E-Commerce Security

Dr. Ramdas Sonawane

Head,
Department of Statistics & Computer Applications,
Ness Wadia College of Commerce, Pune
 Integrity
 Integrity ensures that the information on the internet has not been
altered in any way by an unauthorized party.
 It maintains the consistency, accuracy, and trustworthiness of the
information over its entire life cycle.
 Customer perspective on integrity: Is the information I have transmitted
or received is altered?
 Merchant perspective on integrity: Is the information present on the
website is altered without an authorization? Is the information received
from the customer is valid or not?
 For example consider a subscription model, where you will give credit
card details for a bill payment to the merchant. If someone adds extra
cost on your credit card bill without both yours or merchant’s
knowledge, then you need to pay extra money for something you
haven't purchased.
 Non-repudiation
 Non-repudiation confirms whether the information sent between
the two parties was received or not. It ensures that the purchase
cannot be denied by the person who completed the transaction.
In other words, it’s an assurance that anyone cannot deny the
validity of transaction.
 Mostly non-repudiation uses a digital signature for online
transactions because no one can deny the authenticity of their
signature on a document.
 Customer perspective: Can a party take action on me if I have
denied the action?
 Merchant perspective: It’s possible for a customer to deny a
product after ordering it.
 Authenticity

 Every ecommerce site uses authenticity as a tool to ensure the

identity of the person over the internet. In ecommerce, fraudulent
identity and authentication are also possible, which makes
identity a difficult process. Some common ways to ensure a
person’s identity are customer log in using a password.
 Customer perspective: Who am I dealing with? Who can I assure
the person I am dealing with is who they claim to be?
 Merchant perspective: Is the customer that I am communicating
are a real person? If not, what could be their identity?
 Confidentiality
 Confidentiality refers to protecting information from being
accessed by an unauthorized person on the internet. In other
words, only the people who are authorized can gain access to
view or modify or use the sensitive data of any customer or
merchants.
 One confidentiality breach will be sniffing. It's a program that
steals all the important files of the company, individual identity or
email message or personal report of the internet user.
 Customer perspective: Can someone other than the intended
recipient or a person read my message?
 Merchant perspective: Whether information on my site can be
accessed by the unauthorized person without knowledge?
 Privacy
 Where confidentiality is a concern about the information present
during communication, privacy is concerned with personal
details. In general, privacy is used to control the usage of
information by the customers that they have given to the
merchant.
 Privacy is a major threat to any online transaction or internet user
since personal information has been revealed and there is no way
back to disclose them.
 Customer perspective: Can I control the usage of information
about myself that I have transmitted to the ecommerce site?
 Merchant perspective: What if anyone else uses personal data
collected as part of the ecommerce transaction? Is there any
unauthorized person to access a customer’s personal data?
 Availability

 Continuous availability of the data is the key to provide a better

customer experience in ecommerce. The continuous availability
of the ecommerce website increases online visibility, search
engine rankings, and site traffic. Data which is present on the
website must be secured and available 24x7x 365 for the
customer without downtime. If it is not, it will be difficult to gain a
competitive edge and survive in the digital world.
 Customer perspective: Can I access the site at any time from
anywhere?
 Merchant perspective: Whether my site is operating without any
downtime?
 E-Commerce Security

 eCommerce security refers to the cybersecurity

concepts that allow for secure electronic transactions
online.
 eCommerce security allows people to buy and sell
products and services on the Internet with a framework
in place that provides security for all the parties involved.
 It’s become increasingly important for merchants and
shoppers alike in recent years.
 Need of E-Commerce security

 eCommerce site security is critical for a number of

reasons
 It is important to protect the privacy and sensitive data
of customers on a website, safeguard the finances of an
online business, prevent fraud and financial scams and
defend the reputation of an online store as a safe place
to conduct transactions.
 Need of E-Commerce security

 If the necessary security features aren’t implemented on

a websites, both online merchants and customers are at
serious risk for payment fraud, scams, data breaches
and other major threats.
 One of the benefits of implementing security for
eCommerce is that you’re able to gain the trust of your
customers, as they feel safe buying from you while also
protecting the sensitive data of both them and your
online store.
 Need of E-Commerce security

 If the right security measures are put in place in your

website, it ensures customers’ privacy and integrity,
being that none of the information they share online will
be used in any way without their knowledge or
approval.
 eCommerce site security breaches negatively impact
the finances of a business
 It also impacts on the site’s reputation. No matter how
loyal a business’ customers might be, they won’t be
willing to recommend your store to others if their privacy
and sensitive data is at risk.
E-Commerce security tools

 Firewalls – Software and Hardware

 Public key cryptosystems
 Encryption software
 Digital certificates
 Digital signatures
 Biometrics – retinal scan, fingerprints, voice etc.
 Locks and bars – network operations centers