fitsum ristu lakew transaction security on e-commerce
Post on 09-Jun-2015
448 Views
Preview:
TRANSCRIPT
Transaction security 1
TRANSACTION SECURITY ON E - COMMERCE
FITSUM R. LAKEW
ITEC-620
Prof. Elena Gortcheva
University of Maryland University College
AUGUST 09, 2010
Transaction security 2
Outline
1. Introduction
a. Thesis Statement
b. General Overview on e commerce transaction security
2. Background
a. Security in online transaction
b. Security management
I. sensitive information
ii. Software application
3. Internet security and users
a. Firewalls
b. Network security management
4. Authentication and verification
a. Security goals
5. Internet security in Banking
a. Intrusion detection system
b. Insider threat
c. Legal aspects
6. Improving internet security
a. Consumer trust
7. Conclusion
a. Recommendation
8. References
Transaction security 3
Abstract
In recent years, e-commerce has considerable growth in the US and other European
markets. The market is highly concentrated; this presents many values that can be utilized. As a
consequence, the path towards full realization of the potential of E-commerce has experienced
problems. There are many hurdles that need to be overcome.
In a broad view customers have used e-commerce to pay for products and services.
Customer experience is important in determining the success of e-commerce. On the other hand,
it has been hard for it to be distinguished, evaluated and analyzed because there have been no
contributions to estimate it in an objective way.
Since this is a gap that needs to be filled, this paper will try to evaluate the experiences
that come about with e-commerce transactions together with the possible security problems. This
is in relation to customer experiences as far as security (transactions) in e-commerce is
concerned. The whole process of executing transactions on an e-commerce website has gone
through various stages. It involves landing, product identification, product presentation, cart,
order completion and payment. E-commerce websites have had various strengths and
weaknesses that have ended up exposing transactions to security problems. Therefore, there is
need to evaluate the diverse customer experiences in an e-commerce transaction. This will be
done in a quantitative way to identify various areas that need to be improved to enhance
transactions.
There are many challenges that face e-commerce as far as transactions are concerned.
Generally, innovations and competition have been the driving factors behind the continued use of
Transaction security 4
e-commerce. Because of the open nature of the internet, transaction security continues is a
concern in e-commerce. These continued transaction risk is likely to create a significant barrier
(to market acceptance). There is need for proper control and management. All these are essential
for the promotion of consumer confidence.
Transaction security 5
1. Introduction
Increase in online transactions people are able to transact easily and efficiently. However,
online safety has to be considered. There are a variety of threats and vulnerabilities that have
emerged from online businesses. This is because the online business environment has been
changing consistently. In the long run, there have been occasions where online functionality has
ended up undermining customer confidence. This compromises customer information and
contravenes security implementations. These are real threats that need to be nullified. In doing
so, online security management should be enhanced at all levels in the course of carrying out e-
commerce transactions. The management is supposed to be active and review their online
security approaches.
Therefore this calls for proper policies and security measures that will redefine the way e-
commerce transactions are carried out for efficiency. There are supposed to be good processes
that will provide a proper framework to guide the application of security benchmarks. It is
supposed to use proper information security standards which will be applied for online security
measures.
These measures are supposed to be utilized to enhance online business. Despite the fact
that e-commerce has gained momentum in redefining the way business is done, most transactions
have continued to face some risks. So, online security measures and policies will be instrumental
in protecting the interests of those who conduct business using the internet.
Transaction security 6
2. Background
A. Security in online transactions
Online transactions are supposed to protect the security of information. This includes
online businesses and their customers. Businesses are supposed to maintain a competitive edge,
customer confidence and build trust that will promote a good business reputation. In the process
there should be a secure online business environment.
It is quite clear that many organizations are now ready to protect their online business
transactions (Gomez & Litchenberg, 2007, p.6). They are reinforcing this through enhanced
information security policies. There is importance of placing proper management of security.
Good information systems will protect companies from numerous security threats and
vulnerabilities.
There has been need to improve e-security and raise awareness about e-security issues for
customers and businesses. This will improve security management in a wider scale.
Development and application of online security measures is highly sought. Through these, any
online business can be able to strengthen security measures.
Online transactions face various threats from; infrastructure, organizational, network, and
application security. The complexity of technology has demanded a lot of security in online
transactions (e-commerce).Therefore, organizations have had to establish and implement
efficient online security measures.
Transaction security 7
B. Security management
Through proper security management, organizations can define their approach to online
security (Pye & Warren, 2007, p.3). There are supposed to be good management practices that an
online business will use for consistency. This wide approach secures the storage of information
within a business. Some of the risks have been as a result of poor personnel management. In the
long run there should be a response action to monitor these for future analysis. It is clear that
there have been some infrastructure security concerns. Measures are supposed to be put in place
to avoid damage, unauthorized access and interference in the course of doing online business.
l. Sensitive information
Sensitive business information has been accessed by unauthorized people and led to
questionable transactions (Hole et al, 2006, p.12). All these have sent a wrong signal to
customers and other businesses that use the internet to transact business. This calls for the
emplacement of proper online processing. The businesses are supposed to guard themselves
against the compromise of sensitive information. In the long run they will protect themselves
from potential environmental business hazards.
II. Software application
Software applications have formed an integral part of online business which has had a
bearing on e-commerce. This has affected transactions with a long term effect on security.
Security controls are supposed to protect business information in wide scale.
Transaction security 8
In doing business, some companies and organizations have encountered electronic mail
security problems. Businesses have been compelled to control email access. It is also necessary
to come up with proper user behavior education to reduce the potential risks.
In some occasions online business transactions have lacked user cryptographic controls.
These are necessary to safeguard integrity, confidentiality and authenticity of information that is
moved around for the public to access (customers). Online businesses data exchange has been
enhanced by computer networks that convey information. To some extend this communication
has ended up exposing some loopholes that have been used by people for negative reasons.
3. Internet security and users
Some users have compromised the security measures and policies in place (Filipek,
2006, p.7). This calls for control of internal and external communication to seal all the loopholes
that can be used to interfere with e-commerce transactions.
A. Firewalls
A proper way that businesses can use this is through efficient installation of firewalls to
define online boundaries. There have been occasions where the systems have failed and led to
unavailability. It has affected transactions leading to security concerns by those affected.
Businesses have been compelled to have adequate capacity and resources for the growth of
online business.
Transaction security 9
B. Network security management
Network security management will focus on protecting information. In doing online
business there should be proper information to support infrastructure. The local network is
supposed to enhance online business by defining proper physical boundaries. External and
internal users have logged systems and caused security breaches. Therefore, appropriate
measures are supposed to be there for system monitoring to detect unauthorized activities.
4. Authentication and Verification
Online customers are supposed to be given a protective barrier which calls for proper
authentication and verification. This is supposed to cover the entire life cycle of the customers.
Their identity should be validated before being given access to the online service or system.
This authentication process for online businesses will identify users in a unique way before
allowing them to interact with the business system.
There has been a strong pursuit for transactions and business activities. This has seen a
lot of sensitive data being exchanged which has further exposed online business to a lot of
vulnerabilities and threats. In the process the transactions have been fraud and in extreme cases
led to contract disputes. E-commerce is getting a lot of challenges from modifications and
disclosures of sensitive information to unwanted users.
A. Security goals
A starting point should be assessed to ascertain the essential elements of conducting
transactions on the internet. There is a necessity of benchmarking online security goals for
sustainable business.
Transaction security 10
A specific area that needs to be looked at is internet banking because it touches on both
the customers and businesses. Banking and money have been extended into the cyberspace.
Many banking institutions have launched e-retail banking over the internet. Competition has
driven many financial institutions into embracing internet banking to remain strategic in the
market.
5. Internet Security in Banking
Internet banking has become popular because of an increase in online business
transactions. This has also been a strategy by businesses’ to support business reengineering and
expand their market share. Customers have been attracted to online banking due to its
convenience (Choton, 2005, p.13). Many products that have been availed online are tailored to
fulfill wants and quality expectations with technological progeny. But, on the other hand they are
less concerned about the looming identity theft and email scams.
Most customers’ believe that internet banking and transactions are very safe due to their
own perceptions. Blame can be laid on banks and other partners because they have not been
vibrant in authentication of customers. Banks need proper authentication methods while looking
at the possible attacks. There is a necessity to develop more secure online business transactions.
Banks have insisted that customers access their account information by giving their PINs
and social security numbers (like it is the case for Norwegian banks). Some crackers have
accessed this information and posed as the real customers while their main intention is to steal.
The internet is supposed to be exploited as a channel that can build and develop long term client
relationships.
Transaction security 11
A. Intrusion detection system
There should be a bank intrusion detection system that will discover these attacks
because the crackers can not hide. This is due to the open nature of the internet. All these should
be aimed at facilitating open transactions that will promote efficient e-commerce. Because banks
form an integral part of e-commerce transactions they are supposed to be sufficiently involved in
online business.
The blame cannot be squarely laid on banks for bad transactions or problems in e-
commerce business but should involve all the businesses and users to ensure that online business
is safe. In supporting safe e-commerce transactions some banks have enhanced security by
aiming to provide two factor authentications.
B. Insider threat
Information officers are having problems because of cyber crimes and insider threats.
Internet based crime is a challenge to many organizations and companies. There is also an
emerging danger to online security from insider sources. Most countries have had problems in e-
commerce transactions because of their unprotected systems.
Online based crimes have been costly as they lead to loss of customers and revenue. In
the long run the business has ended up having a poor brand and reputation. The nature of online
crimes has been changing and this means that companies are supposed to prepare a new way to
combat this crime. This should be considered by the entire organization and its partners in the e-
commerce business.
Transaction security 12
This is an industry problem whereby all the players are supposed to participate instead of
leaving it to individual companies and their users. Some mechanisms that companies have
enforced to enhance transactions include the updating of firewalls and preventive controls. The
concurrence of crimes that relate to online business are continuing at a very fast pace. Some
organizations have not been willing to report these online crimes because they fear that by doing
so it might affect their business and ultimately customers.
There is need to determine the primary source of these security problems in transactions
and online business with abroad approach. In the United States, most online crimes are reported
in the financial sector which is the heart of many transactions.
The internet has a global reach where immediate connection to all internet protocols is
available (Wang, 2009, p.8). This means that the internet cannot respect or observe any judicial
boundaries. The ability to connect globally has not enhanced security which is a challenge to
many countries that wish to regulate the way online transactions are carried out. Countries are
supposed to regulate commerce with their foreign counterparts to give online business a new
lease of life. Law enforcement will create a good platform by which those who are found
violating online business ethics will be punished.
C. Legal aspects
Whenever there is an intrusion the management can use regulatory, legal and ethical
issues to consider if this will be handled by law enforcers, the public or stockholders. Businesses
have been discouraged to report due to the potential impact on the stock price. It means that
Transaction security 13
when they report that their systems are experiencing online crimes customers will question their
competence in the market.
Although the U.S.A has tasked the CFAA to deal with security crimes, law enforcement
has been impotent because some of the crimes are never reported. This has seen some companies
outsourcing their security functions. Outsourcing of security operations is not viable as security
forms an integral part of the organization. The public is supposed to change its perception as far
as online security problems are concerned to deal with this business menace.
E-business is positively or negatively influenced by the knowledge and trusts that e-
consumers have. When consumers lack trust, it becomes a big obstacle to the success of online
business (e-commerce). This also hinders the success of online transactions. Good online
practices are supposed to make the public more knowledgeable about online transaction security
issues (Mangiaracina et al, 2009, p.14).
This is because trust plays an important role whenever cases of risks and uncertainties
arise in online business. One party is not supposed to take advantage of the other during and after
transactions. Trust has been hard to build because online customers can not see each other
physically when executing transactions. Initial trust and familiarity play a critical role in giving a
positive impact on online transactions.
In conducting online transactions, consumers can not see the products they are
purchasing physically to check on their quality. They can not monitor the security and safety of
personal information. This therefore implies that the success of e-commerce can only be
guaranteed when customers trust the products and the sellers (that they can not be able to see).
Transaction security 14
When there is no trust, secure transactions will not be maintained and developed.
Considering increase in usage of e-commerce as a distribution channels, businesses ought to
consider the impact of trust on transactions. When customers know more about the internet they
will be able to understand that non secure transactions are real and can happen to anybody.
Customers’ are supposed to be concerned about the trustworthiness of online transactions. Those
with more knowledge know how to avoid online security issues.
Because of the potential pitfalls that may arise out of online e-commerce transactions,
customers are supposed to be more knowledgeable on how they can make wise business
decisions. Ability to make wise business decision increases inclination of customers to trust
online transactions. This therefore calls on all businesses to increase their customers trust in
online transactions.
6. Improving internet security
E-commerce transactions can be more secure if the customers are knowledgeable with
high levels of trust. Although there might be some security concerns more information will make
the customers and consumers to know how to avoid online security issues. Therefore consumer
education is important for the success of electronic commerce. This is because consumers will
not be afraid of online transactions when they become knowledgeable about internet security.
After all these developments, businesses are supposed to enhance e-commerce security
(Liao & Cheung, 2003, p.19). This can be done through the continued use of an intrusion
detection management system. This will ultimately protect the users and organizations by
detecting threats and analyzing them to avoid any compromising situations.
Transaction security 15
It will be able to use an attack analyzer that will gather information within the system and
come up with a treatment plan. Organizations will be able to identify measures and rank them for
efficient security controls. This is because e-commerce is still regarded as a distributed real time
system. It is supposed to enhance customer interaction thereby managing different resources to
provide the best quality.
A. Consumer trust
In a large perspective online business is continuing to be popular with increased
transactions. As far as this is concerned the environment that these businesses operate in should
be regulated to avoid many problems that have manifested themselves in recent years. The
internet continues to give many opportunities for businesses to expand but on the other hand this
also posses’ risks that can not be ignored.
Consumers who have seen the importance of doing their transactions on the internet
should desist from any temptations that will make e-commerce unattractive to the larger
population. Some companies have not accepted the reality that e-commerce is facing security
threats and therefore should approach these issue with a sober mind to avoid any interruptions in
their business.
There is a gap that needs to be filled and therefore organizations are supposed to try and
evaluate the experiences that come about with e-commerce transactions with the possible
security problems. This will go in a long way to redefine the way e-commerce is executed for the
benefit of businesses and consumers.
Transaction security 16
7. Conclusion
In a broad view, customers have used e-commerce to pay for the products and services.
Customer experience is important in determining the success of e-commerce. On the other hand,
it has been hard for it to be distinguished, evaluated and analyzed because there have been no
contributions to estimate it in an objective way.
E-commerce websites have had various strengths and weaknesses. This has exposed
transactions to security problems. Therefore, there is need to evaluate the diverse customer
experiences on an e-commerce transaction. This will be done in a quantitative way to identify
various areas that need to be improved to enhance transactions.
There are many challenges in e-commerce as a whole. Generally, innovations and
competition have been the driving factors behind the continued use of e-commerce. Because of
the open nature of the internet, transaction security continues to be a big concern in e-commerce.
Therefore, it calls for proper policies and security measures that will redefine the way e-
commerce transactions are carried out for efficiency.
Recommendation
There should be good processes to provide proper framework to guide the application of
security benchmarks. The internet has a global reach where immediate connection to all internet
protocols is available. This means that the internet cannot respect or observe any judicial
boundaries.
The ability to connect globally has not enhanced security which is a challenge to many
countries that wish to regulate the way online transactions are carried out. Countries are
Transaction security 17
supposed to regulate commerce with their foreign counterparts to give online business a new
lease of life.
Because of the potential pitfalls that may arise out of online, e-commerce transactions,
customers are supposed to be more knowledgeable on how they can make wise business
decisions. The trust propensity will influence the level of trust by the customers in online
transactions.
Transaction security 18
References
Basu, S.C. (2005). On Issues of Computer Crimes, Online Security and Legal Resources.
Journal of information privacy and security, 1(4), 1-2.
Filipek, R. (2006). Online security nightmares for CIOs. Internal auditor, 63(3), 19-20,
Retrieved from http://www.ibm.com/us/en/.
Gomez, M, J., & Litchenberg, J. (2007). Intrusion Detection Management System for E-
commerce Security. Journal of information privacy& security, 3(4), 19-31.
Hole, K., Moen, V., & Tjostheim, T. (2006). Online banking security. IEEE security & privacy,
Sweden University of Bergen, 3(3), 06.
Liao, Z., & Cheung, T, M. (2003). Challenges to internet E-banking. Communications of the
ACM, 46(12), 248-250.
Mangiaracina, R., Brugnoli, G., & Parego, A. (2009). The e-commerce Customer Journey:
A Model to assess and Compare the User Experience of the e-commerce Websites.
Journal of internet banking& commerce, 14(3), 1-11.
Pye, G., & Warren, M, J. (2007). A Model and Framework for Online Security Benchmarking.
Journal of informatics, 31(2) 209-215.
Wang, C., Chen, C., & Jiang, J. (2009). The Impact of Knowledge and Trust on E-
Consumers' Online shopping activities: an empirical study. Journal of computers, 4(1)
11-18.
Transaction security 19
top related