Security Issues And Threats In E-Commerce: A Study

Security Issues And Threats In E-Commerce: A Study

Dr Veshalee Singh

Assoc. Professor, Dept. of commerce, Govt. College, Hamirpur, H.P.

ABSTRACT:

E-Commerce means conducting business through internet or through electronic media. It is basically buying and selling goods and services online through internet on computers, tablets, smart phones and other smart devices. It includes online business network, electronic fund transfer system, supply chain management system, electronic data interchange, automated inventory management system, etc. hence, it has become complicated but extremely advanced business tool. It allows the customers to buy products through smart devices saving their time, money and effort and also beneficial to businessmen by curbing various costs like for showrooms, personnel, advertising, middlemen, transportation, warehouses and many more. But there are many security threats also those cause huge financial and emotional loss both to the customers and businessmen which costs havoc for the trust between business and customer. These frauds by the hackers and others are through a myriad of malicious techniques like financial frauds, phishing, spamming, Trojans, malware, bots, denial of service, credit card frauds, fake returns, etc. this paper will explore various types of security online threats.

INTRODUCTION:

The world today is rapidly transforming into high-tech machinery. Swift technological changes are so widespread that it has little room left for conventional ease. So is in business. The Industry has gone through many technological changes resulting in a great deal of evolution. The mass adoption of internet in business has created a paradigm change in the way businesses are conducted today. A virtual marketplace is created for goods and services for the ease of consumers as well as for the producers and sellers. New technology has made it quite easier for the consumers to buy a product from home through computers, smart phones, tablets and other smart devices. They just have to download an app like Amazon, Alibaba, Flipkart, etc. there has been a proliferation of numerous Apps of numerous companies for this purpose. Free shipping has made it more attractive. This is called E-Commerce, which means buying and selling of goods and services through internet through smart devices. Now a days almost everything can be bought through internet and the product will reach a home at zero shipping or postal cost. For this purpose electronic payment gateways like debit card, credit card, UPI system, etc. are used and even cash on delivery is available for the benefit of the consumers. The business online is very competitive and the consumer has a huge variety of products to choose from a wide price band. E-commerce operates in several market segments like business to business, business to consumer, consumer to consumer and consumer to business. E-commerce helps especially small business to reach widespread customers throughout the country and even abroad. It saves various costs like for showrooms, personnel, advertising, middlemen, transportation, warehouses and many other direct and indirect costs only by providing more efficient distribution channels and a payment gateway.

DEFINITION:

“Electronic Commerce is the symbiotic integration of communications, data management and security capabilities to allow business applications within different organisations to automatically exchange information related to the sale of goods and services” (Daniel Minoli and Emma Minoli, the term E-Commerce was coined and first employed by Dr Robert Jacobson, Principal Consultant to the California State Assembly’s Utilities and Commerce Committee, in the title and text of California’s Electronic Commerce Act, carried by the late committee Chairperson Gwen Moore (D-LA) and enacted in 1984 (Wikipedia).      

E-COMMERCE TYPES:

There are 6 basic types of e-commerce:

1.     Business-to-Business (B2B)

2.     Business-to-Consumer (B2C)

3.     Consumer-to-Consumer (C2C)

4.     Consumer-to-Business (C2B).

5.     Business-to-Administration (B2A)

6.     Consumer-to-Administration (C2A)

1.    Business-to-Business (B2B) e-commerce encompasses all electronic transactions of goods or services conducted ​​between companies. Producers and traditional commerce wholesalers typically operate with this type of electronic commerce.

2.    Business-to-Consumer (B2C): The Business-to-Consumer type of e-commerce is distinguished by the establishment of electronic business relationships between businesses and final consumers. It corresponds to the retail section of e-commerce, where traditional retail trade normally operates.

3.    Consumer-to-Consumer (C2C): Consumer-to-Consumer (C2C) type e-commerce encompasses all electronic transactions of goods or services conducted ​​between consumers. Generally, these transactions are conducted through a third party, which provides the online platform where the transactions are actually carried out.

4.    Consumer-to-Business (C2B): In C2B there is a complete reversal of the traditional sense of exchanging goods. This type of e-commerce is very common in crowdsourcing based projects. A large number of individuals make their services or products available for purchase for companies seeking precisely these types of services or products.

5.    Business-to-Administration (B2A): This part of e-commerce encompasses all transactions conducted online between companies and public administration. This is an area that involves a large amount and a variety of services, particularly in areas such as fiscal, social security, employment, legal documents and registers, etc. These types of services have increased considerably in recent years with investments made in e-government.

6.    Consumer-to-Administration (C2A): The Consumer-to-Administration model encompasses all electronic transactions conducted between individuals and public administration. Examples of applications include: Education – disseminating information, distance learning, etc. Social Security – through the distribution of information, making payments, etc. Taxes – filing tax returns, payments, etc. Health – appointments, information about illnesses, payment of health services, etc.

Advantages of e-commerce:

The main advantage of e-commerce is its ability to reach a global market, without necessarily implying a large financial investment. The limits of this type of commerce are not defined geographically, which allows consumers to make a global choice, obtain the necessary information and compare offers from all potential suppliers, regardless of their locations.

By allowing direct interaction with the final consumer, e-commerce shortens the product distribution chain, sometimes even eliminating it completely. This way, a direct channel between the producer or service provider and the final user is created, enabling them to offer products and services that suit the individual preferences of the target market. E-commerce allows suppliers to be closer to their customers, resulting in increased productivity and competitiveness for companies; as a result, the consumer is benefited with an improvement in quality service, resulting in greater proximity, as well as a more efficient pre and post-sales support. With these new forms of electronic commerce, consumers now have virtual stores that are open 24 hours a day.

Cost reduction is another very important advantage normally associated with electronic commerce. The more trivial a particular business process is, the greater the likelihood of its success, resulting in a significant reduction of transaction costs and, of course, of the prices charged to customers.

Disadvantages of e-commerce:

The main disadvantages associated with e-commerce may be Strong dependence on information and communication technologies (ICT); Lack of legislation that adequately regulates the new e-commerce activities, both nationally and internationally; Market culture is averse to electronic commerce (customers cannot touch or try the products); The users’ loss of privacy, the loss of regions’ and countries’ cultural and economic identity and Insecurity in the conduct of online business transactions.

Architectural Framework of E-Commerce:

Architectural framework of e-commerce means the synthesizing of various existing resources like DBMS, data repository, computer languages, software agent-based transactions, monitors or communication protocols to facilitate the integration of data and software for better applications. The architectural framework for e-commerce consists of six layers of functionality or services as follows:

1. Application services.

2. Brokerage services, data or transaction management.

3. Interface and support layers.

4. Secure messaging, security and electronic document interchange.

5. Middleware and structured document interchange, and

6. Network infrastructure and the basic communication services.

Classification of E-Commerce Applications:

The classification of e-commerce applications is given below:

1.   Electronic Market: Electronic Market: is a place where online shoppers and buyers meet. E-market handles business transaction including bank-to-bank money transfer also. In e-market, the business center is not a physical building. But it is a network-based location where business activities occur. In e-market, the participants like buyers, sellers and transaction handler are not only one different locations but even they do not know each other.

2 Inter Organizational Information System (IOS): An IOS is a unified system with several business partners. A typical IOS will include a company and its supplier and customers. Through IOS buyers and sellers arrange routine business transactions. Information is exchanged over communication network using specific formats. So, there is no need for telephone calls, papers, documents or correspondence. Types of IOS are given below:

- EDI (Electronic Data Interchange): It provides secure B2B connection over value added network (Van’s)

- Extranet: which provides secure B2B connection over internet.

- EFT (Electronic Fund Transfer): Electronic Fund Transfer from one account to another.

- Electronic Forms: Online (web-pages) forms on internet.

- Shared Data Base: information stored in repositories (collection of data) shared by trading partners

- Supply Chain Management: Co-operation between company and its suppliers and customers regarding demand forecasting, inventory management and order fulfillment.

Electronic payment:

Electronic payments are either debit or credit payments that are processed entirely electronically, with the value passing from one bank account to another bank account. Credit payments, often referred to as Electronic Credit Transfers (ECT) or Electronic Funds Transfers (EFT), are where a customer instructs their bank to make a payment, electronically, to another bank account. Debit payments, known as direct debits, are where a customer instructs their bank to allow the payment to be charged to their bank account.

Advantages of Electronic payment:

Electronic payment systems are software systems that enable online credit card processing. Via an electronic payment system, users can browse an online catalog and purchase items online through automated online transactions. Launching an e- commerce website ultimately improves the way of doing business, increases level of sales, expands business to local and foreign markets and improves relationships with existing customers.

1 Sales: Your online presence creates a stronger company profile and yields access to new local and foreign markets. The increased availability of your products to a larger customer base via an electronic payment system extends your current mail-order services, and reaches other potential customers and local businesses through increased exposure. An online catalog, with online ordering and payment functions, to sell your products provides the added benefit that you can display information about each item for sale and indicate whether it is available from stock. Displaying related products on the pages viewed is also a subtle sales promotion that might induce the customer to purchase more products.

2 Customer Support: Electronic payment systems enable faster order processing and delivery, which caters for higher efficiency in both business to business (B2B) and business to consumer (B2C) models. Improved customer support services, shorter lead times, and a twenty- four-hour service around the globe ensure a satisfactory shopping experience for your customers. Via the electronic payment system it is easy to implement a personalized service for your customers by enabling subscription services and provide timely information about special offers and promotions. Newsletters are an effective marketing strategy that entices your customers to return to your website and purchase more products.

3 Improved Marketing: An e-commerce website will assist your business in gaining competitive advantage and heightening public interest. An online presence will not only improve and facilitate your current marketing strategy but it will also yield new opportunities in the business to business environment through increased exposure and increased efficiency.

4 Running Costs: An electronic payment system introduces potential cost savings through an improved business model and effective supply chain management, since much of the transaction process will be automated. Whereas, in a manual system your clients need to first contact your company to obtain a quote and check for product availability, through an electronic payment system, they can check your price offers, delivery times and place their orders in a couple of minutes. Lower running costs and shorter lead times enable the company to cater for bulk orders received from local businesses.

Disadvantages of Electronic payment:

1 Online Security: When we check out at a merchant and use our credit cards we must present photo ID. However when making online payments there is no real authentication process to verify that the person entering the information online is not a criminal. Without this verification process time becomes of the essence when it comes critical to dispute a fraudulent charge made using your credit/debit card because research is needed to prove your case.

2 Missed Errors: Can you imagine being in business since 1970, each time you needed to replenish inventory you contacted your supplier with whom you have a personal relationship to place your order. The supplier delivers your goods in a timely fashion. Upon delivery an invoice is provided and you either pay COD (cash on delivery) or mail in your payment. Now 21st Century technology is presented; you submit your order online which requires payment before delivery. Once the goods arrive you realize you mistakenly order the wrong material. Now you have you merchandise that cannot be used and you are out your money. More time is now needed to return the “unnecessary material” to wait for the replacement order to arrive. For many people the old way was more efficient.

3 Fees: Management courses have taught us that there is an opportunity cost for every choice we make. Surprisingly, OPS are no different. Since the core business of many organizations is not IT based and more specifically not specialized in Online Payment Systems an outside vendor is required to provide the online payment services. An Online Payment Systems vendor like PayPal requires the merchant to pay a convenience fee ranging between 2.2%-3.9%. Would it be beneficial to use their services as opposed to alternative payment methods? For corporate organizations this fee may prove to be inconsequential. However, for the small business owner these fees could equate to astronomical figures eating away at the bottom line.

Typical E-Payment Types in E-Commerce:

The modes of payment have surely changed in so many different ways. But it is important to take note that this change is on a positive note and not a negative one. In relation on how we get to make payments, the introduction of payment systems into the market has clearly made things a lot better. These systems are designed to make money transfer from one account to the other quick and easy as it can be done in a matter of seconds. The systems will come in two distinct features but for now we want to take a quick look at some of the different types of electronic payment systems. These are the kind of systems that will accept payments through electronic means.

1 Electronic cards: Electronic cards are designed to reflect your bank account. By having one, it means that you definitely do not need to visit your bank physically in order to access your account. Mostly cut out of hard plastic material to make them durable, the cards will have a magnet trip that allows the machines to be able to gain access to your bank account electronically. They will come in three major types: The debit card, the credit card and the prepaid card. All that the vender has to do is to swap your card across the payment system where a message will be sent to your bank and immediately reply with a confirmation message. All this is done in a matter of seconds.

2 Internet: This is a unique payment system that allows transactions to occur online. There are normally different sites through which you can be able to do this but the two most commonly practiced methods of online payments are direct transfers from one bank account to another or the use of cards.

3 Use of mobile phones: Mobile phones are turning out to be more than just a communication gadget. They are even referred to as smart phones due to the many additional features that they have. Although it will give you limited transactions to carry out, the best kinds of payment system available for mobile phones are mobile banks. There are a number of mobile subscriber firms that have developed the app that allows the mobile users to have an account that they can gain access to through their mobile phone number.

4 Online accounts: This kind of payment system is slowly on the rise. We can attribute this to the increase of online shopping. Having an online account with either PayPal money bookers and or any provider allows you to be able to transfer funds more quickly as there are no restrictions and limitations on what you can do with your electronic money. One can be able to access their online accounts through their phones and or computers. These accounts are so simple to use.

ELECTRONIC COMMERCE SECURITY:

E-Commerce security is the guideline that ensures safe transactions through the internet. It consists of protocols that safeguard people who engage in online selling and buying goods and services. Such basics include:

ü Privacy

ü Integrity

ü Authentication

ü Non-repudiation

1. Privacy: Privacy includes preventing any activity that will lead to the sharing of customers’ data with unauthorized third parties. Apart from the online seller that a customer has chosen, no one else should access their personal information and account details. A breach of confidentiality occurs when sellers let others have access to such information. An online business should put in place at least a necessary minimum of anti-virus, firewall, encryption, and other data protection. It will go a long way in protecting credit card and bank details of clients.

2. Integrity: Integrity is another crucial concept of E-Commerce Security. It means ensuring that any information that customers have shared online remains unaltered. The principle states that the online business is utilizing the customers’ information as given, without changing anything. Altering any part of the data causes the buyer to lose confidence in the security and integrity of the online enterprise.

3. Authentication: The principle of authentication in E-Commerce security requires that both the seller and the buyer should be real. They should be who they say they are. The business should prove that it is real, deals with genuine items or services, and delivers what it promises. The clients should also give their proof of identity to make the seller feel secure about the online transactions. It is possible to ensure authentication and identification. If you are unable to do so, hiring an expert will help a lot. Among the standard solutions include client login information and credit card PINs.

4. Non-repudiation: Repudiation means denial. Therefore, non-repudiation is a legal principle that instructs players not to deny their actions in a transaction. The business and the buyer should follow through on the transaction part that they initiated. E-Commerce can feel less safe since it occurs in cyberspace with no live video. Non-repudiation gives E-Commerce security another layer. It confirms that the communication that occurred between the two players indeed reached the recipients. Therefore, a party in that particular transaction cannot deny a signature, email, or purchase.

Common E-commerce Security Issues:

1.     Lack of trust in the privacy and E- Commerce security:

Businesses that run E-Commerce operations experience several security risks, such as:

i.      Counterfeit sites– hackers can easily create fake versions of legitimate websites without incurring any costs. Therefore, the affected company may suffer severe damage to its reputations and valuations.

ii.    Malicious alterations to websites– some fraudsters change the content of a website. Their goal is usually to either divert traffic to a competing website or destroy the affected company’s reputation.

iii.  Theft of clients’ data– The E-Commerce industry is full of cases where criminals have stolen the information about inventory data, personal information of customers, such as addresses and credit card details.

iv.   Damages to networks of computers– attackers may damage a company’s online store using worm or viruses attacks.

v.     Denial of service– some hackers prevent legit users from using the online store, causing a reduction in its functioning.

vi.   Fraudulent access to sensitive data– attackers can get intellectual property and steal, destroy, or change it to suit their malicious goals.

2. Malware, viruses, and online frauds:

These issues cause losses in finances, market shares, and reputations. Additionally, the clients may open criminal charges against the company. Hackers can use worms, viruses, Trojan horses, and other malicious programs to infect computers and computers in many different ways. Worms and viruses invade the systems, multiply, and spread. Some hackers may hide Trojan horses in fake software, and start infections once the users download the software. These fraudulent programs may:

i.      Hijack the systems of computers

ii.    Erase all data

iii.  Block data access

iv.   Forward malicious links to clients and other computers in the network.

3. Uncertainty and complexity in online transactions:

Online buyers face uncertainty and complexity during critical transaction activities. Such activities include payment, dispute resolution, and delivery. During those points, they are likely to fall into the hands of fraudsters. Businesses have improved their transparency levels, such as clearly stating the point of contact when a problem occurs. However, such measures often fail to disclose fully the collection and usage of personal data.

4. Financial frauds:

Besides stealing bank cards and account details, cybercriminals have got really creative. Ever since the first online businesses entered the world, villains now target apps and websites. There are two common frauds that are used to target the e-commerce industry: credit card frauds and fake returns.

Credit card fraud happens when a criminal uses stolen credit card data to purchase goods or services on an e-commerce store. When payment authorisation based solely on passwords and security questions does not verify a person’s identification. If someone else obtains our credentials, this might result in a fraud prosecution. This allows the third party to effortlessly take money.

Fake returns are unauthorized transactions made to false requests for returns. Businesses reimburse unlawfully obtained merchandise or damaged goods in refund fraud, which is a typical financial scam.

5. Phishing:

Phishing is a cybercrime that aims at stealing user’s confidential data — login and passwords. This is achieved via mass email campaigns run on behalf of popular brands, as well as personal messages inside of the various services like social networks. Messages often contain a direct link on a fake website that looks exactly like the real one, or on a website that redirects the user somewhere else. When the user lands on a fake page, cybercriminals try to make the user enter his login and password that he uses to access a specific website, which allows villains to get access to bank accounts.

6. Spam:

Emails are recognized for being a powerful medium for increasing sales, but they are also one of the most often utilized channels for spamming. Nonetheless, leaving infected URLs in comments on your blog or contact forms is an open invitation for internet spammers to damage you. They frequently send them through your social media inbox and wait for you to click on them. Furthermore, spamming not only compromises the security of your website, but it also slows it down.

7. Bots:

Bots are automated software applications programmed to perform specific tasks. Web crawlers, probably the most known type of bots, are those that define websites’ rankings by systematically browsing all the exiting pages on the internet.

However, there are bots specifically created to crawl websites for their pricing and inventory information. Cybercriminals use this technique to change the pricing of your online store, or to garner the best-selling inventory in shopping carts, resulting in a decline in sales and revenue.

8. DDoS Attacks:

DDoS (distributed denial of service) assaults have evolved from a small annoyance that may have caused modest harm to a huge security risk that is easily damaging and shutting down the business continuity of the world’s largest and most powerful corporations. A DDoS assault aims to prevent a company from operating until the attack is effectively prevented or the attacker ceases. This attacks can harm your website or app by generating a large number of requests which eventually can crash the whole system and make it unavailable for the end-user. This eventually disrupts your site and affects sales.

9. Brute Force Attacks:

The brute force attack is one of the most common password-cracking techniques. This approach presupposes that a hacker tries to use as many character combinations as possible in order to figure out the correct password.

10. SQL Injections:

SQL injection is a cyber-attack aimed to entry your website’s database by targeting your query submission forms. Hackers inject malicious code into your database to read, delete, change, collect or add data.

11. Cross-Site Scripting (XSS):

Cross-site scripting is an attack that comes in the form of a piece of browser code script (HTML). When the attacked user opens the browser and the website, the malicious script starts running and receives access to the various types of user’s sensitive data that must be protected.

12. Trojan horses:

Malware, a program usually downloaded by customers as legitimate software, is called a trojan horse. To this category belong programs that can gather data about credit or debit cards, transfer this information to the hacker, as well as crash users’ computers or use PC resources for hacker’s goals without permission of the user. These programs get any sensitive data with ease and may also infect your website.

13. Man in the middle:

A cybercriminal may eavesdrop on the communication between a store consultant and a customer. If the client is connected to a vulnerable Wi-Fi or network, hackers can take advantage of that to steal sensitive data.

E-commerce website  security measures:

1.     Use Multi-Layer Security:

It is helpful to employ various security layers to fortify your security. A Content Delivery Network (CDN) that is widespread can block DDoS threats and infectious incoming traffic. They use machine learning to keep malicious traffic at bay. One can go ahead and squeeze in an extra security layer, such as Multi-Factor Authentication. A two-factor authentication is a good example. After the user enters the login information, they instantly receive an SMS or email for further actions. By implementing this step, it blocks fraudsters as they will require more than just usernames and passwords to access the legit users’ accounts. However, hacking can still occur even if an MFA is in place.

2.      Get Secure Server Layer (SSL) Certificates:

One of the primary benefits of SSL Certificates is to encrypt sensitive data shared across the internet. It ensures that the information reaches only the intended person. It is a very crucial step because all data sent will pass through multiple computers before the destination server receives it. If SSL certificate encryption is absent, any electronic device between the sender and the server can access sensitive details. Hackers can thus take advantage of your exposed passwords, usernames, credit card numbers, and other information. Therefore, the SSL certificate will come to aid by making the data unreadable to unintended users. There are two types of browser addresses — HTTP and HTTPS. Both abbreviations stand for communication protocol. The protocol is a set of rules that defines data exchange between browser and server, what kind of information should exist there and what to do with that data. HTTPS is a protected version of HTTP. It’s an SSL protocol, which gets activated after SSL-certificate is set and encrypts personal data before the information is transferred to the e-commerce website or app owner. This kind of protection is really useful when you have transactions to be done on your website. Whenever customers enter their credit card information it can be stolen by hackers and used by them later on. Thus, using an SSL certificate will make payments on your website secure and clients won’t be afraid of scams.

3.      Use solid-rock Firewalls:

Effective e-commerce software and plugins should be used to bar untrusted networks and regulate the inflow and outflow of website traffic. They should provide selective permeability, only permitting trusted traffic to go through to stop Spam, XSS, CSRF, malware, SQLi, and many other attacks on the website. It should ensure that the only traffic that accesses your E-Commerce store consists of the real users.

4.      Anti-Malware Software:

The electronic devices, computer systems, and web system need a program or software that detects and block malicious software, otherwise known as malware. Such protective software is called Anti-malware software. An effective anti-malware should render all the hidden malware on the website which can scan the web system for all malicious software round the clock.

5.   Comply with PCI-DSS Requirements: