E-commerce security
E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. While security features do not guarantee a secure system, they are necessary to build a secure system. Dimensions of E-commerce Security:
1. Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party.
2. Nonrepudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions.
3. Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet.
4. Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them.
5. Privacy – The ability to control the use of information about oneself.
6. Availability – The ability to ensure that an e-commerce site continues top function as intended.
E-Commerce Security Tools
Security is an essential part of any transaction that takes place over the internet. Customer will loose his/her faith in e-business if its security is compromised. The various E-Commerce Security Tools are as follows:
1. Firewalls – Software and Hardware.
2. Public Key infrastructure.
3. Encryption software.
4. Digital certificates.
5. Digital Signatures.
6. Biometrics – retinal scan, fingerprints, voice etc.
7. Locks and bars – network operations centres.
1. Firewalls – Software and Hardware
Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls can be either hardware or software but the ideal firewall configuration will consist of both. In addition to limiting access to your computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.
2. Public Key infrastructure
A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.
3. Encryption software
Encryption is a generic term that refers to the act of encoding data, in this context so that those data can be securely transmitted via the Internet. Encryption software is software that can encrypt and decrypt data, often in the form of files on a hard drive or packets sent over a network. Software encryption is a fundamental part of modern computer communications and file protection.The purpose of encryption is to prevent third parties from recovering any of the original data, or even any information about the data, from the encrypted data.
4. Digital certificates
Digital Certificates are a means by which consumers and businesses can utilise the security applications of Public Key Infrastructure (PKI). PKI comprises of the technology to enables secure e-commerce and Internet based communication.
5. Digital Signatures
Digital signatures are the public-key primitives of message authentication. In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message. Similarly, a digital signature is a technique that binds a person/entity to the digital data. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes. To be effective, digital signatures must be unforgeable. There are a number of different encryption techniques to guarantee this level of security.
6. Biometrics
Biometrics generally refers to the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.
There are several types of biometric identification schemes:
- face: the analysis of facial characteristics
- fingerprint: the analysis of an individual’s unique fingerprints
- hand geometry: the analysis of the shape of the hand and the length of the fingers
- retina: the analysis of the capillary vessels located at the back of the eye
- iris: the analysis of the colored ring that surrounds the eye’s pupil
- signature: the analysis of the way a person signs his name.
- vein: the analysis of pattern of veins in the back if the hand and the wrist
- voice: the analysis of the tone, pitch, cadence and frequency of a person’s voice.
7. Network operations centres
A network operations centre (NOC) is a place from which administrators supervise, monitor and maintain a telecommunications network. Large enterprises with large networks as well as large network service providers typically have a network operations centre, a room containing visualizations of the network or networks that are being monitored, workstations at which the detailed status of the network can be seen, and the necessary software to manage the networks. The network operations centre is the focal point for network troubleshooting, software distribution and updating, router and domain name management, performance monitoring, and coordination with affiliated networks.
