E-COMMERCE SECURITY ENVIRONMENT
E-commerce embodies several business transactions over utilizing electronic systems. E-commerce website involves internal network which might interface with World Wide Web. E-commerce introduced external as well as internal risk to both business and website to which it connected.
External threats to e-commerce website are raised from various sources involving electronic economic environment as well as risk related to the external internet. Internal threats come from staff, internal network, management and business processes. The most common risk is security-related issues that relate to the interface among the consumer transactions and network.
Intruders pose a security threat to the network through DoS attack that can overwhelm site or theft of private financial information after gaining access to the internal system through vulnerabilities of an e-commerce website. Other security threats related to these websites are summarised as beneath:
Malicious code threats: These types of threats involve worms, viruses and Trojan horses.
- Viruses are external threats and have the ability to corrupt files on the website after finding their direction in the internal network. They might be critical as they completely harm the computer system and disrupt normal operations of the computer.
- Trojan horse is defined as programming code that performs destructive functions. They attack computers while downloading something.
Wi-Fi eavesdropping: It is one of the simplest ways in the e-commerce to steal private information. It is recognized as virtual listening of data that is shared across Wi-Fi network that is not encrypted. It occurs on personal and public computers as well.
Other Threats: Certain other threats which are raised are data packet sniffing, port scanning and IP spoofing. An attacker can involve a sniffer to attack an information packet flow and scan unique data packs. Through IP spoofing, it becomes hard to trace the intruder. The target is here to modify the source address and provide it such a look that it must look as though it is derived from another computer.
TECHNIQUES TO COMBAT E-COMMERCE THREATS
Encryption: It is defined as a mechanism of converting normal information into an encoded content that cannot be read by others except the one who sends or receive this message.
Having digital certificates: It is known as digital certificate being issued by a trustworthy third party company. An SSL certificate is essential because it gives a high authentication level to the website. The main function of this certificate is to secure an e-commerce website from unintended attacks like Man-in-middle attacks.