E-Commerce: Security and Privacy Issues - Research Paper Example

E-Commerce: Security and Privacy Issues Table of Contents Table of Contents 1 1- Abstract 2 2- Introduction 3 4- Privacy & Security 4 5- Basic Principles of Customer Security 6 6- Analyzing E-commerce Security and Privacy 7 7- Main areas of vulnerability 8 8- Security and Privacy Issues 9 This section discusses some of the main online business security and privacy threats and precautions that could be taken regarding better online business management. Jeanty (2009) stated that there are various security threats that are related to the online commerce information theft. For instance, a hacker hacks the business information and gives the corporation a huge damage. This valuable business information could be customer’s personal information or deal/sales record. In this case business customer can loose confidence on the business polices; this will be a great loss to the business (Jeanty, 2010; Moores, 2005). Besides this Turban, Leidner, McLean, & Wetherbe (2005) outlined the another most important security threat that is computer virus attacks on the web based business network or computer system. These viruses can damage or destroy the business system and discontinue the overall business operations that is really challenging for the business. Therefore, the business customers could leave the business (Turban, Leidner, McLean, & Wetherbe, 2005). 9 9- Managing Security and Privacy Initiatives 10 10- Conclusion 12 11- References 13 1- Abstract Electronic commerce (E-commerce) is web based commerce that is completely different from the traditional business practices. In addition, E-commerce encompasses banking, retail shopping, stocks, auctions, bonds trading, airline booking, real estate transactions, rental movies and almost everything that could be imagined in the real world. This, Ecommerce requires a personal security certificate as well as expensive interface. However, the Ecommerce virtual stores could be accessed via a range of hosting services as well as using huge internet companies like that Yahoo and eBay. In addition, these types of companies are offering turnkey solutions to sellers and buyers having small or no experience or knowledge. Additionally, the tools and applications intended for running effective ecommerce businesses are developed into the hosting servers, getting rid of need for the individual trade to reinvent the wheel. Since, these tools and applications encompass benefits such as shopping carts, inventory and sales logs, as well as the capability to accept a diversity of payment alternatives including safe credit card transactions. Although, E-commerce brings a lot of advantages for the businesses and individuals but there are numerous security and privacy issues attached with the online or web based commerce. In addition, these issues could have some critical impacts on the business and dealing of the firms. This paper presents a detailed analysis of the security and privacy issues in case of ecommerce scenario. In addition, research will present a comprehensive overview of the some of main security and privacy related issues those could make the ecommerce less secure business platform. 2- Introduction There are a lot of security and privacy issues that organizations and individual are facing nowadays in case on ecommerce. However, these issues were emerged with the emergence of information and communication technology. However, the main intention of this paper is to discuss security and privacy issues those are related to the E-commerce. Although premature E-commerce was undersized by security issues however the current security and privacy policies and tools have helped a lot in improving the people confidence and offering the comfortable feeling in case of online dealing and buying. In addition, bearing in mind the huge potential in e-commerce, the majority of credit card businesses helped calm fears through offering guarantee to the cardholders that they would not be held accountable for fake charges as a consequence of online shopping. Thus, the entire of these matters have facilitated e-commerce in making the flourishing industry today (Kayne, 2010; Gehling & Stankard, 2005). However, there are lots of issues still undergoing in case of web based commerce. These issues can be security and user privacy related. In addition, the effective management of these issues leads toward the enhanced management and handling of overall web based business. This research will take a look inside these security and privacy related issues in case ecommerce. 3- E-commerce According to Laudon & Laudon (1999), only few technologies have received as rapid recognition as the internet. Since, the tools and techniques offered by the internet are changing and improving the methods through which business operations are performed. In addition, these techniques and tools are also modernizing the traditional business arrangement on which a number of organizations are building and implementing their in-house or internal information systems. Additionally, at the present, many organizations/businesses are utilizing the internet techniques and applications to build a private domestic network which is known as intranet. However, several corporations are making use of these applications and methods to build protected business-to-business networks that are acknowledged as extranets. Thus, these technology movements have given birth to an imperative business approach that is electronic commerce. Since, E-commerce encompasses carrying out both inside and outdoor business over Internet, intranets, and extranets. In addition, the E-commerce encompasses selling and purchasing of services, goods and products, the simplification of every day business operations or processes, and the payments matters via digital communication (Whitten, Bentley, & Dittman, 2000, p. 23) and (Laudon & Laudon, 1999, pp. 24-25). 4- Privacy & Security The term “Security” is a collection of the rules, technical measures, actions that are used to stop unlawful access or alteration, stealing, and physical damage to data and information (Laudon & Laudon, 1999, p. 502). On the other hand, privacy is the right of organizations and individuals to prohibit or confine the utilizations and compilation of information about them. However, in the past, the privacy of information was simple to maintain since the information was stored in different places. Thus, each business or department had its own data files. For instance, each government agency stored separate records; doctors stored their own patient information. However, at the present time, huge databases keep this data online. In addition, a huge amount of this data is secret and private that should be accessible only to authorized users. So, the aim of E-commerce security and privacy is the protection of data and information from unintentional or worldwide threats to their consistency and bad utilization (Norton, 2001; Shelly, Cashman, & Vermaat, 2005, p. 591; Gehling & Stankard, 2005). Nasir (2004) stated that in online shopping the majority of people normally do not realize what is going on the background. However, the web shopping is usually extremely simple. There is need to click on a linked website, move onto that website, purchase the necessary merchandise by adding up items into shopping cart, enter the credit card particulars then await delivery in a couple of days. Since, this whole procedure looks extremely easy and straightforward on the other hand a businessmen or developer have knowledge of exactly how different obstacles should to be jumped to complete the order. Additionally, the purchaser’s information has to get ahead of in the course of a number of hands therefore privacy and security of the information is a main concern. In addition, the security and safety of a client’s personal details and information lies inside the hands of the company. Thus, this is the responsibility of companies to provide the purchasers initially their guarantee, as well as next peace of mind that their personal information passed over is having no risk to some attacking eyes. In customary as well as online trading settings customers are allowed to have their privacy respected. The online ecommerce websites should offer the clients options concerning the utilization of their personal information, as well as integrating security measures to limit right of entry to client information from unauthorized ways. In addition, the security and privacy policies as well as measures should be plainly clarified to customers in case of an online business. Although respecting customer security and privacy right is an officially permitted requirement, it as well signifies high-quality business practice. If clients are having belief on ecommerce website then they are more probable to trade with it. However, a lot of people are not agreeable to reveal their personal information on the internet. But, this is dependent on the persons to make a decision how a great deal personal information they are prepared to reveal as well as how it might be employed (Nasir, 2004; Tan & Guo, 2005). 5- Basic Principles of Customer Security Shoniregun (2002) has outlined that the majority of ecommerce web based business companies and merchants leave the business mechanics to their hosting corporation or IT employees, however there is need to facilitate and recognize the fundamental principles regarding customer security and privacy. In case of any online business there is a basic need to meet the four fundamental requirements of ecommerce business: (Shoniregun, 2003; Moores, 2005): Integrity: client data and message have not to be tampered or altered with. Non-repudiation: Evidence is required that the user data and message was certainly received. Privacy: Client data and personal information need to be kept safe from illegal parties. Authentication: Recipient and sender have to prove their identities to each other. 6- Analyzing E-commerce Security and Privacy To better analyze the ecommerce security and privacy there is need to define the security and privacy in terms of ecommerce. Chaudhury & Kuilboer (2002) stated that computer security and privacy in terms of online commerce is a group of activities which include the policies, measures, and actions which are utilized to stop unlawful access or alteration, theft, and physical damage to user (client, buyer) information. In addition, the security and privacy could be supported with an assortment of techniques and tools to protect computer hardware, software communications networks, and business data (Chaudhury & Kuilboer, 2001). In the modern age of information technology, there are many threats appeared for the corporations, business and personal information. So, there is need of a security and privacy model that could be able to manage and secure their information reservoirs. However, the technical administrative safety /security measures such as security plans, actions and techniques are the mainly traditional practices that are used as the organizational information security measures. At the present, the security and privacy for the client information are the most important issues for any ecommerce and web based organization (O’Leary & O’Leary, 2007; Turban, Leidner, McLean, & Wetherbe, 2005). Since, an increasing number of domestic and worldwide criminal people are making use of the internet for crime purposes. In addition, the computers and other electronic instruments could also be used to commit crime or are besieged by criminals. Even a home computer linked to the internet exclusive of security might be infected with malicious software only in few minutes. In the same way the web based commerce could also engage a lot of criminal actions that can damage the business reputation and diminish the customer confidence on the web based business infrastructure (POST, 2006; Gehling & Stankard, 2005; Turban, Rainer, & Potter, 2004). 7- Main areas of vulnerability This section covers the analysis of some of the main vulnerabilities regarding ecommerce security and privacy. However, the most important area of vulnerability in ecommerce business is web based payment. The concept of web based payment presents the idea of the virtual cash. This offers a great facility to be free from the carrying bundles of money. Since, the information technology has changed the local store purchase to a card. Thus, people can pay their bills using internet. Even large business deals and huge cash transfers could be done via a laptop (PC) (Quek, 2007). However, the method of online payment is the most important concern of E-commerce, but there are numerous security cases or issues concerning the online payment have been registered (Gregg & Scott, 2008). Additionally, these cases comprise online fraud, prohibited credit transfer, and credit card password theft. Thus, at the present time the ecommerce has become an insecure place for business. Since, there is danger due to the credit card information theft, virus, scamming and intelligent spies. In addition, the purpose of all these techniques is to extract and make use of the customer’s personal information. However, various solutions have been developed to deal with these problems; for instance, illegal intrusion could be stopped through the implementation of system firewall. In addition, the development of secure information transfer protocol (HTTPS) is also a significant development in this regard, which ensures hazard less information distribution and submission (Shandilya, 2007), (The Millennium eTrust Pte Ltd , 2007), (Russell, 2009) & (Oak, 2008). 8- Security and Privacy Issues This section discusses some of the main online business security and privacy threats and precautions that could be taken regarding better online business management. Jeanty (2009) stated that there are various security threats that are related to the online commerce information theft. For instance, a hacker hacks the business information and gives the corporation a huge damage. This valuable business information could be customer’s personal information or deal/sales record. In this case business customer can loose confidence on the business polices; this will be a great loss to the business (Jeanty, 2010; Moores, 2005). Besides this Turban, Leidner, McLean, & Wetherbe (2005) outlined the another most important security threat that is computer virus attacks on the web based business network or computer system. These viruses can damage or destroy the business system and discontinue the overall business operations that is really challenging for the business. Therefore, the business customers could leave the business (Turban, Leidner, McLean, & Wetherbe, 2005). The next ecommerce business based security and privacy issue is hacking. In this scenario Turban, Rainer, & Potter (2004) state that a hacker is an external person who could break a computer system, normally without illegal intention. However, the computers are being employed almost in every kind of work. Since the organizations started selling software and linking computer systems and networks, criminals (Hackers) found new and easy ways to earn money and perform criminal activities using internet. In addition, Hackers steals information to offer a danger to the organizations and individual (Turban, Rainer, & Potter, 2004; Shelly, Cashman, & Vermaat, 2005). According to Moore and Clayton (2008), a biggest secuity threat to the web based business is phishing that is the illegitimately to be regarded with suspicion procedure of trying to access and retrieve sensitive data and information such as passwords, usernames, and credit card information through hidden and fake means. In addition, the Phishing is usually performed using E-mail or via the instant messaging. However, in ecommerce, this attack normally directs to web visitors to send personal particulars at a false website whose appearance or interface are approximately alike to the actual one. Even when performing server verification, it can demand great expertise or knowledge to make a distinction that the website is false. Additionally, the phishing is a case of community engineering methods that are adopted to make fool to online users, as well as exploits the concentrated usability of present web safety expertise. Thus, the endeavor to deal with the increasing phishing events demands community awareness, legislation, user training and technical safety procedures (Moore & Clayton, 2008; Turban, Rainer, & Potter, Introduction to Information Technology,3rd Edition, 2004). The phishing also encompasses the data stealing through the online address and fake ids. In addition, the information and data stealing is extensively employed techniques to industry intelligence. Through theft of personal information, plan documents, worker associated records, officially estimations etc., information thief’s proceeds from promotion to those who want to make self-conscious or reason economic harm or to contestants (Yahoo! Inc., 2010). 9- Managing Security and Privacy Initiatives This section presents some suggestions and business security management initiatives that can offer better business security management and handling. Turban, Rainer, & Potter, (2004) stated that in case of online business, organizations need to implement a security strategy that outlines the probable security risks, threats and challenges and initiates to counter those security breaches. In addition, they need to publish the customer privacy policy on the web. Thus, this will make sure to the customer the steps that business has taken to make secure, manage, and control the business and customer information. Additionally, organizations should implement security management at their business network. They could implement a network firewall that protects the business from some external attacks. In addition, they need to install antivirus programs, anti spy and anti phishing system to ensure the business network security and integrity (Turban, Rainer, & Potter, 2004; Shelly, Cashman, & Vermaat, 2005). Following steps can be taken to manage and handing the security and privacy of the business as well as customer (Laudon & Laudon, 1999) & (O’Leary & O’Leary, 2007): Make use of anti spyware software Get training about phishing Protect the hosts file Firewall Do not click on hyperlinks in e-mails Take benefit of anti-spam applications/software Confirm https (SSL) Defend beside DNS pharming attacks Carry on antivirus up to date Don't enter perceptive or economic information into pop-up windows Make use of the MBSA (Microsoft Baseline Security Analyzer ) Make use of backup system images Getting higher identification requirements create privacy troubles An enhanced user control 10- Conclusion The web based business has been developed very much and it became the basic need of almost every organization. At the present, almost every organization wants to offer its business on the internet because internet offers great advantages regarding the better business management, effective commutation and effective management of operations. However, there are many benefits of internet but it has also created a lot of troubles in the form of computer crimes in case of ecommerce. Since the criminals target computer systems or make use of them as tools to carry out old as well as modern types of crimes. This paper has discussed the ecommerce based security and privacy aspects in case of business and personal areas. In addition, this paper has outlined various types of security and privacy issues. This paper has also presented the ways to minimize the security issues in ecommerce business. I hope this research will offer an overview of security and privacy issues with respect to the E-commerce. 11- References Chaudhury, A., & Kuilboer, J.-P. (2001). E-Business and E-Commerce Infrastructure: Technologies Supporting the E-Business Initiative, 1st edition. New York: McGraw-Hill Higher Education . Gehling, B., & Stankard, D. (2005). eCommerce security. Information security curriculum development, Proceedings of the 2nd annual conference on Information security curriculum development (pp. 32-37). Kennesaw, Georgia: ACM New York, USA . Gregg, D. G., & Scott, J. E. (2008). A typology of complaints about eBay sellers. Communications of the ACM, Volume 51, Issue 4, pp. 69-74. Jeanty, J. (2010). Define the eCommerce Model. Retrieved February 28, 2009, from eHow.com: http://www.ehow.com/about_4705407_define-ecommerce-model.html Kayne, R. (2010). What is E-Commerce? Retrieved February 27, 2010, from WiseGeek.com: http://www.wisegeek.com/what-is-e-commerce.htm Laudon, K. C., & Laudon, J. P. (1999). Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . Moore, T., & Clayton, R. (2008). Evaluating the Wisdom of Crowds in Assessing Phishing Websites. Lecture Notes In Computer Science, Financial Cryptography and Data Security: 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008. Revised Selected Papers (Attacks and Counter Measures), pp. 16–30. Moores, T. (2005). Do consumers understand the role of privacy seals in e-commerce? . Communications of the ACM, Volume 48 Issue 3, pp. 86-91. Nasir, M. A. (2004). Legal Issues Involved in E-Commerce. Ubiquity, Volume 4, Issue 49, pp. 2-2. Norton, P. (2001). Introduction to Computers, Fourth Edition. Singapore: McGraw-Hill. O’Leary, T., & O’Leary, L. (2007). Computing Essentials. New York: McGraw-Hill. Oak, M. (2008, August 22). Disadvantages of Electronic Payment Systems. Retrieved February 25, 2010, from Buzzle.com: http://www.buzzle.com/articles/disadvantages-of-electronic-payment-systems.html POST. (2006, October). Computer Crime. Retrieved February 28, 2010, from Parliament.uk: http://www.parliament.uk/documents/upload/postpn271.pdf Quek, D. (2007, October 11). Types Of Online Payments For Your Site. Retrieved February 26, 2010, from EzineArticles.com: http://ezinearticles.com/?Types-Of-Online-Payments-For-Your-Site&id=777328 Russell, M. (2009, February 06). Online Banking: Advantages and Disadvantages. Retrieved February 27, 2010, from eZineArticles.com: http://ezinearticles.com/?Online-Banking:-Advantages-and-Disadvantages&id=445102 Shandilya, A. (2007, December 15). Online Banking: Security Issues for Online Payment Services. Retrieved February 26, 2010, from Buzzle.com: http://www.buzzle.com/articles/online-banking-security-issues-for-online-payment-services.html Shelly, Cashman, & Vermaat. (2005). Discovering Computers 2005. Boston: Thomson Course Technology. Shoniregun, C. A. (2003). Intellectual Property Rights of Multimedia Enriched Websites. Communication of the ACM: Ubiquity, Volume 3, Issue 37, p.2. Tan, H., & Guo, J. (2005). Some methods to depress the risks of the online transactions . ACM International Conference Proceeding Series; Vol. 113, Proceedings of the 7th international conference on Electronic commerce (pp. 217-220). Xi'an, China: ACM New York, USA . The Millennium eTrust Pte Ltd . (2007, Ausgust 22-24). Online Payment: Issues and Solutions. Retrieved February 27, 2010, from The Millennium eTrust Pte Ltd: http://74.125.153.132/search?q=cache:qlYEBLJkEzoJ:www.apecovop.org/objstore/ecvdo/91/10.ppt+online+payment+problems&cd=4&hl=en&ct=clnk&gl=pk Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2005). Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley. Turban, E., Rainer, R. K., & Potter, R. E. (2004). Introduction to Information Technology,3rd Edition. New York: Wiley. Whitten, J. L., Bentley, L. D., & Dittman, K. C. (2000). Systems Analysis and Design Methods 5th Edition. New York: Irwin/McGraw-Hill. Yahoo! Inc. (2010). Phishing Attacks, Courtesy of Computer Associates. Retrieved February 27, 2010, from Yahoo.com: http://tech.yahoo.com/gd/types-of-phishing-attacks/202895 Read More