Security in the Digital Era: Issues and Challenges
Dr. Jayanti Goyal Anjali Vijayvargiya
Dr. Jayanti Goyal Anjali
HOD, Dept. of Computer Science Assistant
Kanoria PG Mahila Mahavidyalaya Kanoria
PG Mahila Mahavidyalaya
Contact No.: +91-9828458172 Contact No.: +91-9461641495
plays a critical aspect in our daily routine; whether it is for getting access
to the bank account or it is for paying the bill over the network. At present, on
this technology of digitalization, personal information vulnerabilities have
increased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, including
strong authentication, encryption and digital signatures; each ensuring that
our valuable information is available only to those who have authorized access
rights. These security measures are very capable to prevent unauthorized access
of personal data. There are 2 major concerns for both e-commerce customers and
websites; Privacy is the control over one’s own data whereas Security
is the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data is
compromised at any level.
due to its ubiquitous nature, E-Commerce sites are accessed by anyone at
anywhere. As customers increases the risk have also increased in such a way
that we need to considered security as a major challenge. This paper would throw
light on data security, its objective, various security issues and challenges
related to e-commerce transaction and the way they affect behavior and trust of
a customer in the case of selling or buying the product.
E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security
or electronic commerce is broadly considered as buying and selling the goods
and services over the network. It includes significant business area such as
shopping, banking, tickets booking, paying bills and taxes, food delivery and
much more other option available. E-commerce is mainly categorizing into various categories: business to
business or B2B (IBM), business to consumer or B2C (Flipkart, Amazon) and
consumer to consumer or C2C (ebay, olx). In an online transaction, e-commerce security
plays an important role from the perspective of consumers as well as merchants,
to make the data secure over the network. It is carried out the various
components that affect e-commerce such as data integrity, confidentiality,
privacy, availability, no repudiation and authenticity.
e-commerce applications consider payments such as online transactions with the
use of credit cards or debit cards, online wallet, PayPal or other tokens have
more security issues those are increased with the use of these online
techniques. Trojan horse, virus and worms, if these are launched against user(client)
systems, they will pose the greatest threat to e-commerce security and privacy because
they can lead to illegal and unauthorized access. Consumer behavior is mainly
influenced toward e-commerce sites by two main considerable factors – Trust and
believe. Trust is affected by various influencing factors such as branding and
store reputation, the missing factors in this phenomenon, are the lack of touch
and feels and face-to-face communication which exists in physical interactions
of product and services. Therefore, trust would be influenced by factors like
security and privacy in E-commerce transactions.
How e-commerce works?
A customer wants to order a product online by
his/her computer. Web browser then communicate with the web server that
manages the e-commerce store’s website.The Web server sends the order to the order
manager which is the central computer that operates orders from submission
to dispatch through every stage of processing.The order manager then queries the store
database to check whether the customer wants is actually in stock or not.If the item is not found in stock database, then the
system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock
database then the order manager continues to process it. Next it communicates with the merchant system
to make payment using the customer’s credit or debit card number. The bank computer confirms whether the
customer has enough funds.The merchant system authorizes the transaction to go
ahead after done with payment.Then merchant system contacts to order manager after
payment being done.The order manager confirms that the transaction has
been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that
order has been processed and the transaction has been complete to the
customer. The order manager then requests to the warehouse to
dispatch the goods to the customer.A dispatch truck then collects the goods from the
warehouse.Once the goods have been dispatched, the warehouse
computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.
purpose behind choose data security is following-
understand the process behind online shopping.
deal with the purpose of security in e-commerce.
discuss the different security issues which are faced during e-commerce
discuss various security threats.
of Security in E-Commerce:
security is a considerable part of any online business transactions that
happens often and takes place over the insecure network such as internet. There
are following various dimensions of e-commerce security which are considered
for data security.
Ø Integrity: It refers to prevention against unauthorized data modification.
That means information or data should not be altered or changed during its online
Repudiation: It refers to prevention
against the denial of order or payment. Once a sender or client sends his/her
transaction details over the network, the sender should not be able to deny
sending the message. Similarly, the receiver
of message should not be able to deny receiving the message.
Ø Authenticity: It refers to authentication of data. There should be
a mechanism to give authentication only authorized person or user and does not
provide the illegal access.
Ø Confidentiality: It refers to protection against unauthorized data disclosure.
That means data or information should not be accessible or available to an
unauthorized person. The data has to be between the both system – client and
server only. It should not be intercepted over the transmission of data.
Ø Privacy: It refers to provision of data control and
disclosure of data. Data must be private.
Ø Availability: It refers to prevention against data delays or
removal of data. Information should be available whenever and wherever it
Issues in E-commerce:
Data is transferred over
the network by login or by transaction details. To secure those data from
unauthorized access, E-commerce security provides a protection layer on
e-commerce assets. Consumers hesitate by the fear of losing their financial
data and e-commerce sites frighten about their financial losses and that
results to bad impact on publicity. There are many security issues associated
with e-commerce such as critical issues, social issues and organizational
issues. An online transaction requires a customer to disclose sensitive
information to the vendor in order to make purchase, placing him at significant
risk. Transaction security is concerned with providing privacy in transactions
to the buyers and sellers and protecting the network from breakdowns and third
party attack. It basically deals with-
related with customers or Clients Security – if their data is not
secured over the network, then it is an issue to think about. Organization has
to provide security feature and take guarantee that data is secured by them.
Techniques and practices that protect user privacy and integrity of the
related with Server Security – to protect web server, software and
associated hardware from break-ins, vandalism from attacks. If there is an
error in that software which implements security and by any reason it is not
providing that security so it is the second case which also takes seriously.
related with Transactions Security – to provide guarantee
protection against eavesdropping and intentional message modification such ad
tapping, intercepting and diverting the intended data.
A. Security threats – The
various types of security threats exist in e-commerce.
Code – it is harmful code that harms the whole
computer system and make it useless after attack. It includes virus, worms and
Trojan horse etc.
and Identity Theft – it is a type of attack
in which data of clients such as login credentials and credit and debit card
numbers steal by the attacker by providing an email or instant message links.
By clicking in this malicious link and further providing his/her details then,
their data is easily accessed illegally by the intruder.
access- it includes illegal access of data for
some malicious purpose. Two types of attack are included for unauthorized
access, one is passive unauthorized access, in which the hacker keeps his eye
only on the data that is over the network and further used it for their own
illegal ambitions. However, in active unauthorized access the hacker modifies
the data with the intention to manipulate it. Client system, point-of-sale
terminal and handheld devices can easily get affected by this attack.
of service- hackers flood a website with useless
traffic to target a computer or a network and to stop them working properly. It
may occur by spamming and virus. Spamming is an unusual email bombing on the
targeted device by the hacker, by sending thousands of email one after the
other so that the system is easily affected and stop working.
and fraud- fraud occurs when the stolen data is
used for some illegal action. Hackers break into insecure merchant web servers
to steal credit card numbers which is generally stored along with personal
information at the time of online transaction done by the client. The merchant
back-end and database is also susceptible for theft and fraud attacks.
B. Defensive measures
against security threats
The defensive measures
used in transactions security are:
– it’s far the system of converting plain text or information into cipher text
that can’t be examined by using every person except the sender and receiver. It
is accomplished with a key which is generate with the help of mathematical
algorithm and that is required to encode as well as decode the message. In an
asymmetric key encryption each the sender and receiver use the same key to
encrypt and decrypt the messages whereas symmetric or public key encryption
makes use of two digital keys which are public and private to encrypt and
decrypt the messages.
Socket Layer – the SSL protocol provides data
encryption, message integrity, server authentication and client authentication for
TCP/IP connections. It prevents eavesdropping, tampering or forgery when data
is transported over the internet between client and server. It is system
networking protocol which is used for securing connections between network
application clients and servers over an insecure network (internet).
hypertext transfer protocol – An Internet protocol
for encryption of hypertext that is transferred over the network traffic.
Secure Hypertext Transfer Protocol (S-HTTP) is an application-level protocol
that extends this protocol by providing the features of adding encryption to
Web pages. It also gives some mechanisms for authentication and signatures of
Signature – A Digital Signature Certificate (DSC) is
a secure digital key which is used to certifies the identity of the holder,
issued by a Certifying Authority (CA). It typically contains your identity
(name, email, country, account name and your public key). It uses Public Key
Infrastructure meaning data that has been digitally signed or encrypted by a
private key can only be decrypted by its corresponding public key. A digital
certificate is an online “credit card” that secure your credentials
when doing business or other online transactions.
Almost all data security
issues are caused by the lack of effective measures provided by antivirus
software and firewalls. Here are the following measures, on the basis of which
security is being determined.
Some organizations cannot provide access controls to
divide the level of confidentiality within the company.Access control encryption and connections security
can become inaccessible to the IT specialists who rely on it.Unethical IT specialists practicing information
mining can gather personal data without asking users for permission or
notifying them.When a system receives a large amount of
information, it should be validated to remain trustworthy and accurate;
this practice doesn’t always occur, however.Automated data transfer requires additional security
measures, which are often not available.Most distributed systems computations have only a
single level of protection, which is not recommended.
Today, e-commerce is widely taken into consideration for
the buying and selling of goods and services over the internet, however any digital
transaction that is completed entirely through digital measures can be considered
in e-commerce. Day by day e-commerce playing very good role in online retail
marketing and peoples using this technology day by day increasing all over the world. So it is very essential to take security
parameter seriously in case of e-commerce transactions. E-commerce security is
the protection of e-commerce assets from unauthorized access, use, alteration, or
only must e-commerce sites and consumers judge security vulnerabilities and
assess potential technical solutions, they must also assess, evaluate, and
resolve the risks involved. A networked application cannot offer complete
measures of connectivity, security, and ease-of-use simultaneously; there appears
to be an intrinsic trade-off here, and some sacrifice is unavoidable. For that
reason, the security concerns at first place over the other from an e-commerce
merchant’s perspective and web servers has to provide the customer that.
Furthermore, sensitive servers should be kept highly specialized, by turning
off and removing all inessential services and applications (e.g., ftp, email).
Until e-commerce vendors achieve the necessary delicate balance of privacy,
trust and security. Therefore, the mechanisms such as encryption, protection,
verification and authentication are used to implement security in proper way.
The marketplace can be trustworthy only when consumers sense trust in
transacting in that surroundings.