E-Commerce Strategy - Admission/Application Essay Example

 An E-commerce Strategy: Online Security Contents Executive Summary 2 Introduction 3 Theory, Concepts and Findings 4 Identity Theft 4 Credit Card Fraud 5 Merchant Related Fraud 6 Merchant Collusion 6 Triangulation 6 Internet Related Frauds 7 Site cloning 7 False merchant sites 7 Credit card generators 7 Recommendations 8 The use of an address verification system 8 Adopting a Card Verification Methods 8 Use of Negative and Positive Lists 8 Payer Authentication 9 Conclusion 9 Bibliography 10 Executive Summary When it comes to online commerce, small businesses face threats and these challenges the business face and identifying and mitigating these online threats are most of the time overlooked. These online security threats include fraud and identity theft. Identity theft is one of the most commonly used form of fraud as well as credit card fraud, money laundering, bank loans fraud and counterfeit cheques fraud. Many of the fraud or identity theft cases reported as per the case studies, it was found that these cases are concerned with identity theft based on characterization of activity and associated keywords. Most of the information available and the cases reported provided insufficient information about these cases of identity theft. The most common cases of these kind of theft was credit card fraud which occurred in more than 45% of the cases reported. Of these cases reported, over 30% indicated the fraudster’s success in taking over the information regarding that card and around 17% reported a successful setting of unauthorized new credit account where the fraudster added their name to the account of the legitimate user of that card. (Westland, Christopher and Theodore, 1999). The available data regarding to identity theft and credit card fraud indicate that the victims auto loan fraud carried out with the help of identity theft actually new they had been conned before reporting these cases. Approximately, around twenty seven percent of the identity theft cases reported, the victims actually knew who the thief was and these thieves were found out to be either close family members, friends or employees who knew the victim well. The identity theft cases that are assisted by computers are most common. This international ring of fraudsters use the identity of other people’s information so as to support their actions. (Chaffey, 2009) Introduction The term e-commerce refers to a process in which electronic transactions facilitate the exchange of, and payment for, goods and services between businesses, consumers, government and other public and private organizations using the internet, computer networks and portable electronic devices. The definition of e-commerce further specifies that it relates to the ordering of goods and services over the internet, but the payment and ultimate delivery of the good or service can be conducted on or offline. (Fruhling & Digman, 2000) Online retailing is part of e-commerce and includes the purchase and sale of goods between consumers and retailers online. It is also referred to as the business to consumer (B2C) market. Other terms related to online transactions include e-tailing. These provide an environment where the business can provide online services to any kind of services and also form multi-channel establishments where online activities are combined with bricks and mortar operations. The internet has had an important transformative impact on the way in which businesses interact with other businesses (or B2B) as well as consumers by facilitating the rapid transfer of information, reducing transactions costs associated with locating and purchasing supplies, and enabling more efficient production and delivery of goods and services. The growth of online shopping has occurred in the context of greater familiarity with, and confidence in, the use of the internet across a range of activities. This reflects a substantial cultural change in how the community is conducting economic transactions. It is very clear that a larger proportion of businesses are using the internet to expand their sales to both businesses and consumers and improve the efficiency of ordering inputs. (Chaffey, 2009) While online shopping has been facilitated by the greater household penetration of computers with broadband access it will be stimulated further by the growth in mobile devices such as phones with internet connectivity. It has been estimated that the number of mobile handsets with internet connectivity has tripled in the past year to around 3.6 million in June 2011. Many online shoppers are attracted to the convenience associated with mobile devices though some concerns have been expressed about security. Smart mobile phones allow consumers to make ready comparisons about features of products as well as the best prices available from bricks and mortar and online retailers. As well as providing information about products and relative prices, smart mobile phones facilitate the purchasing of goods online, which is expected to provide a further stimulant to online sales in the short to medium term. (Harding & Varney, 1999) However, with an increase in online shopping, transactions, globalization and a lack of cyber borders has provided an environment ripe for online security threats such as fraud, identity thefts, cyber theft and fraud, industrial espionage, website hacking and phishing attacks, inside attacks, extortion, cyber terrorism, loan fraud and online bank account fraud, hence a need to develop a strategy to avoid and mitigate these threats. This research paper is set to discuss issues in regard to online security threats and way to minimize them. (Fazlollahi, 2002) Theory, Concepts and Findings Various threats associate to online purchase and transactions include; Identity Theft According to the Code of Federal Regulations (CFR), identity theft ca be defined as “a fraud exercise attempted or committed using another person’s personal information without permission.” This kind of theft can both facilitate and be facilitated by other crimes. For instance, theft of one’s identity enhances other crimes such as document fraud, bank fraud and immigration fraud, and it may be aided by crimes such as theft in the form of robbery or burglary. This kind of theft normally occurs when a fraudster acquires, possess and transfers personal information of another person in an unauthorized manner with an intention of using such information to commit other crimes such as fraud. (Levinson, Meyerson & Scarborough, 2008) In as much this definition of identity theft includes both individuals and other legal entities, the focus in this paper will be on the theft affecting consumers carrying out online transactions. In the past, theft of one’s personal information was carried out through access to information in public records, theft one a person’s belongings including credit cards and access of one’s financial records in databases regarding saving and checking accounts. However, currently, these unauthorized access of personal information is carried out using sophisticated means such as theft of payment cards, dumpster diving, skimming of card’s information, shoulder surfing, theft of business records and pretexting. This kind of theft can also be performed online through either a special software designed to collect personal information is secretly installed on someone’s computer or smartphone i.e. malware, deceptive e-mails or websites are used to trick persons into disclosing personal information i.e. phishing and computers or mobile devices are hacked into or otherwise exploited to obtain personal data. (Levinson, Meyerson & Scarborough, 2008) Credit Card Fraud This is the most common type of fraud facilitated by identity theft. Identity thieves have found a way of engineered takeovers of existing legitimate credit card accounts and set up new unauthorized accounts using the identifying information of identity theft victims. Reports often described physical theft of credit cards from the mail or from the person or residence of the victim. Cards also are reportedly stolen by virtual means through the skimming of credit card numbers in the course of normal commerce; or through collection of this information online as a result of personal computer viral infection or consumer response to phishing emails and spoofed Web sites. In some cases, suspects used stolen credit card numbers to create a usable copy of the credit card. Individuals often reportedly used stolen credit card numbers without having physical custody of the card in non-point-of-sale transactions conducted over the Internet, by phone, or by mail. According to Suspicious Activity Report (SAR) filings made on June 2001 in its semi-annual publication The SAR Activity Review: Trends, Tips and Issues, over 30 percent of sample filings that reported the takeover of an existing legitimate credit card account, the subject reportedly added his/her own name as an authorized user of the card. (Westland, Christopher and Theodore, 1999) For instance, an e-commerce support company, Heartland Payments Systems found a malicious software inside their payment systems in 2009. This malware was meant to collect unencrypted payment card data. Heartland as a major credit and debit card processor, this incident placed as many as 100 million cards at risk. This therefore, resulted in losses amounting to millions of dollars due to the expenses incurred. (Fazlollahi, 2002) Merchant Related Fraud According to Chaffey (2009), merchant related frauds are initiated either by owners of the merchant establishment or their employees. The types of frauds initiated by merchants include; Merchant Collusion This type of fraud occurs when merchant owners and/or their employees conspire to commit fraud using their customers’ (cardholder) accounts and/or personal information. Merchant owners and/or their employees pass on the information about cardholders to fraudsters. Triangulation The fraudster in this type of fraud operates from a web site. Goods are offered at heavily discounted rates and are also shipped before payment. The fraudulent site appears to be a legitimate auction or a traditional sales site. The customer while placing orders online provides information such as name, address and valid credit card details to the site. Once fraudsters receive these details, they order goods from a legitimate site using stolen credit card details. The fraudster then goes on to purchase other goods using the credit card numbers of the customer. This process is designed to cause a great deal of initial confusion, and the fraudulent internet company in this manner can operate long enough to accumulate vast amount of goods purchased with stolen credit card numbers. (Plant, 2000) Internet Related Frauds According to Westland, Christopher and Theodore (1999), with the proliferation of the internet and m-commerce, credit card and online banking fraudster have found an easy way to prey on their victims. These fraudster fully operate internationally and with globalization and expansion of inter-continent economic and political spaces, a new market has emerged on the internet with consumers spread across the world. Therefore, the most common internet fraud techniques include; Site cloning Site cloning is where fraudsters clone an entire site or just the pages from which you place your order. Customers have no reason to believe they are not dealing with the company that they wished to purchase goods or services from because the pages that they are viewing are identical to those of the real site. The spoofed site will receive these details and send the customer a receipt of the transaction via email just as the real company would. The consumer suspects nothing, whilst the fraudsters have all the details they need to commit credit card fraud. False merchant sites These sites often offer the customer an extremely cheap service. The site requests a customer’s complete credit card details such as name and address in return for access to the content of the site. Most of these sites claim to be free, but require a valid credit card number to verify an individual’s age. These sites are set up to accumulate as many credit card numbers as possible. The sites themselves never charge individuals for the services they provide. The sites are usually part of a larger criminal network that either uses the details it collects to raise revenues or sells valid credit card details to small fraudsters. Credit card generators Credit card number generators are computer programs that generate valid credit card numbers and expiry dates. These generators work by generating lists of credit card account numbers from a single account number. The software works by using an algorithm that card issuers use to generate other valid card number combinations. The generators allow users to illegally generate as many numbers as the user desires, in the form of any of the credit card formats. Recommendations According to Fruhling & Digman (2000), several ways can be adopted in order to prevent these online threats to both customers and businesses. These techniques will enable online retailers and associated payment companies to screen all the transactions they receive before processing them hence enabling them flag those transactions they deem suspicious. These techniques include; Manual Processing This involves counter checking all the transactions manually so as to identify any signs of fraud. This process requires high human intervention in order to detect any fraudulent activity. However, such a process is very expensive and requires a lot of time. Moreover, it may be unable to detect some fraudulent patterns including the use of a credit card in many point of sales many times in many locations within a short period of time. The use of an address verification system This technique is of help in situations where the card is not available. It matches the few first digits of the ZIP code and the address provided for the delivery or billing address. The informations is supposed to correspond to that provided by the card issuer. When the address match, the retailer get a confirmation code to continue processing the order. However, this technique may not be useful in case of international transactions. Adopting a Card Verification Methods This techniques consists of a 3-4 numeric code that is normally printed on the card but not embossed on the card’s magnetic tape. The retailer normally request the bank issuing the card to provide the code with an authorization so as to confirm full identity of the legitimate card holder. The purpose of this card to ensure that the person using the card is the actual holder of the card or has obtained the card legally since the numeric code cannot be skimmed from the chip or magnetic tape. Use of Negative and Positive Lists This is a database used to identify high-risk transactions based on specific data fields. An example would be a file containing all the card numbers that have produced chargebacks in the past, used to avoid further fraud from repeat offenders. Likewise, online retailers can create negative lists based on the names of billing, customer’s e-mail, street addresses and IP addresses that have been used to attempt fraudulent activities hence helping in averting any future attempts. The positive files are important in recognizing trusted customers using either their e-mail address or card number hence certain checks may be by-passed. Such files help in preventing delays in the processing of valid orders. Payer Authentication This is an emerging technology that promises to bring in a new level of security to business-to-consumer internet commerce. The program is based on a Personal Identification Number (PIN) associated with the card. The PIN is issued by the bank when the cardholder enrolls the card with the program and will be used exclusively to authorize online transactions. Conclusion Business, people and the society at large are dependent on information technology than ever before. It is obvious that in both developed and developing world, access to internet and mobile phones are transforming business. The real challenge however is to work out the ways of monitoring the risk associated with e-commerce and their mitigation. This threats are actually board level problems for most businesses. Therefore, there should be a way of combining the threat environment with the current technology trends and the threats mitigation policies. Online threats are increasing day by day hence need for attempts to counter them. These threats can be prevented because they can be detected. Therefore, best verification and identification of these threats is important in helping customers and businesses avoid being robbed online. Also, educating consumers, business, government officials, and the media, and raising awareness about online ID theft, fraud and other threats are indispensable to reducing risks of theft. Reducing these risks would strengthen consumer trust in E-commerce. Tackling such a menace require concerted, collaborative efforts by all stakeholders. Education and awareness are therefore necessary to ensure that both consumers and businesses are aware of the importance of the problem, and knowledgeable about its evolving forms. A well-executed fraud strategy can help improve fraud identification and operational efficiency. Bibliography 1. Chaffey, Dave. 2009. E-business and e-commerce management: strategy, implementation and practice. Harlow, England: FT Prentice Hall. 2. Fazlollahi, B. (2002). Strategies for ecommerce success. Hershey, PA, IRM Press. http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=66251. 3. Fruhling, A.L. and L.A. Digman (2000) "The Impact of Electronic Commerce on Business Level Strategies", Journal of Electronic Commerce Research, 1(1), pp. 13-22. 4. Harding, C. W., & Varney, C. A. (1999). Ecommerce: strategies for success in the digital economy. New York, Practicing Law Institute. 5. Levinson, J. C., Meyerson, M., & Scarborough, M. E. (2008). Guerrilla marketing on the Internet: the definitive guide from the father of guerrilla marketing. [Irvine, CA], Entrepreneur Press. 6. Plant, R. T. (2000). Ecommerce: formulation of strategy. Upper Saddle River, NJ, Financial Times/Prentice Hall. 7. Westland, J. Christopher, and Theodore H. K. Clark. 1999. Global electronic commerce theory and case studies. Cambridge, Mass: MIT Press. http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=27234. Read More