Chapter 6: RISK IN E-COMMERCE

Risks Associated With Internet

Transactions Risk as the “possibility of loss or injury” or

someone or something that creates or suggests a hazards."

Losses or injuries in a digital society may occur in many different ways:

• Data stolen, corrupted, misused, altered, or falsely generated.

• Attacks on hardware may occur the system unable to operate properly.

INFORMATION RISK

• Information risks stem from information published and contained in web sites and associated with the conduct of e-commerce. Peripheral to information risks are risks associated with misuse of information, such as violation of laws in the United States and other countries.

TECHNOLOGY RISK

• Technology risks include risks involving hardware, software, telecommunications and databases. These risks include the consequences resulting from the misuse of technology or the use of inappropriate technologies required to address business needs.

BUSINESS RISK

• Business risks concern customer and supplier relationships, and risks associated with products and services marketed and distributed over the Internet. They also include risks associated with managerial aspects of the business including personnel and contractual relations.

Risks faced by customers when they

transact online: False or Malicious Websites : Malicious websites are

typically set up for the purpose of stealing visitors' IDs and passwords, stealing credit card information, spying on a visitor's hard drive, and uploading files from the visitor's hard drive.

Privacy and the Use of Cookies (Browser Safety)

• The issue of privacy on the Internet is of concern to many people.

• Cookies from web browser is use to stored small piece information in client side.

• Were designed to allow Web servers to operate more efficiently, provide a better response time to repeat visitors to their sites, and more accurately track how many different users visit a site.

How the COOKIES

works.

FRAUD

• Access to data and programs by insiders have always been a primary concern to auditors. The internal control devices were easier to implement and monitor in centralized.

INFORMATION THEFT

• Data files that are stored digitally and connected to public telecommunications lines can potentially be accessed by an unauthorized user without the perpetrator ever having to leave the comfort of home

CUSTOMER DISPUTES AND CHARGE

BACKS • Stripe receives a notification of the disputed charge.

We automatically send you an email with details. Additionally, we send a charge.dispute.created event to any webhook URLs you have.

• As you know, customers or cardholders obtain credit cards from banks, which are referred to as the "issuing bank." A chargeback (also known as a reversal) is a form of customer protection provided by the issuing banks, which allows cardholders to file a complaint regarding fraudulent transactions on their statement. Once the cardholder files a dispute, the issuing bank makes an investigation into the complaint.

SABOTAGE OR DEFACEMENT

• This is when a website is attacked and the visual appearance and/or website functions are changed.

Denial of Service Attacks

• A denial of service attack is used by an individual to destroy, shut down, or degrade a computer or network resource.

• Other denial of service scenarios include the deletion of the startup files on a computer, rendering it unbootable, or deleting Web pages from a Web server.

BUSINESS RECOVERY PLANS

All firms should have a disaster recovery plan, which is a contingency plan for resuming operations for those 'situations in which operations are interrupted for any reason, including when an unforeseen man-made or natural disaster occurs.

Natural disasters include incidents such as fires, smoke, floods, tornadoes, earthquakes, and high wind and electrical storms.

Man-made disasters include incidents such as viruses. hardware failure, sabotage, and error.

Examples of natural disasters