E-Commerce
Unit -5 Lesson -1
Security and Legal Aspects of E-commerce: E-commerce security Meaning and issues
Security and Legal Aspects of E-commerce: E-commerce security Meaning and issues;
What is e-commerce? It is commerce taking place using the World Wide Web as an enabling transport. The web is the way to do business for many reasons, including access and consistency. However, any transaction-taking place across the public Internet is open to a wide variety of security problems.
E-COMMERCE SECURITY ISSUES
The use of the Internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. Because the Internet is unregulated, unmanaged and uncontrolled, it introduces a wide range of risks and threat to the systems operating on it.
The following points outline the security issues related to e-commerce
Access control : Access control ensures only those that legitimately require access to resources an: given ac-cess and those without valid access cannot have access. Various types of threats exist for access control. For example, being able physically to enter a building or having access to network equipment is one example of the threat.
Privacy : Privacy ensures that only authorized parties call access information in any system. Data should also not be distributed to parties that should not receive it. Being a threat to integrity is possible only when one has access at a level consistent with someone having the rights to alter a document. For example, If a customer places an order, and someone can access the system as the customer, they may be able to alter the contents of the order placed.
Authentication : Authentication ensures that the origin of an electronic message is correctly identified. This means having the capability to determine who sent the message and from where or which machine. It will be impossible to know who actually placed an order and whether the order placed is genuine or not.
Non-repudiation : This ensures the sender cannot deny sending a particular message and the receiver cannot deny receiving it. If many customers receive goods and then deny placing an order, the shipping, handling and associated costs can be significant for the company processing the orders.
Availability : Customer order systems ensure that the customer order systems are available all the time. Two major threats to availability problems are virus attacks and denial of service. Transaction security has kept many customers from purchasing products on the Internet. Much resistance has come from privacy issues such as credit card number and personal information.
RISKS INVOLVED IN E-COMMERCE
• Carrying out denial-of-service (DoS) attacks that stop access to authorized users of a website, so that the site is forced to offer a reduced level of service or in some cases, cease operation completely
• Gaining access to sensitive data such as price lists, catalogues and valuable Intellectual property, and altering, destroying or copying it
• Altering your website, thereby damaging your image or directing your customers To another site
• Gaining access to financial information about your business or your costumers, with a view to perpetrating fraud
• Using viruses to corrupt your business data
Impact upon business
• Direct financial loss as a consequence of fraud or litigation.
• Consequential loss as a result of unwelcome publicity.
• Criminal charges If you are found III he in breach of the Data Protection or Computer Misuse Ads, or other regulation on e-commerce.
• Loss of market share if customer confidence is affected by a denial-or-service attack, or other
The image presented by your business, together with the brands under which you trade, are valuable assets. It is important to recognize that the use of e-commerce creates new ways for both image and brands to be attacked.
Risks from Viruses, Trojans and Worms
Trojan horses and worms are computer programs that can infect computers. Trojans can be used to infect a computer with a virus. A Trojan is a program that appears to be legitimate but contains another program or block of undesired malicious code, disguised and hidden in desirable code.
Security threats in the E-commerce environment- security intrusions attacking methods like hacking, sniffing, cyber-vandalism, .etc.
Risks to E-commerce Systems
Hackers can hijack your computer and use it for malicious purposes, such as carrying out a denial-of-Service (DoS) attack on another wwebsit. They can also corrupt or delete data on the hard disk of your server to steal confidential data.
How do viruses spread
• CDs and floppy disks containing infected documents
• emails containing infected attachments
• Internet worms that exploit holes in your system’s operating system when you are connected to the Internet
Spyware : Spyware is software that is placed on your computer when you visit certain websites. It is used to secretly gather information about your usage and sends it back to advertisers or other interested parties. In addition to tracking your system use, it can also slow down crash your computer.
PROTECTING THE E-COMMERCE SYSTEM
Securing your e-Commerce System : As the use of the Internet continues to grow, website are assuming greater importance as the public face of business. With this high level of dependency upon the services provided by e-commerce systems, it is essential that they are protected from the threats posed by hackers, viruses and fraud.
Identifying e-commerce Threats and Vulnerabilities
It is important that you understand the risks facing your c-commerce system, and the potential Impact should any security incident arise..
Malicious threats could include :
• Hackers attempting to penetrate a system to read or alter sensitive data
• Burglars stealing a server or laptop that has unprotected sensitive data on its disk Imposters masquerading as legitimate users and even creating a website similar to yours
• Where (or who) are the potential sources of threats?
• What level of expertise is the hacker likely to possess? much effort are they likely to expend in attempting preach your security?
• What facilities and tools are available to them.
Risk Assessment : A risk assessment can he carried out to provide an organization with a clear understanding of the risks facing its e-commerce system. A key part of a risk assessment is defining the business' information access requirements. Any analysis should also take account of how electronic transactions are verified.
COMMON E-COMMERCE SECURITY TOOLS
Authentication : There are several techniques that can identify and verify someone seeking to access an online retailer's website, including fingerprint and iris scans and facial-feature recognition.
Access Control : Businesses should use tools to ensure their employees can only access data and services they are authorised to access. These include using network and application controls to prevent access to other computer systems and networks. Changes to access privileges must be controlled to prevent users retaining them if they transfer between departments or leave the business.
Encryption : Secure sockets layer (SSL) is a technique used to protect data that is being held on a computer or transmitted over a network. It uses technology such as virtual private networks (VPNs) and secure socket layers (SSLs) to prevent hackers from accessing sensitive data.
Firewall : Firewall is a hardware or software security device that filters information passing be-tween internal and external networks. It can be applied at the network level, to provide protection for multiple workstations or internal networks, or at the personal level where it is installed on an individual PC.
Types of Firewalls
There are three basic types of firewalls depending on
1. Whether the communication is being done between a single node and the network, or between two or more networks
2. Whether the communication is intercepted at the network layer, or at the application layer
3. Whether the communication state is being tracked at the firewall or not.
Digital Entity : Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity' and the identity of other people and things. Digital Identity is a safe personal web platform that gives the individual the power III control how they interact with the Internet.
The basis of Digital Identity.
• Is the online presence of an individual or business….gives access to online service authentication
• Defines the level of access to online services – authorization
• Is a repository of information for use by the subscriber, for the subscriber…is the first point of all online communications.
Technology solutions- encryption, security channels of communication, protecting networks, servers and clients;
CLIENT-SERVER NETWORK SECURITY
Network security 011 the internet is a major concern for commercial organizations. Computer security violations cost US businesses half a billion dollar each year. Managers need to audit all access to the network. A system that records all log – on attempts can alert Managers to the need for stronger measures.
Over the years, several protection methods have been developed:
Trust-Based Security : Quite simply trust based security means to trust every-one and do nothing extra for nothing. It is possible not to provide access restrictions of any kind and to assume that all users are trustworthy and competent in their use of the shared network.
Security through Obscurity : Most organizations in the mainframe era practiced a philosophy known as security through obscurity (STO) The notion that any network can be secure as long as nobody outside it's management group is provided information on a need to know basis. STO providers a false sence of security in computing systems without hiding information.
Firewall and Network Security : Petr-tion is a barrier, a firewall between the corporate network and the outside world (untrusted networks) Device allows insiders full access to services on the outside while grating access from the outside only selectively, based on log on name, password, ip address or other identifiers.
Firewalls operate by screening packets and for the application that pass through them. Some firewalls place a greater emphasis on blocking traffic, and others emphasis on permitting traffic. In principle, the firewall call be thought of as a pair of mechanisms: one to block in coming traffic and other to permit out going traffic.
Firewalls in Practice : Firewalls can be configured in a number of different ways including simple login systems that record all network traffic flowing though the firewall for auditing purposes. They can also be more complex methods such as IP packet, screening routers, hardened firewall hosts, and proxy application gate ways.
DATA AND MESSAGE SECURITY
Encryption : An e-commerce operation's success or failure depends on a myriad of factors, including but not limited to the business model, the team, the customers, the investors, the product, and the security of data transmissions and storage. One of the most effective means of ensuring data security and integrity is encryption.
E-commerce systems an use the following encryption techniques :
Public key encryption or Asymmetric key-bused algorithm : It is called public key/private key encryption, or P2P encryption, and has been used by Microsoft and other big tech companies for years.
Symmetric key-bused algorithms, or block-and-stream ciphers : Using a stream cipher, your data is encrypted on a hit-by-bit basis and decrypted based on a specific key. This process is much smaller and faster than encrypting larger (block) chunks of data.
Hashing, or creating a digital summary of II string or file : This is the most common way to store passwords on a system, as the passwords aren't really what’s stored. Just a hash that can’t be decrypted.
The key refers to the scheme that helps match up the encoded information with the real message. Much 11111re complex codex can he broken by powerful computers when only one key exists. The basic means of encrypting data involves a symmetric cryptosystem. In this the same key is used to encrypt and to decrypt data.
SOCIAL MEDIA MARKETING
Social Media Marketing is the process of making your website or blog more visible in social media searches and sites, and more easily linked by other sites. Social Media Marketing uses websites, blogs, online videos, photo sharing, message boards and posts on social networking sites to reach a large or targeted audience.
What is the Difference Between SMM (Social Media marketing) and SMO (Social Media Optimization)?
Social Media Optimization involves creating the right type of content and building a site that is easy to share on social-networks and is friendly to social media users whereas
Social Media Marketing goes a step further in terms of actually promoting the content on these networks and spreading the word about your content.
Why Social Media Optimization/Marketing?
1. One can reach a large number of people In a more spontaneous way without paying large advertising fees.
2. The use of blogs and social and business networking sites can increase traffic to your website from other social media websites. This in turn may increase your Page Rank, resulting in increased traffic from leading search engines. -
3. Social media complements other marketing strategies such as <I paid advertising campaign.
4. You can build credibility by participating in relevant forums and responding to questions.
5. Social Media sites have information such as user profile data, which can be used
to target a specific set of users for advertising.
The summary of Unit -5 Lesson -1 Security and Legal Aspects of E-commerce: E-commerce security Meaning and issues Notes summarise from the content of Book of School of Open Learning. © School of Open Learning
INCOME from Other Sources - INCOME tax Notes