Saturday, April 7, 2012

E-commerce

Introduction:

A business transaction between two parties with mutual understanding involving some trade activity between the two parties with trust and acceptable conditions is know as Commerce.

An E - Commerce is nothing but doing trade or business in the virtual world by the means of Internet. The E - Commerce activity involves selling or buying products between two parties.

An electronic commerce is possible when the seller provides online facilities to his consumers for doing the trade. The online transaction can only start when the buyer starts using the service provided by the seller.

E - Commerce Business models:

E-Commerce Business models enable the buying and selling process by combining the digital mediums used to undertake a e-commerce trasaction.

The E-Commerce Business models divide the E-Commerce transactions based on between whom the transaction is being done

The E - Commerce Business Models are:

  • Business to Business (B2B): In this model the transaction is between businesses like business between a manufacturer and wholesaler.
  • Business to Consumer (B2C): In this model the business is between the retailer and consumer. Ex: - Buying shoes from E-Bay.
  • Consumer to Consumer (C2C): In this model the business is between consumers who sell or share there products using some emerging technologies like P2P.

APPLICATIONS OF E-COMMERCE:

E- Commerce is a new field of business that is changing the way business is done in the world, many E- Commerce applications like Electronic Funds Transfer, Online buying and Selling, online Bill payments etc, have changed the way people do their business, daily commercial transactions, which can be done by just a click of a button on your computer via internet.

Today the local businesses around us do not do their business locally but with the help internet they are able to take their business globally.

Advantages of E Commerce

  • Different kind of transaction possibilities.
  • Provides lot of Buying Options to consumers.
  • Help business to be more competitive than their counterparts.
  • Provides possibilities to expand businesses
  • Less time is spent in resolving invoice and order discrepancies.

E- Commerce is advantageous as it as lot of benefits than traditional way of doing business but it has its disadvantages also like security, privacy issues etc

We can divide the disadvantages of e-commerce into two categories:

Consumer Disadvantages:

  • Online Fraud.
  • Unable to investigate the item before buying.
  • Less information about item
  • Problem in getting Refund amount for the item purchased.
  • Postage and Handling costs.

Business Disadvantages:

Not all consumers are online - missed sales opportunities

Increased market barriers

E - Commerce Security:

Security

E- Commerce is an area of business that entirely depends on electronic media to under go a Business transaction and the common electronic media we use for an e-commerce transaction is Internet. Internet is a wonderful technology in which you can do lot of things by sitting anywhere but how flexible can be internet there are lot of security risks involved in internet.

Cryptography is a field of study that helps in building mechanisms to secure the internet.

There are two types of important cryptography we follow for secured E-commerce transactions.

Private Key Encryption: In this kind of encryption system the sender and receiver possess the same key which is used for both encryption and decryption of the message sent by the sender. The key used to encrypt a message is also used to decrypt the encrypted message from the sender.

Asymmetric (public-key) cryptography: In this method the actual message is encoded and decoded using two different mathematically related keys, one of them is called public key and the other is called private key.

The total e-commerce functioning and its security does not only depends on how secure the consumer information is kept or protected from being stolen it also depends on many interrelated components like application programs, database, system software and the network through which the e -commerce service is being provided and also the overall architecture of the system and the security issues addressed in it.

The following are the mechanisms that e-commerce system as to comply if it needs to be secure:

  • Access control.
  • Privacy.
  • Authentication.
  • Availability.
  • Non - Repudiation.

Integrity is nothing but message must not be altered or tampered with. There are several chances for damage ofdata integrityin the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is being transmitted from one computer to another. Data could be modified or theft because of softwarebugsorviruses. Data could be lost due to the unexpected hardware damages like server or disk crashes. There is possibility of data loss due to thenatural disasterslikefire accidents.

There are many ways to minimize these threats to data integrity. We can maintain theBack upof our data efficiently by updating regularly.Modern technology provides us various security mechanisms to controlling access to data.We can improve the data integrity through designinguser interfacesthat prevent the input of invalid data, for example menu driven applications which allow user to choose particular they are looking for.We can use theerror detectionand correction software when transmitting data to develop integrity.

To stop illegal access to any resource we need to control the access thorough some mechanism this is where the Access Control comes into play. It controls the access of resources of a system by allowing authorized user to access the resources and limiting the access to other users this helps in preventing loss of privacy and other security problems.

Privacy is where a person profile is safe guarded from unauthorized access and is only accessible by authorized persons.

The mechanism is equivalent to that of access control but access control play even bigger role than privacy.

Public key infrastructure is a message that is encrypted by a public key and is decrypted using a private key. The public key is present with many people in order to encrypt a message but in order to decrypt the message a private key is needed which is present only with the authorized person who can decrypt the message. Such procedures form the basis of RSA (used by bank and governments) and PGP (Pretty Good Privacy, used to encrypt emails).

Documents and messages that can only be changed by authorized parties that transmitted over the network. Lack of integrity of the system can be devastating for e-commerce. While the threats to integrity are similar to the threats to access, being a threat to integrity is possible only when one has access at a level consistent with someone having the rights to alter a document.

Authentication is a key security issue in order to legitimately identify who has sent the message and where it has come from it is very important to know who has sent it because any person can illegitimately use some other name and place an order.

Non - Repudiation is a mechanism where sender cannot stop sending a message and receiver cannot deny receiving a message but this mechanism is a big flop on large scale because too many customers denying the goods placed on orders can be a problem in handling the associated contingencies.

In e-commerce the systems have to be continuously available for the customer in order to order their products or to check the services provided by the e-commerce site.

The big problems for availability will be virus, denial of service and network outages.

Essential Components of E-Commerce Security

  • Containment
  • Key E-commerce Security Components
  • Prevent proliferation of attacks.
  • Compartmentalization
  • Prevent unauthorized access to systems. Avoid collateral damage when you are under attack.
  • Continuity
  • Ensure seamless operation even under DDoS attack or equipment failure.
  • Recovery
  • Enable rapid recovery from external attack or malicious insider activity.
  • Performance
  • Network performance should not be reduced by security measures

Section - 1

E- Commerce Security Risks:

The criminal incentive

Many people today see that hacking or intruding into systems of some person is an activity that can make them popular through media attention or for the work they have done.

The popularity of this intrusions and attacks on other systems have risen a lot in these days as people are finding lot of ways to attack a particular network of systems.

Like the evolution of softwares and newer technologies in the computer world newer terminologies are being created in the illegal hacking world.

Today we can see every day there is a lot of news on illegal intrusions into various financial sites, retailing sites and email accounts. So, what is the problem with these e- commerce sites? Are they vulnerable or the security is low?

The answer for these questions would be that all softwares are built on a platform and each of them have their own security design and e - commerce services have some high end security mechanisms but still the attacks take place because that the thief is able to develop newer tool and techniques to intrude these sites.

Points the attacker can target

As mentioned, the vulnerability of a system exists at the entry and exit points within the system. Figure 3 shows an e-Commerce system with several points that the attacker can target:

  • Shopper
  • Shopper' computer
  • Network connection between shopper and Web site's server
  • Web site's server
  • Software vendor

These target points and their exploits are explored later in this article.

Attacks

This section describes potential security attack methods from an attacker or hacker.

Tricking the shopper

An attack on e- commerce through some use of technology is not only the way to inflict damage on system there are few general ways like gaining information using tactical methods of gaining information through usage of illicit ways to gain information by tricking the shopper.

The one way to trick shopper is by obtaining secure data by means of getting information through some personal data of the system or a person and using his or her secure data to make an illegal transaction.

Another way of tricking a shopper is by phishing where a actual shopping site is changed into a phising site to gain the personal data of a person. For eg: www.ebay.com can be made in www.Ebayy.com.

Sniffing the network

The sniffing of network is same has a dog sniffing the food. When a attacker attacks a network between the shopper and the e - commerce server and tries to pluck out a secure or personal data like a credit card number or net bank password.

To sniff in a network an attacker sits in the network between two systems and monitors the data passing through the network. In a network the data can be sent through packets via various network terminals which ultimately reach the end user at the end. In this scenario if an attacker tries to pluck the data but can only access a part of the data and may not extract the full required data.

Guessing passwords

The attack is to identify a user password by means of guessing. It can be done in two ways manual or automated. The way of identifying the password is by guessing the password through a shopper's personal date like his date of birth etc.

There are some tools that identify or generate a cipher text for a user details which can be used to generate a random passwords.

Using denial of service attacks

The denial of service attack is a type of attack where a attacker bombards a server with N number of requests in order to slow down the system and compelling to deny any further requests coming from different users or clients.

Section - 2

Defences

E- Commerce prevails and is becoming increasingly popular has people get lazier day by day to go out and shop on their shoes. E - Commerce has became source for many online services like shopping, auctioning, promotions and a easy source for doing business at a very cheap rate. Though, experiencing a huge increase of attack on its service e-commerce is being use widely has newer technologies emerge to safeguard the services being provided by it and enabling confidence in clients to use it extensively for their business purposes.

At the end of the day, your system is only as secure as the people who use it. Education is the best way to ensure that your customers take appropriate precautions:

  • Install personal firewalls for the client machines.
  • Store confidential information in encrypted form.
  • Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site.
  • Use appropriate password policies, firewalls, and routine external security audits.
  • Use threat model analysis, strict development policies, and external security audits to protect ISV software running the Web site.

Secure Socket Layer (SSL)

It is a protocol that encrypts the data that is being transmitted between the shopper's computer and the site's server. When a shopper requests for a SSL page the browser identifies it has a trusted page and establishes the connection with server.

The SSL certificate is a legal electronic certificate and if a website has to obtain it the government has to approve for the certificate to the site. If the website does not has the certificate then the browser issues a warning sign saying the site is untrusted.

Server firewalls

Firewalls are like the normal walls protecting an entity from illegal access and only allowing those that have the legal access. It only allows data that come from trusted ports of the system and allows only access from specific systems.

A common technique of de militarized zone is used which is similar to the land between to national borders where people with only legal documents are allowed to pass through the borders. Similarly in the DMZ technique two firewall are presents a outer firewall and inner wall are present one opens up the ports for in bound and out bound transmissions, the other checks for legal certification for trusting the site.

Digital Signatures and Certificates

These are the digital documents used for legitimacy of the site and for building trust in the shopper's for safe transactions. Eg: Verisign, Thawte

Conclusion:

E - Commerce is a growing and already popular online business area providing many services that help businesses and consumers to do online business which is fast and cheap way of doing business. The security has become a major issue in the recent years and many ways are being invented to tackle them which are also being countered by development of new ways to hack these e-commerce systems.

The only way we can thwart this security issue by mutual understanding and cooperation between the two parties involved in the business.

References:

  • Darshanand Khusial, Ross McKegney (2005), Attack and Defences Retrieved 13 Aug. 09 from E- Commerce Security Attacks and Preventions, Website: http://www.ibm.com/developerworks/websphere/library/techarticles/0504_mckegney/0504_mckegney.html
  • UPU (2001), E - Commerce introduction and E- Commerce Security Retrieved 13 Aug 09 from Website: http://www.upu.int/security/en/e-commerce_security_en.pdf
  • Unknown Author (2009),Advantages and disadvantages of E-commerce,retrieved on12thAugust 2009, fromhttp://gulf.computers.toshiba-europe.com/cgi
  • Webservio (2007) E- Commerce transactions image Retrieved 13 Aug 09 from Website: http://www.webservio.com/images/ecommerce.gif
  • ECD (2009) Digital Certificates data Retrieved 13 Aug 09 from website: http://www.ecommerce-digest.com/ecommerce-security-issues.html

nfl draft 2012 washington redskins colts colts big ten tournament 2012 dennis quaid bruce weber fired

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)