Commerce as the Transfer of Goods and Services - Coursework Example

 Commerce as the transfer of goods and services 1.0 Overview Commerce, as it is, is the transfer of goods or/and services from one person often called the seller to another person known as the buyer or consumer of the goods or/and service(s). First of all, there is need foe an agreement between the two parties that are doing business on issues such as price, form of the goods or services, mode of payment, time frame for payment or delivery, payment before delivery or otherwise, quantity to be delivered, etc. Once these agreements are obvious to both parties, then a transaction is sealed. A transaction is said to be complete when the objectives of each party are met i.e. the buyer gets the services or/and goods delivered to him/her in time and the seller gets to be paid , in the required form, and in time. The arena for making agreements prior to sealing of a transaction varies. The buyer and seller may meet face to face, they can communicate through the telephone or they can do that through the web commonly known as the interment. When such agreements are reached over the internet followed by the transaction getting sealed (buyer gets commodities bought delivered to him and seller gets paid by the buyer), then this is termed as e-commerce or e-business. Just like in any business, there have been instances of fraud in e-commerce. If one is able to commit fraud when the transaction is conducted face to face, how much more is this possible when business is conducted over the web? Most businessmen have been defrauded and buyers conned. This led to the need for beefing up security as far as e commerce is concerned. The security function in the websites belonging to buyers has been the very essence of doing business. One needs to verify the validity of the seller and the buyer needs to pay beforehand. Even though the amount of security has increased in the recent years, the hackers keep on being creative by the day thus also requiring innovation as far as the security function of e-commerce is concerned. 2.0 Abstract E-commerce is picking up as a popular way of doing business not only on the retail section but also the banking section. It entails doing business over the web in which the seller and the buyer are both connected via a web browser. Since anything that deals with the computer and the web to be precise is prone to hacking, spying, sabotage etc, it is important t hat a security component is emphasised when using the web. This security function becomes mandatory when using the web for business. However the security needs to be upheld to a given degree which is of dual function in that it doesn’t impede on efficiency of transactions and still it doesn’t leave obvious holes to the hackers’ advantage. The seller’s website needs to be well protected and secure against fraudsters and hackers but at the same time the security components should not suffocate the website top a level that the efficiency of business transactions is impeded on. The buyer has the obligation to identify his/her security objectives: there is need to know what it is that the seller needs to protect and what should be left open with considerable trust to enhance business transactions. As much as some reasonable degree of trust is necessary in conducting business but too much trust is dangerous to the wellbeing of the very business that you fight to enhance through trust. Therefore, once the seller has identified what to protect and what not to, he has successfully defined his security objectives and these help do create a security policy which must be implemented. After implementation of the security policy, it is obvious that testing is conducted to ensure that the objectives so represented by the security policy are achieved or realized. This testing requires that the seller himself thinks and acts as a hacker to test the security of major items in his own website. In this way, you not only guarantee the security of the net for safer business but also keep on anticipating for new hackers’ tricks thus being ahead or the time. 3.0 Introduction E-commerce may be construed to refer to the process of not only buying but also selling goods and services via the internet. Mostly, the internet used in this kind of business is the World Wide Web. In this kind of business, potential buyers log onto the sellers website and shop from the catalogue maintained in the buyer’s website in something that can be said to be a virtual mall (New Age International, 1979: p5). Once the buyer decides to buy, he will do so via electronic money transfer and thus it is the responsibility of the seller to ensure that the goods or services so purchased are safely and timely delivered to the buyer. Despite the security concerns in business transactions as far as e-business is concerned, e-business or e-commerce for that matter has continued to gain popularity by the day. This report seeks to elaborate on the security aspect of e-commerce. It sets out to answer questions such as: Is e-commerce in any way superior to its counterpart kind of business? Is building a website for purposes of e-business really worth the effort? Can the security of the transactions in e-business be guaranteed? If no what strategies have put in place to make sure that such is the case? Arte these security measures effective in securing the practice of e-commerce? All these and many more questions shall be answered in this report. E-commerce is rapidly picking up in the present society and it is doing well indeed. To gain a competitive edge in marketing, sales, market segmentation and even customer base, most business organizations have resolved to go the e-way so as to be able to display their merchandise 24 hours, seven days a week and be able to reach larger market segmentation. Many have also opted for the e-business option because it is cost effective as compared to its counterpart. 4.0 Security in e-commerce As stated earlier, the security of transactions in e-commerce is a formidable and potent concern. Imagine buying a good or service online, you pay but the service or commodity is not delivered at all. Yet still, imagine you are selling goods or services online and you deliver the services or goods and services and you don’t get paid at all. Further, in the competitive market, your competitors may decide to turn into hackers to push you out of business and so as to raise their customer base. And the imaginations go on and on and on and yet still one cannot be said to be overreacting. These are security concerns that need to be addressed in the e-commerce practice. Security, as far as e-commerce is concerned, also includes the bid to validate business transactions, the process of controlling access to commodities or resources that are classified .for instance the web pages meant for registered members or a few selected users only, encryption of the communication process and many more processes. Generally, security in e-commerce is all about is the effort to ensure and insure not only the privacy but also the efficiency of the e-business transactions (Laudon & Guercio, 2001: pp143-7). 4.1 Secure Sockets Layer, SSL (presently called Transport Layer Security (TLS) in e-commerce Security The question that persists in this venture is: is security possible in e-commerce? Even though security can be achieved it should not compromise the workability of the e-business that you set out to conduct. Yes, it is possible that security can be achieved because this has been achieved in the two leading browsers through the use Secure Sockets Layer (SSL). This security function has been built in to the web browsers product (Web) and can be extended to be used in individual websites. This security function, Secure Sockets Layer (presently called Transport Layer Security (TLS)), provides data integrity and/or security in the web based communication. This security protocol is spread over to other web based utilities such as: e-mail, web browsing, faxing, voice-over Internet Protocol (VoIP) and instant messaging all of which are used in e-commerce and without which e-commerce becomes futile (Rescorla, 2000: pp45-7). 5.0 Identify the Items or Resources to be protected Now that security is possible, it is important for the e-businessperson to decide what should be protected or secured and what should not. Only the most important goods or resources in the website should be secured or protected. If you try to secure everything, then this impedes on the practice of e-commerce, the very practice that you are trying to enhance. Therefore, it is the responsibility of the web developer, in collaboration with the e-businessperson to define the degree of protection necessary so as to secure the e-business practice without necessarily impeding on its efficiency. Therefore, the first step to the establishment of security in e-commerce is the identification of the items or resources that need to be protected. The items that usually require protection include resources, reputation or data (Ghosh, 1998: p172). As much as one may have decided the items to be secures and has successfully done so, the issue of time comes in very strongly. How much time are we talking about; that should be allowed in a secured website? This has to be predetermined because hackers are not stupid. If there are any group of people who are really smart and creative, then it is the hackers and the more time you allow them in the secured web page, then the more they will be able to manoeuvre around trying to find a way of hacking the system. Therefore, alarms to warn of limited time and incorporation of the appropriate required responses will help address this issue amicably 6.0 Must Enforce Security Policies What all this is trying to tell us id s that as a company that sets out to an e-business venture, there is need for an elaborate pre-mediated security policies that must be enforced in the e-business system. These policies need to include the legal aspect of e-business; what will be the best practices in e-business which will help avoid head on collision with the law or avoid the company finding itself on the legal offensive side? As these policies are set before the security functions reflecting the policies are laid, it will of utmost importance to be realistic. The policies have to be both practical and realistic. For instance, you cannot protect everything and expect to do business. Finally, the policies need to be converted into a practical utility such as secure website. If the company has identified what needs to be protected, laid down practical and realistic security policies and yet cannot protect what it had set out to protect, then the e-business is a misplaced venture to start with. Protection of some items or resources cannot be compromised in that if the management is not able to oversee the protection of what has to be protected then it should reconsider the establishment of the e-business system(Korper & Ellis, 2001: pp194-5). 7.0 Trust Relationships  Trust in any kind of business either the face to face transactions or the web based transaction depends on some degree of trust or otherwise there will be no reasonable business relations. Therefore, as a company decides to go the e-commerce way, the management should decide on the degree of trust to be afforded to the clients or customers. If the concept of trust is understood, then it is possible to decipher both the e-commerce system’s security and its efficient usability. It is obvious that trust solely and single handedly influences the e-commerce system’s security architecture. To illustrate this, consider two individual with two different personalities. Let one be relatively insecure and thus lacking in trust and the other the converse. The former, is likely to invest more is security aspects such as hire bodyguards, electric fences, and if such a person is in business, he/she may not readily extend credit facility to anybody etc. The latter will be a real risk taker but reasonable risk taker at that. The latter will therefore be successful if he were in business and better still in e-business. A reasonable amount of trust will help establish reasonable security architecture. This is in line with the initial concept highlighted above where it was realized that too much security stifles and suffocates reasonable business practices(Keen et al, 2000: pp57-9). 8.0 Risk Analysis  As mentioned in the foregoing paragraph, trust is related to risk. Everything in the world is a risk. To live one risks dying, to over trust one risks disappointment, to love one risks a heart break etc. Generally, everything in life has a risk aspect. This therefore proceeds to throw one very powerful implication to the arena: if one detests risk then his success will be evasive especially in business and worse still in e-business. A risk taker often emerges as a winner in business. However, there needs to be a limit to the amount of risk that one can possibly take. You cannot not steer straight for the rocks and expect God to help you. There is always a discernable reasonable risk which one cannot shy away from and which is not harmful. Therefore, in risk analysis, as pertains to establishment of security in e-business, the management of an organization needs to be realistic. There some things that one cannot lie about and yet there are others that one is likely to obviously lie about. Therefore, realistic risk analysis will afford a security architecture which will work effectively without necessarily impeding on e-commerce. Moreover, the management needs to understand that hackers are progressively creative and thus obscure vulnerabilities should never be ignored. Therefore, every aspect of security needs to be exhausted effectively. One very important point that needs to be understood, and it has been noted earlier, is the fact that effort to protect everything must be avoided and at the same time it is necessary to avoid obviously naked holes that hackers will not hesitate to take advantage of (Newman & Clarke, 2003: p78). 9.0 Security Objectives  An elaborate security analysis will always feature threats, opportunities, strengths and weaknesses. Assumptions on the security of the system too may not fail to feature in a risk a security analysis. Therefore, once a security analysis has been concluded, this environment can be used to categorically and objectively state security objectives of the organizations. If the organization sets out to venture into E-commerce withal the security threats and risks that come with it, what are some of the system objective does the organization wish to achieve? These system objectives beget security objective which always counter the security threats. This statement of the security objectives should be in sync with the product or system goals and objectives and helps the organization not only to understand the environment in which the system is working but also, base don the assumptions of a secure system, help realize the utility of the system through constant matching of performance against the goals and objectives so stated. 9.1 Importance of the Objectives The objectives help in solution definition through analysis of each objective against the already created context of the assumptions of a secure system operation Helps define the system requirements (both the functional requirements-things you must purchase to make the system effective and assurance requirements-things you must do to ensure that the system operates effectively). The functional requirements give an elaborate of the role of the security solution in enabling enhance effective operation of the system and usually it has the potential of being compared to the functionality offered by the producers and vendors of both security software and hardware. Assurance requirements on the other hand define what the developmental effort and testing component of the security solution that the vendors of the security software need to invest in to prove functionality they offer in the software or/and hardware (Campbell et al, 2003: p132). Finally, the recommendations offered after the security analysis need to be implemented with a dedicated loyalty because they will always have a formidable potential of offering the security solution so desired. This is indeed a long process and this analysis is necessary before venturing into e-commerce. Security has to be assured through multiple tests such as Identification and Authentication, Access Control, Audit, Firewalls, Intrusion Detection, Cryptography and Public Key Infrastructure (PKI), Virus Protection and Object Reuse or Media Sanitizing. These tests will help assure the security assurance of the security solution(s) in the e-commerce website. The management has to think and act as hackers to test their security solution. It should always be remembered that over protection of system and excessive risk taking is a risky affair that can impede terribly on the very venture the organization sets out to undertake. 10.0 Recommendations Since security is important to e-commerce, the buyer needs to clearly identify his security objectives – What should and what should not be protected Avoid overprotection which may impede on the efficiency of business transactions. If you try to protect everything, you may end up protecting nothing. Consult security experts who will help operationalize your organization’s security objectives. Think and act like a thief to catch a thief-the website owner, in this case the business organization, should constantly anticipate new hacking techniques and try to apply them on your website. The more you try to hack your own website the more you identify obvious holes or over security thus giving you a better opportunity to make necessary adjustments. Always make use of competent experts because security is the very essence of e-commerce. 11.0 References New Age International (1979): E-Commerce, New Age International, p5 Laudon K C & Guercio C T (2001): E-commerce: Business, Technology, Society, Addison Wesley Publishers, pp143-7 Ghosh AK, (1998): E-commerce Security-Weak Links, Best Defences, John Wiley, pp172 Korper S & Ellis J, (2001): The E-commerce Book: Building the E-empire, Morgan Kaufmann Publishers, pp194-5 Campbell et al, (2003): E-Commerce: Law and Jurisdiction, Kluwer Law International, p132 Keen et al, (2000): Electronic Commerce Relationships: Trust by Design, Published by Prentice Hall PTR, pp57-9 Newman & Clarke, (2003): Superhighway Robbery: Preventing E-commerce Crime, Willan Publishing, p78 Read More