Security Issues Concerned With E Commerce Information Technology Essay

Security Issues Concerned With E Commerce Information engineering science EssayRapid advancements in engineering science is allowing bothone to send and receive information from anywhere in the world. Initially people holdd to sh are information solely slowly this technology started emerging to business areas such(prenominal) as marketing, buying and selling, is called E-commerce. In which all the business operations are made online. E-commerce is providing many solace to everyone at the same quantify there is a chance of mis information the technology. In this essay, E-commerce is discussed in detail about the protection issues associated with that. Familiarity with securities increases the benefits of E-commerce to a maximum extent.INTRODUCTIONE-commerce is a type of business model for a small or large business that en adequate to(p)s a firm or individual(a) to conduct business apply electronic media such as internet. It can be divided into quartette major areas based on type of business and the parties involved in business. They are business to business, business to consumer, consumer to consumer and consumer to business. This essay explains about E-commerce, importance of E-commerce, latest applications, advantages and draw backs. This is also explains in detail about current security issues, E-commerce threats, run a pretends and concealing issues link to various areas of e commerce.IMPORTANCE OF E-COMMERCEIn e-commerce, time plays a snappy role in both the businesses and consumers. From the business point of view, with less time played out during each exertion, more transaction can be attained on the same day. As for the consumer, they leave save up more time during their transaction. Because of this, Ecommerce go in and replaced the traditional commerce method where a single transaction can cost both parties a lot of valuable time. For example, a banking transaction can be completed through the Internet within a fewer minutes compar ed to the traditional banking method which may take up to hours. This position clearly proves that Ecommerce is beneficial to both business and consumer wise as payment and documentations can be completed with greater efficiency.APPLICATIONS OF E-COMMERCENow a days development of E-commerce applications is taking place rapidly. This is mainly due to the increasednumber of internet usersand awareness of technology in people. Many people using internet to glom online, make boards payment andmoney transfersetc.ADVANTAGES OF E-COMMERCE APPLICATIONSPeople paying more attention to do electronic transaction using internet because, they can do these from any place in the world at any time they wish. This is saving lot of time and effort and providing comfort. The whatsoever other important advantage of e commerce is the cheapest means of doing business. From the buyers perspective also ecommerce offers a lot of real advantages.Reduction in buyers sorting out time.Better buyer decision sLess time is spent in resolving invoice and order discrepancies.Increased opportunities for buying alternative products.DIS ADVANTAGES OF E-COMMERCEHowever there are several benefits of E-commerce applications, there are few limitations and risks involved in using those applications. The main disadvantage of E-commerce is the lack of a business model, lack of trust and secernate unrestricted infrastructure, slow navigation on the Internet, the high risk of buying unsatisfactory products, and most of all lack of security. It has a great impact on traditional business system. For example,telephone bill paymentin traditional method was expensive and time consuming than the recent online payment. Of course, the recent online payment system is cost effective solely, cant proffer employment in the transportation system like traditional payment method. So the major disadvantage of E-commerce applications is, it perpetuates unemployment. In some way it can forget employment to few peop le likedata base administrator,internet security providersetc. where as loneliness, security, payment, identity, contract comes under drawbacks of the e- commerce.SECURITY ISSUES CONCERNED WITH E-COMMERCEIn spite of its advantages and limitations E-commerce has got some security issues in practical. E-commercesecurity is nonhing but preventing loss and protecting the areas financially and informational from wildcat access, use or destruction. Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day. there are two types of important cryptography we follow for secured E-commerce transactions.Symmetric (private- chance upon) cryptographyThis is anencryption systemin which transmitter and receiver possess the same key. The key used to encrypt a pass on is also used to decrypt the encrypted message from the sender.Asymmetric (public-key) cryptographyIn this method the actual message is encoded and decoded using two antithetic mathematically related keys, one of them is called public key and the other is called private key.To provide the maximum security using cryptography we gull the following five areas1.Integrity2.Non-repudiation3.Authenticity4.Confidentiality5.PrivacyINTEGRITYIntegrity is nothing but message must not be altered or tampered with. in that location are several chances for damage ofdata integrityin the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is creation transmitted from one computer to some other. Data could be modified or theft because of computer softwarebugsorviruses. Data could be lost due to the unthought-of hardware damages like server or disk crashes. There is possibility of data loss due to thenatural disasterslikefire accidents.There are many ways to minimize these threats to data integrity. We can maintain theBack upof our data efficiently b y updating regularly.Modern technology provides us various security mechanisms to controlling access to data.We can improve the data integrity through designinguser interfacesthat prevent the input of hinder data, for example menu driven applications which allow user to choose particular they are go outing for.We can use the flaw detectionand correction software when transmitting data to develop integrity.NONREPUDIATIONPrevention against any one society from reneging on an agreement after the fact.For E-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure that the parties are who they say they are (authentication), and that the transaction is verified as final. Systems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employDigital Signatures, which go out not only validate the sende r, but will also time stamp the transaction, so it cannot be claimed subsequently that the transaction was not authorized or not valid etc. enfranchisementIn E-commerce, authentication is a process through seller validates the information provided by the buyer like credit card information. In thisprocess confirmation of both the cardholders identity and the payment cards details are checked. In E-commerce transactions sellers must be very careful and responsible to provide erect payment authentication services. A well developed and implemented transaction authentication process will decrease the number of customer disputes and charged-back transactions. If the E-commerce website do not ready the good authentication system could lead a great loss of both data and money.CONFIDENTIALITYConfidentiality is protecting our data from unauthorized users. That means any(prenominal) the data or information shared by the merchant and the customers should be accessed by those two parties only . No other should be able to access such data. To maximize the confidentiality we must follow goodencryption and decryption methods, proper authentication and authorization procedures. We must use good antivirus or software error detections system.PRIVACYPrivacy is a major concern in E-commerce area which tells the E-commerce user how long his or her personal information is going to be stored in web site owners database, how safely they delete such personal information and what are the legal actions will be taken if the ecommerce website is misused. In online transactions, the website owner or service provider will have the ability to keep a record of all the purchases made by a consumer. Each E-commerce website has its own privacy policy, as per the needs of the organization.So the customers must go through the privacy policy before they utilize E-commerce website for online shopping. Otherwise the customers have to phase big worry as the seller has the legal rights to take an act ion on customer for misusing their website. To get rid of this problem now a days we are able to use many tools like filtering website with low privacy ratingsIn the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. I will explain each and every concept with detail explanation.Digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. A digital signature can be used with any kind of message, whether it is encryptedor not, simply so that the receiver can be sure of the senders identity and that the message arrived intact.Digital certificate is an electronic credit card that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification potence (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holderspublic key(used for encrypting messages anddigital signatures), and the digital signature of the certificate-issuing authority so that a receiving system can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users public keys.In Security socket layer, Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client agree to create session keys, which are symmetrical secr et keys specially created for that particular transmission. Once the session keys are agreed, talk continues with these session keys and the digital certificates.Some of the protecting networks are fire wall and proxy servers. Fire wall is to protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees where as proxy servers (proxies) is aserver(a computer system or an application program) that acts as a intercessor for requests fromclientsseeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server.E-COMMERCE SECURITY THREATSHowever we follow security measures, there are is a chance of threats in several ways. We can classify such threats in to four types.1.Intellectual propertythreatsSome browsers use the information personally from a website without permission of the website owner. For example, music downloads, software piratingetc. To get rid of this problem website owners have to use secured authentication system2.Client computer threatsSometimes client computers may impose for electronic threats likeTrojan horse, viruses. Which enters the client computer without users knowledge, mistake the data and destroy or crash the client computer. To avoid these types of threats we need to use good antivirus system which should be updated regularly. The website owners should implement a strong privacy policy.3.Communication channel threats As internet allows anyone to send and receive information through many networks. Data may be stolen, modified by unauthorized users of hackers. Hackers can develop software to steal the user Identification and pass words as well. Spoofing is another major threat wh ile data is universe transmitted electronically.Denial of serviceis also one of communication channel threat, where hackers sends unlimited number of requests to the target server, which big number of requests may not be handled by the server. Obviously the genuine user will find websites of that server are always busy.We can overcome the communication channel threats using public key encryption and private key encryption.We can also use proper protocols to get rid of communication channel threats.Digital signatures are another way we can follow to minimize these kinds of threats. Where the actual message which we need to send is decrypted and bound with senders private key and a signature is added to that will be send to the receiver. The receiver uses senders public key and signature for decryption to see the actual message.4.Server threats Denial of service is a major threat for the servers, where hackers beat a program which sends many requests from the client side that cannot be handled by the server. Spammingis another important threat for the servers. To protect our server from the above threats we can use authentication for web access, digital signatures and firewalls. Firewalls check the incoming requests packets and if anything which does not match with the server related data, they simply reject those requests.Some of the tools to achieve the security they are encryption, firewalls, security tools, access controls, proxy systems, authentication and intrusion detection.HOW TO DEVELOP AN E-COMMERCE SECURITY PLANPerform a risk assessmentDevelop a security policyDevelop an implementation planCreate a security organizationPerform a security auditFirstly, security plan starts with risk assessment which means an assessment of the risks and points of vulnerability. Secondly, security policy is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets where as in t he implementation plan it will take to achieve the security plan goals. Thirdly, security organization educates and train users, keeps management ware of security threats and breakdown, and maintains the tools chosen to implement security. Lastly, security audit involves the system review of access logs.MANAGING RISK IN E-COMMERCETo be able to manage the risk in E-commerce first step is identify the risk factor whether it is adroit property threat, communication channel threat, client computer threator server threat. Then we take a counter action against the relevant risk as explained above. If we dont do this regularly, E-commerce may mislead the customer because of the data stealing of modification. Customers and the website owners may lose valuable account numbers pass words and other personal information. As E-commerce is worldwide, it could lead for the global loss for both customers and sellers.CONCLUSIONE-commerce is a type of business model for a small or larger business t hat enables a firm or individual to conduct business using electronic media such as internet. In e-commerce, time plays a vital role in both the businesses and consumers. E-commercesecurity is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction.Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day.In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. To develop a security plan five major steps have to be considered they are risk assessment, developing security policy, implementation plan, create a security organization and performing a security audit. To reduce the risk from the Trojans, worms every one should implement the security plan.