Security issues in E-commerce
- 1. E-COMMERCE TOPIC: - SECURITY ISSUES IN E-COMMERCE SUBMITTED BY: NIKITA TAHILYANI
- 2. •E-Commerce or Electronic Commerce, a subset of E-Business, is the purchasing, selling and exchanging of goods and services over computer networks (such as Internet) through which transactions are performed. •One of the main roadblocks to the wide acceptance of e- commerce by businesses and consumers alike is the perceived lack of adequate security for on-line transactions. •Increase in E-commerce has also led to increase in risks and frauds in the E-business. •For e.g. Consumers are growing increasingly worried about providing credit card information over the Internet.
- 4. •Privacy in Ecommerce means that information exchanged must be kept from unauthorized parties. •It means that information is intelligible only to its rightful recipients. Although third parties may be able to read a copy of the message sent, they must not be able to make sense of it. •It is the biggest threat in security . •Privacy is for “people” and confidentiality is for “information” •Examples are breach of site collects names, physical and email addresses, IP address , payment details etc. Privacy:
- 6. •Authentication is the process of establishing confidence in user identities electronically presented to an information system. • Digital or e-authentication may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. •User proves his authorization to an information system and information system has to confirm his identity. •Example – Setting Password in any account
- 8. Authorization: •Authorization is a security mechanism to determine access levels or user/client privileges related to system resources including files, services, computer programs, data and application features. •It is the process of granting or denying access to a network resource which allows the user access to various resources based on the user's identity. •Example – access to file directories, storage space, hours allocated etc
- 10. Integrity: •Integrity in security means maintaining the accuracy, and completeness of data. • It is about protecting data from being modified or misused by an unauthorized party. Integrity involves maintaining the consistency and trustworthiness of data over its entire life cycle. •Example- A random user could try to enter a phone number into a date field. If the system enforces data integrity, it will prevent the user from making these mistakes.
- 11. Confidentiality: •Confidentiality means that data, objects and resources are protected from unauthorized viewing and other access. •It means keeping the information between you and the client. •Confidential information often has value and systems are therefore under frequent attack as criminals hunt for vulnerabilities to exploit. Threat vectors include direct attacks such as stealing passwords and capturing network traffic, and more layered attacks such as social engineering and phishing. •Example- Superior doesn’t tell subordinates about data of client unless he has the permission from client.
- 13. Non-repudiation: •Non-repudiation is the assurance that someone cannot deny the validity of something. • It is the inability to refute responsibility •It refers to the assurance that the owner of a signature key pair that was capable of generating an existing signature corresponding to certain data cannot convincingly deny having signed the data. •For example- If you take a pen and sign a contract your signature is a non repudiation device. You cannot later disagree to the terms of the contract or refute ever taking party to the agreement.
- 15. Ways to protect ecommerce site from security threats: •Choose a secure ecommerce platform. •Use a secure connection for checkout (SSL) . •Don't store sensitive user data. •Request strong passwords from your users. •Setup system alerts for suspicious activities. •Use tracking numbers for all orders. •Always backup your system and database. •Use anti virus softwares and anti-malwares •Deactivating auto-fills. •Updating cookies. •Encrypt and decrypt security and use two step verification methods.