Ans :
E-commerce security has the following main aspects: (i) Privacy, (ii) integrity,
(iii) availability, (iv) authenticity and (v) non-repudiation of the parties to the
e-commerce transaction. To deploy a fully secured e-ecommerce environment, it is
essential to consider all the above mentioned aspects while implementing the information
security policy.
The elements associated with e-commerce security are explained below:
Privacy/Confidentiality
Privacy/confidentiality is the extent to which individuals/businesses make
personal/confidential information available to other individuals and businesses.
With any business, confidential information must remain secure and only be
accessible to the intended recipient and should not reach to unauthorized people.
However, this becomes increasingly difficult when dealing with e-businesses
specifically. It is essential to secure data storage and data transmission of such
information.
Integrity
Integrity is the assurance that the data is consistent and correct. When the data is
transmitted over the Internet, there is a possibility of the tempering of data
intentionally or unintentionally. Data integrity may be compromised in a number
of ways due to human errors, hardware malfunction, natural disaster, bugs in
software, and virus etc. In any e-commerce process, data integrity is of major
concern as the information being transmitted over the Internet is not altered in any
‘way by any unauthorized party and the data received is same as the data sent.
Integrity involves maintaining the consistency, accuracy, and trustworthiness of
data over its entire life cycle. Integrity is violated when data received is not as that
has been sent.
Availability
Availability is the assurance that the e-commerce site continues to function as
intended. It needs to be ensured that the data associated with e-commerce
transactions is easily accessible. Lack of availability of data could be due to
network failure, transmission errors, etc .
Authenticity
Authenticity is the ability to verify the identity of a person, entity or website with
whom the transaction is to be made. It is an integral component of e-commerce as
it ensures the genuineness of parties, electronic documents, transactions and data.
It is important to verify that all parties in a transaction are who they claim to be
and are duly authorized to perform the same. Identity can be checked by digital
signatures, certificates, biometrics, retinal scan etc. Such authenticity helps to
reduce instances of fraud.
Non-Repudiation
Non repudiation is the ability to ensure that the parties in ecommerce transactions
do not deny their online actions. It is a guarantee that the sender of a message
cannot later deny, having sent the message and the recipient cannot deny, having
received the message. This assurance makes the online transaction complete and
plays a major role in e-commerce. The responsibility of submitting or receiving an
electronic message is accepted by the sender and receiver, thereby protecting them
against any false assertions made later. E-commerce utilizes technology like
encryption and digital signatures to establish non-repudiation in a transaction