Security Issues Concerned With E Commerce Information Technology Essay

Security Issues Concerned With E Commerce entropy Technology Es conjectureRapid advancements in engine room is allowing everyone to send and accept training from anywhere in the world. Initially people lend oneselfd to role information unless slowly this applied science started emerging to headache enterprise atomic number 18as such as marketing, purchasing and selling, is called E-commerce. In which all the business exercises are do online. E-commerce is providing umpteen comforts to everyone at the same era in that location is a chance of mis apply the technology. In this essay, E-commerce is discussed in detail about the hold dearive cover department issues associated with that. Familiarity with securities increases the benefits of E-commerce to a maximum extent.INTRODUCTIONE-commerce is a type of business sham for a small or large business that en ables a sure or individual to conduct business using electronic media such as profits. It tramp be divided into four major areas found on type of business and the parties involved in business. They are business to business, business to consumer, consumer to consumer and consumer to business. This essay explains about E-commerce, importance of E-commerce, latest applications, benefits and draw backs. This is likewise explains in detail about current trade protection issues, E-commerce flagellums, risks and privacy issues cogitate to to various areas of e commerce.IMPORTANCE OF E-COMMERCEIn e-commerce, conviction plays a resilient role in both the businesses and consumers. From the business point of view, with less time spent during each transaction, more than transaction corporation be reach on the same day. As for the consumer, they pull up s pull in ones hornss save up more time during their transaction. Because of this, Ecommerce yards in and re attributed the traditional commerce method acting where a single transaction can cost both parties a parcel out of valuable ti me. For example, a banking transaction can be faultless by means of the Internet at bottom a few minutes compared to the traditional banking method which may take up to hours. This fact clearly proves that Ecommerce is beneficial to both business and consumer wise as compensation and enterations can be completed with greater efficiency.APPLICATIONS OF E-COMMERCENow a days go againstment of E-commerce applications is taking place rapidly. This is mainly due to the increasednumber of internet usersand awareness of technology in people. Many people using internet to shop online, nark bills payment andmoney transfersetc.ADVANTAGES OF E-COMMERCE APPLICATIONSPeople paying more attending to do electronic transaction using internet because, they can do these from any place in the world at any time they wish. This is saving stage set of time and effort and providing comfort. The other important advantage of e commerce is the cheapest means of doing business. From the vendees persp ective alike ecommerce offers a lot of real advantages.Reduction in buyers sorting out time.Better buyer decisionsLess time is spent in resolving invoice and smart set discrepancies.Increased opportunities for buying alternative products.DIS ADVANTAGES OF E-COMMERCEHowever there are several(prenominal) benefits of E-commerce applications, there are few limitations and risks involved in using those applications. The main disadvantage of E-commerce is the lack of a business model, lack of trust and target a line public infrastructure, slow navigation on the Internet, the high risk of buying unsatisfactory products, and most of all lack of shelter. It has a great seismic disturbance on traditional business system. For example,telephone bill paymentin traditional method was expensive and time consuming than the modern online payment. Of course, the recent online payment system is cost effective but, cant digest drill in the transportation system like traditional payment method. So the major disadvantage of E-commerce applications is, it perpetuates unemployment. In roughly way it can provide employment to few people like information base administrator,internet surety providersetc. where as privacy, security department, payment, identity, contract comes under drawbacks of the e- commerce.SECURITY ISSUES interested WITH E-COMMERCEIn spite of its advantages and limitations E-commerce has got some security issues in practical. E-commercesecurity is zero point but preventing firing and defend the areas financially and informational from unauthorized entrance fee, use or destruction. collectable the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day.There are two types of important cryptanalytics we follow for secured E-commerce proceedings.Symmetric ( nonpublic- bring out) secret writingThis is anencryption systemin whi ch sender and receiver possess the same key. The key apply to encrypt a put across is also used to decrypt the encrypted message from the sender.Asymmetric (public-key) cryptographyIn this method the unfeigned message is encoded and decoded using two several(predicate) mathematically related keys, one of them is called public key and the other is called private key.To provide the maximum security using cryptography we target the spare-time activity quin areas1.Integrity2.Non-repudiation3.Authenticity4.Confidentiality5.PrivacyINTEGRITYIntegrity is nada but message must non be altered or tampered with. There are several chances for damage ofdata integrityin the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is being ancestral from one ready reckoner to another. entropy could be circumscribed or theft because of softwarebugsorviruses. Data could be alienated due to the unexpected hardware damages like master of ceremonies or disk gate-crashes. There is possibility of data loss due to the rude(a) disasterslikefire accidents.There are many ways to minimize these threats to data integrity. We can maintain theBack upof our data expeditiously by updating regularly.Modern technology provides us various security mechanisms to controlling access to data.We can improve the data integrity by dint of designinguser interfacesthat prevent the input of invalid data, for example calling card driven applications which allow user to choose particular they are tone for.We can use theerror detectionand correction software when contagion data to develop integrity.NONREPUDIATIONPrevention against any one party from reneging on an agreement after the fact.For E-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure that the parties are who they say they are (assay-mark), and that the transaction is verified as final. Sy stems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employdigital Signatures, which will not single validate the sender, but will also time stamp the transaction, so it cannot be claimed subsequently that the transaction was not authorized or not valid etc.AUTHENTICATIONIn E-commerce, authentication is a influence through seller validates the information provided by the buyer like honorable mention card information. In this offset verification of both the cardholders identity and the payment cards details are checked. In E-commerce transactions sellers must be very careful and responsible to provide good payment authentication inspection and repairs. A well developed and put oned transaction authentication process will decrease the number of customer disputes and charged-back transactions. If the E-commerce tissuesite do not make the good authentication system could lead a gr eat loss of both data and money.CONFIDENTIALITYConfidentiality is protecting our data from unauthorized users. That means some(prenominal) the data or information shared by the merchant and the customers should be accessed by those two parties only. No other should be able to access such data. To maximize the confidentiality we must follow goodencryption and decoding methods, proper authentication and authorization procedures. We must use good antivirus or software error detections system.PRIVACYPrivacy is a major fright in E-commerce area which tells the E-commerce user how long his or her face-to-face information is going to be stored in web site owners database, how safely they blue-pencil such personal information and what are the legal actions will be taken if the ecommerce website is misused. In online transactions, the website owner or service provider will have the ability to keep a record of all the purchases made by a consumer. Each E-commerce website has its own priva cy policy, as per the necessarily of the organization.So the customers must go through the privacy policy onwards they utilize E-commerce website for online shopping. Otherwise the customers have to phase big problem as the seller has the legal rights to take an action on customer for misusing their website. To get absolve of this problem now a days we are able to use many tools like filtering website with low privacy ratingsIn the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. I will explain each and every concept with detail ex castation.digital signature is an electronic signature that can be used to manifest the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been displace is unchanged. A digital signature can be used with any kind of message, whether it is encryptedor not, s imply so that the receiver can be sure of the senders identity and that the message arrived intact.digital certificate is an electronic credit card that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a series number, expiration dates, a copy of the certificate holderspublic key(used for encrypting messages anddigital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can case up other users public keys.In Security socket layer, Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission take care Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client agree to shape session keys, which are symmetrical secret keys specially created for that particular transmission. erst the session keys are agreed, communication continues with these session keys and the digital certificates.Some of the protecting networks are fire wall and proxy servers. Fire wall is to protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to suppress access to authorized employees where as proxy servers (proxies) is aserver(a reckoner system or an application program) that acts as a go-between for requests fromclients pursuance resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a unalike server.E-COMMERCE SECURITY THREATSHowever we follow security measures, there are is a chance of threats in several ways. We can classify such threats in to four types.1.Intellectual propertythreatsSome browsers use the information personally from a website without permission of the website owner. For example, music downloads, software piratingetc. To get rid of this problem website owners have to use secured authentication system2.Client computer threatsSometimes client computers may impose for electronic threats like fifth column horse, viruses. Which enters the client computer without users knowledge, steal the data and destroy or crash the client computer. To avoid these types of threats we need to use good antivirus system which should be updated regularly. The website owners should carry through a strong privacy policy.3.C ommunication short letter threats As internet allows anyone to send and receive information through many networks. Data may be stolen, modified by unauthorized users of hackers. Hackers can develop software to steal the user Identification and pass words as well. Spoofing is another major threat while data is being transmitted electronically.Denial of serviceis also one of communication channel threat, where hackers sends illimitable number of requests to the target server, which big number of requests may not be handled by the server. Obviously the genuine user will find websites of that server are always busy.We can overcome the communication channel threats using public key encryption and private key encryption.We can also use proper protocols to get rid of communication channel threats.Digital signatures are another way we can follow to minimize these kinds of threats. Where the actual message which we need to send is decrypted and bound with senders private key and a signatur e is added to that will be send to the receiver. The receiver uses senders public key and signature for decryption to see the actual message.4.Server threats Denial of service is a major threat for the servers, where hackers generate a program which sends many requests from the client side that cannot be handled by the server. Spammingis another important threat for the servers. To protect our server from the above threats we can use authentication for web access, digital signatures and firewalls. Firewalls check the incoming requests packets and if anything which does not match with the server related data, they simply reject those requests.Some of the tools to achieve the security they are encryption, firewalls, security tools, access controls, proxy systems, authentication and intrusion detection.HOW TO DEVELOP AN E-COMMERCE SECURITY broadcastPerform a risk assessmentDevelop a security policyDevelop an execution planCreate a security organizationPerform a security auditFirstly, security plan starts with risk assessment which means an assessment of the risks and points of vulnerability. Secondly, security policy is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets where as in the implementation plan it will take to achieve the security plan goals. Thirdly, security organization educates and train users, keeps management ware of security threats and breakdown, and maintains the tools chosen to implement security. Lastly, security audit involves the routine review of access logs.MANAGING RISK IN E-COMMERCETo be able to manage the risk in E-commerce first step is identify the risk factor whether it is intellectual property threat, communication channel threat, client computer threator server threat. Then we take a counter action against the relevant risk as explained above. If we dont do this regularly, E-commerce may mislead the customer because of the data st ealing of modification. Customers and the website owners may fall back valuable account numbers pass words and other personal information. As E-commerce is worldwide, it could lead for the global loss for both customers and sellers.CONCLUSIONE-commerce is a type of business model for a small or larger business that enables a firm or individual to conduct business using electronic media such as internet. In e-commerce, time plays a vital role in both the businesses and consumers. E-commercesecurity is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction.Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day.In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. To develop a securi ty plan five major steps have to be considered they are risk assessment, development security policy, implementation plan, create a security organization and do a security audit. To reduce the risk from the Trojans, worms every one should implement the security plan.