E-Commerce:
Concept, components; Elements of E-Commerce security,
E-Commerce threats: Concept, components and
modes of digital payments.
Concept: E-commerce refers to the activity of
buying and selling goods or services over the internet. In simple terms, it
involves conducting commercial transactions online. E-commerce utilizes various
technologies, such as mobile commerce, internet marketing, online transaction
processing, electronic funds transfer, supply chain management, and electronic data
interchange (EDI).
Components
for E-Commerce
· User
· E-commerce
vendors
· Technology
Infrastructure
· Internet/
Network
· Web Portal
· Payment Gateway
User: This may be individual / organization or anybody
using the e-commerce platforms.
E-commerce
Vendors: This refers
to the organization or entity providing goods or services to the user. For
example, websites like:
Flipkart ,Amazon , Myntra,
Myntra, Snapdeal,Ajio,Tata 1MG, Nykaa, Pepperfry, Blue Stone, KazarMax etc
India’s online retail market
is on a rapid growth trajectory, projected to reach INR
4,416.68 billion in 2024 and a
staggering INR 7,591.94 billion by 2029!
Technology
Infrastructure:
Mobile Apps:
Mobile apps are developed on two major platforms, iOS (for iPhones) and
Android. Companies use these apps to run and grow their businesses effectively.
Digital Libraries:
Digital libraries can vary greatly in size and scope. They may be maintained by
individuals, organizations, or affiliated with established physical libraries
or academic institutions. The digital content can be stored locally or accessed
remotely through computer networks.
Data Interchange:
Data interchange refers to the electronic communication of data. To ensure the
accuracy and efficiency of data exchange between multiple participants in
e-commerce, business-specific protocols are used.
Internet /
Network: This is a key factor in the success of e-commerce transactions. Internet
connectivity is essential for any e-commerce transaction to be completed.
Faster
internet connectivity leads to smoother and more efficient e-commerce
experiences. Many mobile companies in India have already launched 5G services
to enhance connectivity.
Web Portal:
This provides the interface through which individuals or organizations conduct
e-commerce transactions. The web portal is the application that users interact
with to engage with an e-commerce vendor. This interface can be accessed via
desktops, laptops, mobile devices, and even smart TVs.
Payment
Gateway: This refers to the method through which customers make payments.
Payment gateways are the systems used by e-commerce or m-commerce vendors to
collect payments. Examples include:
Credit/Debit
Card Payments
Online bank
transfers
Vendor-specific
payment wallets
Third-party
payment wallets such as Paytm, GPay, etc.
Cash on
Delivery (COD)
Unified
Payments Interface (UPI)
Elements of Good E-Commerce Security
In order to protect information, a solid,
comprehensive application security framework is needed for analysis and
improvement. This application security framework should be able to list and
cover all aspects of security at a basic level.
The six essential security elements
Availability
Looking at the definition, availability
(considering computer systems), is referring to the ability to access
information or resources in a specified location and in the correct format.
When a system is regularly not functioning, information and data availability
is compromised and it will affect the users. Besides functionality, another
factor that effects availability is time. If a computer system cannot deliver
information efficiently, then availability is compromised again. Data
availability can be ensured by storage, which can be local or offsite.
Utility : Considering the definition, utility refers to something
that is useful or designed for use. Normally, utility is not considered a
pillar in information security, but consider the following scenario: you
encrypt the only copy of valuable information and then accidentally delete the
encryption key. The information in this scenario is available, but in a form
that is not useful. To preserve utility of information, you should require
mandatory backup copies of all critical information and should
control the use of protective mechanisms such
as cryptography. Test managers should require security walk-through tests
during application development to limit unusable forms of information.
Integrity
In the context of computer systems, integrity
refers to methods of ensuring that the data is real, accurate and guarded from
unauthorized user modification. Data integrity is a major information security
component because users must be able to trust information. Untrusted data
compromises integrity. Stored data must remain unchanged within a computer
system, as well as during transport. It is important to implement data
integrity verification mechanisms such as checksums and data comparison.
Authenticity
Regarding computer systems, authenticity or
authentication refers to a process that ensures and confirms the user’s
identity. The process begins when the user tries to access data or information.
The user must prove access rights and
identity. Commonly, usernames and passwords are used for this process. However,
this type of authentication can be circumvented by hackers. A better form of
authentication is biometrics, because it depends on the user’s presence and
biological features (retina or fingerprints). The PKI (Public Key
Infrastructure) authentication method uses digital certificates to prove a
user’s identity. Other authentication tools can be key cards or USB tokens. The
greatest authentication threat occurs with unsecured emails that seem
legitimate.
Confidentiality
Defining confidentiality in terms of computer
systems means allowing authorized users to access sensitive and protected
information. Sensitive information and data should be disclosed to authorized
users only. Confidentiality can be enforced by using a classification system. The
user must obtain certain clearance level to access specific data or
information. Confidentiality can be ensured by using role-based security methods
to ensure user or viewer authorization or access controls that ensure user
actions remain within their roles for example: define user to read but not
write data.
Nonrepudiation:
Nonrepudiation refers to a method of
guaranteeing message transmission between parties using digital signature
and/or encryption. Proof of authentic data and data origination can be obtained
by using a data hash. While the method is not 100 percent effective (phishing
and Man-in-the Middle attacks can compromise data integrity), nonrepudiation
can be achieved by using digital signatures to prove the delivery and receipt
of messages.
Concept of E-Commerce Threats
It refers to any potential danger
that could compromise the security, functionality, and trustworthiness of an
online business. These threats can come from external sources like hackers,
malware, or fraudsters, as well as internal sources from employee misconduct or
system weaknesses etc.
Components of E-Commerce Threats
Security Threats
Phishing:
Fraudsters send deceptive emails or set up fake websites to steal personal and
financial information.
Malware: Malicious
software, such as viruses or ransomware, infiltrates systems to disrupt
operations, steal data, etc.
Privacy Threats
Data Breaches:
Unauthorized access to sensitive customer information (such as personal details
or payment data) stored by an e-commerce business.
Unsecured Transactions: When
payment or personal data is transmitted without proper encryption.
Fraud Threats
Credit Card Fraud:
Unauthorized use of stolen credit card information for making purchases,
causing financial losses for both businesses and customers.
Identity Theft:
Fraudsters steal and use someone else's identity to conduct transactions.
Operational Threats
Server Crashes:
Unforeseen system failures can disrupt operations, leading to loss of sales and
customer dissatisfaction.
Insider Threats: Employees
or contractors with access to sensitive systems or data misuse their privileges
for personal gain or harm to the business.
Reputational Threats
Negative Publicity: Poor
handling of data breaches, customer complaints, or security issues can result
in bad press, reducing customer trust and future sales.
Fake Reviews:
Competitors or disgruntled customers may post false negative reviews, damaging
the business’s reputation and discouraging potential customers.
Supply Chain Threats
Vendor Risks: Third-party
vendors who handle parts of the supply chain may introduce vulnerabilities,
such as weak security practices, affecting the e-commerce business.
Delivery Failures:
Disruptions in the supply chain, like late deliveries or lost packages, can
frustrate customers and harm the company's reputation.
Strategies for Mitigating
E-Commerce Threats
- Implement
strong encryption and secure payment gateways to protect
sensitive data.
- Regularly
update and patch security systems.
- Use firewalls
and intrusion detection systems to monitor and block malicious
activities.
- Educate
customers and employees about the risks of phishing and other cyber
threats.
- Implement
multi-factor authentication and strong password policies to
prevent unauthorized access.
Modes of Digital Payments
1. Credit/Debit
Cards: The most common form of online payment where customers enter their
card details to complete a purchase. These transactions are processed via
payment gateways.
2. Electronic
Wallets (E-wallets): Digital wallets like PayPal, Google Pay, and
Apple Pay store users’ payment information securely, allowing for faster and
more convenient transactions.
3. Net Banking: A payment
method where customers use their bank’s online platform to transfer funds directly
from their bank accounts.
4. Unified
Payments Interface (UPI): In India, UPI allows instant money transfers
between bank accounts using a mobile phone app, often without entering card or
account details.
5. Mobile
Banking Apps: Apps provided by banks that enable users to make
payments or transfer money directly from their bank accounts using their mobile
devices.
No comments:
Post a Comment