Technological Alternatives For Solving E-Commerce Security Problem - Term Paper Example

Introduction E-commerce is a modern way of buying and selling of goods and services takes place using electronic systems such as the internet or other networks of computer system. It involves other online processes that include marketing, selling, servicing and payment of the products and services. The widespread use of the internet has increased the amount of trade that take place online (Smith, 2001). The e-commerce usage has led to innovation in supply chain management systems, electronic data interchange and systems that collect data automatically among others. It uses World Wide Web as well as telephone and mobile in its lifecycle of transactions. However, for a company to realize maximum benefits of e-commerce it must invest in the technology and work force (Chan, Lee, & Dillon, 2001). In e-commerce, the buyer gets all information concerning the goods and services he wants to purchase. This research paper is about e-commerce security as a business problem. It also describes four technological alternatives for solving this problem as well as a review and comparative analysis of what the literature says about the alternatives. Lastly, it gives a solution recommendation that is justified though comparative analysis. E-commerce security Security is the biggest problem that businesses are facing in e-commerce on a global scale. This is because the internet there is no one to either control or manage the internet thus posing a wide range of threats and risks. According to Miller (2002), large number of internet fraud that media reports, theft of identity and the compromise of banking and online transaction systems has made customers be much reluctant to embrace new transaction technology. This is the key challenge that faces many organizations conducting their businesses using e-commerce. The authorities must put all measures in place to increase levels of security in order to restore confidence of customers. The figure showing points that a hacker may target In e-commerce, the attacker can besiege the operators and their resources with various damaging schemes that result in the exploitation of a system. When addressing vulnerabilities and threats in e-commerce, one considers integrity, availability and confidentiality of the system. Vulnerability that exists in the system of e-commerce makes it easier for attackers to hack the system because they use them as entry points to make manipulations. The attackers normally attack major web sites that conduct e-commerce and hence obtain sensitive information. System hackers find it easy to attack e-commerce web sites because the developers producing e-commerce software are similar to those from other developers so they find it easier to make their manipulations (Anup, 1998). This implies that the quality of software that they produce is relatively the same as compared to other products. Hadi and Ronald (2011) note that in e-commerce, the easiest and most profitable attacks are tricking the shopper. The attacks engage surveillance of the behavior of a shopper by gathering information to use against the shopper. In most cases, the attacker calls the shopper pretending to be a representative from a visited site and hence extracts information. The attacker then calls the customer service representative at the site claiming to be the shopper by providing personal information. Finally, the attacker request for a password and hence reset specific values for their own benefit. Sniffing the network, it is where the attacker monitors the exchange of data between the server and a computer of the shopper as he plans how to hack the system. He assembles data about the shopper or steals personal information like credit card number. The attackers mostly target e-commerce companies that use wireless hubs because most wireless hubs are shipped security that they can easily disable it (Miller, 2002). The figure below shows how the attack can sniff the server and the client. . E-commerce system is not secure because it has a problem of price manipulation by attackers. The total payable price of goods purchased is stored in a hidden HTML field of a web page that developer generated dynamically. A hacker can use web application proxy like Achilles to modify the payable amount when this information flows from the browser of the user to the web server. After accessing the system, the attacker can manipulate the final payable amount to a value of his choice (Gordon, 2004). Repeated attacks of this nature lead to collapse of e-commerce business. Technological alternatives that enhance security in e-commerce Despite the existence of hackers and crackers, e-commerce is still a safe and secure activity. The companies that use e-commerce will have to pursue all legal routes to protect their customers. The following are some of alternative technologies that e-commerce must employ to maintain security of their business operations. Secure Sockets Layer (SSL) This is a technique where web servers and web browsers encrypt and decrypt all information before transmit between the shopper or site server to ensure that the hacker does not get access to it (Hadi and Ronald, 2011). There is a secret decoder ring time, this ensures that both sides establish and use the same scheme to make sure that nobody listens to their conversation. Web browsers will indicate a secure link with an alert when the connection is first established and with a key graphic somewhere in the window (Miller, 2002). SSL encrypts all bits of data the server transmits to the customer and vice versa. When server gets subsequent requests, it encrypts information before flowing to respective recipients and hence the hacker sniffing the network cannot access the contents. The government authorizes certificate authority to issue SSL certificate to the server. In case of any request, the browser of the shopper checks if the site has a legal certificate. If the certificate authority does not recognize the site, then the browser issues a warning. Server firewalls This technology ensures that requests can only reach the system from specified ports. In some instances, it ensures that all that gain accesses are from some specified physical machines. The most common technique is to come up with a demilitarized zone (DMZ) by use of two firewalls (Mehdi, 2004). The outer firewall has an open port that allows incoming and outgoing HTTP requests. This enhances communication between the client server and the server to take place. Anup (1998), states that he second server firewall is behind the e-commerce servers. It is heavily fortified and it only requests from a trusted server to go through while transmitting information. These two firewalls use intrusion detection software to sense any illegal access attempts. Honey pot server is another technique that companies use in conjunction with DMZ (Janice, 2004). A honey pot is a resource like a fake payment server in the DMZ to cheat the hacker to think that he has a penetration into the inner wall of the server. They closely monitor these servers and detect any attempt by the hacker to gain access to important information in the system. The figure showing honey pots and server firewalls Virus scanning Virus scanning is the basic security measure that most e-commerce companies are taking in order to maintain the integrity of their operations. Since email is a major way of communicating, hackers are creating and programming viruses to cause havoc. They address viruses to email and replicate themselves into address books since it is easy to spread viruses over the internet. It is therefore important for any e-commerce business to have the latest version of virus scanner because this will reduce the chances of infecting their systems with viruses. (Anup, 1998). This is because hackers can even create a virus that interferes with prices of commodities thus in turn affects business transactions between concerned parties. Comparative analysis of alternative technologies The SSL system increases security of e-commerce transactions because this technology encrypts information as it moves from the server computer and the shopper. The hackers cannot gain access to all business transactions because SSL blocks them from sniffing in the network. Further, the legal certificate ensures that only authorized operator gains access to the website of the shopper because it issues a warning incases of an illegal access (Miller, 2002). Server firewalls offer the best security to e-commerce system against hackers because it blocks all illegal attempts to gain access. It also has a honey pot in DMZ that prevents unauthorized people to gain access to inner parts of the system. This concept keeps the system secure because hackers cannot gain access to vital information that they use to corrupt the system or manipulate the price of commodities. Scanning of virus helps the e-commerce system to be more secure because when they their entry, it maintains the integrity of an organization and this facilitates their normal operations. The companies must use the latest virus scanner with current updates to scan all incoming calls. The operators must reject those emails that are suspicious because they may end up damaging the whole system (Gordon, 2004). When they curb viruses, the systems become more secure since there are no threats of altering or corrupting hard drives that contain important information. Solution recommendations justified through comparative analysis From the comparative analysis about technological alternative, it vital that for companies to make proper use of e-commerce system successful then they must enhance the necessary security. Those in charge must emphasize the use of SSL because it encrypts all bits of information that pass in the system from the client to the server. This prevents hackers from gaining access to their transactions. This implies that the hacker will not at any time gain access to any transaction between the shopper and server site. Further, all computers that have an internet connection by the clients and e-commerce companies must have the latest anti virus scanners to scan all emails that they receive. This protects them from getting information that is likely to corrupt the system or corrupting the hard drive with important information. Lastly, all system in e-commerce must have server firewalls because they prevent hackers from gaining access by regulating all information that flow across the network. The server must also have honey pots to unveil misleading information to hackers that enable them to remain protected all the time. Conclusion In conclusion, as much as the internet provides universal information access, companies must ensure that their resources get the required security against any form of accidental misuse. However, the security systems must be flexible as much as possible. It is also supposed to ensure that customer’s information protected against any form of internal and external abuse. The systems are supposed to have privacy so as protect personal information that is essential in coming up with sites that suit customer and business needs. The current technology allows the design of secure sites. The development team must be proactive and reactive in dealing with security threats and it is up to the shopper to be keen while making the online shopping. The vulnerabilities in e-commerce have a great dimension because of the financial nature of transactions. When the attackers hack the e-commerce website, this makes companies lose revenue as well loss of reputation. In some instances, the company may face legal penalties for violating the privacy or trust of customers like in the case of Guess.com and TetCo.com. It is therefore, vital for designers and developers of web application to consider security as a key goal while making designs. Lastly, they must follow secure coding guidelines in order to give the highest level of security to their customers. References: Anup G., (1998): E-commerce security: weak links, best defenses: John Wiley publisher: ISBN: 0471192236, 9780471192237 Chan, H., Lee, R. & Dillon, T., (2001): E-Commerce in Practice: Fundamentals and Applications, England: John Wiley & Sons, LTD. P 120-138 Gordon E., (2004): Control and security of E-commerce: John Wiley and Sons publisher Hadi N., and Ronald L., (2011): Web commerce security: design and development: John Wily and sons publisher Janice R., (2004): The complete e-commerce book: design, build and maintain a successful web: Focal Press. Mehdi K., (2004): E-commerce security: advice from experts: Idea Group Inc (IGI) Miller R., (2002): The Legal and E-commerce Environment today (Hardcover): Thomson learning: ISBN 0-324-06188-9 Smith W., (2001): E-commerce: financial products and services: Law Journal Press Read More