Security Threats in E Commerce

September 25, 2014 Editor-Tech Talk

Abstract: Ecommerce is changing the way people are having access to products and
services, beyond the barriers of geographical locations. This article discusses issues
surrounding e-commerce security and identifies interesting articles to develop related
understanding in the domain.
Keywords: E-Business, E-Commerce, Information Security, Technology
Over the years, E Commerce security has become an important aspect of businesses
worldwide, particularly the aspects of Information Security and Computer Security. With
technological advantages, we are able to eliminate Human touch and improve efficiency in
a number of areas, but with the added fear and risk that some part of the entire value chain
might be compromised, leading to financial loss, and more importantly loss of private
information.
According to a Gartner report, e commerce is over the days becoming more of a mobile
phenomenon, with 298 million mobile device users and 30 % purchase things online.
Though a benefit, this is being exploited for financial gain, and this criminal business alone is
worth a staggering $388 billion each year. Verizon has reported that in 2011, over 174
million records were compromised with 95% of those involving personal information. With
respect to financial institutions, they try to shift the liability away from themselves, and if the
consumer is liable, they provide a more balance approach.

Costs associated with E commerce Security breach:

According to a Ponemon report, an average incident causes a loss of 1.9 million pounds in
Britain and $5.5 million in the US. Regulation Standard Breach costs will include privacy
breached and pending legal action. There are requirements both legally and from the business
that the consumer is informed and the cost would be variable depending on the type and size
of business. Clean up costs would involve coming with a revamp of the system, bringing in
specialist IT professionals to mitigate and prevent further damage. Loss of critical data will
put a business online for several days, and if there is no backup, the sustainability is
uncertain. This would lead to loss of confidence from the investor and shareholder side too.
1. 85 % will take business elsewhere.
2. 47% will take legal action.
3. 64 % will expose it in a public forum.
Payment Card Industry Data Security Standard:
Was set up by the credit card industry to combat online fraud, and move the risk away from
the credit card companies. If there is a breach of credit card information and if the
organisation is not part of the PCI-DSS, then it will be subject to a penalty. According to this
evolving standard, controls are provided, and each card sets its own compliance and formal

validation is not mandatory for all entities. There are various levels of attainment. The
standard is more focussed on the backend controls and there is a lack of stated controls
around the front end companies that collect the details such as websites, call centers and
interactive voice agents.
Government Initiatives:

Digital business
Stay Smart Online
Safe Buy
Digital Europe
Stop Think Connect
Stay Safe Online
APEC Electronic Commerce Steering Group
gov
International Consumer Protection and Enforcement Network ( ICPEN )

Organisations are also making use of Third Party Assurances to increase the consumer
confidence, but that does not happen in most cases. Also consumers, about 58 % of them
dont realise seeing a 3rd party seal in the purchase site. Companies are also using third party
payment gateways to mitigate their involvement and move the risk to another organisation.
Nowadays, Digital Certificates are also being issued as a means of electronic verifiacation of
the authencity of the site, but does not make any assessment about the credibility of the site as
such.
Dimensions:

Integrity : ability to ensure that information being displayed as a website or

transmitted , received over the net has not been altered in any way by unauthorised
party.
Non repudiation : ability to ensure that e commerce participants do not deny online
actions
Authenticity: ability to identify the identity of a person or entity with whom you are
dealing on the net.
Confidentiality : ability to ensure messages and data are available only to those who
are authorised to view them.
Privacy : ability to control use of information a consumer provides about humility self
or herself to a merchant.
Availability : ability to ensure e commerce site continues to function as intended

Points of Vulnerability:

Client
Server
Communication Channel

Threats :

Malicious code
Hacking and Cyber Vandalism

Credit Card theft

Spoofing
Denial of Service
Sniffing
Insider Jobs

So how could we address such a threat effectively

A diagrammatic representation of the potential process is added as a much needed food for
thought. So what do you think of this proposition. Let us know at
editor.webposts@gmail.com

Reference readings
1. Ford, W., & Baum, M. S. (2000). Secure electronic commerce: building the
infrastructure for digital signatures and encryption. Prentice Hall PTR.
2. Pani, A. K., & Kar, A. K. (2011, January). A study to compare relative importance of
criteria for supplier evaluation in e-procurement. In System Sciences (HICSS), 2011
44th Hawaii International Conference on (pp. 1-8). IEEE.
3. Gollmann, D. (2000). E-commerce security. Computing & Control Engineering
Journal, 11(3), 115-118.
4. Kar, A. K., & Rakshit, A. (2014). Pricing of Cloud IaaS Based on Feature
Prioritization-A Value Based Approach. In Recent Advances in Intelligent Informatics
(pp. 321-330). Springer International Publishing.
5. Furnell, S. (2006). E-commerce security. Enterprise information systems assurance
and systems security, 131-147.
6. Kar, A. K. (2015). A hybrid group decision support system for supplier selection
using analytic hierarchy process, fuzzy set theory and neural network. Journal of
Computational Science, 6, 23-33.
7. Hassler, V. (2002). Security Fundamentals for E-commerce. info, 4(2), 49-50.
8. Udo, G. J. (2001). Privacy and security concerns as major barriers for e-commerce: a
survey study. Information Management & Computer Security, 9(4), 165-174.
9. Kumar Kar, A., & Kumar Pani, A. (2014). How can a group of procurement experts
select suppliers? An approach for group decision support. Journal of Enterprise
Information Management, 27(4), 337-357.
10. Maiwald, E. (2001). Network security: a beginner's guide. McGraw-Hill Professional.
11. Kar, A. K. (2014). A group decision support system for selecting an open source tool
for social media integration. In Emerging Trends in Computing and Communication
(pp. 407-413). Springer India.
12. Kar, A. K. (2014). A Decision Support System for Website Selection for Internet
Based Advertising and Promotions. In Emerging Trends in Computing and
Communication (pp. 453-457). Springer India.
13. Sengupta, A., Mazumdar, C., & Barik, M. S. (2005). e-Commerce securityA life
cycle approach. Sadhana, 30(2-3), 119-140.
14. Halaweh, M., & Fidler, C. (2008, October). Security perception in e-commerce:
Conflict between customer and organizational perspectives. In Computer Science and
Information Technology, 2008. IMCSIT 2008. International Multiconference on (pp.
443-449). IEEE.
15. Jebur, H., Gheysari, H., & Roghanian, P. (2012). E-Commerce Reality and
Controversial Issue. International Journal of Fundamental Psychology & Social
Sciences, 2(4), 74-79.