Security is very important in online shopping sites. Now days, a huge amount is being purchased on the internet, because it‘s easier and more convenient. Almost anything can be bought such as music, toys clothing, cars, and food. Even though some of these purchases are illegal we will be focusing on all the item‘s you can buy legally on the internet. Some of the popular websites are eBay, iTunes, Amazon, HMV, Mercantila, dell, Best Buy and much more.
PURPOSE OF SECURITY
1. Data Confidentiality – is provided by encryption / decryption.
2. Authentication and Identification – ensuring that someone is who he or she claims to be is implemented with digital signatures.
3. Access Control – governs what resources a user may access on the system. Uses valid IDs and passwords.
4. Data Integrity – ensures info has not been tampered with. Is implemented by message digest or hashing.
5. Non-repudiation – not to deny a sale or purchase. Implemented with digital signatures.
E-COMMERCE SECURITY THREATS:
1. Intellectual property threats: Some browsers use the information personally from a website without permission of the website owner. For example, music downloads, software pirating etc. To get rid of this problem website owners have to use secured authentication system
2. Client computer threats: Sometimes client computers may impose for electronic threats like Trojan horse, viruses. Which enters the client computer without user’s knowledge, steal the data and destroy or crash the client computer. To avoid these types of threats we need to use good antivirus system which should be updated regularly. The website owners should implement a strong privacy policy.
3. Communication channel threats: As internet allows anyone to send and receive information through many networks. Data may be stolen, modified by unauthorized users of hackers. Hackers can develop software to steal the user Identification and pass words as well. Spoofing is another major threat while data is being transmitted electronically. Denial of service is also one of communication channel threat, where hackers’ sends unlimited number of requests to the target server, which big number of requests may not be handled by the server. Obviously the genuine user will find websites of that server are always busy.
We can overcome the communication channel threats using public key encryption and private key encryption. We can also use proper protocols to get rid of communication channel threats.
Digital signatures are another way we can follow to minimize these kinds of threats. Where the actual message which we need to send is decrypted and bound with sender’s private key and a signature is added to that will be send to the receiver. The receiver uses sender’s public key and signature for decryption to see the actual message.
4. Server threats: Denial of service is a major threat for the servers, where hackers generate a program which sends many requests from the client side that cannot be handled by the server. Spamming is another important threat for the servers. To protect our server from the above threats we can use authentication for web access, digital signatures and firewalls. Firewalls check the incoming requests packets and if anything which does not match with the server related data, they simply reject those requests.
Some of the tools to achieve the security they are encryption, firewalls, security tools, access controls, proxy systems, authentication and intrusion detection.
Feel free to contact E-SPIN for E-Commerce infrastructure and application security, infrastructure availability and performance monitoring solution.