PROTECTION AND SECURITY OF ECOMMERCE

Prepared by :- RISHAVGUPTA

INDEX What is e-commerce?

Different types of e-commerce Digital e-commerce cycle

E-commerce Security Tools E-commerce Security Strategy Purpose Of Security Security Issues Security threats Secure Websites Passwords Phishing

Types of phishing Ways to prevent phishing

Ways To Be Safe And Protected Guidelines For The First Time Users

Electronic commerce , commonly written as E-commerce. It is the trading or facilitation of trading in products or services using computer

networks, such as the Internet.

Modern electronic commerce typically uses the World Wide Web for at least one part of the transaction's life cycle, although it may also use other technologies such as e-mail.

It draws on technologies such as mobile commerce , electronic funds transfer , supply chain management , internet marketing online transaction processing etc.

What is E-commerce ?

Different Types Of E-commerce!

Business-to-Business : B2B e-commerce is simply defined as e-commerce between companies, it deals with relationships between and among businesses.

Business-to-Consumer: B2C e-commerce is between companies and consumers, involves gathering information, purchasing physical goods, receiving products over electronic network.

Business-to-Government: B2G is generally defined as commerce between companies and the public sector.

Consumer-to-Consumer: C2C e-commerce is simply commerce between private individuals or consumers.

Government-to-consumer: G2C e-commerce is to provide good and effective services to each citizen.

Government-to-business: G2B e-commerce refers to government providing services or information to business organization.

Digital E-commerce cycle

Digital e-commerce cycle includes the following steps:

1. Online stores – there are various online stores like flip kart , snap deal , amazon etc.

2. Internet marketing - Internet marketing, or online marketing, refers to advertising and marketing efforts that use the Web and email to drive direct sales via electronic commerce

3. Payment solutions : like credit card, debit card, master card etc.

4. Customer order management – customers can track their order through their order number.

5. Shipping – goods are shipped through various shipping companies like DTDC GATI etc.

6. Customer support -  is a range of customer services to assist customers in making cost effective and correct use of a product

E-COMMERCE SECURITY TOOLS

Digital certificatesPublic key infrastructure

Encryption softwareDigital signatures

Bio metric scanPasswords

firewall

……

Digital certificates: An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

Encryption : Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ;encrypted data is referred to as cipher text.

Firewall: Firewalls can be either hardware or software but the ideal firewall configuration will consist of both. In addition to limiting access to your computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.

E-COMMERCE SECURITY TOOLS !

E-COMMERCE SECURITY TOOLS !

Digital signature: A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity.

Biometric scanner: In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. There are several types of biometric identification schemes: face: the analysis of facial characteristics

Password: A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource, which should be kept secret from those not allowed access. The use ofpasswords is known to be ancient

E-commerce security strategy: REGULATORY

(EXTERNAL) FINANCIAL (INTERNAL)

MARKETING & OPERATIONS (INTERNAL)

•CONTROL- database and network security

•CONTROL-embezzlement, bad debt expense

•CONTROL- website functions, customer transactions, electronic documents, Intellectual property.

•ASSURANCE METRICS-confidentiality , integrity, authentication

•ASSURANCE METRICS- authentication and integrity

•ASSURANCE METRICS- availability, non repudiation

•PROTECT AGAINST- unauthorised access by hackers, formers employees, malware and crimeware privacy violations .

•PROTECTION AGAINST –Transactions using stolen identities, debit or credit cards, and checks, unauthorized transactions and overrides.

•PROTECT AGAINST-phishing, spoofing ,denial of service attacks industrial espionage.

Purpose Of Securities It seems you cannot go a day without

hearing about someone or some group hacking a website or stealing credit card and other sensitive data from ecommerce sites.

-the electronic system that supports ecommerce is susceptible to abuse and failure in many ways which have to be dealt seriously

Disruption of device : it may result in major losses of the business or inconvenience to the customer

illegal intrusion in customer data: the acts leads to loss of customer confidence stemming from illegal intrusions into customer files or company business dishonesty , human mistakes or net work failure.

Fraud: the act results in direct financial loss funds might transferred from one account another, or records might simply be destroyed.

Theft: theft of confidential, proprietary, technological or marketing information belonging to firm/customer. An intruder may disclose information to a third party, resulting in damage to the key customer, a client , or the firm it self.

The nature of ecommerce and bricks and mortar models of doing business is quite different The difference in the physical payment systems

(electronic money and real money) The FIRST issue in public security is identifying the

principles . They are the people, processes, machines and keys that transact (send , receive , access, update, delete ) information via databases, computers, and networks.

Security concerns generally involve the following issues : ConfidentialityKnowing who can read data and ensuring that

information in the network remains private. This is done via encryption

Security concerns

Integrity making sure that information is not accidentally or maliciously altered or corrupted in transit.

Access Control restricting the use of a resource to authorized principles

Non repudiation ensuring that principals cannot deny that they sent the message

Security

Concerns

SECURITY THREATS IN E-COMMERCE

Threats in E-commerce A threat is an object, person, or other entity that represents

a constant danger to an asset. Hackers attempting to steal customer

information or disrupt the site. A server containing customer information is

stolen. Imposters can mirror your ecommerce site to

steal customer money. Authorized administrators/users of an

ecommerce website downloading hidden active content that attacks the ecommerce system.

A disaffected employee disrupting the ecommerce system.

It is also worth considering where potential threats to your ecommerce site might come from, as identifying potential threats will help you to protect your site.

Acts of Human Error or failure Includes acts done with no

malicious intent.

Caused by inexperience, improper training, incorrect assumptions, other circumstances.

Employees are greatest threats to information security because they are closest to organized data.

• Employee mistakes can easily can easily lead to revealing classified data, entry of erroneous data, Accidental deletion or modification of data, Storage of data in unprotected areas, Failure to protect information

• Many of threats can be prevented with controls

The EC Security Environment: The Scope of the Problem

In 2002 Computer Security Institute Survey of 503 security personnel in U.S. corporations and government.

80% of respondents had detected breaches of computer security within last 12 months and suffered financial loss as a result.

40% experienced denial of service attacks.

40% reported attacks from outside the organization.

85% detected virus attacks.

Sales

virus at-tacksoutside attacksinside attacks

Risk Assessment:A risk assessment will examine how your ecommerce site works and take into account access, users, passwords and other security features that may or may not be in place.A risk assessment will also examine the transaction process customers go through in order to buy your products as vulnerabilities can occur during these processes

Security solutionThere are a multitude of programmes and

business procedures that can help keep your ecommerce site more secure.Scans frequent scans of your server can identify any malicious programmes that may be running, such as worms, viruses or Trojan horses.Limited user access ensure you know exactly who has access to your ecommerce system and assign each user with unique access passwordsSpeak to a internet security company who offers comprehensive security packages

Secure websites Secure sites use encryption technology to transfer

information from your computer to the online merchant’s computer. Encryption scrambles the information in order to prevent computer hackers from obtaining it from route. The only people who can unscramble the code are those with legitimate access privileges.

 Look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the s stands for secure). SSL Certificates secure all of your data as it is passed from your browser to the website's server.

Web Site’s privacy and security policy Every reputable online Web site offers information about

how it processes. It is usually listed in the section “Private Policy”. You can find out if the merchant intends to share your information with a third party or affiliate company.

Every website has its own terms and conditions which it offers to its users, so it is the responsibility of the user to read the terms and conditions before start using that website.

Before dealing with any website or for example shopping online , the research should be made about the trustworthiness of the website. so research the websites before you deal with them.

research can be done by calling and getting the information from the business official websites.

Be aware of cookies and behavioural marketing

Online merchants as well as other sites watch our shopping and surfing habits by using “cookies”, an online tracking system that attaches pieces of code to our Internet browsers to track which sites we visit as we search the web.

“Persistent” cookies remain stored in on your computer while,

“session” cookies expire when you turn the browser off.

Create strong passwords While it is the

responsibility of the retailer to ensure that the customer information is safe in the same way in order to ensure the safety of information the customer should secure his information using user id and password

Never give your out social security number

Providing your social security number is not a requirement for placing an order at an online shopping site.

Giving out your social security number could lead to have identity stolen.

Disclose only bare facts when you order

While placing an order there is certain information that you must provide to the web merchant such as name and address.

There is no need of any such information like leisure lifestyle and annual income this can lead to spam

Often the questions that are necessary to be answered are marked as (*)

Keep your password private Many shopping sites require

the shopper to log in before placing or viewing an order.

The shopper is usually required to provide a user name and password.

Never give your password to anyone. Your password should be unique.

PHISHING Phishing is the attempt

to acquire sensitive information such as

usernames, passwords, and credit card details

(and sometimes, indirectly, money), often for malicious

reasons, by masquerading as a

trustworthy entity in an electronic

communication

Types Of Phishing Spear phishing - Phishing attempts directed at specific

individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.

Clone phishing - A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.

Whaling Several - recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person's role in the company

Ways to prevent phishing

The user is expected to confirm that the domain name in the browser's URL bar was in fact where they intended to go. URLs can be too complex to be easily parsed. Eliminating phishing mail Specialized spam filters can reduce the number of phishing emails that

reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing emails. Email address authentication is another new approach.

Some newer browsers, such as Internet Explorer 8, display the entire URL in grey, with just the domain name itself in black, as a means of assisting users in identifying fraudulent URLs.

Ways to prevent phishing contd.

The email may state that your account information has expired, been compromised or lost and that you need to immediately resend it to the company.

Some emails sent as part of such “phishing” expeditions often contain links to official- Looking Web pages. Other times the emails ask the consumer to download and submit an electronic form.

Remember, legitimate businesses don’t ask for sensitive information via email. Don’t respond to any request for financial information that comes to you in an email. Again, don’t click on any link embedded within a suspicious email.

 

• Change the password from time to time. • Don’t keep the protected and sensitive files in folders that have revealing name.• Choose passwords with numbers, lower and upper case letters, 8 digitals long and have special characters. • Get regular audits (www.comodo.com) – these services usually come with an icon that you can put in your store and they have been known to boost sales.• Apply updates to your shopping carts whenever available.

BASIC WAYS TO PROTECT YOURSELF

• Always use https while navigating through your admin area (if you have SSL installed on your server. • If you want (and have the option), consider deleting all the customer credit card details after purchases.• Sign up with a managed firewall service (www.able-commerce.com) – these services usually come with an icon that you can put in your store and they have been known to boost sales.•Choose a shopping cart that can blacklist (block) IP addresses and users.

BASIC WAYS TO PROTECT YOURSELF contd.

If you are new to the Internet or a regular shopper online, the following guidelines should apply. 1. Find out the cost of delivery before placing your order and how long the delivery will take. Most shopping sites use couriers to deliver the goods and when delivering overseas can become quite expensive.2. If you are bidding on E-bay check out the buyers and sellers feedback.This should become standard before you ever place a bid. 3. Always read the FAQ section if you are new to the site. 4. lf someone demands cash for a payment, ‘say no‘. Use your credit card to make your payment; this will protect you against fraud. Credit card companies refund accounts where fraudulent activity transpires.

GUIDELINES FOR THE FIRST TIME USERS

5. Don’t be afraid to ask the seller lots of questions, some sites provide you the option to contact the seller.(EBAY)6. Check, and read in full the terms and conditions, and the privacy policy of the site.7. If you are unsure about a site. try doing a search with Google or any of the other search engines. You may find comments posted about the shopping site from other customers.

GUIDELINES FOR THE FIRST TIME USERS contd.

CONCLUSIONIn the end we would like to conclude that- The e-commerce has changed the relative

importance of time, but as the pillars of indicator of the country’s economic state that the importance of time should not be ignored.

The e-commerce is not a kind of new industry, but it is creating a new economic model. Most of people agree that the e-commerce indeed to be important and significant for economic society in the future, but actually that is a bit of clueless feeling at the beginning, this problem is exactly prove the e-commerce is a sort of incorporeal revolution.

BIBLIOGRAPHYThe information in this project has been attained from the following : https://en.wikipedia.org/wiki/E-commerce http://www.google.co.in https://garage.godaddy.com http://www.sitepoint.com http://www.tutorialspoint.com

THANK YOU