systems and networks for e-commerce systems.

Training and orientation programmes are also becoming more critical in order to increase the security awareness among e-commerce users.

IT and financial groups using e-commerce sites should form an alliance to overcome the general resistance to the implementation of security practices at a business level.

Finally, consumers need to be educated further on security issues and become more concerned about protection of their personal information.

Privacy is an important issue that needs to be addressed to ensure the future growth of e-commerce.

TheSkop

Portal Teknologi dan Gaya Hidup Paling Best di Malaysia

%d bloggers like this: