In spite of its advantages and limitations E-commerce has got some security issues in practical. E-commerce security is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction. Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day. There are two types of important cryptography we follow for secured E-commerce transactions.
Symmetric (private-key) cryptography: This is an encryption system in which sender and receiver possess the same key. The key used to encrypt a message is also used to decrypt the encrypted message from the sender.
Asymmetric (public-key) cryptography: In this method the actual message is encoded and decoded using two different mathematically related keys, one of them is called public key and the other is called private key.
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e-payments/transactions:
- Confidentiality: Information should not be accessible to an unauthorized person. It should not be intercepted during the transmission.
- Integrity: Information should not be altered during its transmission over the network.
- Availability: Information should be available wherever and whenever required within a time limit specified.
- Authenticity: There should be a mechanism to authenticate a user before giving him/her an access to the required information.
- Non-Repudiability: It is the protection against the denial of order or denial of payment. Once a sender sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of message should not be able to deny the receipt.
- Encryption: Information should be encrypted and decrypted only by an authorized user.
- Auditability: Data should be recorded in such a way that it can be audited for integrity requirements.
e-Commerce Security can be divided into two Broad Types:
(1) Client-Server Security
Client-server securities are popular because they increase application processing efficiency while reducing costs and gaining the maximum benefit from all resources working together. These benefits are gained by splitting processing between the client machine/software and server machine/software. Each process works independently but in cooperation and compatibility with other machines and applications (or pieces of applications).
All independent processing must be performed to complete the requested service. Cooperation of application processing produces another client-server advantage, it reduces network traffic. Since each node (client and/or server) performs part of the processing within itself, network communication can be kept to a minimum. For example, static processes, like menus or edits, usually take place on the client-side. The server, on the other hand, is responsible for processes like updating and reporting.
(2) Data and Transaction Security
Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser’s bank in a way that ensures privacy and confidentiality. SET makes use of Netscape’s Secure Sockets Layer (SSL), Microsoft’s Secure Transaction Technology (STT), and Terisa System’s Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI).