StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

E-Banking and E-Commerce Security Issues and Solutions - Coursework Example

Cite this document
Summary
The author of the paper "E-Banking and E-Commerce Security Issues and Solutions" will begin with the statement that technology has allowed information to be communicated easily and inexpensively and people are now able to do online transactions, through it sending valuable information…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER99% of users find it useful

Extract of sample "E-Banking and E-Commerce Security Issues and Solutions"

Abstract— Technology has allowed information to be communicated easily and inexpensively and people are now able to do online transactions, through it sending valuable information. With all the kind of online transaction there are security issues that come along with it. Use of online transaction in majority of people across the world is determined by security and privacy of user’s personal data, which include credit card number, virus attacks, and fear of identity theft among others. Index Terms—Protocol, Security I. INTRODUCTION There increase in dependence on computers networks and internet to access make payment for goods and services. Online transactions normally take place based on trust between the consumer and online vendors. Trust is the confidence buyers have in online vendors in terms of reliability and integrity, which is associated with consistency, competency, honesty, fairness, responsibility helpful, and benevolence [1].Some of the ways in which transaction takes place is through online payments. Therefore, its security issues are the centre of focus. There are two basic patterns of online payments, one is bank for business payment also known as online payment and the other is third payment platform. The online payment security issues include leakage of information, transaction, fraud, network systems risk among others [2].Recently, privacy and security are the most important concerns for electronic technologies [3]. The internet has provided a means of communication between customers and various companies or online vendors. In many instances people are seen engaging in in online shopping, e- banking and e-commerce. This means a lot of vital information travels over the internet this has caused major concerns over security of transaction as well as concerns over protection of individuals privacy. Information about online users that is normally collected during online transactions is categorized into (1) anonymous data, which include browser type and the computer's IP address. (2) non-identifying person information, these are information, which do not identify the person. What is captured include information regarding age, the gender , education level among others and (3) the third category of information collected are those vital information which can be used to identify someone. This information include, addresses either postal or email address, telephone number and credit card number [4]. II. SECUTITY FEATURE ON ONLINE TRANSACTION Security features do not necessarily assure or guarantee a secure system but they are put in place or rather use to determine and design of a secure system security features are categorized as, authentication and authentication, which is the verification who the persons using the system say they really are. Through authentication, authorization is only allowed on basis of the validity of information held. Then there is encryption, auditing, integrity availability and non-repudiation [3]. III. SECURITY PROTOCOLS There are different protocols that are used to secure online transactions, secure Sockets Layer (SSL), SSL as a security protocol offer security and protection to the communication between any SSL enabled clients and server software that is running on a network. This is possible but addition of a layer between the network transport protocol and the application data. In SSL, data is encrypted before transmission and decrypted before being used by the receiving system. SSL works together with digital certificate and combination of both public and private key to provide privacy in communication [5]. Secure electronic transaction protocol. Secure electronic transaction is a mechanism that helps to achieve secure payment using card transaction over open networks. VISA and MASTERCARD jointly developed the sets of protocol that operate at the application layer. It aims at achieving, secure, cost effective online transactions intended to satisfy the market demand. SET offer standards business requirements, which specify the following, provision of confidentiality when handling order and payment information from online customers. Integrity assurance of all the data transmitted over the network, cardholder authentication that they are legitimate users of a credit card account. Provision of authentication that a merchant can accept credit card transactions through its relationship with a given financial institutions. Ensure that best security practices are used and designing the system to ensure and offer protection to all legitimate parties involved in an electronic transaction, creation of protocol that do not rely on mechanisms of transport security or prevent their use, facilitating and encouraging interoperability among software and network providers. Secure electronic transaction protocol also concerns itself with confidentiality by ensuring that all messages are encrypted. Ensuring that all parties have level of trust through use of digital certificates and providing information only when it is [6]. A. Security architecture of SET The electronic transaction usually begins with the cardholder. In this scenario, there is a financial institution, which functions to establish the account for the cardholder and issues payment. A merchant and or online vendor is responsible for offering goods and service provision to customer in exchange of payment. A payment gateway is usually a device normally operated by the acquirer or the financial institution or it could be a third party responsible for processing vendors payment message the encryption system used by SET is symmetric Encryption System [6]. IV. FAIRNESS AND THIRD PARTY PROTOCOL This protocol is one of the fairness protocol systems. A fair system is a system which does not discriminate its parties both buyer and seller who are behaving as expected. The system stresses that as long as the parties are behaves as expected then it ensures that others who are not behaving correctly do not gain advantage over them. This is because the system works under three important conditions that are to ensure effectiveness, timeliness and fairness. Effectiveness is achieved in instances where the protocol execution is done correctly and both parties, the vendor and the online customer honouring their commitment , then each parties will have what they wanted, vendor receiving the payments and the online customer receiving goods or services. Timeliness ensures that protocols are executed only within the timeframe that is acceptable. Fairness is subdivided into two. Strong fairness this is where either the vendor or the customer does not receive expected items from each other or both of them receive. Weak fairness occurs at the end of exchange with either a strong fairness being achieved or the party which did not receive the items required being in a position to prove to a third party that the has received or can still receive the items without the further involvement of the other party [7]. A trusted third party is any intermediary or a nonpartisan party in online transaction which is used in fair exchange and functions to ensure that the vendor and the online customer receives the item they expect or that no does. Trusted third party is normally neutral, available and trusted by the two parties. TTP ensures there is fair exchange of items, is a delivery agent which gives items to both parties, provides a solution to the parties in instances where there are disputes, does items validation and gives certificates. Fairness exchange protocol that uses TTP are subdivided into three, those protocols that are based on inline TTP, protocols that are based on online TTP, and those protocols that are based on offline TTP [7]. V. security threats on online transaction Security is important in online transaction security breaches normally occur and the consequences are high. Despite the fact that there online transaction is offering convenience of buying and selling it is noted that in recent years, there are many security threats to online transaction [8]. The threats to security in online transaction are, Denial of service attack (DOS).Denial of service attack is normally done or takes place through two possible ways that is spamming and viruses. spamming , here unsolicited commercial emails are send to individuals, email bombing where and attacker sends thousands of emails to one computer or a network and surfing which occurs when a hacker places a software agents onto a third party system and then sets it off to send so many requests to an intended target. There are kinds of DOS that are hard to detect, this is called Distributed Denial of service attack, which occur when a hacker places a software agents onto a number of third party systems, and sets them off in such a way that it simultaneously sends requests to a computer or a network [3]. Unauthorized access, this is where a hacker gains access to the systems or information application or data without legitimate rights for the purpose well known to them. There are two types of unauthorized access. Passive unauthorised access, this is where a hacker intentionally listens to communication channels and extracting information without causing damage. Active unauthorized access; this is where attacker causes damages to information by modifying it [3] Revelation of vital information and data intended to remain confidential through unauthorized access causes huge loss to online buyers. Information alteration through entering, modifying and overwriting without legitimate authorization are major types of attack that causes great problems to users. Many people are tempted to believe that some online transaction through SSL connection is safe. Security experts stress that so long as there is a yellow padlock symbol in the Brower window then everything is safe. Security concerns in SSL comes in because SSL are designed in such a way that it secures the tunnel from the end user computer to the online vendor mainframe computers and does not offer protection to the end user's computer end point. This creates a weakness where attacker can install A Trojan on the user computer. A good example is the key logger program. This normally happens when users are online and download a program that is infected with the Trojan and the downloaded program install so is the Trojan. In case, a user is Log into the vendor’s site to make payments the information is captured and send to the attacker [8]. There is another kind of security breach called man-in-the- middle attack where a malicious attacker intrude into an existing connection established by the user while in online transaction with the vendor intercept the data that is exchanged and inject false information into the connection. An attacker normally uses the following methods to achieve this, eavesdropping on the connection and then intrude into the established connection intercepts information and modify it. Through a method known as phishing, an attacker uses email or malicious websites where there are able to pose as legitimate websites and solicit personal information such as credit card number. These attackers also use pharming, which is a type of fraud where the client's internet connection is diverted to a counterfeit website. When users enter correct addresses in a browser, for instance they are directed to a forged website. Under this Pharming, attacker achieves all these by either changing of host file in the victims computer or by exploiting the vulnerabilities that are present in the DNS server. Recently the online identity theft has been executed using both pharming and phishing. Other kinds of threats include, viruses, Worms, spoofing, Trojan Horses and drive-by downloads [8]. There are also certain viruses, which are self-replicating computer programs that normally perform unintended functions or make computer systems unreliable [3]. A server warm called SQLSlammer for instance is a Worm, which attacked Microsoft SQL server version 2000 and version 2000 of Desktop Engine and caused slowness in online traffic causing temporary cut off cash in some financial institutions [8]. Hacking of credit card, most People have the notion that hackers capture credit card numbers while it is being transmitted through the internet. This makes the sellers or merchants pay more attention to offering more protection to the credit card through encryption to ensure safe travel over the internet. This is seen as a way to secure online transaction, which actually works, but there are threats because most security breaches takes place after the transaction is completed in instances where the customers' credit card number is stored in unprotected mode in the merchant’s computer systems. This means a hacker can sniff the information and steal the credit cards numbers. Protection of merchants’ database is of equal importance as protection of credit card number by encryption during an online transaction [1]. VI. SECURITY IMPLEMENTATION ON ONLINE TRANSACTION Security threats normally affect online transaction through the various vulnerabilities that exit. It is not possible to achieve security using a single control or a security device. Most of the issues arise because of the unprotected information that is sent between the customer and the vendors servers. There are several mechanisms such as user authentication and identification, data encryption, firewall mechanisms. Online transaction systems need to be available and reliable. It should be available all days of the week 24 hours a day 365 days a year. it must have some mechanisms to detect Denial of service attack as well as recover from them, because these attacks make the systems unavailable to users. As a result of ensuring reliability the transaction need to be atomic meaning that the transaction occur successfully or do not occur at all and should not hang or be inconsistent in some instances. All the necessary network, hardware and software components, which are facilitating the transaction, need to be reliable. This can be achieved by employing some aspects of redundancy. Meaning that components critical to the system are duplicated deliberately. There are two types of redundancy, static and dynamic. Static redundancy normally uses n versions of component called a function together with m out of voting on the basis of diversity. Dynamic redundancy causes switching to a redundant component in case an error is detected on the current hardware and software. Additionally fault tolerance mechanism is needed to further ensure reliability. This could include incorporation of stable storage and use of resynchronization protocol needed for crash recover [9]. There is also need to have user anonymity and location untraceability. This two can be provided separately or jointly. When use alone, user anonymity security service can offer protection against disclosing the identity of the users. With untraceability, security mechanisms offer protection against disclosure of the origin of the message. All this can be achieved routing of network traffic through anonym zing host so that it is seen that the traffic seems from these hosts. it is a requirement however that at least there should be some honest of network path in one of the host for the traffic source to still remain totally anonymous. There are several ways to achieve anonymity even in our daily lives, which is by using pseudo names instead of using our real names. Similarly, there are mechanisms that can be used to achieve anonymity of users and the traffic flowing from them to the buyer and vice versa in online transaction. a chain of mix for example that was proposed by D. Chaum which in which user anonymity and location untraceability can is achieved by a series of anonym zing hosts also known as mixes. This mechanism is normally independent and provides protection against traffic analysis [9]. Confidentiality of online payment data, all generally have payment instruction and information pertaining order. This information can have credit card number or any other vital information. Confidentiality will ensure that unauthorized access and use is prevented. This can be achieved by use of use of dual signatures and digital signatures. Dual signature offer confidentiality to purchase order information with respect to the payment gateway. Digital signatures are used to provide integrity of the data. This means that information will remain the in the same state as it was sent. This digital signature uses a technique known as cryptography. The common is the public key cryptography also known as asymmetrical cryptography. Here the sender is normally assigned two keys; one is private and the other public. As the message is send, it is encrypted using the public key and the decrypted by the recipient using private key. In this case, the recipient can determine if the data has been changed while on transit. To achieve more secure confidentiality in digital signatures, one way hashing algorithm is first used to calculate the message digest, then the senders private key encrypt the message digest. This encrypted message digest is what is termed as digital signature. A certificate authority normally manages the key pairs [9]. VII. Conclusion With increase in technology use and the ever changing growth experienced in the field of technology, it is clearer that the use of online transactions technology will continue to rise as change is inevitable. In order to increase the confidence level of online customers concerning the security of their personal data online service providers have to embrace the mechanism that will not only ensure legitimate access to information but also control the access to the stored information in their database. Security cannot be achieved cannot be achieved on one side alone, online users need also to play a key role in ensuring that they do not lose control over their information or rather reduce it through avoiding disclosing the information to others. References [1] L. Wei, M. Osman, N. Zakaria and T. Bo, “Adoption of e-commerce online shopping in Malaysia”, pp. 140-143, 2010. [2] C. Zhang, S. Jiang and B. Huang, “Strategies for The Security of Online Payments in E-commerce”, Advanced Materials Research, vol 756, pp. 3039-3042, 2013. [3] M. Niranjanamurthy and D. Chahar, “The study of E-Commerce Security Issues and Solutions”, perspectives, vol 2, iss 7, pp.2885-2895, 2013. [4] R. Mekovec and Z. Hutinski, “The role of perceived privacy and perceived security in online market”, pp. 1549-1554, 2012. [5] I. Ahmad and A. Khan, “Management Level Security in E-Commerce and Biometric Technology”. [6] V. Ramaswamy, “Security Architecture for On-Line Mutual Funds Trading With Multiple Mobile Agents”, International Journal of Computer Science and Security (IJCSS), vol 5, iss 1, p. 99-106, 2011. [7] A. AlOtaibi and H. Aldabbas, “A Review of Fair Exchange Protocols.”, International Journal of Computer Networks & Communications, vol 4, iss 4, pp.307-319, 2012. [8] A. Fatima, “E-Banking Security Issues--Is There A Solution in Biometrics?”, Journal of Internet Banking & Commerce, vol 16, iss 2, pp.1-8, 2011. [9] R. Barskar, A. Deen, J. Bharti and G. Ahmed, “The Algorithm Analysis of E-Commerce Security Issues for Online Payment Transaction System in Banking Technology”, International Journal of Computer Science and Information Security, vol. 8, pp. 307-312, 2010. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(E-Banking and E-Commerce Security Issues and Solutions Coursework, n.d.)
E-Banking and E-Commerce Security Issues and Solutions Coursework. https://studentshare.org/information-technology/2063848-security-issues-on-online-transactions
(E-Banking and E-Commerce Security Issues and Solutions Coursework)
E-Banking and E-Commerce Security Issues and Solutions Coursework. https://studentshare.org/information-technology/2063848-security-issues-on-online-transactions.
“E-Banking and E-Commerce Security Issues and Solutions Coursework”. https://studentshare.org/information-technology/2063848-security-issues-on-online-transactions.
  • Cited: 0 times

CHECK THESE SAMPLES OF E-Banking and E-Commerce Security Issues and Solutions

IT Evolution in Global Banking

Many banks feared transacting over the internet because of the security threats.... This paper “IT Evolution in Global Banking” will discuss the evolution of information technology in the banking industry with emphasis on internet banking, growth of e-commerce and virtual banking and new delivery channels such as PC banking, mobile banking and TV banking.... This paper will discuss the evolution of information technology in the banking industry with emphasis on internet banking, growth of e-commerce and virtual banking and new delivery channels such as PC banking, mobile banking and TV banking....
6 Pages (1500 words) Essay

The Privacy and Security Issues with Respect to ECommerce

Reflection on E-Commerce Original Paragraph: The Privacy and security issues with respect to eCommerce may be identified as the most important and crucial issues to be tackled in the business environment.... security is the most important issue which concerns the safety of business transactions, and in that respect it is important to have a safe network of transactions.... Moreover, McAfee as a security vendor, reported that 33% of Australian businesses were involved in a security incident in 2009, which meant a loss of an average $34....
4 Pages (1000 words) Essay

The Advantages of E-Commerce

This essay "The Advantages of e-commerce" is about the conduct of business transactions between companies (B2B) or between companies and their customers (B2C) that are wholly or partially conducted over the Internet or similar public or private computer networks.... e-commerce is about online marketing that attracts qualified prospects and converts those leads into sales.... Whether it means selling a product online, promoting a service, generating leads, or simply increasing brand awareness, e-commerce is the answer....
6 Pages (1500 words) Essay

Insurance Going Web-Based

The first problem is the lack of customers' willingness to purchase and handle their insurance issues over the internet.... Looking at the above issues we can conclude that web based insurance is something difficult as insurance is different from other services that are offered online....
5 Pages (1250 words) Research Paper

Communications & IT Technology and its impact on Poverty

Local entrepreneurs can be supported to create local business solutions through ICT, growing and expanding the ICT sector.... ICTs possess the potential to act as tools in support of poverty reduction because of their flexibility, addressing issues in education, healthcare, banking, and livelihoods.... An example is the Israeli state-owned Techno-Agriculture Program that seeks to shore up food security in sub-Saharan Africa and already boasts successful initiatives in Niger, as well as South Africa (Chilimo & Ngulube 98)....
2 Pages (500 words) Essay

Securing Windows and Unix/Linux Servers

Although network administrators often overlook it, physical security of network servers should always be addressed just like other security issues.... The author of this case study "Securing Windows and Unix/Linux Servers" casts light on the information security.... It is mentioned that operators of Windows and Unix Linux servers, which provide network services, should always ensure the servers' security because of the servers' vulnerabilities....
3 Pages (750 words) Case Study

E-commerce and IT

ecurity is one of the most important issues for e-businesses.... The paper contains an in-depth analysis of the e-business and its business model.... The author examines Carsdirect.... o websites.... The main business of the website is to sell cars, both new and used.... The cars available here are widely varied, from all the major manufacturers in the world....
10 Pages (2500 words) Term Paper

Technological Alternatives For Solving E-Commerce Security Problem

This research paper is about e-commerce security.... nbsp; security is the biggest problem that businesses are facing in e-commerce on a global scale.... The authorities must put all measures in place to increase levels of security in order to restore the confidence of customers.... It gives a recommendation that is justified through comparative analysis… e-commerce is a modern way of buying goods and services takes place using electronic systems such as the internet or other networks of the computer system....
8 Pages (2000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us