The internet is the greatest technology that man has ever created in every way. Everything has been transformed by the development of the internet, including trade, transportation, and communication. There are countless advantages that the internet has given to society. It is true that everyone in the world depends on the internet, and that dependency on internet services is growing rapidly. How the world could function without the internet is a perplexing subject. To begin with, it would cause instability since the economy would stall and many people would be out of work. The operation of e-commerce requires a significant percentage of the internet. E-commerce refers buying and selling commodities by the aid of electronic systems and the internet (Khan, 2016). E-commerce is a popular technology, preferred due to its simplicity compared to traditional methods of buying and selling. E-commerce allows buyers and sellers to conduct a transaction with minimal difficulty. In addition, E-commerce has the ability to bridge barriers created by distance as does not have geographical limitations.
E-commerce is a huge industry with the average revenue of 1.2 trillion dollars generated in 2013. The number of online buyers is also continually increasing with over one billion buyers. This translates to 40% of the world’s population has made an online purchase (“E-commerce Statistics”, 2016). The remarkable aspect of that the entire industry exists on trust. The customers trust that if they pay for the commodities, they will receive them. In addition, customers trust that owners of e-commerce stores will protect their personal information as their names, social security numbers, and credit card information among others. E-commerce business owners have the obligation of protecting customer’s information. Different countries require safeguarding of personal information at all cost and have placed stiff measures for companies that do not implement data protection procedures. Apart from a legal obligation, lack of protection of customer information has rendered most e-businesses bankrupt. A good example is Target an e-business firm that suffered a serious data breach in 2013 where there was a hack of over 40 million of customer account information. The outcome for Target was severe as the sales dropped from 961 million dollars in November 2012 to 520 million dollars in January 2013 - a 46% drop in just 2 months (Malcolm, 2014). This is how trust is critical to e-commerce businesses. Therefore, the importance of security is integral in the e-commerce industry.
Problem statement
Despite the importance and the benefit of e-commerce, the industry faces numerous challenges. This article focuses on the security challenges that e-commerce industry faces and possible solutions. Security is the cornerstone of every e-business and ensuring a successful e-commerce transaction is a security nightmare. E-commerce transaction carries a potential threat from the client making the request to the server receiving the request and in between. So many things can go wrong during the transaction as perpetrators exploit the vulnerability of the system. Types of attacks that can happen are in four categories: attack in the client making the request, the network carrying the request, the server receiving the request and the storage facility. It is the task of the individual and the e-business entity to ensure necessary security precaution is in place to prevent possible attacks (Rahman & Lackey, 2013). There are varieties of security measures that can be in place to ensure maximum security of user’s information. If there is consideration of these security measures, then there is a guarantee of a successful transaction.
E-Commerce Security
Security in the Client
Any e-commerce transaction must originate from a client. A client refers to the device used by a customer to make a transaction. A device may be phone or computer that one connects to an e-business site to make a purchase. A common threat that is common to the client is phishing. Phishing is the process of sending a fictitious email with the aim of soliciting information from individuals. Phishing attacks lure their victims to fraudulent websites that look authentic. The victims unknowingly release their personal information. Other attacks include viruses, rootkits, and Trojan horse. Virus is a destructive type of attack that aims at crippling the users’ machines and rendering them unusable. Destructive types of attacks are quite uncommon on clients, as they do not generate any financial benefit. The use of Trojan and rootkit, on the other hand, is quite common. Attackers design Trojans and rootkits to secretly collect user information as credit card number and send to the attacker (Zhu, 2013). The information then used to commit fraud. In addition, attackers can use Trojan horses and rootkits to hold the computer hostage. During this time, the attacker requires the computer owner to pay a ransom to use his machine. The solution to viruses, Trojans, and rootkits is ensuring that the client has up to date security patches and the installation of antiviral software.
Security in the Network
Before a request goes to the e-business server, it passes through routers. Routers are special devices that route traffic to the required destination. For example, if one connects to an e-business server in China from the United States, the information needs to travel from the user’s client to the e-business server. This distance is massive and it is the work of the routes to facilitate the communication. An attacker can access the network and gain access by sniffing and eavesdropping (Isah, 2015). Sniffing and eavesdropping are processes of accessing unauthorized packets from a network and assembling them to gather information. Sniffing attacks are common in unsecured public Wi-Fi zones. The customer should ensure that they avoid unsecured Wi-Fi networks while making online purchases to prevent sniffing.
In ensuring security in the network, encryption of the data is essential. Encryption refers to the process of using cryptographic processes to ensure protection to the data. This way even if attacker gain access to the data, it would be meaningless without the crypto-key to decrypt the data. Sensitive transactions as e-commerce transaction use secure shell layer protocol commonly referred to as SSL protocol. SSL secures communication between the client and the server. The technology uses cryptography keys and certificates to ensure the authenticity of the requests. Virtually every transaction that involves the exchange of personal information uses SSL from e-commerce trading, banking transaction and college application among others (Deshmukh, Kaushik, & Tayade, 2013).
In addition, e-businesses may enhance security through their networks by use of VLAN technology. VLAN technology allows different networking devices on different networks to communicate as if they were on a single network (Isah, 2015). VLAN technology enhances security by ensuring traffic that is contained within the VLAN. This, therefore, restricts traffic from parts of the network, thereby protecting the data from access from the outside world.
Security in the Server
A server is an important device in e-business. The server receives, verifies and processes user information. The server stores the business logic in form of code. Here there is the code to add items to the shopper's cart and bail them accordingly. The server also stores the e-business website and important business and customer information. Therefore, the server is an integral part of the business. An attack on the server can have strong repercussions due to the sensitivity of the information that the server contains. The important nature of the server makes it an attractive target for hackers. It is, therefore, important for e-business to devote most of their resources in ensuring that the server has the latest security system in place.
Denial of Service attack (DoS) is an attack aimed at slowing down the server to deny service to legitimate customers. The attack involves flooding the server with so many requests that it crash. Since it, e-business rely on servers to function, the business closes down when the server does. In the past, solving DoS was quite easy as it means identifying the IP address of the machine sending the requests and blocking it. Today DoS attacks are much harder to solve as they involve numerous clients worldwide sending multiple requests to the server until the server crashes. This type of attack is a Distributed Denial of Service (DDoS). The most common perpetrators of the DDoS attack are rival businesses and close competitors. They benefit as when the e-business servers are down, customers will shop elsewhere more likely in their businesses. The solution to DDoS attack is to include hardware that analyses the packets received by the server and makes a necessary judgment (Nanehkaran, 2013). Furthermore, e-businesses can use scalability to manage increased traffic. Scalability enables the workload sharing between multiple servers, therefore, ensuring business continuity in case of DDoS attack.
Session hijacking also known as the man in the middle attack is a common server attack threat. A session refers to stored information in the server that the server gathers when a client logs into the system. A session may contain information as use IP address, their names, and payment information. The advantage of the session is that they act as cache as they increase performance. Sessions reduce server workloads by reducing queries back and forth on user information (Mangiaracina, 2015). A session key or session id will be stored and accessed once the user accesses the server. Session hijacking involves an attacker gaining access to the session id. Once the attacker has gained access to session id, the server assumes the attacker is legitimate. The attacker can then buy products without the user’s knowledge. The solution to solving session hijacking is using multiple verification procedures as ensuring that the session key matches the user’s IP address. In addition, the use of VPN is important, as it will protect the data being sent to the server solving the possibility of an attack.
Security in storage of information
Storage is essential in recording transactions in e-business. After the server process the information, the database stores the data. The storage also acts as a reference point for past transactions and the management of the decision-making processes can use the data stored. In their article Big Data Based System Model of Electronic Commerce, Ilieva, Yankova and Klisarova argue that nowadays e-commerce data is a goldmine (2015). Big data analysis enables e-businesses to customize individual shoppers’ preferences and provide better suggestions to improve their shopping experience. Big data is also important in customer profiling, businesses may use this data to anticipate when and what the customer is likely to buy at a given time. Therefore, using this data e-businesses are able to predict their future and determine what stock of goods to increase. An e-business can implement various storage security measures to protect its data.
Storage virtualization is one of the security measures that e-businesses can employ to ensure security in the storage of data. Storage virtualization is the process of combining storage facilities in different networks and geographical location to act as a single unit (Nanehkaran, 2013). Most organization prefer virtualization storage as it makes the process of backing up, achieving and data recovery easier. In relation to data security, storage virtualization has an advantage in that it ensures distribution of data and in case, an attacker gain access to one database there is minimal risk.
E-businesses website does not support only customers, but also other stakeholders as suppliers, developers, accountants and sales personnel among others. These different users require to accesses different aspects of the website. For example, customer’s interests are finding the product they need and making the purchase. These needs are different from the needs of the supplier who may need to know the number of products in the store and if resupply is necessary. In addition, the business needs to ensure that only legitimate authorized users gain access to the information (Rahman & Lackey, 2013). This is what firewalls are used for. A Firewall is responsible for granting or denying access to specific parts of the network. A Firewall is an important component that adds security to the e-business and limits possible attacks by denying access. There are two types of firewalls software and hardware. Software firewalls come with most operating systems. They are effective for small businesses that have minimal traffic but as traffic increases, it may slow down the server. This is where hardware type of firewalls is much effective. A hardware type of firewalls comes with additional functionalities like intrusion detection systems that may be helpful in identifying and blocking suspicious activities.
The other method of protecting information in storage is through hashing. The rationale for using hashing is that over the years, researchers discovered that users utilize the same passwords for different websites. For example, a customer may use the same password for his Gmail account, PayPal account, and e-business account. The disadvantage to this is that when a hacker gets the password, he or she is able to access multiple accounts that belong to the user. Therefore, as a security safeguard, it is advisable not to save user passwords in their raw form in a database so that in case there is an attack, the attacker is not able to access user passwords. The use of hashing is more common in passwords. Hashing is the use of a complex mathematical formula that produces randomly generated numbers based on users input (Ilieva, Yankova & Klisarova, 2015). Hashing uses two important aspects for it to work, user’s input and a salt. The hashing function combines these two, produces a random string and then delivers it to a database. Various hashing algorithms provide different security level protection based on user’s needs, SHA-1 and SHA-2 are the most common hashing algorithms.
Common Security Solution that E-Business can employ
Outsourcing
Outsourcing refers to the process of leasing services to the third party. E-Businesses can outsource part of their business to the third party to handle on their behalf. These services can either be web hosting, web maintenance, web security, and data archiving among other services. Outsourcing has various advantages (Zhu, 2013). One of the common reasons as to why outsourcing is preferable is that the business gives part of the obligation to another business that specializes and is perfect in that area. This enables the e-business to concentrate on serving customers and responding to their queries. Outsourcing also relieves the business the burden involved in buying equipment and hiring staff to manage the equipment. For example, an e-business can outsource its web operation to a third specializing in websites. It is up to the third-party business to ensure the operations of the e-business website goes smoothly. They will be in charge of web security by installing the necessary security measures and policies to keep out hackers.
Education on security awareness
Security awareness is an important aspect in all those involved in e-commerce. The process of having security awareness may save thousands of dollars that are hackers prey. Security awareness should begin from the employees working in the e-business to customers using the e-business platform. The organization may begin with education its employees on security issues like password protection and methods that hackers use to access organizational information. Today’s world has proven that hackers do not necessary need to have exceptional IT skills to gain access to organizational data. Social engineering is an emerging trend that hackers are using to gain vital information about the e-business infrastructure. Employees of the organization need the training to be able to spot and avoid such attacks. Customers and employees need also knowledge on what to do in case of an attack (Mangiaracina, 2015). For example, if a customer suspect’s theft of his or her credit card information, the best thing to do is contact the bank and authorizes them to shut down the account. The organization needs to implement a measure that employees should put in place in case of an attack. An example is ensuring that the systems are offline and contacting necessary government agency that investigates cyber-crimes.
Conclusion
E-commerce is a popular technology that has replaced the traditional buying and selling. Its popularity is due to the fact the e-commerce is efficient and affordable. The limitation of geographical distance is no longer an issue with e-commerce. Over 40% of the world’s population has made an online purchase and the number of online buyers is more than one billion. The greatest threat of e-commerce is hackers. Hackers attack e-commerce websites to gain financial benefits. Therefore, the security of e-commerce is paramount. Numerous security procedures are available to protect online shoppers and e-business (Deshmukh, Kaushik, & Tayade, 2013). Among them is the use of SSL, which encrypts data from the client to the server, storage virtualization technology in protecting databases, use of firewalls and hashing. In addition, there is an option of outsourcing that e-businesses can consider. Finally, educating the employees and users of e-commerce platforms on security measures for them to feel secure is essential.
References
Bhalekar, P., Ingile, S., & Pathak, K. (2014). The Study of E-Commerce. Asian Journal Of Computer Science And Information Technology, 4(3), 25-27.
Deng, X. & Zhang, J. (2014). Differentiating the Effects of Internet Usage and Wireless Usage on Business-to-Business and Business-to-Consumer E-commerce. Journal Of Internet Commerce, 13(2), 138-157. http://dx.doi.org/10.1080/15332861.2014.934648
Deshmukh, V., Kaushik, S., & Tayade, A. (2013). Payment Processing Systems and Security for E - Commerce: A Literature Review. International Journal Of Emerging Research In Management And Technology, 2(5), 29-35.
E-Commerce Statistics. (2016). Statista. Retrieved on Feb. 15, 2017, from https://www.statista.com/markets/413/e-commerce/
Ilieva, G., Yankova, T., & Klisarova, S. (2015). Big data based system model of electronic commerce. Trakia Journal Of Science, 13(Suppl.1), 407-413. doi:10.15547/tjs.2015.s.01.070
Isah, A. (2015). Concern for e-Commerce Security. Global Journal Of Computer And Technology, 3(2), 173-175.
Khan, A. (2016). Electronic Commerce: A Study on Benefits and Challenges in an Emerging Economy. Global Journal Of Management And Business Research, 16(16), 18-22.
Khoshnampour, M. & Nosrati, M. (2011). An overview of E-commerce. World Applied Programming, 1(2), 94-99.
Malcolm, H. (2014). Target sees drop in customer visits after breach. USA TODAY. Retrieved on Feb. 15, 2017, from http://www.usatoday.com/story/money/business/2014/03/11/target-customer-traffic/6262059/
Mangiaracina, R. (2015). Payment Systems in the B2c eCommerce: Are They a Barrier for the Online Customer?. Journal Of Internet Banking And Commerce, 2(24), 125-134.
Nanehkaran, Y. (2013). An Introduction To Electronic Commerce. International Journal Of Scientific And Technology Research, 2(4), 190-193.
Rahman, S. & Lackey, R. (2013). E - COMMERCE SYSTEMS SECURIT Y FOR SMALL BUSINESSES. International Journal Of Network Security And Its Application, 5(2), 193-210.
Zhu, Y. (2013). Research on the Data and Transaction Security of Enterprise E-Commerce Countermeasure. International Journal Of Security And Its Applications, 7(6), 259-268. http://dx.doi.org/10.14257/ijsia.2013.7.6.26
