E-Commerce Security Systems PDF

Summary

This document discusses various aspects of e-commerce security systems, outlining essential security requirements and major security measures like encryption, digital signatures, and security certificates. It also covers threats like counterfeit sites, malicious alterations to websites, and theft of client data. Finally, the document explores multi-layer security measures and the need for robust security policies within e-commerce operations.

Full Transcript

E-Commerce Security Systems

Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised.

Essential requirements for safe e-payments/transactions
a. Confidentiality − Information should not be accessible to an unauthorized person.
It should not be intercepted during the transmission.
b. Integrity − Information should not be altered during its transmission over the network.
c. Availability − Information should be available wherever and whenever required within a time
limit specified.
d. Authenticity − There should be a mechanism to authenticate a user before giving him/her an
access to the required information.
e. Non-Repudiability − It is the protection against the denial of order or denial of payment. Once
a sender sends a message, the sender should not be able to deny sending the message.
Similarly, the recipient of message should not be able to deny the receipt.
f. Encryption − Information should be encrypted and decrypted only by an authorized user.
g. Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements.

E-COMMERCE AND INTERNET MARKETING

II. The E-commerce Security Environment
Major security measures are following:

Encryption − It is a very effective and practical way to safeguard the data being transmitted over
the network. Sender of the information encrypts the data using a secret code and only the
specified receiver can decrypt the data using the same or a different secret code.

Digital Signature− Digital signature ensures the authenticity of the information. A digital
signature is an e-signature authenticated through encryption and password.

Security Certificates − Security certificate is a unique digital id used to verify the identity of an
individual website or user.

III.
1. Lack of trust in the privacy and E-Commerce Security

Businesses that run E-Commerce operations experience several security risks, such as:

Counterfeit sites – hackers can easily create fake versions of legitimate websites without
incurring any costs. Therefore, the affected company may suffer severe damage to its reputation
and valuation.
 Malicious alterations to websites – some fraudsters change the content of a website. Their
goal is usually to either divert traffic to a competing website or destroy the affected company’s
reputation.
Theft of clients’ data– The E-Commerce industry is full of cases where criminals have stolen
the personal information of customers, such as addresses and credit card details.
Damages to networks of computers – attackers may damage a company’s online store using
worm or virus attacks.
Denial of service – some hackers prevent legit users from using the online store, causing a
reduction in its functioning.
Fraudulent access to sensitive data – attackers can get intellectual property and steal, destroy,
or change it to suit their malicious goals.

Security Threats in the E-commerce Environment

E-COMMERCE AND INTERNET MARKETING

2. Malware, viruses, and online frauds
These issues cause losses in finances, market shares, and reputations. Additionally, the clients
may open criminal charges against the company. Hackers can use worms, viruses, Trojan
horses, and other malicious programs to infect computers and computers in many different
ways. Worms and viruses invade the systems, multiply, and spread. Some hackers may hide
Trojan horses in fake software, and start infections once the users download the software.
These fraudulent programs may:
hijack the systems of computers
erase all data
block data access
forward malicious links to clients and other computers in the network.
3. Uncertainty and complexity in online transactions
Online buyers face uncertainty and complexity during critical transaction activities. Such
activities include payment, dispute resolution, and delivery. During those points, they are likely
to fall into the hands of fraudsters.
Businesses have improved their transparency levels, such as clearly stating the point of contact
when a problem occurs. However, such measures often fail to disclose fully the collection and
usage of personal data.

E-commerce website security measures to cover you 24/7

1. Use Multi-Layer Security
It is helpful to employ various security layers to fortify your security. A Content Delivery Network
(CDN) that is widespread can block DDoS threats and infectious incoming traffic. They use
machine learning to keep malicious traffic at bay. Source: NIST
You can go ahead and squeeze in an extra security layer, such as Multi-Factor Authentication. A
two-factor authentication is a good example. After the user enters the login information, they
instantly receive an SMS or email for further actions. By
 E-COMMERCE AND INTERNET MARKETING
implementing this step, it blocks fraudsters as they will require more than just usernames and
passwords to access the legit users’ accounts. However, hacking can still occur even if an MFA
is in place.
Most companies that use MFA are still successfully hacked. — Roger Grimes, 2018

2. Get Secure Server Layer (SSL) Certificates
One of the primary benefits of SSL Certificates is to encrypt sensitive data shared across the
internet. It ensures that the information reaches only the intended person. It is a very crucial
step because all data sent will pass through multiple computers before the destination server
receives it.
If SSL certificate encryption is absent, any electronic device between the sender and the server
can access sensitive details. Hackers can thus take advantage of your exposed passwords,
usernames, credit card numbers, and other information. Therefore, the SSL certificate will come
to your aid by making the data unreadable to unintended users.

3. Use solid-rock Firewalls
Use effective e-commerce software and plugins to bar untrusted networks and regulate the
inflow and outflow of website traffic. They should provide selective permeability, only permitting
trusted traffic to go through.

4. Anti-Malware Software
Your electronic devices, computer systems, and web system need a program or software that
detects and block malicious software, otherwise known as malware. Such protective software is
called Anti-malware software.

E-COMMERCE POLICIES YOU TO NEED TO HAVE

You’re now familiar with why airtight policies for your e-commerce business are even more
crucial for you than they would be for a business that isn’t internet-based. As a reminder, the full
list of policies you need to establish for your e-commerce business will depend on factors like
your industry and the location of your headquarters. That said, there are a few fundamental
policies that pretty much every new e-commerce business will need to set up before they get
going:
a. Terms of Service
You need to iron out your e-commerce business’s Terms of Service as soon as your business
opens its proverbial doors. Terms of Service — also known as Terms of Use, Terms and
Conditions, or Disclaimers — describe the regulations that you attach to your e-commerce
business. Visitors have to agree to these Terms of Service to use your site.
Through your Terms of Service policy, you can do the following:
list prohibited user actions on your website
reserve the right to delete accounts if the user violates these terms
preserve ownership of the content on your site
E-commerce businesses aren’t legally required to have Terms of Service policies, but
it’s a good idea to create one nonetheless so that you can regulate user activity on your site.
Having Terms of Service also lowers the likelihood of customer lawsuits against your business,
as long as they are enforceable and fair under state and federal law.i
b. Privacy policy
Unlike a Terms of Service policy, a privacy policy is required by law. Under the GENERAL DATA
PROTECTION REGULATION (GDPR) mentioned earlier, e-commerce businesses must have
privacy policies that achieve the following ends:
Obtain customer consent for data processing
Anonymize data to protect customer privacy
Guarantee notification in the event of a data breach
c.Explain careful cross-border data transfers
Provide a dedicated data protection officer (for some companies)
Returns and exchanges policy
E-COMMERCE AND INTERNET MARKETING
Will your e-commerce business offer returns or exchanges? You’ll need to iron out your returns
policy before you ship out your first order. Your returns policy should answer the following
questions:
Do you offer returns?
Do you offer exchanges?
What’s the procedure for returns or exchanges?
Is free shipping available for returns or exchanges?
How will customers receive refunds for returns?
Is there a limited time frame for returns or exchanges?
Are there any other conditions for returns or exchanges?
Again, many returns and exchanges policy templates are available online. However, because
these policies are so unique to each individual business, make sure your final product fully
reflects your actual practices surrounding returns and exchanges.
d. Shipping policy
Through your e-commerce business’s shipping policy, you need to delineate the details of how
you will ship your customers’ purchases. This policy should include the shipping company
options, the shipping speed options, pricing, handling times, and shipping restrictions. The more
detailed your shipping policy, the more in-the-know your customers are. As a result of this
knowledge, shoppers will be more in-tune with the details that will help them make the best
purchase for their preferences.
e. Taxes
Finally, you need to stay on top of the confusing tax laws that apply to e-commerce businesses.
You need to charge sales tax on a transaction if a state government decides you have a nexus
with its state.
“Having nexus” in a state basically means that you’re doing business there. The tricky part is
that many states define this differently — it could depend on your physical presence in the state,
the number of transactions you do within the state, whether you gain revenues from an affiliation
with a business or person in the state, or whether you use cookies or software on devices within
the state. If you do have nexus in any given state, then you’ll need to register for the state sales
tax permit.
All of this will be legally required, so you won’t have any say in how you organize your sales
taxes. But you will be able to decide how much of this process you reveal to your customers.
Most customers expect to see the amount of sales tax included in their transactions.
However, providing a description of how this amount is calculated couldn’t hurt, either. Again,
the more information you give your customers, the more knowledgeable and empowered they’ll
be to make the right decisions.

A. What is a Static Website?
Static websites usually come with a fixed number of pages that have a specific layout. When the
page runs on a browser, the content is literally static and doesn’t change in response to user
actions. A static website is usually created with HTML and CSS in simple text editors like
Notepad.
Static websites are very simple. It is written in languages such as HTML, JavaScript, CSS, etc.
For static websites when a server receives a request for a web page, then the server sends the
response to the client without doing any additional process. These web pages are seen through
a web browser. In a static website, pages will remain the same until someone changes it
manually.

Advantages:
a. Time-Saving - The biggest advantage of static website is that it is quick to develop. A
professional developer can develop a static website much faster than a dynamic website.
b. Cost-Effective - Unlike dynamic website, static website are cheaper to develop. They are apt
to businesses working on a shoestring budget.
c. Inexpensive Hosting - Static websites can get dedicated servers at a cheaper price and that
too with a cheaper price.
d. Easy Indexing - Search engines like Google and Bing can easily index a static website as
they are just a series of coded HTML or CSS files.
e. Fast Transferring - Static websites do not have a complex structure like dynamic websites
and can be easily and quickly transferred from server to client without much processing time.

Disadvantages:

a. Difficult to Change - The biggest disadvantage of a static website is that its content cannot be
changed easily. Any novice cannot update the content. It requires the expertise of a web
developer to update, add, or change any content on a static website. All the HTML files would
need to be individually changed even for a slight change made to the website.
b. Not Good For the Long Run - A static website is not apt for the long run as any business
would need to make a number of updates to be in sync with the latest trends. In order to make
changes, one would have to change each page file again and again which can consume a lot of
resources.
c. Limited Functionality- A static website does not offer all the functionalities that a dynamic
website can. One can add text, images, videos, and hyperlinks in the content but other than
that, there are no other special functions that a static website can perform.
Static Website Features
Security: As there is no middle man i.e. the database involved, the chances of code injection is
reduced for a static website. No need to add plugins and dynamic software tools to host the
website.
Reliability: At times you get a message while using the web, saying that, “The connection could
not be established”. This primarily occurs because of the database error.

B. What is a Dynamic Website?
The word dynamic refers to elements that are continuously changing, interactive, and functional.
Instead of being simply informational, dynamic websites include aspects that are characterized
by interactivity and functionality. They are more complex in terms of building and design, but
they are also more versatile.
A dynamic website is more functional. It allows users to interact with the information that is listed
on the page. Of course, that requires utilizing more than just HTML code.
Dynamic websites are written in languages such as CGI, AJAX, ASP, ASP.NET, etc. In dynamic
websites, the Content of pages is different for different visitors. It takes more time to load than
the static website. Dynamic websites are used where the information is changed frequently, for
example, stock prices, weather information, etc.

Advantages:
a. Easy to Update - The biggest advantage of a dynamic website is that it can be easily updated
as per the needs of the business owner. No expert knowledge is needed in changing website
and any a single change in the template file would bring the design change in all the pages with
that particular file.
b. Interactive - Dynamic websites interact with the users and changes according to their
behavior.
c. Quick To Responsiveness - A dynamic website can be quickly updated to become responsive
to various screen size that was impossible with a static one.
d. Smooth Navigation - Dynamic websites offer a smoother navigation and lets the user jump
from one page to the other without any prob

Disadvantages:
a. Higher Cost - Dynamic websites can cost big bucks in their development and even the
hosting cost is high. However, once developed they would not cost additional money for any
updates or changes.
b. Slow Processing - Having a number of functions to perform with complex technology, the
dynamic websites becomes slower to process and load.