Significant Importance of E-Commerce Security - Research Paper Example

 Significant Importance of E-Commerce Security Introduction: In the modern times Electronic Commerce has gained significant importance in every sector of business. New technologies have been introduced through e-commerce to give a wider exposure and innovate new ways of conducting businesses. E-commerce presence is important for expansion in business, dissemination of information and access to physically inaccessible markets. E-commerce has given a boost to the financial sector tremendously, especially the banking sector which now enjoys a larger customer portfolio and, in return, the customers enjoy access to banking facility 24/7. In today’s dynamic world companies spent heavily on their IT departments for the technical support to smoothly run their e-commerce activities. Companies even develop e-commerce strategies to reduce cost of the business, expand sales and increase customer services and satisfaction in the long run. (Ghosh, 2001; Khosrowpour, 2004; Smith, 2004) The introduction of e-commerce into businesses has widened the scope of all business activities. Due to increasing use of e-commerce by the businesses and customers it is now essential to provide a secure structure of e-commerce. Unfortunately, the current internet security policies don’t support these needs. In order to gain a competitive edge in the market company needs to adopt a security policy which caters the needs of everyone involved in the e-commerce process. (Al-Slamy, 2008) The businesses operating widely over e-commerce don’t want to lose their customers due to risks involved in using online services. Solid security measures are now needed to run the businesses effectively and safely. (Oswald, 2005) E-Commerce in Organizations: In most organizations e-commerce total security programs are installed to protect firm’s resources and e-commerce operations. Such programs are necessary for e-commerce survival and their effectiveness in the organization. Such programs are kept updated and management practices and latest technologies are incorporated from time to time. (Khosrowpour, 2004) E-commerce is widely used for many business purposes like product research, order entry; customer’s related matters like support, services, communication, inquiry, invoicing etc., outbound and inbound logistics. Ecommerce has revolutionized not only businesses, but every aspect of life - the world is now a click away. (Smith, 2004) E-commerce system and related threats: Developing an e-commerce system is a challenging and crucial step to any organization. The initial process would be to conduct a research regarding the importance of e-commerce program to the organization and impact of e-commerce on the long term profitability. Leadership and commitment of upper management in the implementation of the e-commerce is essential. The next step is developing a privacy policy for the organization that outlines privacy issues, sensitivity of information and purchasing guidelines. The next step would be to assess risks imposed to the system regarding its security, both internally and externally. It is often seen that identifying internal threats is difficult compared to external ones. For the purpose, many software packages are available and are installed in order to ensure that the system is safeguarded against the internal and external threats. (Khosrowpour, 2004; Epstein, 2004) An organization can face many problems due to poor security in e-commerce systems. An e-commerce continuity plan is extremely important which provides the outline to deal and prevent any problems in the system. The basic security step is the use of anti-virus programs and firewalls installation. The risks usually faced by an e-commerce system include loss of data due to fire or explosion or any other accident, intentional destruction and theft of hardware and software or important documents, loss of key e-commerce security personnel, loss of communication, vendors and technology etc. All these risks and threats should be clearly identified in the plan and the related contingency plan regarding each threat should also be incorporated. Not only organizations but customers on the other end are exposed to risks. Risks associated with e-commerce on the browser’s side include breach of confidential information, harm to user’s system and breach of user’s privacy. Usually in B2C e-commerce there are many security concerns of the customers, like unauthorized access of hackers into personal information and misuse of that information. The security threat is mainly to the online consumer,his/her computer, the internet connection between a customer and a vendor and the vendor’s system. (Khosrowpour, 2004; Al-Slamy, 2008; Habiyaremye, 2011) Authentication: Authentication is the first step for secure e-commerce system. It is a process where it is made sure that person who claims to be ‘the person’ is that person for real. In cyber world it gets difficult for both customer and vendor to prove their identities. Many concerns arise from the customer’s side about the authenticity of vendor and whether the message is delivered successfully and unmodified. Similar concerns arise from the vendor’s side about the validity, accuracy and authenticity of the customer. The most common authentication method is using a user name and password, but it isn’t as secure as it looks. Many experts suggest that in order to make e-commerce more secure the Public Key Infrastructure should be introduced which supports public key encryption. PKI is based on digital certificates, it uses public key cryptography. Public key cryptography authenticates the sender or encrypts the message send. PKI would help make authentication easier and cheaper by assigning an identity to the internet users. (Oswald, 2005; Al-Slamy, 2008) Digital certificates are now being used which give the third party Certification Authority (CA) certifying that the person or computer is authentic and is a valid user. IKeys for digital signatures are filed in a public-key directory for every user and CA distributes these. Because of the strength of the process there is security that only a valid person/company can generate the matching signatures. Biometric characters are also a popular method of authentication which involves the use of some physical attribute, e.g. the use of finger prints and retinal images as a password. They are often considered the most secure means of authentication, but it even has certain drawbacks like relatively high cost. (Oswald, 2005; Al-Slamy, 2008; Bidgoli, 2002) Encryption: Once the authentication is proved and the message is transferred, next step is to make sure that the information is sent to and from that person without others seeing the data. The transactions that take place in the Internet are not secure and are extremely vulnerable to external security threats. This sensitive information can be protected by cryptography which hides content of information, detects changes and confirms the source and validity of information. Encryption is the process which restricts unauthorized viewers of the data to read the information. Cryptography of the data is done by two methods: secret key cipher and public key cipher. Secret key cipher is the oldest method where the things are written in secret. In this type of encryption the characters are replaced or transposed while encryption. The most widely used secret key scheme is called Data Encryption Standard (DES). In Public key cipher two keys are generated which are matched mathematically, one of the keys is used to encrypt the data and the other is to decrypt it. (Oswald, 2005; Al-Slamy, 2008) In today’s e-commerce environment the customer may get personal certificates to confirm their identity to the website. Certificates allocate unique identities and information to the customers which is used to access issuer’s website. A certificate generally has information like holder’s name, key information, policy information, issuer’s name, validity period etc. (Al-Slamy, 2008) Other technologies for E-commerce Security: Many methods and technologies have been devised to deal with security issues in e-commerce and web based transactions in order to make e-commerce experience more secure for people. Privacy can be protected either by enabling anonymous communication channels or by giving minimal personal information during the online transaction. Platform for privacy preferences enables the minimum exchange of information during a transaction. Platform for privacy preferences inform users when a website collects information. In this process the website can mention its privacy policies while the users can emphasize on privacy preferences. With this technology the exchange of information is at the discretion of the user, it enables greater security as it allows the customer to decide what level of information he needs to provide. (Kraft & Kakar, 2009; Barth, 2008) Secure Sockets Layer (SSL) is another technology used to protect customer’s confidentiality. It is a process where protocol is used to encrypt messages between web browsers and web servers. This basically is a set combination of authentication and encryption methods. SSL is used by vendors to protect sensitive information of customers. SSL works through the transport layer. Transport layer is a protocol used for a secure communication between the application and the user. If the information is sent through transport layer it isn’t tampered. It also allows for greater uniformity as the need for coding something different for each application isn’t there any more. (Kraft & Kakar, 2009; Oswald, 2005) Secure Hypertext Transfer Protocol (S-HTTP) is another solution introduced for e-commerce security. This transfer protocol used similar methods of encryption. It doesn’t work on transport layer, therefore the advantages and better security obtained in the use of transport layer technology is missing in S-HTTP. (Kraft & Kakar, 2009) Virtual Private Networks (VPNs) provide a network to the machines where they can exchange information through a public network by specifying endpoints for the secured channels and encrypting all the information that passes through this channel. In this way information can be channeled through public networks, but privately. (Kraft & Kakar, 2009) Many organizations use latest technology to reduce the risk of hackers for internal data. These include installation of firewalls, using up-to-date operating systems and application software, usage of passwords, installation of security patches, installation of anti-virus programs, file scan, monitoring server logs etc. Many big organizations segment the IT structure into multiple tiers and restrict the excess to internet freely to avoid any threat of hackers into the system. The guidelines for internal security and system protection are laid down in the policy of e-commerce system and is implemented and supported by the IT department. (Khosrowpour, 2004; Bidgoli, 2002) Conclusion: Due to the advancement in technology and excessive use of web based transaction by the companies, e-commerce has gained importance through out the world. With its increasing use the problems associated with it have also gained attention. Breach of security and privacy matters is part and parcel of the e-commerce system. A lot of important financial information is exchanged through the Internet which can be misused through many ways. Nowadays, organizations have adopted clear policies and installed robust security systems in order to deal with security issues and provide a secure business experience to its customers. References Al-Slamy, N. M. A. (5, May 2008). E-commerce Security, NMA – IJCSNS (International Journal of Computer Science and Network 340 Security, VOL.8 Barth, A., Stanford University., & Mitchell, John C. (2008). Design and analysis of privacy policies. Bidgoli, H. (2002). Electronic commerce: Principles and practice. San Diego: Academic Press. Smith, G. E. (2004). Control and security of E-commerce. Hoboken, N.J: Wiley. Epstein, M. J. (2004). Implementing e-commerce strategies: A guide to corporate success after the Dot.com bust. Westport, Conn: Praeger. Ghosh, A. K. (2001). E-commerce security and privacy. Boston: Kluwer Academic Publishers. Habiyaremye, J. A. (2011). E-Commerce Security Threats. Germany. Grin Khosrowpour, M. (2004). E-commerce security: Advice from experts. Hershey, PA: CyberTech Pub. Kraft, T. A. & Kakar, R. (2009). E-Commerce Security. School of Computer Science, University of Michigan. Oswald, T. (16, March 2005). E-Commerce Security. University of South Alabama. CIS 324 – 101 Read More