Security Problems in E-Commerce - Research Proposal Example

A Research Proposal: Security Problems in E-Commerce In the age of globalization and internet the use of e-commerce is observed to have become an indispensable element to conduct the day-to-day business, professional and personal activities in the global sphere. The development of e-commerce has helped in the generation of different applications like electronic mails, and also in helping the people conduct sales and purchases in the internet paradigm. Use of e-commerce is observed to potentially contribute in the enhancement of relationship and customer service management activities of a company. Despite the above advantages operating in the e-commerce sphere reflects significant risks pertaining to the security parameters. Different types of risks relating to hacking of personal computers by hackers to retrieve confidential information of the users, growth of virus and Trojan horse attacks and also rise of fraudulent activities along the e-commerce sphere is observed to generate significant disturbance to the activities conducted. In the light of the above issue the paper aims to elucidate the different types of security problems while also endeavoring to evaluate different legal, technical and behavioral remedies that can be generated to help reduce the impacts. Keywords: e-commerce, security problems, remedies, regulations and legislations Statement of the Problem In the present era of internet the use of e-commerce in sustaining relationship with clients and in generation of customer service to the different customers spread on a global basis is unquestionable. Despite the above advantages the incorporation of e-commerce generates potential problems relating to the security paradigm. It is observed that owing to the breach and lack of effective security standards the e-commerce applications become the potential platforms for hacking activities. Effective information pertaining to the security and other personal information relating to credit cards are potentially hacked in that in turn affect the conducts of the users via the internet sphere. In addition to the issues concerning data security other problems like the emergence of virus and Trojan attacks affects the day-to-day activity of the parties in the internet paradigm. Thus with the traditional security issues related to the fraud and theft the use of e-commerce is observed nowadays to become a platform wherein consumer security and privacy is largely compromised. Data integrity is observed to be at stake owing to the rise of insecurity related to conducting of transactions in the e-commerce sites. Intrusion of Viruses and Trojan horse attacks creates potential disruption in the activities conducted along the e-commerce plane. The above featured problems along the e-commerce plane thereby affect the efficacy of the system and make it vulnerable to external attacks and growth of malicious activities (Marchany & Tront, 2002). Based on the above problem statement the paper focuses to present a discussion related to different research questions underlined as follows. What are the different types of security breaches and problems happening on the e-commerce paradigm? What are the effective remedies that can be taken by the user to counter the impact of such security breaches and problems related to e-commerce applications? How can the responsibility of the user be enhanced to generate needed consciousness in defending the emergence of such security problems? What are the different types of legislations that have been issued to help counter the security problems and generate needed remedies and supports? Background Literature Related to the Problem Security Problems in E-Commerce Khusial and McKegney (2005) reflect on the different security issues affecting the e-commerce activities on a global plane. One of the most common security attacks countered by the users of the e-commerce sites is referred to as social engineering. Through the use of the social engineering techniques hackers’ endeavor on retrieving the personal information of the users relating to passwords and also of other data related to registration and authentication information of the users to different sites. Illegitimate sites are created by the hackers to help retrieve the personal information of the users which are then used for manipulation purposes. Further different tools like SATAN are used by hackers to generate entry into the personal computers of the users which in turn contributes in gaining confidential information like passwords to different potential sites. Similarly other types of security problems occur related to sniffing activities such that the credit card number of the users or customers is hacked through the monitoring of data related to transactions carried out between the user’s computer and that of the shopper’s server. Existence of unencrypted information relating to the transactions carried out in a wireless hub is prone to such attacks. Other types of attacks carried out by the hacker relate to making the server computer attack prone through the mode of exhausting its capacity to conduct a number of mundane and useless tasks (Khusial & McKegney, 2005). Niranjanamurthy and Chahar (2013) identify virus and Trojan horse attacks as the most vulnerable security threats that tend to affect the activities conducted along the e-commerce plane. The intrusion of Trojan horse into the cyber system is observed to operate as a Denial of Service (DoS) tool in that it contributes in the emergence of compromise relating to data integrity and also the growth of fraud attacks. Hackers through the use of such virus attacks endeavor to gain control over the computer of a user. Gaining control over such user computer contributes in using the same to retrieve personal user data before the same gets encrypted. Further the failure of the e-commerce system to differentiate between fake and real orders generated by the hackers through the use of the victim’s computer affects the position of the user. Through the above mode hackers focus on gaining information related to the bank accounts and other significant areas which potentially victimizes the person. Use of e-commerce owing to the rise of such fraudulent activities has failed to generate optimal amount of benefits to the users. Growth of fear in the minds of the people related to their personal information and passwords being leaked to the users affect their intention to conduct transactions via the online sphere (Niranjanamurthy & Chahar, 2013). Remedies to Security Problems in E-Commerce Khosrpwpour (2004) reflects on the holistic solutions that ought to be taken to generate potential security pertaining to the conducting of transactions along the e-commerce paradigm. Along with development of potential infrastructure both relating to the hardware and software aspects to generate needed security the incorporation of needed commitment of the top management is also needed to protect the confidentiality of the activities and of the individual and corporate users on the e-commerce plane. The development of the knowledge and efficiency of the people involved along with generation of strategic plans are needed to contribute in creating a proper shield to the attacks generated by hackers in disrupting the e-commerce paradigm. In the process of devising a security program it is firstly required to identify and evaluate the different threats to the e-commerce system both relating to the internal and external environment. Anticipation of the threats involved contributes in planning for the right kind of program to help defend the impacts. In the second phase it also requires the evaluation of different contingencies that may emerge in the process of countering the impacts of the security problems and thereby formulating actions to help in defending such through alignment of needed resources and infrastructures. Similarly evaluation of the existing security policies and also the needed technology depending on the market needs is also required to be made to generate the right quality of program (Khosrowpour, 2004). Ackerman and Davis (n.d.) focus on the requirement of potential technologies to help in the countering and reduction of security breaches in the e-commerce paradigm. Different types of technologies can be effectively brought forward like that meant for surveillance; for evaluation and publication of confidential data sources; for enhancing the level of trust involved between the parties in e-commerce and that involved in augmenting the level of privacy involved. Different Privacy Enhancing Technologies (PETs) like the creation of firewalls and cookies contribute in enhancing the security level of the data involved and also in managing the sharing of the data for third party uses. Similarly other technologies like the Platform for Privacy Preferences (P3P) contribute in helping the different sites reflect the manner they tend to manage their data and also in helping the users reflect their preferences relating to the release or issue of confidential data sources. Browsers like Internet Explorer using such technology tend to gain the potential of forming a contract with data users which would help contribute in the managing of release or publication of private data sources (Ackerman & Davis, n.d.). Responsibility of the User Base Meng (2009) notes that security parameters related to the use of e-commerce can be effectively enhanced such that the people involved in carrying out the transactions in the e-commerce sphere are made rightly aware and conscious of the different security parameters that ought to be met. The people are required to abide by a set of best practices wherein they must restrain from the undue publications of their passwords related to the entry to the different websites and also in conducting their personal and professional pursuits in the e-commerce environment. Further the user groups are also required to understand the significance of the use of the digital signatures and also the requirement to generate information to some personal questions like ‘mother’s maiden name’, ‘name of your school’ and others. This type of information contributes in helping in the enhancement of the security position of the e-commerce sites which need to be used for generation of electronic mails or in conducting of purchases and sales in the electronic environment. Further the need to incorporate data encryption technologies and also the use of biometrics like scanning of retina and use of thumbprints as potential passwords also is required to be understood for rendering protection to the data sphere. Along with the above the user groups are also required to incorporate the firewall software, use longer passwords containing alphanumeric data and also understand the need to for using antivirus software ingto the computers for generating first hand protection to fradulent activities carried out in the e-commerce sphere (Meng, 2009). Legislations and Regulations to counter the Security Problems in E-Commerce Qin (2010) observes that potential administrative regulations and policies are in place to help enhance the protection of data sharing activities along the e-commerce paradigm. In cases where damage is inflicted on the system for data administration the same reflects the imposition of a fine and also in depriving the offender of the rights pertaining to the testing of anti-virus software. Likewise where the security of the e-commerce system is violated the same is observed to invite fine, cancellation of license and also suspension. Further where the paradigm of internet security is affected the same calls for generation of fines, ceasing connection to the internet and also a suspension for a period amounting to six months. The internet and the e-commerce age also reflect the introduction of consumer protection rights such that the same contributes in protecting the rights of the parties in issues relating to confidentiality. Legislations are also issued to help protect the rights of the consumers in the light of emergence of potential problems while conducting the purchase and sales activities through use of e-commerce websites. In United States the protection of activities conducted along the e-commerce sphere is generated through the development of a framework that helps in restoring the online privacy of the user base. Similarly in the European Union potential legislations have been issued to help protect the data privacy relating to personal information of the users conducting online purchase and sales (Qin, 2010). Smith (2004) further reflects relating to the existing of e-commerce laws that requires the use of digital signatures to help protect and enhance the security of the consumers and users in the e-commerce plane. Further relating to the conducting of transactions in the e-commerce plane, section 901(9) US Federal Rule of Evidence requires the understanding of whether the transaction is performed with potential security and whether the records used are accurate and unaltered in nature. It also tends to verify the reliability and security of the incorporation of hardware, software and different network components (Smith, 2004). Method Research Design and Instrumentation The conducting of the research activity to help in gaining effective inferences to the research questions relates to the use of a triangulated research design. A triangulated research design focuses on the synchronization of different types of research methods like secondary, primary, qualitative and quantitative to help in deriving the right quality of research inferences. Use of triangulated research methods contribute in enhancing the quality of the research activity such that inferences would be derived from different angles to gain the right quality of inferences pertaining to the research. Use of secondary research methods is generated significance such that the same contributes in the gaining of authentic and large amount of potential data sources in a faster fashion and also in a cost effective manner from the use of internet. Secondary research activity contributes in the generation of empirical inferences related to the meeting of the objectives of the literature review and thereby helps in the generation of needed background information for the conducting of future primary research (Collins, 2010). Owing to the above advantages the use of secondary research activity gains prevalence pertaining to the research activity. Other than the use of secondary research the use of case study based research also gains prevalence related to the research such that the research focus is built on understanding the security paradigms of the e-commerce activities. Case study based research gains prevalence such that the same contributes in analyzing the research issue by narrowing down the focus of the research to a specific case. Use of case study based research contributes in analyzing the research issue from different angles or perspectives which in turn enhance the quality of the research activity. Moreover like secondary research the use of case study based research activity also contributes in gaining potential research inferences in a time and cost effective fashion thereby enhancing the productivity of the research. Case study based research also contributes in generation of potential information that serves as a background for future research activities (Woodside, 2010). Other than the above research methods the use of Primary Research activity would also be incorporated related to the research such that the same contributes in the conducting of interview and survey activity in gaining of practical inferences related to the research issue. The use of primary research activity though entails a higher cost and time for accomplishing the research the same helps in gaining of contemporary findings related to the research questions and objectives (Collins, 2010). The primary research activity related to the paper would be conducted through the development of questionnaires for the conducting of interviews and surveys related to different set of respondents. The conducting of interviews through the use of unstructured questionnaires would contribute in the qualitative inferences related to the research. Qualitative research inferences are such that contribute in the generation of elucidatory and in-depth research findings related to the respondents. On the other hand structured questionnaire sets would be used for the conducting of surveys relating to the respondents that would contribute in the generation of quantitative inferences related to the research. Quantitative research inferences gained help in generation of specific findings related to the research issue which is reflected in a quantified and diagrammatic fashion (Goertz & Mahoney, 2012). Data Collection Data collection for the secondary research activity or empirical research would be carried out through the study of potential literatures available in the form of books, journals and articles such that authentic data sources penned by experts in the field would be used for developing the right quality of the understandings. Relating to the conducting of qualitative research activity the data would be collected through the development of unstructured questionnaires that would be used for the conducting of interviews on a specific group of managerial respondents. Pertaining to the conducting of survey based research; the data would be collected through the development of structured questionnaire sets such that the same contributes in the gaining of responses relating to scores generated on a multidimensional or likert scale having a rating of 1 to 5. The questionnaires would be distributed to the respondents through the use of mailers and also through the conducting of interviews and surveys via the telephonic and internet medium. Sampling Two types of sample sets would be generated for the conducting of the research such that for the conducting of qualitative research activity a small sample size of around 20 respondents would be selected from the managerial level of different e-commerce organizations, and also from the different companies where e-commerce is used as a tool for maintaining effective communication. This sample size of 20 respondents would be selected based on the use of random sampling techniques. Use of random sampling techniques would be incorporated related to the research activity such that it is a probability sample that helps in the effective representation of the respondents related to the research activity. On the other hand the use of stratified random sampling technique would be used for the selection of the sample size for conducting of survey research activity. A total sample size of around 200 respondents would be selected for conducting of the survey activity such that the same would be selected through the use of stratified random sampling technique. Use of stratified random sampling technique serves the purpose such that effective strata are selected both relating to the staffs and customers conducting activities in an e-commerce atmosphere. The use of stratified random sampling technique serves the purpose such that it both helps in reducing the errors related to probability sampling and also helps the respondents relating to the different strata to generate needed inferences related to the research issue (Campbell, 2002). Data Analysis The Data Analysis activities would act in a differentiated fashion related to the incorporation of qualitative and quantitative research. Relating to qualitative research the interview transcripts prepared pertaining to the inferences gained from the focused group respondents would be presented for in-depth analysis. In-depth narratives relating to the responses gained would be made to help analyze the research objectives and questions from the perspectives of the respondents. Relating to the quantitative research study the data analysis would be carried out through the incorporation of statistical tools like correlation analysis and descriptive statistics parameters like skewness, kurtosis and mean data. The inferences gained relating to the use of statistical tools would be presented in a diagrammatic fashion through use of charts and diagrams. Research Ethics Use of interview and survey research activity requires the meeting of effective ethical parameters. The researcher is firstly required to relate to the respondents the rationale for conducting of the research. This would contribute in enhancing the trust and confidence of the respondents in generating of required information. Further the researcher is also required to confide to the respondents that both their personal information and their inferences would not be published in other areas without earning their permission. This activity further enhances the level of trust and confidence involved and generates proactive responses from the different respondents. References Ackerman, M. S., & Davis, D. T. (n.d.). Privacy and Security Issues in E-Commerce. Retrieved July 26, 2014, from University of California: http://econ.ucsb.edu/~doug/245a/Papers/ECommerce%20Privacy.pdf Ackerman and Davis (n.d.) point out the different types of technological remedies that are generated to render effective security to the users in the e-commerce plane. Campbell, J. B. (2002). Introduction to Remote Sensing. United States : CRC Press. Campbell (2002) reflects on the concept and uses of random and stratified random sampling. Collins, H. (2010). Creative Research: The Theory and Practice of Research for the Creative Industries. United States : AVA Publishing. Collins (2010) reflects on the different types of research methods like secondary and primary research activity and their potential advantages. Goertz, G., & Mahoney, J. (2012). A Tale of Two Cultures: Qualitative and Quantitative Research in the Social Sciences. United States : Princeton University Press. Goertz and Mahoney (2012) discriminate relating to the use of qualitative and quantitative research methodology and the advantages gained pertaining to such. Khosrowpour, M. (2004). E-commerce Security: Advice from Experts. United States : Idea Group Inc (IGI). Khosrowpour (2004) reflects on the impacts of security problems on e-commerce activity and the remedies that are generated to counter such. Khusial, D., & McKegney, R. (2005, April 13). e-Commerce security: Attacks and preventive strategies. Retrieved July 26, 2014, from IBM: http://www.ibm.com/developerworks/library/co-0504_mckegney/ Khusial and McKegney (2005) also reflect on the different types of security problems in e-commerce and the preventive strategies that can be generated to help in countering such. Marchany, R. C., & Tront, J. G. (2002). E-Commerce Security Issues. Proceedings of the 35th Hawaii International Conference on System Sciences, (pp. 1-9). Hawaii. Marchany and Tront (2002) reflect on the different types of e-commerce security issues that were discussed in the 35th Hawaii International Conference on System Sciences and tend to impact the activities conducted in the e-comerce environemnt. Meng, X. (2009). Study on Protection Measures of People’s Information Privacy right in E-commerce. Proceedings of the Second Symposium International Computer Science and Computational Technology, (pp. 483-487). Guangzhou. Meng (2009) reflects on a set of best practices that need to be carried out by the staffs operating in the e-commerce environment to generate needed security. Niranjanamurthy, M., & Chahar, D. (2013). The study of E-Commerce Security Issues and Solutions. International Journal of Advanced Research in Computer and Communication Engineering , 2885-2895. Niranjanamurthy and Chahar (2013) reflect on the different types of security issues that emerge relating to the e-commerce paradigm and the solutions that can be genearted regarding such. Qin, Z. (2010). Introduction to E-commerce. Germany: Springer Science & Business Media. Qin (2010) reflects on the different types of regulatory and legislative policies that are taken to enhance the security of the people conducting activities in the e-commerce paradigm. Smith, G. E. (2004). Control and Security of E-Commerce. United Kingdom: John Wiley and Sons. Smith (2004) reflects on the issue of digital signatures and biometrics like thumbprint and scanning of retina as effective security control elements relating to security problems in e-commerce. Woodside, A. G. (2010). Case Study Research: Theory, Methods, Practice. United States : Emerald Group Publishing. Woodside (2010) reflects on the advantages and significance of case study based research. Read More