Head, Department of Statistics & Computer Applications, Ness Wadia College of Commerce, Pune Integrity Integrity ensures that the information on the internet has not been altered in any way by an unauthorized party. It maintains the consistency, accuracy, and trustworthiness of the information over its entire life cycle. Customer perspective on integrity: Is the information I have transmitted or received is altered? Merchant perspective on integrity: Is the information present on the website is altered without an authorization? Is the information received from the customer is valid or not? For example consider a subscription model, where you will give credit card details for a bill payment to the merchant. If someone adds extra cost on your credit card bill without both yours or merchant’s knowledge, then you need to pay extra money for something you haven't purchased. Non-repudiation Non-repudiation confirms whether the information sent between the two parties was received or not. It ensures that the purchase cannot be denied by the person who completed the transaction. In other words, it’s an assurance that anyone cannot deny the validity of transaction. Mostly non-repudiation uses a digital signature for online transactions because no one can deny the authenticity of their signature on a document. Customer perspective: Can a party take action on me if I have denied the action? Merchant perspective: It’s possible for a customer to deny a product after ordering it. Authenticity
Every ecommerce site uses authenticity as a tool to ensure the
identity of the person over the internet. In ecommerce, fraudulent identity and authentication are also possible, which makes identity a difficult process. Some common ways to ensure a person’s identity are customer log in using a password. Customer perspective: Who am I dealing with? Who can I assure the person I am dealing with is who they claim to be? Merchant perspective: Is the customer that I am communicating are a real person? If not, what could be their identity? Confidentiality Confidentiality refers to protecting information from being accessed by an unauthorized person on the internet. In other words, only the people who are authorized can gain access to view or modify or use the sensitive data of any customer or merchants. One confidentiality breach will be sniffing. It's a program that steals all the important files of the company, individual identity or email message or personal report of the internet user. Customer perspective: Can someone other than the intended recipient or a person read my message? Merchant perspective: Whether information on my site can be accessed by the unauthorized person without knowledge? Privacy Where confidentiality is a concern about the information present during communication, privacy is concerned with personal details. In general, privacy is used to control the usage of information by the customers that they have given to the merchant. Privacy is a major threat to any online transaction or internet user since personal information has been revealed and there is no way back to disclose them. Customer perspective: Can I control the usage of information about myself that I have transmitted to the ecommerce site? Merchant perspective: What if anyone else uses personal data collected as part of the ecommerce transaction? Is there any unauthorized person to access a customer’s personal data? Availability
Continuous availability of the data is the key to provide a better
customer experience in ecommerce. The continuous availability of the ecommerce website increases online visibility, search engine rankings, and site traffic. Data which is present on the website must be secured and available 24x7x 365 for the customer without downtime. If it is not, it will be difficult to gain a competitive edge and survive in the digital world. Customer perspective: Can I access the site at any time from anywhere? Merchant perspective: Whether my site is operating without any downtime? E-Commerce Security
eCommerce security refers to the cybersecurity
concepts that allow for secure electronic transactions online. eCommerce security allows people to buy and sell products and services on the Internet with a framework in place that provides security for all the parties involved. It’s become increasingly important for merchants and shoppers alike in recent years. Need of E-Commerce security
eCommerce site security is critical for a number of
reasons It is important to protect the privacy and sensitive data of customers on a website, safeguard the finances of an online business, prevent fraud and financial scams and defend the reputation of an online store as a safe place to conduct transactions. Need of E-Commerce security
If the necessary security features aren’t implemented on
a websites, both online merchants and customers are at serious risk for payment fraud, scams, data breaches and other major threats. One of the benefits of implementing security for eCommerce is that you’re able to gain the trust of your customers, as they feel safe buying from you while also protecting the sensitive data of both them and your online store. Need of E-Commerce security
If the right security measures are put in place in your
website, it ensures customers’ privacy and integrity, being that none of the information they share online will be used in any way without their knowledge or approval. eCommerce site security breaches negatively impact the finances of a business It also impacts on the site’s reputation. No matter how loyal a business’ customers might be, they won’t be willing to recommend your store to others if their privacy and sensitive data is at risk. E-Commerce security tools
Firewalls – Software and Hardware
Public key cryptosystems Encryption software Digital certificates Digital signatures Biometrics – retinal scan, fingerprints, voice etc. Locks and bars – network operations centers