Security Vulnerability and Possible Attack Methods in e-commerce (original) (raw)
Related papers
Security Issues over E-Commerce and their Solutions
IJARCCE
It is the trading or in products or services using computer networks like Internet or online social networks. Here the Business conducted through the use of computers, telephones, fax machines, barcode readers, credit cards, automated teller machines (ATM) or other electronic appliances without the exchange of paper-based documents or physically moving to a shopping mall. It includes activities such as procurement, order entry, transaction processing, online payment, authentication, inventory control, order fulfillment, shipment, and customer support. When a buyer pays with a bank card swiped through a magnetic-stripe-reader, he or she is participating in e-commerce. E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect ecommerce including of Data security and other wider realms of the Information Security framework. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-commerce security-Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability. Ecommerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats, hackings. Therefore it is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. In this paper we discussed with Overview of security for ecommerce, various steps to place an order, Security purpose in E-commerce, various security issues in E-commerce, guidelines for secure online shopping etc.
Commerce in Internet is a complex model, not just from technical perspective but also from legal and political perspective. Span of Internet and number of connected devices have grown exponentially with time in last decade. Participants from various political and regional boundaries are getting engaged in trading over the Internet. The aspect of security is becoming more significant with complex technology invasion in the e-commerce space. The security aspect spans from the encryption chip on modem chipset in a mobile device to cloud based storage or in massive parallel computation grid where billions of transactions are processed per day. Security is becoming more and more important aspect from hardware layer to software stack, from operation system kernel to application layer, from network stack to web-browser and other end clients. A small breach in any of these layers have compromised many systems in recent past and caused damage worth of millions of dollars. On top of this, financial institutions (Bank of America, Chase etc.) are partnering with technology companies like Apple and Google to make mobile payment an additional channel of customer engagement. Technologies like NFC and BLE are making services like Google Wallet and Apple pay a reality. PayPal is also using BLE based beacons in their payment network. The transaction mobile device to payment system is encrypted with a randomly generated rolling token created in the BLE/NFC hardware. Any bug in the random token generator can make crackers’ life easy and lead them into the system. Proliferation of commerce in social networks has exposed new security challenges. Trust between Merchants, social platform and customers are tied together with authorizing schemes like OAUTH and OpenID in social sites. Exploits of authentication tokens with classic “man in middle attack” are among serious threats to such a business model. Amazon stores millions of customer credit card, address, purchase history, Merchant information, and product catalog in secured storage that gets replicated across hundreds of machines during business hours. Any security leakage inside Amazon internal network or data vault can cause massive damage to Amazon’s reputation and customer trust. Most of the mobile commerce apps deliver coupons and deals through push notifications to mobile devices. A possible rogue app installed in the mobile device can attempt to alter the link embedded on the push notification to guide the customer to any forged web location. These are still a very small subset of the possible problems that exist in the Internet commerce and mobile commerce space. Internet giants like Google, Amazon, Microsoft, and Facebook etc are actively engaged in periodic review of their security establishment and investing significant dollars to reach possible breakthrough in security solution.
Security for Electronic Commerce
Encyclopedia of Information Science and Technology, Second Edition, 2009
E-commerce permits a dematerialized financial transaction between a customer and a merchant (Schafer et al., 2001). It uses a complex architecture involving many aspects in computer science (security, database management) and in electronics (smartcards, tokens) (Tang et al., 2004). E-commerce is in a constant growth (Herrmann & Herrmann, 2004). To be used by the majority of individuals, electronic transactions must be secured to increase the confidence in the e-commerce. Security is necessary in commercial relationships for many reasons. First, the customer must be sure that the goods he is buying will be the expected ones and will be well delivered at his address. Second, the merchant must be sure to be paid. If the customer uses banknotes or electronic payment, two or more partners are involved in that transaction: the customer's bank and the merchant's one. The two banks must be sure of the customer's identity and of the merchant's one in order to avoid banking frauds.
Research on E-Commerce Security Issues
With the rapid development of E-commerce, security issues are arising from people's attention. The security of the transaction is the core and key issues of the development of E-commerce. This paper about the security issues of E-commerce activities put forward solution strategy from two aspects that are technology and system, so as to improve the environment for the development of E-commerce and promote the further development of E-commerce.
Security and Privacy Issues in E-Commerce
e-commerce has changed the way to doing business. Anyone can do business worldwide without having much physical infrastructure. As individuals and businesses increase information sharing, vulnerability to attack or intrusion rises. Therefore, security is a necessity in an ecommerce transaction. It is therefore the security of e-commerce transactions that is a critical part of the ongoing success and growth of E-commerce. Security exchange on network is very important for e- commerce service and it affects the success of e commerce. In this talk we discuss security, privacy related issues to ecommerce and their solutions.
Security Challenges and various methods for Increasing Security in E-Commerce Applications
International Journal for Research in Applied Science & Engineering Technology (IJRASET), 2023
E-Commerce security is a component of information security framework and applied to avenues including data security, computer security etc. It includes protection of E-Commerce assets against illegal access, use modification or demolishing of data. However, due to increase in sensitivity to assaults, the attackers employ phony websites and apps to breach the security of payment related activities over the internet. This paper presents the review of various security challenges encountered in e-commerce applications and the methods to avoid or overcome them. The paper provides a survey of some techniques employed by various researchers. The majority of banking transactions now take place online due to the expansion of e-commerce. They use merchant-provided websites or pay-per-use apps which increases their sensitivity to assaults and increases the likelihood that attackers will employ phony websites and apps. There are numerous strategies for protecting against vulnerabilities that can be used. In this paper, we have provided a survey of the Security methods employed for safeguarding the banking transactions.
2002
Without trust, most prudent business operators and clients may decide to forgo use of the Internet and revert back to traditional methods of doing business. To counter this trend, the issues of network security at the ecommerce and customer sites must be constantly reviewed and appropriate countermeasures devised. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the ecommerce site itself.
A Study on Various Security Issues of E-Commerce Business Transaction
AISECT University Research Journals
Read / Download More Articles While the usage of ecommerce application, information and communication technology enhances in private and professional existence, personal data is extensively stored. While service providers require relying on recognizing their consumers, aware characteristics administration and privacy increases into a new assessment for the service user, particularly in the electronic service circumstance. In E-commerce business transactions, buying and selling of products are done over electronic system or by the internet. At this time there are various technologies available to maintain the privacy at the same time.
E-Commerce: Security and Applications
American Journal of Applied Sciences, 2012
This study presents an investigation and comparing of all methods used in E-commerce security. Also it presents suggested methods to make e-commerce more secure. Applications of the E-commerce are demonstrated here. The efficiency of the security methods are measured and such efficiency increases as we combined more security methods with each other. A new method of security is suggested which is a combination between hash algorithm and Public Key Infrastructures (PKI). Index term-public Key Infrastructures (PKI), hash algorithm, E-commerce, security.