E-Commerce Security

E-commerce is the short form of electronic commerce. Electronic commerce refers to the concept of trading using electronic systems like computer networks, websites, and the internet. Initially, the term meant the execution of electronic commercial transactions; this was done with the assistance of leading technologies. Electronic Data Interchange (EDI) and Electronic Funds Transfer (EFT) were the pioneering technologies in e-commerce, and they gave users a chance of exchanging business information and conducting electronic transactions (Ecommerce-Land, 2004). Presently, e-commerce involves advertisement, buying, and selling of products using the electronic medium. The main medium used in electronic commerce is the World Wide Web. Other mediums have been incorporated in the trade in the contemporary world due to the evolving nature of technology and innovations. These include commercial e-mails, mobile phones, and other mobile devices like tablets are some of the new technologies used to propagate e-commerce. The sales aspect of electronic business is the one that is mostly executed using e-commerce. The bit deals with advertisements, customer sensitization, sales promotions, and merchandising. E-commerce also facilitates the payment aspect of business transactions as interested customers have the option of making payment using technological devices. Customer care is also tackled under e-commerce as customers have an avenue of engaging the-e sellers of certain products through inquiries and product related queries.

The concept of e-commerce debuted into the world in the late 1970’s and transformed the way trade is conducted. Online shopping is the most alluring forms of e-commerce; one can shop at their own leisure, time, and at any place as long as they are able to access the internet. Electronic purchase orders and invoices were some of the earliest forms of electronic transactions between businesses. One of the earliest known forms of e-commerce was the Boston Computer Exchange, which was formed in the year 1982. Another crucial milestone in the evolution of e-commerce was the emergence of mobile money transfer and banking, credit cards, and ATM cards. These were all in the 1980’s. In the 1990’s, e-commerce cut a niche in the business world when high-speed internet connections and security protocols were introduced. Many American and European companies had already launched their e-commerce websites by the year 2000. This was a big boost to their operations as the internet gave them a platform to reach customers on a global scale. Amazon and eBay are some of the major pioneers in e-commerce. The earliest brands that were traded via the internet were music, books, and computers (iCommercepage.com, 2012). E-commerce has since then become commonplace in business due to its many advantages. For example, it enables companies to overcome geographical barriers in execution of their business transactions. It is also a cheap way of doing business with the low costs trickling down to customers; this is achieved through discounted prices for the products.

There are several categories of e-commerce. Electronic Data Interchange (EDI) is a branch of electronic commerce that is usually centered on the exchange of business data using well-known data formats. The parties that use EDI for data exchange are often familiar with each other; this enables them to arrange for one-to-one connection. A dial-up is the one-to-one connection that is preferred by such parties (Margaret, 2005). The other branch is market research, which is used by companies to collect information about customers and products. This is done by use of questionnaires and site registrations. E-tailing involves retail trade on a 24-hour basis; customers search for products online, make enquiries, place orders, and make payments. Security of business transactions is the other category of e-commerce, which deals with controlling access to information and WebPages. It ensures privacy and confidentiality of online transactions (Margaret, 2005). Businesses also engage in e-commerce by using communication technologies like e-mail, facsimile, and internet telephony. Companies use these avenues to reach prospective customers through unsolicited advertisements like junk mail (Margaret, 2005).

The security of electronic transactions is an issue that raises concerns to many businesses and customers. Electronic commerce is a sector that is still evolving, and just like in any growing sector, there are challenges that accompany the growth. Some people have noted the potential in e-commerce and have devised means of getting money without much toil. Fraud is a major challenge in this sector with fraudsters taking advantage of the freely available information from the internet to conjure forgery schemes that may lead to financial losses and breach of privacy. Cyber crime is very rampant in the modern world with most incidences targeting e-commerce. This increases the need for coming up with measures, policies, and technologies to counter the risks. E-commerce security is a component of information security that deals with challenges that plague e-commerce. Data and computer security are some of these challenges. Since e-commerce involves payment for transactions using online technologies, e-commerce is among the most visible security components that affect the person interacting with businesses through daily settlement of transactions.

In the computer software industry, security has two interpretations. The first interpretation is in software development where security means the security features of a system that includes passwords and encryption of data that is sensitive in nature. Software consumers interpret security to mean protection against cyber attacks. E-commerce security comprises three main aspects. These are integrity, availability, and confidentiality. Confidentiality is the aspect that limits the number of people who access certain information or data to only the authorized parties. Integrity ensures that information remains in its original form as it came from the sender. Availability is the concept of ensuring that genuine parties to information can gain access to the data at any time (Darshanad & Ross, 2005).

An e-commerce security system comprises four main players. A shopper who browses a website to make a purchase order, a merchant who is usually in charge of the site, the vendor who develops a software and sells it to the merchant, and the intruder who takes advantage of the situation to make gains illegally. E-commerce merchants are mainly companies that advertise their products online to solicit for buyers. The merchants usually have websites where they post information about their range of products including descriptions, prices, and in some cases, pictures of the products. The merchants also take time to guide prospective buyers on the means they can use to foot the payment for products purchased. Merchants also outline information about delivery of the products at a place that is convenient to the buyer. Other merchants use unsolicited means to relay this message to prospective buyers; for example, by sending spam e-mails.

In most cases, the merchant cannot develop software; they purchase the software from software vendors. The vendors are software companies that specialize in developing software and applications tailored for e-commerce. Examples of such companies are Avangate, Plimus, PayPal, Fast Spring, BMT Micro, and eSellerate. A software vendor mainly makes a choice on the provider to do business with based on anecdotal evidence from different forums (Successful Software, 2009). There are a number of security features that when combined, come up with a security system for e-commerce. The features are encryption, which is used to conceal information and data so that unauthorized parties cannot access it. Auditing is the other feature, which e-commerce merchants employ for purposes of maintaining records about the history of transactions that the merchant executes. It acts as a proof that a certain merchant engaged in a sale contract with a certain individual, specifies the product involved, and the date the transaction took place. Authentication guarantees that only the genuine owner of an account is allowed to log into it. Authorization is the forth feature that ensures that only the genuine owner of an account or people authorized by the account owner can interfere with the information in the account.

Cyber crime that is directed at manipulation of the e-commerce sector illegally is quite easy to execute; it only requires a computer and internet connection. The prospects of the crime are quite huge; thus, e-commerce attracts criminals in huge numbers. The criminals in this case have specific points that they identify in the connection between the shopper and the merchant. According to Darshanad and Ross (2005), the criminal can target the shopper. In this case, the criminals trick the shopper personally so that they can fall for their scheme. This is the social engineering technique. This follows clever antics that enable the criminal to access the shopper’s personal information and behavior. An example of these tricks is a potential cyber criminal manipulating the names of certain sites in order to get authentification and registration information. A hacker may mistype the link address http://www.itv.com/buy as www.itv.com/buy intentionally. An unsuspecting shopper may log into the fake website and give their personal information, which the hackers tap and use to acquire money from electronic media like mobile banking.

 Criminals may also target the computer of the shopper where they prey on computers whose naïve users may have failed to activate security features. The other point of attack for the criminal is sniffing the network to monitor the information exchanged between the shopper and the server computer. The intent here is to acquire information about the shopper; for example, it may be used to acquire credit or ATM card numbers. Server root exploits can also be used to commit cyber crimes. This refers to a situation whereby the criminal gains super user access to the server. This is the most dangerous of all attack points as using the roots from the server, the criminal not only has control over the shopper, but they also have options of manipulating the merchant to their advantage. Two types of root exploits do exist. One is based on execution of scripts against a server, and the other is in the form of buffer overflow attacks (Darshanad & Ross, 2005). In the latter, the criminal capitalizes on a certain type of computer program bug where allocation of storage during the execution of the program is included. In the former technique, the hacker tries to construct scripts in his browser’s URL in order to get data from it. It is used mostly when one is attempting to get data illegally from the database of the server.

Attackers of the e-commerce system may also try to guess passwords in desperate attempts to gain entry into the account of a shopper illegally. This attack can be either automatic or manual. The manual approach is quite tedious; its chances of succeeding depend on the hacker’s knowledge about the authentic user. The automated approach has higher chances of success as the chances of cracking the right code increases with every attempt. The other clever approach that hackers use to gain entry into an account they want to exploit is by the use of server bugs that the criminal knows. In this case, the criminal does his research to find out the type of software that a given site uses. With this information, they proceed to search for possible weaknesses in the software that is similar and try their luck by applying the information to manipulate the system.

Despite the clever approaches used by criminals to gain unfairly in the advent of e-commerce, there is a wide array of solutions for businesses involved in e-commerce. These solutions counter the types of invasions that criminals use to exploit an e-commerce system. One of the applications used to counter cyber crime in e-commerce is the use of firewalls and honey pots. The illustration below demonstrates how the application works.

Firewall is an application meant to restrict the requests that enter a system. Its design ensures that only requests from particular ports go through the system. Firewalls can also be set in a manner that all accesses come from certain identified machines. In this application, two firewalls are used to set up a demilitarized zone. The firewall on the outer side is fitted with ports that allow incoming or outgoing HTTP requests. This enables the browser of a client to exchange information and data with the server. Behind the servers of e-commerce, another firewall that is highly fortified is mounted. This second firewall only lets in requests that come from specific servers that are trusted. The requests also have to come from particular ports for them to be allowed through the system. Since the main aim of the firewalls is to detect access attempts that are illegal or unpermitted, the firewalls are fitted with software that detects intrusion. Honey pots strengthen the firewall’s ability to detect intrusions. Engineers fit a resource in the demilitarized zone of the setup for purposes of fooling criminals. The honey pot could be a fake server that makes the hacker to think that they have gained access into the inner wall while in reality they have not succeeded in making the entry.

Another example of an e-commerce security application is secure socket layer (SSL). This application seeks to curb cyber crime by encrypting data between the server of a particular site and the computer of the shopper. This application works in a unique way where a handshake is initiated when a page that is SSL protected is requested. The handshake passes key information in a back and forth manner. When the request in this case is made subsequently to this server, the key information going back and forth is encrypted. Any hacker who tries to access this information through sniffing cannot trace it. Governments usually have a role to play in this as they are entrusted with the task of issuing SSL certificates to a particular server. The government forms a certificate authority to perform this function. Whenever a browser from a shopper makes a request to a given server, the browser does a check up to ascertain whether it can recognize the certificate of the server. In the case that a government certificate authority does not recognize the site, the shopper’s browser displays a warning message.

In conclusion, e-commerce is an important innovation that has propelled the businesses involved to great heights of financial performance. Its interactive nature also comes as a blessing to businesses as they can get immediate feedbacks from their customers regarding their products and quality of service. It is unfortunate that some criminals decide to capitalize on the process to gain illegally. It is with much relief to businesses and shoppers that software and applications that can control the vice are available. This does not eradicate the need for education and training the users of particular systems to sensitize them on important security issues and procedures. Education updates users on the myriad tricks used by criminals to manipulate the e-commerce systems so that they can detect con schemes especially the ones that employ social engineering as a tactic.