The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and businessmen worldwide. For criminals, the internet has created entirely new and lucrative ways to steal. Dimensions of Ecommerce Security There are six dimensions to ecommerce security: integrity, nonrepudiation, authenticity, confidentiality, privacy, and availability. Integrity Integrity refers to the ability to ensure that information being displayed on a website, or transmitted or received over the internet, has not been altered in any way by an unauthorized party or an unauthorized person.

The Ecommerce Security Environment Non-repudiation Non-repudiation refers to the ability to ensure that ecommerce participants do no deny their online actions. For instance, free accounts make it easy for a person to post comments or send a message and perhaps later deny doing so. Authenticity Authenticity refers to the ability to identify the identity of a person or entity with whom you are dealing on the internet. How does the customer know that the web site operator is who it claims to be? Confidentiality Confidentiality refers to the ability to ensure that the message and data are available only to those who are authorized to view them.

The Ecommerce Security Environment Privacy Which refers to the ability to control the use of information a customer provides about himself or herself to an ecommerce merchant. Availability Availability refers to the ability to ensure that an ecommerce site continues to functions as intended. Security Threats in the Ecommerce Environment From a technology perspective, there are three key points of vulnerability when dealing with ecommerce: the client, the server and the communication pipeline. The seven most damaging forms of security threats to ecommerce sites: 1)Malicious Code 2) Hacking & cybervandalism3) Credit Card - Theft/Fraud4) Spoofing5) Sniffing

The Ecommerce Security Environment Malicious Code Malicious Code (Sometimes refer to as “malware”) includes a variety of threats such as viruses, worms, Trojan Horses, and “bad applets”. Hacking and Cybervandalism A hacker is an individual who intends to gain unauthorized access to a computer system. Hackers gain unauthorized access by finding weaknesses in the security. Cybervandalism means intentionally disrupting, defacing, or even destroying the site. The “good hackers” became known as white hats because of their role in helping organizations locate and fix security flaws. In Contrast black hats are hackers who engage in the same kind of activities without pay or any buy- in from the targeted organizations, and with the intension of causing harm.Somewhere in the middle are grey hats hacker who believe they are pursuing some greater good by breaking in and revealing system flaws. Grey hats discover weaknesses in the system’s security and then publish the weakness without disrupting the site or attempting to profit from their finds. Credit Card Fraud What is one of the most-feared occurrences on the internet? Theft of credit card data. Fear that their credit card information will be stolen frequently prevents users from making online purchases. In ecommerce the greatest threat to the consumer is that the merchant’s server with which the consumer is transacting will “lose” the credit information or permit it to be delivered for a criminal purpose.

The Ecommerce Security Environment Spoofing Hackers attempt to hide their true identity often spoof, or misrepresent themselves by using fake addresses or masquerading as someone else. Sniffing A sniffer is a type of eavesdropping program that monitors information travelling over a network. When used legitimately, sniffer can help identify potential network trouble- spots, but when used for criminal purposes, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on a network, including messages, company files, and confidential reports.