E-Commerce Security

THE E-COMMERCE SECURITY ENVIRONMENT

•The Internet holds the promise of a huge, convenient, global marketplace, providing access to people, goods, services & businesses worldwide all at a bargain price for most law abiding citizens.•The Internet has created entirely new & lucrative ways to steal from the more than 1 billion consumers in the world on the Internet for criminals.•All the information ranging from products & services to cash to information is available on the Internet.•Stealing online is less risky. The Internet makes it possible to rob people remotely & anonymously in comparison with robbing a bank in person. The Internet allows you to download music for free & almost without risk in comparison of stealing a CD at a local record store.•The potential of anonymity on the Internet shows many criminals in legitimate-looking identities, allowing them to place fraudulent orders with online merchants, steal information by intercepting e-mail, or simply shut down e-commerce sites by using software viruses & swarm attacks.•The Internet was never designed keeping in mind as a global marketplace with billion users & lacks many basic security features in comparison with the telephone system or broadcast television networks.•In comparison with the telephone system, the Internet is an open, vulnerable –design network.

The Scope of the Problem

•Cybercrime is becoming a more significant problem for both organizations & consumers.•Despite of the increasing attention being paid to cybercrime, it is difficult to accurately estimate the actual amount of such crime because of the following reasons:•Companies fear of losing the trust of its consumers•Difficult to quantify the actual amount of the loss after the crime is reported.•The source of information to report cybercrimes is the Internet Crime Complaint Center(IC3) & Computer Security Institute’s annual Computer Crime & Security Survey. 

What is Good Security Environment?

•To achieve highest degree of security•New technologies•Organizational policies and procedures•Industry standards and government laws•Other factors•Time value of money•Cost of security vs. potential loss•Security often breaks at weakest link

The E-commerce Security Environment

•Overall size and losses of cybercrime unclear•Reporting issues•2008 CSI survey: 49% respondent firms detected security breach in last year•Of those that shared numbers, average loss $288,000•Underground economy marketplace•Stolen information stored on underground economy servers

Dimension of E-Commerce Security

•Integrity:ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party•Nonrepudiation:ability to ensure that e-commerce participants do not deny (repudiate) online actions•Authenticity:ability to identify the identity of a person or entity with whom you are dealing on the Internet•Confidentiality:ability to ensure that messages and data are available only to those authorized to view them•Privacy:ability to control use of information a customer provides about himself or herself to merchant•Availability:ability to ensure that an e-commerce site continues to function as intended