Security Traits in E-Commerce

Since the inception of the Web, E-Commerce has enjoyed hyper-growth. Emerging technologies and a rapidly expanding user base have enabled companies of all sizes to expand their commercial capabilities and make E-Commerce a significant component of the economic engine of the world. The impact of E-Commerce on the global economy has been profound. However, there is some risk involved for conducting and maintaining a robust online business operation that generates results.E-commerce fraud affects all parties in the payment card value chain – from the major card brands that sit at the top of the industry to the billions of credit and debit cardholders worldwide who shop online.Electronic commerce has the potential to offer many benefits both to the consumer and to the business, but the recent rapid rise in online fraud causes concerns over the security of e-commerce transactions.Therefore, it is important for companies that are engaged in or that are considering E-Commerce to regularly audit their online business processes for any vulnerabilities and build the required security solutions into their E-Commerce plan.

E-Commerce is a strategic imperative for organizations today and offers benefits both to the consumer and the organization, but because of concerns over the security of e-commerce transactions many consumers and businesses are still weary of it. However, this is not to say that e-commerce potential is being totally ignored by consumers, research show that the use of e-commerce around the world is increasing. Therefore despite some security concerns electronic commerce related activities such as e-banking continue to grow.ISACA defines e-Commerce as the processes by which associations conduct business electronically with their customers, suppliers and other external business partners, utilizing the Internet as an enabling technology. It therefore encompasses both business to business (B2B) and business-to-consumer (B2C) e-Commerce models, yet does not include existing non-Internet e-Commerce methods based on private networks, for example, EDI and S.W.I.F.T.

In order to understand e-commerce security some common safeguards must be identified and discussed. For the purpose of this study three main areas on which the e-commerce system must be secured will be considered: merchant security, transport security and client security, where merchant security includes the merchant’s and bank’s web server and operating systems. Merchant security involves the security of the systems of the provider of the service. Client side security is involved with the security of the systems of the users of the service. Secure transport involves the securing of information when it is in transit between the client and the merchant. While this Perspective essentially investigates new innovation issues of e-Commerce, it concentrates on security, review and control issues. The field of e-Commerce is growing rapidly on the consolidated fronts of innovation and business utilization. By its tendency, e-Commerce security causing difficulties tothe experts of different courses from the security situations of later times that must now be considered as legacy.

Four basic security requirements of e-commerce transactions can be identified: authentication, confidentiality, data integrity and non-repudiation. Authentication can be defined as "the capacity to uniquely identify a person or entity and to prove such identity". Confidentiality makes assured that just authorized users have access to the content of the exchanged information. As indicated by Hutchinson and Warren, information integrity is the capacity to assure that information has not been modified accidentally or by any unauthorized entity. Non-repudiation can be defined as "the capacity to prevent a denial of activities by a person". People operating e-Commerce applications must be identified and in some manner must prove that they are who they say they are before the transaction is entered into, or if nothing else, before it is completed. Then, after the reality, there must be some manner of ensuring that the people can't deny that the transaction had been entered into, or if nothing else that they had performed the transaction.A number of different technologies that can be used to secure e-commerce have been identified like User Ids and Password, Tokens, Biometrics, Digital Signature, PKI, SSL, and with various Payment protocols include SET, 3D Secure and Secure Payment Application (SPA).

The increase in e-commerce and the rapid rise of the mobile device usage in e-commerce is not only bringing business benefit, but also increasing the threat of cyber crime as criminal organizations (and individuals alike) are exploiting its vulnerabilities for financial gain. The numbers are staggering yet are reportedly more than $388 billion all around per year attributed to cybercrime in general; and a large partition of that eventual related to e-commerce. Verizon published that in 2011 over 174 million records where compromised with 95% of them including personal information.

At the moment the greater part of the risk in e-commerce transactions lies with the provider of the transaction (be that credit cards providers, PayPal, etc.). These all different elements protect themselves from online threats and misrepresentation through insurance policies to cover the transactions and take a risk based methodology. There is a ground swell inside these entities to move the risk far from themselves and provide a more balanced methodology were consumers are liable in the event that they don't go about as a reasonable person on the Internet and make unsafe transactions. Such a movement of legal obligation would certainly erode e-commerce confidence in consumers and specifically discourage new entrants to online shopping. This is likewise raised in the latest Verizon report that even however breaches relating to payment cards cost between a few dollars to in excess of $100 million; more significant were the regulatory and legal feed for several victimized people. Ultimately the consumer is paying indirectly for this risk that these entities hold through transactional fees that are either passed to the consumer, the retailer or both parties.If such a swing was to occur this would lessen the financial risk posed and therefore reduce the insurance premiums; and there the next battle would begin around recognition of that reduced premium and how that is recognized in reduced transactional fees and hence result in reduced price of goods and services.

The Secure Socket Layer (SSL) is one of the most commonly used mechanisms to secure the e-commerce transaction. SSL is a viable option when considering secure e-commerce but it has a number of weaknesses which could be rectified by the use of payments protocols. The inability of SSL to handle payments means that an illegitimate client could have direct access to a clients payment details or that an insecure merchant could allow unauthorized users access to these details. SSL also does not provide non-repudiation. Payment protocols in combination with client authentication techniques do not have these weaknesses and therefore provide the safest method of securing the e-commerce transaction.

 Akshay Bajpai &GauravGodani