Transaction Security in E-commerce - Research Paper Example

Id # Transaction Security in E-commerce Introduction E-commerce refers to the business deals between organizations and individuals carried out through the digital technologies. Normally, it is acknowledged as the Internet-based electronic commerce. According to this scenario, e-commerce offers numerous benefits for businesses to carry out business activities on the Internet (Qi and McGilligan). E-commerce has been offering to the worldwide economy very much, all through the past decade, as more companies and corporate owners and entrepreneurs have started building their own web based Business Empire. In view of the fact that the Internet carries on to grow, and more and more people began to utilize the Internet for a wide variety of reasons, thus, businesses in all the industries are starting to compete extensively for clients on the World-Wide-Web. In addition, it forms a situation where hundreds and thousands of web based transactions happen on a daily basis, with millions (or yet billions) of dollars being spent in online transactions (also known as e-commerce transactions). According to this scenario, the majority of people do not understand that the job of protecting similar business transactions is completely up to the web hosting supplier, who is actually responsible for making use of the suitable applications, implementing safety and security measures, and technological advancements to ensure security of customers’ financial particulars of their customers (WebHostingGeeks; Laudon and Laudon). At the present, the majority of business organizations are largely making use of the Internet for communicating and establishing profitable relationships with their customers to entertain them with their products and value added services. With the advancement in information and communication technologies, electronic commerce has emerged to provide the customers with the services to perform the transactions from any location over the internet. In the same way, electronic banking provides its customers with 24-hour access to cash through an automated teller machine (ATM) or a direct deposit of paychecks into the checking or savings accounts (Biswas, Taleb and Shinwary; Turban, Leidner and McLean; Pourshahid and Tran). This paper will discuss some of the important aspects that are associated with “transaction security in e-commerce”. According to this scenario, this paper will address some of the important security issues that can emerge during online transactions (e-commerce transactions). This paper will outline some of the main security vulnerabilities regarding those security areas and aspects. Security Specification in Web Service These days, the most authorized and wide-ranging web service security principles and standard for the (Web Services Security) are based on WS-Security guidelines that were published by IBM in cooperation with Microsoft and Verisign. Basically, the security of web based services and business transaction is based on these principles and it as well puts together the frequently established security models, methods and technical supports. According to this scenario, the basic purpose of implementing web services security is to ensure the confidentiality and reliability of the data processing through application programs as well as to recommend the expansion and message header of the SOAP. In addition, the Web Services Security unites a wide variety of security configurations, models and methods. It is one of the service oriented standard conditions. Some system is capable to make sure to be equally compatible with others throughout the platform and the technique autonomous of language (Farshchi, Gharib and Ziyaee; Whitman and Mattord). Client-side Security Issues Client-side security has always been one of the major issues from users’ point of view. Generally, client-side security necessitates utilization of customary computer security technologies, like that suitable user authorization and authentication, anti-virus and access control protection. In connection with communication and collaboration services, the client can as well necessitate server verification and non-repudiation of receipt. In addition, a wide variety of applications can necessitate anonymity (for example unidentified browsing on the Internet). In this scenario, the information and data analysis of widespread online banks demonstrates that the client side safety and protection for online banking does require continuous improvements. In addition, the majority of banks at the present make use of single cipher security management system that is vulnerable to cyber and virus attacks (Farshchi, Gharib and Ziyaee; Whitman and Mattord). Moreover, one of the significant features of e-commerce is that it is capable of presenting safe and personalized client services anywhere, anytime. Hence, in the absence of sound security measures online business, ecommerce and banking transactions can fail. In this scenario, the client side security defense is the weakest aspect of e-commerce service supplier. In addition, through the application of encryption for verification and privacy of web based transactions; powerful cryptography offers the foundation for attaining transaction authentication data integrity, access control and accountability (Farshchi, Gharib and Ziyaee; Whitman and Mattord). Server-side Security Issues In the above section we have discussed the security issues from the client’s point of view, while server side safety or security is normally the main issue from the service provider’s viewpoint. According to this scenario, the server side security necessitates suitable client verification and permission, sender anonymity (for example anonymous publishing on the Web), non-repudiation of origin, audit trail and accountability, and reliability and accessibility (Farshchi, Gharib and Ziyaee; Whitman and Mattord). Analysis of Transaction Security Issues Basically, in an e-commerce working arrangement, transaction security is uniformly significant for both the client and the server side. According to this scenario, e-commerce transaction security necessitates a wide variety of security services, such as access control, data authentication, data integrity, data confidentiality and non-repudiation services. In addition, convinced applications can as well necessitate transaction anonymity guarantees (Farshchi, Gharib and Ziyaee; Whitman and Mattord). Security Issues The emergence of electronic commerce has also brought a wide variety of security challenges and new forms of risks that can be faced by the businesses and individuals making use of the e-commerce. In addition, the quick developments in e-commerce technologies have also created a lot of challenges for the businesses for instance quality of service, managing security, satisfactoriness, and integrity of its information and maintaining the trust of the customer (Ochuko, Cullen and Neagu). However, the information security is one of the most serious and fundamental challenges that must be addressed proficiently for effectively performing business transactions over the Internet (Gupta, Chaturvedi and Mehta). Moreover, the security threats and challenges are basically categorized in different classes for instance security threats with severe illegal goals/intentions including scam or stealing commercially significant and confidential information of customers, violations by informal hackers such as causing damage to the web sites or DoS (denial of service) attacks, and causing faults in the design of online systems which may lead to security breaches it can include the usage of different techniques such as observing the activities of victims (account holders) for being able to perform transaction on victim’s accounts. In addition, these breaches cause potentially severe financial, legal and reputational complications (Whitman and Mattord; Sergeant). Additionally, in an e-commerce setting, security of personal data and information that is transferred between the customer and business is very important for improving the organization’s potential of providing their customers with superior quality of e-commerce services. In addition, it is essential for the business organizations to ensure the privacy and security of their customers’ information. Hence, the business organizations must adopt some strict measures against the threat of information security to make it sure that transactions that are performed in an e-commerce environment can be accessed and updated only by allowed people. In the same way, it is necessary for the business organizations take care of the processing of information and communication systems against illegal modification and access (Fatima, 2011; Scott & Johnston, 2011). In addition, the trust is also considered as a most critical security issue for e-commerce users. In this scenario, a lot of researches have been conducted to analyze the impact of trust on e-commerce. According to (Alcalde, Dubois and Mauw; Palvia; Siau and Shen), trust refers to a supposed self-assurance on business transactions, products or services offered by a party (known as trustor) to another party (called the trustee). Moreover, most recent researches in e-commerce have been focusing on user’s trust in an e-commerce scenario. In this scenario, they suggest the organizations to build a usable design of interface, and the acceptance of channel through which the information is normally distributed between customers and e-commerce platform. However, the various researches on e-commerce also show that trust depends upon the customers’ perception and control over personal information (Nilsson, Adams and Herd). There are many reasons why security issues and problems arise in e-commerce platforms and activities. The causes are not restricted to these systems, however their influence turns out to be a great deal bigger just because of the wide-ranging coverage that an e-commerce environment has, as well as because of the economic nature of the e-commerce transactions (Mookhey). I have presented below an overview of some of the important security related issues that discourage the use of business transaction for e-commerce: SQL Injection One of the major issues in e-commerce is SQL injection that is performed through insertion of SQL meta-characters in client input, like that the attacker's queries are run through the back-end database. In this scenario, an attacker initially decides if a website is vulnerable to similar attacks by transmitting in the single-quote (') character. In addition, the outcomes of an SQL injection security based attack on a vulnerable website can range from a comprehensive error message that discloses the back-end technology being employed, or permitting the attacker to access confidential areas or information of the website with the intention that the attacker could control the query to an always-true Boolean value, or it can even permit the implementation of operating system based commands (Mookhey; Marchany and Tront). Price Manipulation This security vulnerability in e-commerce arrangement is completely unique to web based shopping carts and payment gateways. In case of this threat, the entire payable cost of the acquired products is stored in an unseen HTML area of a dynamically produced web page. After that an attacker is able to make use of a web application proxy like that Achilles to transform the amount of online transaction payable, when this data and information runs from the user's browser to the web server. As a result, it damages the overall process of e-commerce and transactions (Mookhey; Marchany and Tront). Buffer overflows Another very serious security issue in e-commerce is a buffer overflow that is very common in shopping cart or other web system using PHP, Perl, ASP, etc. In this scenario, by transmitting a large number of bytes to web systems that are not geared to deal with them are able to have unforeseen outcomes (Mookhey; Marchany and Tront). Cross-site scripting Cross-site Scripting (or simply XSS) is another critical security issue in e-commerce. The Cross-site Scripting attack is mainly targeted beside the end user and leverages two aspects. One is the lack of input and output justification being performed through the web application. The Cross-site Scripting based security attacks necessitates a web form that gets in client input, processes it, and prints out the outcomes on a web page that as well holds the user's original input. The next factor is about the remote command execution. In this scenario, the majority of overwhelming vulnerabilities happens when the CGI script permits an attacker to run OS commands as a result of insufficient input corroboration. In addition, it is very common in 'system' call in PHP and Perl scripts. Moreover, with a command separator and other shell meta-characters, it is possible for the attacker to run commands with the privileges of the web server (Mookhey; Marchany and Tront). Weak Authentication and Authorization There is another security issue in e-commerce that happens due to weak authentication and authorization. Basically, most of the e-commerce users ignore the strong password needs and execute the transactions. This can lead to serious security issues such as online hacking, personal information attacks and security problems. In this scenario, the authentication processes that do not stop various failed logins can be attacked or hijacked using tools for instance Brutus. In addition, such attacks can be really drastic and can seriously damage the user security and privacy (Mookhey; Marchany and Tront). Security Management In order to deal with e-commerce security issues the most significant point is to implement security into the e-commerce at the design stage itself. In other words, one of the fundamental tasks all through the system design stage should be a comprehensive security and privacy risk assessment work out. In this scenario, it should be the responsibility of a system development team to be familiar with the main data and information resources that the e-commerce application will be dealing with. In addition, this application data can contain system operational configuration information, session IDs, client transaction information, credit card numbers, etc. However, all these details should be kept hidden in the scenario of sensitivity. Hence, after analyzing all the issues and risks, system protection and security parameters should be established (Mookhey; ECD; Turban, Leidner and McLean). I have presented below some of the important tools and techniques that can be adopted by an e-commerce service provider in order to deal with security issues: Digital Signatures and Certificates For the protection and security management of the e-commerce website, the use of digital signatures is a best option to convene the requirements of integrity and authentication. In this scenario, a message is decoded in the unreadable format and then sent to the user. After that it is converted back to the readable format. In addition, the receiver decodes the received message with their own secret private key, and runs the message throughout the supplied hash function to that the message that handles digest value that turns out to be unchanged (ECD; Turban, Leidner and McLean). Secure Socket Layers (SSL) Data and information that are communicated over the web normally make use of the set of rules known as Transmission Control Protocol / Internet Protocol (or simply TCP/IP). Basically, the data and information are broken into small packets then these packets are numbered in sequence, and an error control technique is applied to these packets. And then packets are transmitted through dissimilar routes. In this scenario, TCP/IP reassembles them consecutively and resubmits some packet demonstrating errors. In addition, the Secure Socket Layer (SSL) makes use of PKI and digital certificates to make sure authentication and privacy. By making use of SSL we can ensure the enhanced security of the system and can ensure an effective system working and operations regarding transactions processing and management (ECD; Turban, Leidner and McLean). Payment Processing Technology A web hosting company can offer safe checkout of pages by making use of payment processing technology. It allows the customers to offer their debit/credit card or payment particulars to a 3rd party online payment processor (like that PayPal). In this scenario, the payment processors are basically the financial organizations that gather and accept payments on behalf of website proprietors with the intention that no responsive financial data could be intercepted by somebody that is spying on a protected checkout page (WebHostingGeeks; ECD; Turban, Leidner and McLean. Conclusion At the present, the majority of business organizations are largely making use of the Internet for communicating and establishing profitable relationships with their customers to entertain them with their products and value added services. E-commerce is an emerging trend where business deals (including buying, selling, money matters and so on) are performed using the Internet. At the present, the majority of business organizations are using the Internet to offer services and products to their customers. Though, the e-commerce offers numerous advantages to the businesses and customers but it causes a lot of security threats too. These security threats and issues discourage the use of the Internet for performing business transactions. This paper has presented a detailed analysis of the security issues and threats that can take place while using the Internet for performing business transactions. This paper has discussed the ideas of various researchers along with suggestions that can help the businesses improve their e-commerce related capabilities. Works Cited Alcalde, Baptiste, et al. Towards a Decision Model Based on Trust and Security Risk Management. AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98 . Darlinghurst: Australian Computer Society, Inc., 2009. 61-70. Print. Biswas, Shyamapada, Abu Taleb and Salman Salem Shinwary. "Electronic Banking in Bangladesh: Security Issues, Forms, Opportunities and Challenges." Canadian Journal on Scientific and Industrial Research 2.5 (2011): 181-194. Print. ECD. Ecommerce Security Issues. 2012. Web. 24 Mar. 2012. . Farshchi, Seyyed Mohammad Reza, Fariba Gharib and Reza Ziyaee. "Study of Security Issues on Traditional and New Generation of E-commerce Model." 2011 International Conference on Software and Computer Applications IPCSIT vol.9. Singapore: IACSIT Press, 2011. 113-117. Print. Gupta, Mukul, et al. The Experimental Analysis of Information Security Management Issues for Online Financial Services. ICIS '00 Proceedings of the twenty first international conference on Information systems. Atlanta: Association for Information Systems, 2000. Print. Laudon, Jane P. and Kenneth C. Laudon. Essentials of Business Information Systems. 7th. London: Prentice Hall, 2006. Print. Marchany, Randy C. and Joseph G. Tront. E-Commerce Security Issues. 2002. Web. 22 Mar. 2012. . Mookhey, K. K. Common Security Vulnerabilities in E-commerce Systems. 02 Nov. 2010. Web. 25 Mar. 2012. . Nilsson, Maria, Anne Adams and Simon Herd. Building Security and Trust in Online Banking. CHI EA '05 CHI '05 extended abstracts on Human factors in computing systems. New York: ACM, 2005. 1701-1704. Print. Ochuko, R.E., A.J. Cullen and D. Neagu. Overview of Factors for Internet Banking Adoption. CW '09. International Conference on CyberWorlds. Bradford: IEEE, 2009. 163-170. Print. Palvia, Prashant. "The Role of Trust in E-commerce Relational Exchange: A unified model." Information & Management Volume 46, Issue 4 (2009): 213-220. Print. Pourshahid, Alireza and Thomas Tran. "Modeling Trust in E-commerce: An Approach Based on User Requirements." ACM International Conference Proceeding Series; Vol. 258, Proceedings of the ninth international conference on Electronic commerce. Minneapolis, MN, USA: ACM New York, USA , 2007. 413-422. Print. Qi, Baomin and William McGilligan. An Investigation into E-commerce Adoption Profile for Small and Medium-sized Enterprises in Bury, Greater Manchester, UK. EC-Web'07 Proceedings of the 8th international conference on E-commerce and web technologies. Springer-Verlag Berlin, Heidelberg, 2007. 68-77. Print. Sergeant, Carol. E-banking: Risks and Responses. 2000. Web. 18 Feb. 2012. . Siau, Keng and Zixing Shen. "Building Customer Trust in Mobile Commerce." Communications of the ACM , Volume 46 Issue 4 (2003): 91-94. Print. Turban, Efraim, et al. Information Technology for Management: Transforming Organizations in the Digital Economy. 4th edition. New York: Wiley, 2005. Print. WebHostingGeeks. Three Ways Web Hosting Providers Secure E-Commerce Transactions. 03 Mar. 2011. Web. 26 Mar. 2012. . Whitman, Michael E. and Herbert J. Mattord. Principles of Information Security. Course Technology, 2011. Print. Read More