Security

Most E-Commerce suits offered by companies come with built in security in the software and with the purchase of a dent SSL certificate and
some good server configeration you can safely know that all the details of your customers will be safe and secure. You can get approved
certificates to show that your site is secure and meets up the certain standards, this lets your customers know that they are safe to shop at
your site and the data will not end up in the wrong hands.
Also sensitive informtion such as credit card numbers are usually automatically processed so do not require any staff at the company to see
them, making purchasing online even more secure.

Implications Of E-Commerce
When using the Internet and E-Commerce is is important to remember that there are many legal, moral and ethical issues to consider.

Ethical & Morel Implications

Businesses entering the e-commerce world will be facing a new set of ethical challenges. It is easy for businesses to become sidetracked in
the technical challenges of operating in this way and to pay little attention to the ethical implications.

There are many ethical implications for businesses to run into that would normally be addressed when doing business face to face, for
example selling tabacco and alcohol to an under age minor over the internet, this is impossible to regulate easily and affectivly as it would be
if the person walked into a store, not only is this inethical but it is also illegal.

Another case of this was a case when a community pharmacy decided to start up a E-Commerce site, of course here there was plenty of
Morel and Ethical decisions to be made here, as Pharmaceuticals are different from other items of commerce, particularly in that they should
only be used as and when they were required.

Obviously there any a list of items that have Morel & Ethical decisions to be made about them being sold online such as Weight Loss Pills,
which could be bought by a already underwright anerexic girl on eBay, Viagra, which could be flown in from America and taken by someone
with a high risk of heart attacks and suffers from one. You could say that cases like these the person shouldn't be so stupid, but then again
isn't it unethical and immorel to sell these items on the bases that you know that could happen? 

Legal Implications
The central issues of E-Commerce and the law include the development of E-Commerce, the role of consumers and regulation of e-
commerce in regards to consumer protection.

E-commerce is a new way of conducting business that takes place on the Internet, it has become an important way in which consumers
purcchase goods across the world as well as due to internet technology progesssing rapidly in the last few years. 

Although E-Commerce has a big effect on the global trade, goverments also have a large effect on the growth of E-Commerce on the
internet by regulating is accordingly. As Governments set regulations for E-Commerce organisations managers are starting to worry if the
regulations will be to tight or may reduce the market in the online trade. 

Regulation of E-commerce is very important for the cyberspace market as it can help or stop the organisations working with E-Commerce, as
well as being able to protect the consumers in the online market.

Security Implications
There are a few security implications that come about when setting an E-Commerce website, especially when handling sensitive information
such as credit card information and personal details such as address. Many parts will have to be protected well including communication
between the customer and the website server and the server itself from any hacker trying to intercept information or from trying to retrieve
existing information from databases.

Customer & Server

To secure data between the customer and the webserver there is a system called SSL (Secure Socket Layer) which encrypts the information
between them so no one else can read it. The theory of it is quite basic and uses the following steps:

 User want to send data to the server, before it leaves it is encrypted with a unique key for the session.
 The server recieves this information then encrypts the information one more time this time using its own unique session, this is
completly different from the users unique key. It then sends back the data.
 The users computer now unlocks the data with the key it locked it with earlier, the data is still encrypted but now only with the
servers key. The users computer then sends the data back.
 The server then recieves this information and unlocks it with its key and now has the unencrypted data of what the user was
sending to the server.

This type of encryption comes in different streghs depending on the SSL certificate you purchae for your server, you can get certificates from
40-bit encryption up to 256-bit encryption. 

Server Security
As well as security between the consumer and server there is also security needed on the server(s) as well, especially if sensitive information
is stored under customers accounts, such as credit card information and other personal information.
Servers will have to be protected to withstand any hack attempts to retrieve the information that is stored. Prevention measures such as
firewalls, checking for root kits, antivirus systems and others should be put in place, as well as encryption of the data if possible so should a
hacker gain entry the information he see's is useless to him or her.
Setting Up A Site
There are a number of steps that need to be taken and considered when setting up an E-Commerce website. Some of these steps are
below:

Choosing A Company Name

When setting up an E-Commerce site is it important to choose a sensible company name, a name such as "Jelly Penos Peppers Currys" with
a domain jellypenospepperscurrys.com probably isn't the best idea as most people will not remember the company name let alone the
domain name. At the very least you want a company name that is memorable because then even if a customer can't remember your
companies domain name at the very least he or she can search for your company in a popular search engine. A simple name, possibly to do
with what your business supplies would be sensible for example Johns Hardware or Sams PC Parts or use a single made up word that is easy
to spell, for example Tescos, Sainsburys & Microsoft, you don't need a degree to spell those names even if they were not popular
companies.

Potential Customers
In order to setup a sucessfull site you need to analyze and research the potential for the products that you wish to sell and to find out if the
market is already saturated with similar ideas, if you cannot offer anything different to other well known companies what will make
customers attracted to your site, in short, nothing.
You need to know the type of customer you are aiming for and what they require, for example if you are aiming at business users you may
have E-Commerce software that allows different logins to do different things to the company account etc, plus everything would have to
have a VAT invoice, where as if you are just selling to home users you would not need to have the VAT invoice and would only really need
one account per household, any additional accounts would be totally seperate. 

Financial Resources
The financial costs involved in setting up an E-Commerce site range from almost nothing to many thousands of pounds, it all depends on
what you want the site to do and how customised you would like the package. For the cost of just simple hosting, which can be for as little
as £1 a month, you could set-up a basic site using OS Commerce (a free E-Commerce PHP program) and using PayPal as your payment
processor, unfortunatly these sites are obvious to most users as not professional organsations and often put users off with lack of security
and professionalism.

There is a medium cost solution where by you use an external card processing site such as 2CheckOut or WorldPay and use a bought E-
Commerce package and customise it to your needs and use a SSL server while handling sensitive information. This would cost you around
£1,000 mark for everything for a year, including card processing (All thought the card processing company also does take a percentage of
the transaction.). This option will give the site a professional look and feel but may be off putting to the user when completing a transaction
that they are referred to an external site to pay for there items.

Then finally there is the higher cost solution that most organisations will not start at as the costs are quite high. Here you would have a
custom designed E-Commerce package made specfically to your requirements either by in or out of house developers, this would be tailored
to your everyneed and should be easily upgradable in the future, you would have an SSL certificate for your site and all credit card
transactions would be handeled by your site instead of referring them to an external one. This type of system will cost in the range of
£5000+ depending on how customised the system is and the quality of the end result. 

Training & Development

Depending on the scale of the system, training may not be needed, if for example you were a large scale business with an existing ordering
system you would get the E-Commerce system to intergrate with the old one so it is easy and familier to staff.

On smaller systems staff would have to be trained to retrieve and manage order off the system and also some staff trained how to add,
modify and basically manage the E-Commerce site. None of this training will need to be advanced and would be able to give most users a
good knowledge within a few hours of bein shown. 

The players
In a typical e-Commerce experience, a shopper proceeds to a Web site to browse a catalog and
make a purchase. This simple activity illustrates the four major players in e-Commerce security. One
player is the shopper who uses his browser to locate the site. The site is usually operated by a
merchant, also a player, whose business is to sell merchandise to make a profit. As the merchant
business is selling goods and services, not building software, he usually purchases most of the
software to run his site from third-party software vendors. The software vendor is the last of the three
legitimate players. The attacker is the player whose goal is to exploit the other three players for
illegitimate gains. Figure 2 illustrates the players in a shopping experience.

Figure 2. The players

 
The attacker can besiege the players and their resources with various damaging or benign schemes
that result in system exploitation. Threats and vulnerabilities are classified under confidentiality,
integrity, and availability. A threat is a possible attack against a system. It does not necessarily mean
that the system is vulnerable to the attack. An attacker can threaten to throw eggs against your brick
house, but it is harmless. A vulnerability is a weakness in the system, but it is not necessarily known
by the attacker. For example, only you know that you have left your front door unlocked.
Vulnerabilities exist at entry and exit points in the system. In a house, the vulnerable points are the
doors and windows. When the burglar threatens to break into your house and finds the vulnerability
of the unlocked door, he is exploiting the assets in the house.
Security features
While security features do not guarantee a secure system, they are necessary to build a secure
system. Security features have four categories:
 Authentication: Verifies who you say you are. It enforces that you are the only one allowed to
logon to your Internet banking account.
 Authorization: Allows only you to manipulate your resources in specific ways. This prevents
you from increasing the balance of your account or deleting a bill.
 Encryption: Deals with information hiding. It ensures you cannot spy on others during
Internet banking transactions.
 Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought a
specific merchandise.

Securing your e-commerce systems

E-commerce security issues

E-commerce systems are based upon internet use, which provides open and easy communications on a global basis. However, because the

internet is unregulated, unmanaged and uncontrolled, it poses a wide range of risks and threats to the systems operating on it.

The use of the internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their

location.

Threats from hackers and the risks to business

Some of the more common threats that hackers pose to e-commerce systems include:

 carrying out denial-of-service (DoS) attacks that stop access to authorised users of a website, so that the site is forced to offer a

reduced level of service or, in some cases, ceases operation completely

 gaining access to sensitive data - such as price lists, catalogues and valuable intellectual property, and altering, destroying or

copying it

 altering your website, thereby damaging your image or directing your customers to another site

 gaining access to financial information about your business or your customers, with a view to perpetrating fraud

 using viruses to corrupt your business data

Impact of a security incident on the business

If your website is hacked into, it can have a significant impact upon a business running an e-commerce service. The potential business

implications of a security incident include the following:

 direct financial loss as a consequence of fraud or litigation

 subsequent loss as a result of unwelcome publicity

 criminal charges if you are found to be in breach of the Data Protection or Computer Misuse Acts, or other regulation on e-

commerce

 loss of market share if customer confidence is affected by a DoS attack

The image presented by your business, together with the brands under which you trade, are valuable assets. It is important to recognise that

the use of e-commerce creates new ways for both image and brands to be attacked.

a Study on time management of E-banking procedures with special reference to Corporation bank - is a sample topic .