Security Issues in E-commerce - Essay Example

SECURITY ISSUES IN ECOMMERCE Security Issues in Ecommerce Introduction Since the birth of the internet two decades ago, new possibilities have been created for entrepreneurs to make money online. The internet has created a new business ecosystem where the seller and the buyer meet online and do business. Nissanoff (2006, p.7) claims that the time for ecommerce is notnigh but is in fact upon us. He continues to claim that ecommerce will soon become the easiest way to buy or sell due to its convenience and flexibility. Most common features of ecommerce technologies include: straightforwardness of automated processing, immediacy of result, frankness and convenience of payment processes, loss of collateral information, globalisation, and rise of new commerce models (Laudon & Traver, 2008). Benefits that e-Commerce can bring to Small Companies Small firms seek to venture into ecommerce with the main aim of increasing revenue through reaching new markets and winning more clients. Ecommerce will enable the small business shorten procurement cycles through the use of on-line cataloguing, checking and payment, gain access to global markets at a smaller portion of traditionalcosts, ensure product, marketing information and prices are always up to date, allow them to compete with large businesses over a common platform, and increase sales opportunities. In addition, ecommerce will enable these small firms ease the audits they conduct on their systems because electronic data is easier to audit. It will also enable them reach out to clients in remote areas, and ensure the goods are available 24/7 for anyone to purchase. This will surely lead to increased generation of revenues. Why should Small Businesses Tighten Security? As we all know, fraudsters would aim on the big firms in the ecommerce business. Their enormousconsumer base is like mouth-watering bait for fraudsters. That may safe to think, however, it has been a big misconception.While the aim of fraudsters is to access money, they are not aiming at big ecommerce stores. They go for the small companies for the key reason that smaller e-commerce sites appear to have disregarded one important element – strict security measures. The easy access to critical information and the susceptibility of security systems trap these fraudsters to these smaller stores that are engaging into ecommerce. Campbell et al (2010, p.37) estimates that 90 per cent of credit card safety compromises in the ecommerce industry originate from Level 4 Merchants (ecommerce websites that process fewer than 1 million total card payment dealings and less than 20,000 ecommerce dealings in a year. Reasons for Insecurity As a small business, it is important to understand the reasons that may lead a person may hack into your ecommerce site. This knowledge may help one know whether they could be targeted and therefore take precautions to ensure their site is safe from potential threats. There are four main reasons that motivate fraudsters into hacking to ecommerce sites: The most common reason is to steal money through fraud. Fraudsters study an ecommerce site and capitalise on the security loopholes they come across. The fraudsters may steal money directly from the business or from clients as they commit transactions. The second reason is revenge. Former employees or potential employees who were denied employment opportunities may decide to revenge against the company by attacking its site. They are usually problematic because they already have some knowledge about how the system works. Small businesses may often face this threat because they keep hiring and firing personnel. Thirdly, sabotage may also be another reason. Sabotage in this context is a deliberate act of malice against unauthorised information. There are individuals who hack to challenge themselves or simply for fun. Finally, industrial or political espionage can be a security issue of concern. There is where authorised people get access to highly sensitive information. For small organisations, bigger firms in the same line of business may ‘invest’ in acquiring their information for financial gains, or to steal new business ideas. Forms/Causes of Insecurityin Small Businesses’ ecommerce Systems Malicious code is the main threat facing all ecommerce systems according to Botha et al (2007, p.104). They are also known as malware. They come in the form of viruses, Trojan horses, worms and bad applets. Viruses may be targeting specific applications or may infect and corrupt files.Small businesses are more affected by this problem than bigger and established companies. Antivirus software is sometimes too expensive for small companies to buy and maintain. Some start-ups do not use antiviruses at all (Korper, 2007). All small firms that wish to venture into ecommerce must therefore invest in power antiviruses and ensure they are always up to date as the first step towards secure ecommerce. The second cause of insecurity is hacking or cyber-vandalism. Hacking is the act ofunauthorised access a to a computer system. Whenaccess is done without viciousintentions the person is referred to as a hacker butwhen the person has malicious intent is called a cracker. Others individuals have more maliciousintents and commit cyber-vandalism purposely disrupting, mutilating or even completely destroying the site. Small businesses should therefore restrict the people who access their data through authentication. The third cause for alarm in ecommerce sites is credit card fraud. Many potential buys fear that their credit cards data may be stolen and this discourages them from buying online. According to Miller & Roger (2006), the highest danger to the customer is that the merchantserver with which the consumer is transacting will lose the credit card information or let it to be diverted for a criminal purpose. One ofthe main credit card worries is repudiation where the customerplaces an order and then later disputes it. Online dealers oftenhave no way to establish whether the package was ever delivered andwhether the credit card holder actually is the one who placed theorder. This problem has very negative effect on small firms and start-ups. It takes quite some time before they can win consumer trust. Another cause of insecurity is spoofing. This is the falsification of hackers by using false e-mailaddresses or camouflaging as someone else. Spoofing can also involve sending a web link different from the anticipated one, with thesite impersonating as the intended destination. Spoofing does notharm the site but it affects its integrity and itsauthenticity by making it hard to recognize the true sender of a message. Denials of Service (DoS) attacks are another serious security concern in ecommerce. In DoS attack, the hacker overflows a web site with useless traffic that floods and crushes the network. This makes the network shut down, and consequently making itdifficult for users to access the site. The more time the site remains down, the more the reputation is negatively affected (Campbell et al, 2010). Sniffing is another security issue in ecommerce. Korper (2007, p.251) explains sniffing as is where a program (sniffer) monitors information travelling over anetwork. When used rightfullyit can assist identify possible network trouble-spots but when usedfor illegitimate purposes, it can be destructive and challenging to detect. Usingsniffers, hackers can get away with proprietary information from anywhere on anetwork such emails, company files and confidential reports as well as personal information. Lastly, we must also look at threats that emerge from within the small businesses themselves. Miller & Rodger (2006 p.104) claim that, “the biggest threat to an organisation economic structures are theinsiders through misappropriation, destruction of sites, interference ofservices as well as alteration of customer credit information and other personnelinformation”. Recommendations Businesses must ensure that they have a stringent security policy. An effective policy provides guidelines that will be followed by all employees and users and states the steps taken for noncompliance. It is paramount for all small businesses to ensure they secure their systems with effective and up to date antivirus programs. The antiviruses will protect the systems and the servers from infections by malicious code. The businesses should also ensure that only the right people access the required information and equipment. This can be done through physical scanning of biometric data at entry points, strict use of identification tags at the workplace, use of CCTV cameras to record the happenings in the organisations, use of strong passwords to access data, among others. This will help protect the ecommerce system against hackers and insider jobs. The essential information in the servers should be safeguarded with an efficient firewall. Access to this data should also be encrypted. Encryption should encompass all other business applications. Small firms should consider not to run their applications for 24/7 basis but instead have some time off for maintenance and system improvements. This also saves the database from falling prey to attacks. This time can be utilised to perform check and repairs. Finally, all small businesses should consider implementing measures to prevent fraud. They should monitor all users to discover and report any unusual behaviour. All users should also be educated on preventive measures and safety precautions. (1471 Words) References Bajaj, J., Nag, D. (2009) E-Commerce: the cutting edge of business (2nd ed.), New Delhi: Tata McGraw-Hill Botha, J., Bothma, C., & Geldenhuys, P. (2007) Managing E-Commerce (Revised ed.), Landsdowne: Juta & Co. Campbell, D., & Woodley, S. (2010) E-Commerce: law and jurisdiction, Centre for Legal Studies. Korper, S. & Ellis, J. (2007) The E-Commerce Book: building the E-Empire (2nd ed.), London: Academic Press. Laudon, K. & Traver, C. (2008) E-Commerce (4th ed.), New Jersey: Prentice Hall Mark L. and Krosch, L. (2010) E-commerce: doing business electronically, London: The Stationery Office Books. British Computer Society (2010) E-Commerce: A world of opportunity, BCS Publication. Economics focus: The click and the dead". The Economist: p. 78. July 3–9, 2010. Miller & Roger (2006). The Legal and E-Commerce Environment Today (Second Ed.).Thomson Learning. Nissanoff, Daniel (2006). Future Shop: How the New Auction Culture Will Revolutionize the Way We Buy, Sell and Get the Things We Really Want (Hardcover Ed.). The Penguin Press. Read More