Data and information security is a vital point in the correct work of online store and prevention of threats of e commerce. Customers got used to buying online, they spend a lot of money for that; it is a comfortable and easy for them not to go out of the room, but do it just from the place. Everything can be bought like that – from a match to a house, a music track to food. Well, not all of these purchases are legal, but we won’t focus on them – we prefer those ones in Internet that are sold legally in the high-demanded stores, like Amazon, eBay, Best Buy or iTunes, and etc.
What is the security for? What is the purpose of it?
There are some points about that:
· Data and information privacy – for this, they use both encryption and decryption
· Authentication – including the previous one (identification) – ensures that the user is authorized with digital signature
· Access control – defines and helps with the resources that someone using the system may access; here, the passwords and IDs are used
· Data safety – it provides guarantee that the data and information was not changed. Such operation is performed by means of message hashing or message digest.
· Nonrepudiation – with digital signatures this operation means non-denial of completed purchase or sale
Threats of e commerce
Now, we will list some main security threats of e commerce which every website owner may be faced to:
1. Threats to the intellectual property. There are browsers, which engage some data personally from site, and that is done even if the website owner doesn’t give permission. Just to exemplify it: it’s about downloading music. Pirating of software and so on. To deal with this and liquidate this problem, it’s up to owners of the website to provide themselves with a secured system of authentication
3. Threats from communication channel. Internet gives possibility to behave free online, work in different networks, send and receive different type of data. Hackers may steal and modify this information, and use software that will help them to find out and misuse passwords and user identification data. Spoofing is one more serious threat of e commerce when the information is transmitted.
4. Threats for servers. Denying the purchase or service is another security threats to e business. Its negative activity lies in generating a program that will send lots of requests from customers, but those requests are difficult for the server to be handled. Another threat is spamming, that should be dealt with.
Interest in e-commerce is growing and continues to grow. Companies are trying to catch up with foreign colleagues in terms of sales. E-commerce conducts seminars and conferences, writes articles and reviews. Particular attention is paid to the security and protection of electronic transactions. For companies, the user’s confidence in electronic transactions is important. We briefly review the stages of purchasing products and services via the Internet.
The customer chooses the product or service through the server of the online store and draws up the order.
The order is entered in the database of store orders. The availability of the product or service through the central database is checked. If the product is not available, the customer receives a notification. Depending on the type of store, the product request can be redirected to another warehouse. If the product or service is available, the customer confirms payment and the order is placed in database. The e-shop sends the customer an order confirmation. In most cases, there is a single database for orders and verification of the availability of goods. The customer pays the order online. The goods are delivered to the customer.
Consider the main threats of e commerce that lie in wait for the company at all stages
Replacing the Web server page of the online store. The main way to implement this is to forward user requests to another server. It is carried out by replacing records in the tables of DNS-servers or in the tables of routers. This is especially dangerous when the customer enters his credit card number.
Creation of false orders and fraud on the part of employees of the ecommerce store. The penetration into the database and changing the procedures for processing orders can illegally manipulate the database. According to statistics, more than half of all computer incidents are associated with their own employees. Interception of data transmitted in the e-commerce system. A particular danger is the interception of information about the customer’s credit card. Penetration into the company’s internal network and compromise of components of the store online. Implementing denial of service attacks and disrupting the functioning or disabling the e-commerce site.
As a result of all these threats, the company loses customer confidence and loses money from imperfect transactions. In some cases, this company can be sued for disclosing credit card numbers. In the case of implementing denial-of-service attacks, temporary and material resources are spent to restore workability to replace equipment. The interception of data does not depend on the software or hardware used. This is due to the insecurity of the version of the IP protocol (v4). The solution to the problem is the use of cryptographic tools or the transition to the sixth version of the IP protocol. In both cases, there are problems. In the first case, the use of cryptography must be licensed in the relevant department. In the second case, there are organizational problems. A few more threats of e commerce are possible. Violation of the availability of e-commerce sites and improper adjustment of the software and hardware of the online store.