Cyber Fraud A Threat To Ecommerce

Sudeshna Akanksha PandaRoll No. 985009, LL.M, IV

SemesterKIIT Law School

Objective Of The Study

To establish the extent of internet fraud and its operational impact on ecommerce.

The effectiveness of current fraud prevention systems.

Finally to identify common features in the way internet fraudsters operate.

Hypothesis

The effect of cyber fraud on e

commerce: examining various aspects involved.

Chapterization 1. Introduction  2. Ecommerce and its relation to cyber fraud.

3. Various aspects of ecommerce.   4. Technical issues involved.   5. Legal issues: substantive and procedural.   6. Conclusion and suggestions

Issues Involved

The major issues tackled with in this paper are as follows:

  1. How ecommerce is affected by cyber fraud. 2. Adequacy of regulations in the national and

international level.   3. Technical measures.  4. Mechanisms and laws to check cyber fraud

Introduction

•Two Major Developments During the Past Decade:1. Widespread Computerization2. Growing Networking and Internetworking•Need for Automated Tools for Protecting Files and Other Information.•Network and Inter-network Security refer to measures needed to protect data during its transmission from one computer to another in a network or from one network to another in an internetwork.

Continued…Network security is complex. Some reasons are:•Requirements for security services are:

Confidentiality Authentication Integrity

•Key Management is difficult.•Creation, Distribution, and Protection of Key information calls for the need for secure services, the same services that they are trying to provide.

Features Of Ecommerce

Technology enabled

Ubiquity

Interactivity

Information delivery

Digital content

Inter-disciplinary in nature

Types Of EcommerceB2B (Business-to-Business)

C2C (Consumer-to-Consumer)

B2G (Business-to-Government)

G2B (Government-to-Business)

G2C (Government-to-ConsumerB2C (Business-to-Consumer)

Ecommerce Advantages

•Being able to conduct business 24 x 7 x 365.

•Expansion in market size.

•Availability of current information.

•Better customer service.

•Reduction in costs.

•Marketing efforts gets boosted

Ecommerce PracticesVs.Traditional Business Practices

Financial accounting : From manual to computerized

Information system: From paper based to digital

Advertising : Offline to online

Corporate purchasing : Manual to E-procurement

Ecommerce Infrastructure Includes

A network of Networks.

Hardware and Software.

Building E-Commerce enabled website.

Client-Server Computing.

Hosting site on Web Server.

Finding provider for electronic funds transfer

Electronic Payment System

Credit card

Debit card

E-cheques

E-wallets

Meaning of Cyber Fraud

Crime committed using a computer and the internet to steal a person's identity or illegal imports or malicious programs.

Cybercrime is nothing but where the computer is used as an object or subject of crime.

Online activities are just as vulnerable to crime and can compromise personal safety just as effectively as common everyday crimes.

Lawmakers, law enforcement, and individuals need to know how to protect themselves and the persons for which they are responsible.

Categorization of Cyber Crime

We can categorize Cyber crime in two ways : The Computer as a Target :- using a

computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon :- using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography. Cyber Crime regulated by Cyber Laws or Internet Laws.

Types of Cyber Crime

Hacking Software Piracy Denial Of Service Attack Virus Dissemination Computer Vandalism Cyber terrorism

Types of Cyber AttacksTypes of Cyber attacks, by percentage(source- FBI,2007)

Financial fraud: 11% Sabotage of data/networks: 17% Theft of proprietary information: 20% System penetration from the outside: 25% Denial of service: 27% Unauthorized access by insiders: 71% Employee abuse of internet privileges 79% Viruses: 85%

Types of Cyber Attacks

Manipulate data integrity 6.8% Installed a sniffer 6.6% Stole password files 5.6% Proving/scanning systems 14.6% Trojan logons 5.8% IP spoofing 4.8% Introduced virus 10.6% Denied use of services 6.3%

Types of Cyber Attacks

Downloaded data 8.1% Compromised trade secrets 9.8% Stole/diverted money 0.3% Compromised e-mail/documents 12.6%

Publicized intrusion 0.5% Harassed personnel 4.5% Other 3.0%

Challenges to Security:

•Internet was never designed with security in mind.•Many companies fail to take adequate measures to protect their internal systems from attacks.•Security precautions are expensive {firewalls, secure web servers, encryption mechanisms}.•Security is difficult to achieve.

Security Threats

•Unauthorized access•Loss of message confidentiality or integrity•User Identification•Access Control•Players:

User community Network Administration Introducers/Hackers

•The bigger the system, the safer it is

MVS mainframe users (5%) UNIX users (25%) Desktop users (50%)

The Main Security Risks

•E-commerce offer great deal of opportunities for business. But the whole field of e-commerce is subject to risks as outlined:•Data being stolen

Electronic mail can be intercepted and read

Customer’s credit card numbers may be read

•Login/password and other access information stolen•Operating system shutdown•File system corruption•User login information can be captured

Other Security Issues

Customers risks :Stolen credentials or passwordDishonest merchant Merchants risk :Forged or copied instrumentsInsufficient funds in customers account

E-commerce security

Authorization , Access Control:protect intranet from hoarders: Firewalls Confidentiality , Data Integrity:message must not be altered or tampered with : Encryption Authentication:both parties prove identity before starting

transaction: Digital Certificates Non-repudiation:proof that the document originated by you and

you only: Digital signature

Advantages of cyber security

The cyber security will defend us from critical attacks.

Internet security process all the incoming and outgoing data on our computer.

Cyber security will defend from hacks and virus.  

Safeguards Against Cyber Fraud

Held orders In-house database Shared database/Chain calls Telephone database Issuing Bank Call the customer

Conclusion

Implementation of existing laws in a stricter manner.

Changes in the:1. Information Technology Act, 2000, Amendment 2008 should be strictly adhered to.

2. Indian Penal Code, 1908 should be in amended, stricter punishment should be imposed on violators.

3. The newly added sections of the Indian Evidence Act should be considered while giving judgments on cyber fraud

Suggestions The police officers, judges lawyers and

the persons associated with legal profession should be sensitized on the matter.

The general public, companies and corporate houses should be made aware of the damages cyber fraud can cause

Advertisements in all forms of media is an effective tool for creating awareness.

High fines should be imposed which should be deterrent in nature.