E-Commerce: Concept, components; Elements of
E-Commerce security,
E-Commerce threats; Concept, components and
modes of digital payments.
Concept: E-commerce refers to the activity of
buying and selling goods or services over the internet. In simple terms, it
involves conducting commercial transactions online. E-commerce utilizes various
technologies, such as mobile commerce, internet marketing, online transaction
processing, electronic funds transfer, supply chain management, and electronic
data interchange (EDI).
Components for E-Commerce
·
User
·
E-commerce vendors
·
Technology Infrastructure
·
Internet/ Network
·
Web Portal
·
Payment Gateway
User: This
may be individual / organization or anybody using the e-commerce platforms.
E-commerce Vendors: This refers to the
organization or entity providing goods or services to the user. For example,
websites like:
Flipkart ,Amazon, Myntra, Myntra, Snapdeal,Ajio,Tata 1MG,Nykaa,
Pepperfry, Blue Stone, KazarMaxetc
India’s online retail market
is on a rapid growth trajectory, projected to reach INR 4,416.68 billion in 2024 and a
staggering INR 7,591.94 billion by 2029!
Technology
Infrastructure:
Mobile Apps: Mobile apps are developed on two major
platforms, iOS (for iPhones) and Android. Companies use these apps to run and
grow their businesses effectively.
Digital Libraries: Digital libraries can vary greatly in
size and scope. They may be maintained by individuals, organizations, or
affiliated with established physical libraries or academic institutions. The
digital content can be stored locally or accessed remotely through computer
networks.
Data Interchange: Data interchange refers to the electronic
communication of data. To ensure the accuracy and efficiency of data exchange
between multiple participants in e-commerce, business-specific protocols are
used.
Internet / Network: This is a
key factor in the success of e-commerce transactions.Internet connectivity is
essential for any e-commerce transaction to be completed.
Faster internet connectivity
leads to smoother and more efficient e-commerce experiences. Many mobile companies
in India have already launched 5G services to enhance connectivity.
Web Portal: This provides the
interface through which individuals or organizations conduct e-commerce
transactions. The web portal is the application that users interact with to engage
with an e-commerce vendor. This interface can be accessed via desktops,
laptops, mobile devices, and even smart TVs.
Payment Gateway: This refers
to the method through which customers make payments. Payment gateways are the
systems used by e-commerce or m-commerce vendors to collect payments. Examples
include:
Credit/Debit Card Payments
Online bank transfers
Vendor-specific payment
wallets
Third-party payment wallets
such as Paytm, GPay, etc.
Cash on Delivery (COD)
Unified Payments Interface
(UPI)
Elements of Good E-Commerce Security
In order to protect information, a solid,
comprehensive application security framework is needed for analysis and
improvement. This application security framework should be able to list and
cover all aspects of security at a basic level.
The six essential security elements
Availability
Looking at the definition, availability
(considering computer systems), is referring to the ability to access
information or resources in a specified location and in the correct format.
When a system is regularly not functioning, information and data availability
is compromised and it will affect the users. Besides functionality, another
factor that effects availability is time. If a computer system cannot deliver
information efficiently, then availability is compromised again. Data
availability can be ensured by storage, which can be local or offsite.
Utility
Considering the definition, utility refers to
something that is useful or designed for use. Normally, utility is not
considered a pillar in information security, but consider the following
scenario: you encrypt the only copy of valuable information and then
accidentally delete the encryption key. The information in this scenario is
available, but in a form that is not useful. To preserve utility of
information, you should require mandatory backup copies of all critical
information and should
control the use of protective mechanisms such
as cryptography. Test managers should require security walk-through tests
during application development to limit unusable forms of information.
Integrity
In the context of computer systems, integrity
refers to methods of ensuring that the data is real, accurate and guarded from
unauthorized user modification. Data integrity is a major information security
component because users must be able to trust information. Untrusted data
compromises integrity. Stored data must remain unchanged within a computer
system, as well as during transport. It is important to implement data
integrity verification mechanisms such as checksums and data comparison.
Authenticity
Regarding computer systems, authenticity or
authentication refers to a process that ensures and confirms the user’s
identity. The process begins when the user tries to access data or information.
The user must prove access rights and
identity. Commonly, usernames and passwords are used for this process. However,
this type of authentication can be circumvented by hackers. A better form of
authentication is biometrics, because it depends on the user’s presence and
biological features (retina or fingerprints). The PKI (Public Key
Infrastructure) authentication method uses digital certificates to prove a
user’s identity. Other authentication tools can be key cards or USB tokens. The
greatest authentication threat occurs with unsecured emails that seem
legitimate.
Confidentiality
Defining confidentiality in terms of computer
systems means allowing authorized users to access sensitive and protected
information. Sensitive information and data should be disclosed to authorized
users only. Confidentiality can be enforced by using a classification system.
The user must obtain certain clearance level to access specific data or
information. Confidentiality can be ensured by using role-based security
methods to ensure user or viewer authorization
or access controls that ensure user actions remain within their rolesfor
example: define user to read but not write data.
Nonrepudiation:
Nonrepudiation refers to a method of
guaranteeing message transmission between parties using digital signature
and/or encryption. Proof of authentic data and data origination can be obtained
by using a data hash. While the method is not 100 percent effective (phishing
and Man-in-the Middle attacks can compromise data integrity), nonrepudiation
can be achieved by using digital signatures to prove the delivery and receipt
of messages.
Concept of E-Commerce Threats
E-commerce threats refer to
any potential danger that could compromise the security, functionality, and
trustworthiness of an online business. These threats can come from external
sources like hackers, malware, or fraudsters, as well as internal sources from
employee misconduct or system weaknesses etc.
Components of E-Commerce
Threats
- Security Threats
- Phishing:
Fraudsters send deceptive emails or set up fake websites to steal
personal and financial information.
- Malware:
Malicious software, such as viruses or ransomware, infiltrates systems to
disrupt operations, steal data, or demand ransom.
- Privacy Threats
Data Breaches: Unauthorized access to sensitive customer information (such as
personal details or payment data) stored by an e-commerce business.
Unsecured Transactions: When payment or personal data is transmitted without proper
encryption, it can be intercepted and used fraudulently.
- Fraud Threats
Credit Card Fraud: Unauthorized use of stolen credit card information for making
purchases, causing financial losses for both businesses and customers.
Identity Theft: Fraudsters steal and use someone else's identity to conduct
transactions, causing damage to the victim’s financial standing.
- Operational Threats
Server Crashes: Unforeseen system failures can disrupt operations, leading to loss of
sales and customer dissatisfaction.
Insider Threats: Employees or contractors with access to sensitive systems or data
misuse their privileges for personal gain or harm to the business.
- Reputational Threats
Negative Publicity: Poor handling of data breaches, customer complaints, or security
issues can result in bad press, reducing customer trust and future sales.
Fake Reviews: Competitors or disgruntled customers may post false negative reviews,
damaging the business’s reputation and discouraging potential customers.
- Supply Chain Threats
Vendor Risks: Third-party vendors who handle parts of the supply chain may introduce
vulnerabilities, such as weak security practices, affecting the e-commerce
business.
Delivery Failures: Disruptions in the supply chain, like late deliveries or lost
packages, can frustrate customers and harm the company's reputation.
Key Strategies for Mitigating
E-Commerce Threats
- Implement strong encryption and secure payment gateways
to protect sensitive data.
- Regularly update and patch security systems.
- Use firewalls and intrusion detection systems to
monitor and block malicious activities.
- Educate customers and employees about the risks of phishing
and other cyber threats.
- Implement multi-factor authentication and strong password
policies to prevent unauthorized access.
Modes of Digital Payments
- Credit/Debit Cards: The most common form of
online payment where customers enter their card details to complete a
purchase. These transactions are processed via payment gateways.
- Electronic Wallets (E-wallets):
Digital wallets like PayPal, Google Pay, and Apple Pay store users’
payment information securely, allowing for faster and more convenient
transactions.
- Net Banking: A payment method where
customers use their bank’s online platform to transfer funds directly from
their bank accounts.
- Unified Payments Interface (UPI): In
India, UPI allows instant money transfers between bank accounts using a
mobile phone app, often without entering card or account details.
- Mobile Banking Apps: Apps provided by banks
that enable users to make payments or transfer money directly from their
bank accounts using their mobile devices.
No comments:
Post a Comment