Fitsum ristu lakew transaction security on e-commerce

Transaction security 1

TRANSACTION SECURITY ON E - COMMERCE

FITSUM R. LAKEW

ITEC-620

Prof. Elena Gortcheva

University of Maryland University College

AUGUST 09, 2010

mailto:[email protected]


Outline

1. Introduction

a. Thesis Statement

b. General Overview on e commerce transaction security

2. Background

a. Security in online transaction

b. Security management

I. sensitive information

ii. Software application

3. Internet security and users

a. Firewalls

b. Network security management

4. Authentication and verification

a. Security goals

5. Internet security in Banking

a. Intrusion detection system

b. Insider threat

c. Legal aspects

6. Improving internet security

a. Consumer trust

7. Conclusion

a. Recommendation

8. References


Abstract

In recent years, e-commerce has considerable growth in the US and other European

markets. The market is highly concentrated; this presents many values that can be utilized. As a

consequence, the path towards full realization of the potential of E-commerce has experienced

problems. There are many hurdles that need to be overcome.

In a broad view customers have used e-commerce to pay for products and services.

Customer experience is important in determining the success of e-commerce. On the other hand,

it has been hard for it to be distinguished, evaluated and analyzed because there have been no

contributions to estimate it in an objective way.

Since this is a gap that needs to be filled, this paper will try to evaluate the experiences

that come about with e-commerce transactions together with the possible security problems. This

is in relation to customer experiences as far as security (transactions) in e-commerce is

concerned. The whole process of executing transactions on an e-commerce website has gone

through various stages. It involves landing, product identification, product presentation, cart,

order completion and payment. E-commerce websites have had various strengths and

weaknesses that have ended up exposing transactions to security problems. Therefore, there is

need to evaluate the diverse customer experiences in an e-commerce transaction. This will be

done in a quantitative way to identify various areas that need to be improved to enhance

transactions.

There are many challenges that face e-commerce as far as transactions are concerned.

Generally, innovations and competition have been the driving factors behind the continued use of


e-commerce. Because of the open nature of the internet, transaction security continues is a

concern in e-commerce. These continued transaction risk is likely to create a significant barrier

(to market acceptance). There is need for proper control and management. All these are essential

for the promotion of consumer confidence.


1. Introduction

Increase in online transactions people are able to transact easily and efficiently. However,

online safety has to be considered. There are a variety of threats and vulnerabilities that have

emerged from online businesses. This is because the online business environment has been

changing consistently. In the long run, there have been occasions where online functionality has

ended up undermining customer confidence. This compromises customer information and

contravenes security implementations. These are real threats that need to be nullified. In doing

so, online security management should be enhanced at all levels in the course of carrying out e-

commerce transactions. The management is supposed to be active and review their online

security approaches.

Therefore this calls for proper policies and security measures that will redefine the way e-

commerce transactions are carried out for efficiency. There are supposed to be good processes

that will provide a proper framework to guide the application of security benchmarks. It is

supposed to use proper information security standards which will be applied for online security

measures.

These measures are supposed to be utilized to enhance online business. Despite the fact

that e-commerce has gained momentum in redefining the way business is done, most transactions

have continued to face some risks. So, online security measures and policies will be instrumental

in protecting the interests of those who conduct business using the internet.


2. Background

A. Security in online transactions

Online transactions are supposed to protect the security of information. This includes

online businesses and their customers. Businesses are supposed to maintain a competitive edge,

customer confidence and build trust that will promote a good business reputation. In the process

there should be a secure online business environment.

It is quite clear that many organizations are now ready to protect their online business

transactions (Gomez & Litchenberg, 2007, p.6). They are reinforcing this through enhanced

information security policies. There is importance of placing proper management of security.

Good information systems will protect companies from numerous security threats and

vulnerabilities.

There has been need to improve e-security and raise awareness about e-security issues for

customers and businesses. This will improve security management in a wider scale.

Development and application of online security measures is highly sought. Through these, any

online business can be able to strengthen security measures.

Online transactions face various threats from; infrastructure, organizational, network, and

application security. The complexity of technology has demanded a lot of security in online

transactions (e-commerce).Therefore, organizations have had to establish and implement

efficient online security measures.


B. Security management

Through proper security management, organizations can define their approach to online

security (Pye & Warren, 2007, p.3). There are supposed to be good management practices that an

online business will use for consistency. This wide approach secures the storage of information

within a business. Some of the risks have been as a result of poor personnel management. In the

long run there should be a response action to monitor these for future analysis. It is clear that

there have been some infrastructure security concerns. Measures are supposed to be put in place

to avoid damage, unauthorized access and interference in the course of doing online business.

l. Sensitive information

Sensitive business information has been accessed by unauthorized people and led to

questionable transactions (Hole et al, 2006, p.12). All these have sent a wrong signal to

customers and other businesses that use the internet to transact business. This calls for the

emplacement of proper online processing. The businesses are supposed to guard themselves

against the compromise of sensitive information. In the long run they will protect themselves

from potential environmental business hazards.

II. Software application

Software applications have formed an integral part of online business which has had a

bearing on e-commerce. This has affected transactions with a long term effect on security.

Security controls are supposed to protect business information in wide scale.


In doing business, some companies and organizations have encountered electronic mail

security problems. Businesses have been compelled to control email access. It is also necessary

to come up with proper user behavior education to reduce the potential risks.

In some occasions online business transactions have lacked user cryptographic controls.

These are necessary to safeguard integrity, confidentiality and authenticity of information that is

moved around for the public to access (customers). Online businesses data exchange has been

enhanced by computer networks that convey information. To some extend this communication

has ended up exposing some loopholes that have been used by people for negative reasons.

3. Internet security and users

Some users have compromised the security measures and policies in place (Filipek,

2006, p.7). This calls for control of internal and external communication to seal all the loopholes

that can be used to interfere with e-commerce transactions.

A. Firewalls

A proper way that businesses can use this is through efficient installation of firewalls to

define online boundaries. There have been occasions where the systems have failed and led to

unavailability. It has affected transactions leading to security concerns by those affected.

Businesses have been compelled to have adequate capacity and resources for the growth of

online business.


B. Network security management

Network security management will focus on protecting information. In doing online

business there should be proper information to support infrastructure. The local network is

supposed to enhance online business by defining proper physical boundaries. External and

internal users have logged systems and caused security breaches. Therefore, appropriate

measures are supposed to be there for system monitoring to detect unauthorized activities.

4. Authentication and Verification

Online customers are supposed to be given a protective barrier which calls for proper

authentication and verification. This is supposed to cover the entire life cycle of the customers.

Their identity should be validated before being given access to the online service or system.

This authentication process for online businesses will identify users in a unique way before

allowing them to interact with the business system.

There has been a strong pursuit for transactions and business activities. This has seen a

lot of sensitive data being exchanged which has further exposed online business to a lot of

vulnerabilities and threats. In the process the transactions have been fraud and in extreme cases

led to contract disputes. E-commerce is getting a lot of challenges from modifications and

disclosures of sensitive information to unwanted users.

A. Security goals

A starting point should be assessed to ascertain the essential elements of conducting

transactions on the internet. There is a necessity of benchmarking online security goals for

sustainable business.


A specific area that needs to be looked at is internet banking because it touches on both

the customers and businesses. Banking and money have been extended into the cyberspace.

Many banking institutions have launched e-retail banking over the internet. Competition has

driven many financial institutions into embracing internet banking to remain strategic in the

market.

5. Internet Security in Banking

Internet banking has become popular because of an increase in online business

transactions. This has also been a strategy by businesses’ to support business reengineering and

expand their market share. Customers have been attracted to online banking due to its

convenience (Choton, 2005, p.13). Many products that have been availed online are tailored to

fulfill wants and quality expectations with technological progeny. But, on the other hand they are

less concerned about the looming identity theft and email scams.

Most customers’ believe that internet banking and transactions are very safe due to their

own perceptions. Blame can be laid on banks and other partners because they have not been

vibrant in authentication of customers. Banks need proper authentication methods while looking

at the possible attacks. There is a necessity to develop more secure online business transactions.

Banks have insisted that customers access their account information by giving their PINs

and social security numbers (like it is the case for Norwegian banks). Some crackers have

accessed this information and posed as the real customers while their main intention is to steal.

The internet is supposed to be exploited as a channel that can build and develop long term client

relationships.


A. Intrusion detection system

There should be a bank intrusion detection system that will discover these attacks

because the crackers can not hide. This is due to the open nature of the internet. All these should

be aimed at facilitating open transactions that will promote efficient e-commerce. Because banks

form an integral part of e-commerce transactions they are supposed to be sufficiently involved in

online business.

The blame cannot be squarely laid on banks for bad transactions or problems in e-

commerce business but should involve all the businesses and users to ensure that online business

is safe. In supporting safe e-commerce transactions some banks have enhanced security by

aiming to provide two factor authentications.

B. Insider threat

Information officers are having problems because of cyber crimes and insider threats.

Internet based crime is a challenge to many organizations and companies. There is also an

emerging danger to online security from insider sources. Most countries have had problems in e-

commerce transactions because of their unprotected systems.

Online based crimes have been costly as they lead to loss of customers and revenue. In

the long run the business has ended up having a poor brand and reputation. The nature of online

crimes has been changing and this means that companies are supposed to prepare a new way to

combat this crime. This should be considered by the entire organization and its partners in the e-

commerce business.


This is an industry problem whereby all the players are supposed to participate instead of

leaving it to individual companies and their users. Some mechanisms that companies have

enforced to enhance transactions include the updating of firewalls and preventive controls. The

concurrence of crimes that relate to online business are continuing at a very fast pace. Some

organizations have not been willing to report these online crimes because they fear that by doing

so it might affect their business and ultimately customers.

There is need to determine the primary source of these security problems in transactions

and online business with abroad approach. In the United States, most online crimes are reported

in the financial sector which is the heart of many transactions.

The internet has a global reach where immediate connection to all internet protocols is

available (Wang, 2009, p.8). This means that the internet cannot respect or observe any judicial

boundaries. The ability to connect globally has not enhanced security which is a challenge to

many countries that wish to regulate the way online transactions are carried out. Countries are

supposed to regulate commerce with their foreign counterparts to give online business a new

lease of life. Law enforcement will create a good platform by which those who are found

violating online business ethics will be punished.

C. Legal aspects

Whenever there is an intrusion the management can use regulatory, legal and ethical

issues to consider if this will be handled by law enforcers, the public or stockholders. Businesses

have been discouraged to report due to the potential impact on the stock price. It means that


when they report that their systems are experiencing online crimes customers will question their

competence in the market.

Although the U.S.A has tasked the CFAA to deal with security crimes, law enforcement

has been impotent because some of the crimes are never reported. This has seen some companies

outsourcing their security functions. Outsourcing of security operations is not viable as security

forms an integral part of the organization. The public is supposed to change its perception as far

as online security problems are concerned to deal with this business menace.

E-business is positively or negatively influenced by the knowledge and trusts that e-

consumers have. When consumers lack trust, it becomes a big obstacle to the success of online

business (e-commerce). This also hinders the success of online transactions. Good online

practices are supposed to make the public more knowledgeable about online transaction security

issues (Mangiaracina et al, 2009, p.14).

This is because trust plays an important role whenever cases of risks and uncertainties

arise in online business. One party is not supposed to take advantage of the other during and after

transactions. Trust has been hard to build because online customers can not see each other

physically when executing transactions. Initial trust and familiarity play a critical role in giving a

positive impact on online transactions.

In conducting online transactions, consumers can not see the products they are

purchasing physically to check on their quality. They can not monitor the security and safety of

personal information. This therefore implies that the success of e-commerce can only be

guaranteed when customers trust the products and the sellers (that they can not be able to see).


When there is no trust, secure transactions will not be maintained and developed.

Considering increase in usage of e-commerce as a distribution channels, businesses ought to

consider the impact of trust on transactions. When customers know more about the internet they

will be able to understand that non secure transactions are real and can happen to anybody.

Customers’ are supposed to be concerned about the trustworthiness of online transactions. Those

with more knowledge know how to avoid online security issues.

Because of the potential pitfalls that may arise out of online e-commerce transactions,

customers are supposed to be more knowledgeable on how they can make wise business

decisions. Ability to make wise business decision increases inclination of customers to trust

online transactions. This therefore calls on all businesses to increase their customers trust in

online transactions.

6. Improving internet security

E-commerce transactions can be more secure if the customers are knowledgeable with

high levels of trust. Although there might be some security concerns more information will make

the customers and consumers to know how to avoid online security issues. Therefore consumer

education is important for the success of electronic commerce. This is because consumers will

not be afraid of online transactions when they become knowledgeable about internet security.

After all these developments, businesses are supposed to enhance e-commerce security

(Liao & Cheung, 2003, p.19). This can be done through the continued use of an intrusion

detection management system. This will ultimately protect the users and organizations by

detecting threats and analyzing them to avoid any compromising situations.


It will be able to use an attack analyzer that will gather information within the system and

come up with a treatment plan. Organizations will be able to identify measures and rank them for

efficient security controls. This is because e-commerce is still regarded as a distributed real time

system. It is supposed to enhance customer interaction thereby managing different resources to

provide the best quality.

A. Consumer trust

In a large perspective online business is continuing to be popular with increased

transactions. As far as this is concerned the environment that these businesses operate in should

be regulated to avoid many problems that have manifested themselves in recent years. The

internet continues to give many opportunities for businesses to expand but on the other hand this

also posses’ risks that can not be ignored.

Consumers who have seen the importance of doing their transactions on the internet

should desist from any temptations that will make e-commerce unattractive to the larger

population. Some companies have not accepted the reality that e-commerce is facing security

threats and therefore should approach these issue with a sober mind to avoid any interruptions in

their business.

There is a gap that needs to be filled and therefore organizations are supposed to try and

evaluate the experiences that come about with e-commerce transactions with the possible

security problems. This will go in a long way to redefine the way e-commerce is executed for the

benefit of businesses and consumers.


7. Conclusion

In a broad view, customers have used e-commerce to pay for the products and services.

Customer experience is important in determining the success of e-commerce. On the other hand,

it has been hard for it to be distinguished, evaluated and analyzed because there have been no

contributions to estimate it in an objective way.

E-commerce websites have had various strengths and weaknesses. This has exposed

transactions to security problems. Therefore, there is need to evaluate the diverse customer

experiences on an e-commerce transaction. This will be done in a quantitative way to identify

various areas that need to be improved to enhance transactions.

There are many challenges in e-commerce as a whole. Generally, innovations and

competition have been the driving factors behind the continued use of e-commerce. Because of

the open nature of the internet, transaction security continues to be a big concern in e-commerce.

Therefore, it calls for proper policies and security measures that will redefine the way e-

commerce transactions are carried out for efficiency.

Recommendation

There should be good processes to provide proper framework to guide the application of

security benchmarks. The internet has a global reach where immediate connection to all internet

protocols is available. This means that the internet cannot respect or observe any judicial

boundaries.

The ability to connect globally has not enhanced security which is a challenge to many

countries that wish to regulate the way online transactions are carried out. Countries are


supposed to regulate commerce with their foreign counterparts to give online business a new

lease of life.

Because of the potential pitfalls that may arise out of online, e-commerce transactions,

customers are supposed to be more knowledgeable on how they can make wise business

decisions. The trust propensity will influence the level of trust by the customers in online

transactions.


References

Basu, S.C. (2005). On Issues of Computer Crimes, Online Security and Legal Resources.

Journal of information privacy and security, 1(4), 1-2.

Filipek, R. (2006). Online security nightmares for CIOs. Internal auditor, 63(3), 19-20,

Retrieved from http://www.ibm.com/us/en/.

Gomez, M, J., & Litchenberg, J. (2007). Intrusion Detection Management System for E-

commerce Security. Journal of information privacy& security, 3(4), 19-31.

Hole, K., Moen, V., & Tjostheim, T. (2006). Online banking security. IEEE security & privacy,

Sweden University of Bergen, 3(3), 06.

Liao, Z., & Cheung, T, M. (2003). Challenges to internet E-banking. Communications of the

ACM, 46(12), 248-250.

Mangiaracina, R., Brugnoli, G., & Parego, A. (2009). The e-commerce Customer Journey:

A Model to assess and Compare the User Experience of the e-commerce Websites.

Journal of internet banking& commerce, 14(3), 1-11.

Pye, G., & Warren, M, J. (2007). A Model and Framework for Online Security Benchmarking.

Journal of informatics, 31(2) 209-215.

Wang, C., Chen, C., & Jiang, J. (2009). The Impact of Knowledge and Trust on E-

Consumers' Online shopping activities: an empirical study. Journal of computers, 4(1)

11-18.

http://www.ibm.com/us/en/

Fitsum ristu lakew transaction security on e-commerce

Documents

Transcript of Fitsum ristu lakew transaction security on e-commerce