E-commerce security has the following main aspects: (i) Privacy, (ii) integrity, (iii) availability, (iv) authenticity and (v) non-repudiation of the parties to the e-commerce transaction. To deploy a fully secured e-ecommerce environment, it is essential to consider all the above mentioned aspects while implementing the information security policy.
The elements associated with e-commerce security are explained below:
Privacy/Confidentiality
Privacy/confidentiality is the extent to which individuals businesses make personal/confidential information available to other individuals and businesses. With any business, confidential information must remain secure and only be accessible to the intended recipient and should not reach to unauthorized people. However, this becomes increasingly difficult when dealing with e-businesses specifically. It is essential to secure data storage and data transmission of such information.
Integrity
Integrity is the assurance that the data is consistent and correct. When the data is transmitted over the Internet, there is a possibility of the tempering of data intentionally or unintentionally. Data integrity may be compromised in a number of ways due to human errors, hardware malfunction, natural disaster, bugs in software, and virus etc. In any e-commerce process, data integrity is of major concern as the information being transmitted over the Internet is not altered in any ‘way by any unauthorized party and the data received is same as the data sent. Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Integrity is violated when data received is not as that has been sent.
Availability
Availability is the assurance that the e-commerce site continues to function as intended. It needs to be ensured that the data associated with e-commerce transactions is easily accessible. Lack of availability of data could be due to network failure, transmission errors, etc. –
Authenticity
Authenticity is the ability to verify the identity of a person, entity or website with whom the transaction is to be made. It is an integral component of e-commerce as it ensures the genuineness of parties, electronic documents, transactions and data. It is important to verify that all parties in a transaction are who they claim to be and are duly authorized to perform the same. Identity can be checked by digital signatures, certificates, biometrics, retinal scan etc. Such authenticity helps to reduce instances of fraud.
Non-Repudiation
Non repudiation is the ability to ensure that the parties in ecommerce transactions do not deny their online actions. It is a guarantee that the sender of a message cannot later deny, having sent the message and the recipient cannot deny, having received the message. This assurance makes the online transaction complete and plays a major role in e-commerce. The responsibility of submitting or receiving an electronic message is accepted by the sender and receiver, thereby protecting them against any false assertions made later. E-commerce utilizes technology like encryption and digital signatures to establish non-repudiation in a transaction.