Electronic commerce refers to the use of the Internet to accomplish business transactions of goods and services. For the past few years, there has been an increase in terms of the commercial activities made possible by the advent of the internet. However, the issue of security has been a major concern in as far as electronic commerce is concerned. Accordingly, it has become important for customers to choose a payment mode for the goods or services that they have bought online. Furthermore, the software in use should also authenticate for a fact that the customer in question is in a position to pay. The mode of payment in electronic commerce may entail electronic cash, credit cards, purchase order, or encryption.
The security of E-commerce therefore depends on the number of the aforementioned techniques that an E-commerce package in application supports (Albuquerque & Belchior, 2002, p. 3; Anton & Earp, 2002, par. 3). It is not in doubt that businesses shall experience a revolution, thanks to electronic commerce. Furthermore, customers have a chance of accessing exciting and new services. Even as E-commerce, business continues to witness robust growth, nonetheless, there is a need to ensure the improvement and development of more secure technologies, every day.
The existing technologies and policies on internet security do not adequately address the end users’ requirements. Several factors determine whether an E-commerce operation becomes successful, or not. They include the business model, customers, the team, the product, investors, as well as the security details of data storage and transmission (Anton & Earp, 2002, par. 3; Hawkins, Yen & Chouo, 2000, p. 132). Industry organizations and governments already regard the security and privacy of information as a leading obstacle in as far as e-commerce development is concerned. Cases of identity theft and the associated risk are on the increase, primarily due to associated threats of vital information provision regarding online purchases of goods and services. Accordingly, this paper shall focus on the identification of security and privacy concerns, as they affect consumers and business in e-commerce. Furthermore, the different forms of security applications whose use would help address the issue of privacy and security in e-commerce shall be examined as well.
Privacy and security concerns of e-commerce
The issue of electronic commerce privacy is a serious one. Kalakota and Whinston (1999, p. 34) opines that many people are concerned about providing their personal information online as their purchase goods and services. As Schneider and Perry (2001) have noted, “ Indeed, relatively few consumers believe that they have very much control over how personal information, revealed online, is used or sold by businesses.” (p. 127). An amalgamation of consumer fear, business practices, along with media pressure, has led in privacy being regarded a compelling challenge to electronic commerce. Nonetheless, it is quite hard to address the issue of privacy. This is because fro a group of individuals, privacy is regarded a fundamental right and to another group, it is “a tradable commodity” (Chaffey 2002, p. 81). The historical evolution of e-commerce privacy issues is characterized by detailed arguments, as provided by a number of authors (for example, Kesh, Ramanujan & Nerur, 2002, p. 153). However, there appears to be variations in terms of what constitutes privacy, amongst these historical accounts. For instance, whereas privacy is regarded as infeasible or societally illegitimate (Shalhoub, 2006, p. 274), on the other hand, Greenberg (2001, par. 3) , opines that it is more of a squandered right. Many researchers are of the opinion that security acts as a major challenge hindering the successful implementation of e-commerce (Labuschagnce & Eloff, 2002, p. 203; Katsikas, Lopez & Pernul, 2005, p. 8). Nonetheless, many of the academic researcher concur that aside from being a technical challenge, security also entails organisational, managerial as well as human dimensions, for increased effectiveness (Bjorck, 2004, p. 3; Shalhoub, 2006, p. 279; Von Solms, 2001, p. 505). Accordingly, acting upon and understanding the perceptions of customers regarding the issue of information security in e-commerce interactions are very vital, for the success of such interactions. This is because even with the best technical solutions capable of offering an organisation full security, nonetheless, when the fundamental awareness and perceptions from customers’ regarding how secure their websites lacks, such technical solutions means.
Internet use is the foundation for E-commerce systems, since it offers easy and open channels of communication worldwide. Nonetheless, because the internet is unmanaged, unregulated and uncontrolled, therefore various threats and risks are faced by business systems that rely on the internet. By using the internet to undertake business transactions, what this means is that the e-commerce and information technology (IT) systems of a business entity in question becomes potentially open to all, their physical location notwithstanding (Whitman & Maiiord, 2003, p. 24). Although there are different threats towards e-commerce systems, thanks to the activity of hackers, nonetheless some are more common than others are. First, hackers may undertake DoS (denial-of service) attacks, whose intention is to deny the authorized users of a given website for example, access to it. As a result, such a site ends up offering services at a reduced level and in extreme cases, it may cease its operations altogether.
Hackers may also access sensitive data of a business entity with online operations and these may include catalogues, price lists as well as intellectual property. In addition, hackers are known to destroy, alter, or even copy such sensitive data. Hackers have also been known to alter the contents of a website, with the results that the image of a business entity is damaged. Alternatively, such an action by hacker can also end up directing valuable customers to websites of competitors (Merkow & Breithaupt, 2006, p. 18). There is also the possibility of hackers to a company’s websites obtaining information on either the customers, or finance of a business, and this may help to perpetrate incidences of fraud. Moreover, there is also the possibility of hackers launching virus attacks with the intention of corruption business data.
Forms of privacy and security threats to e-commerce
Privacy is of prime concern in as far as e-commerce is concerned. This concern emanates from the establishment of a novel technical environment that businesses and consumers have to contend with, due to advances in commerce activities. In additional the associated flow of data contains substantial benefits to both consumers and business alike is involved, along with the concerns of consumers regarding a new environment of e-commerce and the governing regulatory issues of such an environment. As an issue of business activities, privacy is exceptionally receptive to potential changes that may affect any surrounding context (Cashell, Jackson, Jickling & Webel, 2004, p. 5). When expectations of individuals alert (for example, after they have gotten used to the transfer of data within commercial settings), this has the potential to significantly change business possibilities and issues. The same case happens with regulatory governance (for example, governmental regulations and new laws).
One of the most common security threats to e-commerce affects t the clients. Before the executable web content came into being, the nature of web pages was predominantly static. The static pages formally coded in HTML, meaning that they are not only capable of displaying page contents in addition to giving users links to pages that offers additional information (Olkowski, 2001, p. 4). Nonetheless, web pages are now characterized by active content usage. Consequently, its widespread application ahs meant that the initial perception about static web pages has now changed. Trojan horses, computer viruses and worms are some of the best-known examples of malicious codes that affect the security of e-commerce. There is also the issue of threats to the communication challenge. Since the internet acts as a link between on the one hand, an e-commerce resource and on the other hand, a consumer, it is important to explore some of the potential threats to the communication channels.
There is the likelihood of internet messaging moving in a random manner for example, from its source to the desirable destination. In this case, the intended message for conveying goes through several transitional computers, prior to getting to the desirable destination. Accordingly, it becomes hard to guarantee the security, safety as well as the non-hostility of these different computers. Confidentiality threat is another concern (Olkowski, 2001, p. 6). In this case, incidences of a breach of confidentiality have been on the increase lately, in which a customer fro example, accesses a given website of a company selling a desirable product and enters their personal information, only for this information to appear another unintended server. This is a breach of contract, because the server has in effect recorded the personal information of a user, without their permission. The different servers used to facilitate e-commerce activities are also vulnerable to threats. In this case, the server acts as a link between the internet and the user, who could be a seller, or the buyer.
There are malicious individuals who have the potential to exploit the vulnerability of a server, in effect acquiring information contained in such a server illegally, or causing destruction to information. It is also important for the organizations that are involved in e-commerce to assess the potential threat to their integrity. This type of a threat takes place at a time when a third party seeks to alter information flow, or a message. In this case, exposed banking transactions are more prone to integrity violations (Gniewosz, 2007, p. 6). Another example is cyber vandalism, in which hackers seek to deface the pages of a website already in operation. Others examples of integrity threats includes spoofing or masquerading, whereby an individual poses as someone else, whom they are not. There are also cases of fake websites that are created with the intentions of passing for the original or real websites of companies that offer products and services to consumers, with the intention of reaping off the customers.
Perpetrators spoof the visitors to a given websites by manipulating the security hole located in a DNS (domain name server). Database used by companies involved in e-commerce are also vulnerable to security threats (Hawkins et al, 2000, p. 140). E-commerce businesses use databases for purposes of storing data pertaining to the users. In addition, these databases are also vital when it becomes necessary to retrieve information on a given product. Other than information on products, databases also find use as a link to websites that contains private as well as valuable information. In case of an alteration or disclosure of such information a company might suffer irreparable damage. A number of databases even store passwords and username that are easily accessible. These are easy to access, because they are non-secure. All one needs is user authentication information. After that, such an individual can impersonate the user legitimately recognized by such a database, in the process revealing costly as well as private information.
Types of security software/applications for enhancing e-commerce privacy and security issues
In e-commerce, privacy entails the changing and accessing of information by parties that have been authorised. To achieve this, use is made of encryption (Bjorck, 2004, p. 6). Accordingly, such sensitive data as health records, details of credit cards and sales figures are encrypted prior to their transmittal via an open internet. Although hackers can intercept encrypted data, nonetheless, it is quite hard for them to decrypt it quickly. Companies involved in e-commerce activities can have their email addresses encrypted for example, using digital certificates. The long-term storage of a company’s data in a format that is encrypted offers additional security. Another solution to overcoming privacy problems in e-commerce is by authorization. In this case, authorization enables a computer system or individual determine whether another person has the authority to approve or request any information or action.
There is a link between on the one hand, authorization and on the other hand, authentication. For example, a system capable of securely validating the source of a request by an individual for purchase can also countercheck if such an individual is authorised to do so. Integrity is an important element in e-commerce privacy. Information integrity guarantees the non-tempering and non-altering of communication received (Von Solms, 2001, p. 506). The sending or receiving of sensitive information using online means calls for authentication. Furthermore, there is also the need to ensure that hackers have not intercepted such information on transit. The signing of messages using digital certificates therefore becomes a solution.
In e-commerce security issues non-repudiation is another factor worth exploring. The implication of non-repudiation is that it guarantees the action, product or services that a customer for example, requests (Stallings, 2003, p. 181). Accordingly, once a request is approved, the customer cannot disown their actions. Furthermore, non-repudiation enables an individual to lay claim to specific purchase approval of a given product or service, from a legal context. From the point of view of e-commerce, digital signatures are used to achieve non-repudiation. Such digital signatures as VeriSign as issued by authorities, who have won the trust of the users of the application, are very hard to forge. Moreover, it is also easy to countercheck their validity using major software that serves web browsers and e-mail.
Before an e-commerce transaction is completed, individuals are normally required to provide their personal information such as their names, physical address, phone number, credit card number and email address. In this case, a genuine business with online transactions asks for personal information to facilitate in execute the transactions currently underway. However, malicious individuals usually masquerade as genuine business operators, only to end up committing fraud using the personal information of customers (Al-Slamy, 2008, p. 4). It is important therefore to ensure that such incidences do not occur. To ensure the security of a network used by a given company with e-commerce operations, SSL (Secure Sockets Layer), a network protocol assists in covering the information contained in a given website upon its transmission.
The use of an SSL with a memory size of 128-bit ensures the scrambling or encryption of information that passes through a browser, and onto a specific website. This way, even if an individual succeed in intercepting the information, they are not in a position to read it. Accordingly, the whole process of ordering starting from the point where customers receives a request to provide their information, their selections of purchases, addresses as well as credit card information enjoys the protection of SSL technology while being transmitted via the internet (Al-Slamy, 2008, p. 4). The implication here is that customers can only use those web browsers that are able to support SSL technology, at a time when they wish to place a specific order for a product or service.
In a bid to ensure the protection of financial and personal information of customers involved in online transactions, it is possible to design websites in such a way as to track down how transactions are progressing by way of passing certain information to a company’s web browser to facilitate its storage and retrieval whenever needed. Also known as, “cookies” the information passed across a web browser have lately found wide applications in the area of e-commerce (Whitman & Maiiord, 2003, p. 83). Furthermore, “cookies” pose no intrinsic danger to a computer network system. Nonetheless, they might have certain privacy consequences depending on their mode of application. Many of the browsers in use allow users to make a choice of using cookies, or not. Nonetheless, if a user decides to disregard all cookies, this may hinder the working of some online services. Alternatively, the decision could inconvenience the operations of other services. In an attempt at mitigating cookies-associated risks, users are encouraged to ensure they exit browser programs once they are through networking with other secure sites.
An increasing number of businesses today have embraced e-commerce as a way of reaching out to customers in far-flung geographical areas, with the intention of benefiting from the use of the wide wised web. As a result, many organizations have improved their sales revenues (Olkowski, 2001, par. 3). In addition, consumers have benefited form a variety of products in the market. Even as e-commerce has enormous benefits to the society, nonetheless, it is also prone security and privacy invasion issues. In this case, hackers and malicious individual are known to infiltrate on valuable and personal information regarding transaction procedures of customers. In addition, many businesses have suffered at the hands of such perpetrations by having their information on product catalogues and customer information altered. In a bid to overcome such privacy and security issues affecting e-commerce, there are now various tools that when applied, assists business and customers alike to safeguard the privacy of the information pertaining to e-commerce transactions. Such tools includes the use of “cookies”, authentication. The security of a network can as well be guaranteed by use of a Secure Socket Layer. Data encryption and non-repudiation are other solutions that businesses involved in e-commerce activities can embrace to protect not just their interest, but those of customers as well.
Albuquerque, A., & Belchior, A. E-Commerce websites: a qualitative Evaluation. The Eleventh International World Wide Web Conference, Hawaii.
Al-Slamy, N. M. A. (2008). E-commerce security. International Journal of Computer Science and Network, 8(5):1-5
Anton, A., & Earp, A. “Strategies for developing policies and requirements for secure electronic commerce systems,” 1st Workshop on Security and Privacy in E-Commerce at CCS2000, Athens,
Greece, 2000. Web.
Bjorck, F. Institutional theory: a new perspective for research into IS/IT security in organizations. Proceedings of the 37th Hawaii International Conference on System Sciences, 2004.
Cashell, B., Jackson, W.D., Jickling, M., & Webel, B. (2004). The Economic Impact of Cyber Attacks. Congressional Research Service, April 1, 2004.
Chaffey, D. (2005). E-Business and E-Commerce. (2nd Ed.). London: Prentice Hall.
Christiansen, J. (2000). Visa/Secure, Everywhere You Want to Be. Information Security, Web.
Greenberg, P. A. (2001). In E-Commerce We Trust … Not. Ecommerce Time, Web.
Gniewosz, D. (2007). What You Need to Know About E-Commerce. JPMorgan Treasury Services Newsletter. Web.
Hawkins, S., Yen, D. C., & Chouo, D. C..(2000). Awareness and challenges of internet security. Information Management & Computer Security, 8(3): 131-143.
Katsikas, S. K., Lopez, J., & Pernul, G. Trust, Privacy and Security in e-business: requirements and solutions. in Proc. of the 10th Panhellenic Conference on Informatics (PCI’2005), Volos, Greece, 2005, pp. 548-558. (7-9).
Kalakota R., & Whinston, A. B. (1999). Frontiers of e-commerce. Reading, MA: Addison-Wesley/Longman.
Kesh, S., Ramanujan, S., & Nerur, S. (2002). A framework for analyzing ecommerce Security. Information Management & Computer Security, 10(4): 149-158.
Labuschagnce, L., & Eloff, J. H. P. (2002). Electronic commerce: the information security challenge. Information Management & Computer Security, 8(3):154-15.
Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. New York: Pearson Prentice Hall.
Olkowski, D. J. (2001). “Information Security Issues in ECommerce”, SANS GIAC Security Essentials. Web.
Shalhoub, Z. (2006). Trust, privacy, and security in electronic business: the case of the GCC countries. Information Management & Computer Security, 14(3): 270-283.
Schneider, G. P., & Perry, J. T. (2001). Electronic commerce. Course Technology, Cambridge, MA: Lognman
Stallings, W. (2003). Cryptography and network Security. (3rd edition). New York: Prentice Hall.
Von Solms, B. (2001). Information security–A multidimensional Discipline. Computers & Security, 20(6): 504-508.
Whitman, M. E., & Maiiord, H. J. (2003). Information Security. Toronto: Thomson, Inc.