Ans :
Ecommerce security is the protection of e-commerce from unauthorized access,
unauthorized usage, unauthorized alteration and unauthorized deletion.
Therefore, the main objectives of security in e-commerce are the following:
• Computer security: Protection of assets from unauthorized access, use,
alteration or destruction.
• Physical security: Includes tangible devices for protection.
• Logical security: Protection of assets using non-physical means.
• Threat minimization: Any act or object that poses a danger to computer
assets.
An e-commerce system faces large number of threats which create issues and concerns
related to its security. Some of these are obvious and others are created and can be
understood only by experts. This means that attacks can be directed on a system from
- many different directions.
Security concerns in e-commerce can be studied from three perspectives as given
Table 6.1. E-commerce can be secured if the entire commerce chain is secured. That is,
the client computer, the messages travelling on the communication channel and
associated servers.
Security Concerns of the Client | Security Concerns of S the Communication Channel | Security Concerns of the Server |
Active Content Malicious codes Masquerading | Confidentiality Integrity Availability | Web server Commerce server Database Other Credentials |
Security Concerns of the Client
Client security means privacy of the client and integrity of his Computer.
Active Content
Amongst various threats, active content is a major area of concern in client
security. Active content is the program embedded transparently in web pages
which can cause actions to occur. For example, display moving graphics,
download and play audio etc. It is used in e-commerce in the form of Java applets,
ActiveX controls etc. It creates security risk because malicious programs hidden
inside webpage can reveal and destroy the confidential and sensitive information
in the form of cookies. These cookies remember user names, passwords, etc. on the
client computers.
Virus, Worms and Trojan Horses
Another security issue that arises to client and his computer are the viruses, worms
and Trojan horses which can create havoc to the systems.
• Virus is a piece of software that is designed to replicate itself.by
copying itself into other programs stored in a computer which can
cause the program to operate incorrectly or corrupt the Computer’s
memory.
• Worm is software that is capable of reproducing itself. It can also
spread from one computer to the next over a network.
• Trojan horse is a program that appears to have a useful function but
contains a hidden function which is harmful.
• These viruses can delete stored data or manipulate actual data.
Malicious software can damage the system and is a major threat.
Masquerading
Another security concern is masquerading. Masquerading occurs when one person
uses the identity of another to gain access to a computer. This may be done in
person or remotely. For example, a perpetrator could pretend to be a particular
vendor and divert the payment to his own benefit. But, the customer himself could
assume a false identity and make an invalid payment which the dealer would not
actually receive.
Security Concerns of the Communication Channel
Another major concern in any e-commerce application is the security of the
communication channel, That is, the security of the message when it passes through the
Internet. This is probably the most obvious issue for e-commerce applications since the
amount and severity of cyber-attacks are increasing. The data/message being transferred
through the network must be secured from any unauthorized disclosure and alterations.
Any theft of sensitive or personal information may become a significant danger.
Replaying old messages, tapping of communications, unauthorized changes to messages,
misuse of remote maintenance accesses are the dangers to the communication channel.
Security Concerns of Server
Another major concern in any e-commerce application is the security of the web server,
commerce server and databases. Database contains valuable and sensitive information.
Any loss or manipulation of stored data can create irreparable damages. The server is
required to be protected from break-ins, site vandalism, and denial of service attacks. The
more complex software becomes, the higher is the probability that errors exist in the
codes. Revelation of server’s folder names to a web browser leads to breach of
confidentiality .