Issues of Security

Electronic Commerce Security Issues
As usage of the Internet and e-commerce has increased dramatically, so have the threats to security on the web. When email was the main use of the Internet the threats were not so great – as not much could be done. But as email and other web technologies have increased in sophistication the threats to security have also increased in sophistication.

One of the most common fears of people who purchase online is the security of their credit card details and personal information. Over the last few years there have been many malicious viruses sent via email, costing billions of dollars to businesses worldwide.

The most common security threats are detailed below:

  1. Email and Web Browser Threats
    There have been a spate of high profile viruses sent around the world at rapid speed, causing billions of dollars to companies worldwide. As technology has improved, great things can now be done. Instead of having a static web page or sending a plain text email we can now put graphics, audio that can be downloaded and use HTML (Hypertext Markup Language) to display – or plainly, cause action to occur.

    The technology that causes this to happen is called active content. Active content is provided in many forms but the most common are ActiveX Controls (an object that performs tasks), Java applets (programmes that execute within another programme), JavaScript (scripting language for web pages) and VBScript (programming language for web pages). This technology is in itself, good – but when it falls into the hands of someone who wants to cause harm this can happen.

    Active content is activated when you open a web browser that has active content, or by downloading an email that contains the active content in an attachment. If there is an applet on the web page it will automatically download and begin running on your computer. If you open an email that has an attachment, whatever is in that email can be executed on your computer without you knowing.

  2. Database Threats
    E-Commerce software systems store client details, product details, purchase information and more in databases which are connected to the Web server. Databases hold important information, much of it private (such as credit card transaction details) so database security is of utmost importance. Any point where an intruder can enter into a database must be protected well. Any connection to the Internet (which e-commerce systems bring) makes the database that much more vulnerable to intruders.

  3. Communication Threats
    The Internet serves as a communication channel linking people and businesses all over the world. The Internet itself is not secure (and was designed to be insecure by the Defence Advanced Research Projects Agency DARPA network that designed the Internet) and as messages pass through the various nodes on the Internet, there is the opportunity for these messages to be intercepted.

    Every communication that is sent over the Internet, whether it be a request for a web page to be shown, a banking deposit that hasn’t yet been finalised or an email, is broken down into little messages and then reassembled at the end of its destination. There is a chance that one of these messages is intercepted and the information read, delayed or altered.

  4. Security Threats
    Electronic commerce security is extremely important. Malicious code or other types of attacks on databases, through emails, web browsers or on the information traveling over the Internet can cause a myriad of problems and cost a lot of money.

    Threats to electronic commerce can be at any stage of the e-commerce process. However, the good news is that security is an important issue for most companies, and there are various protocols, technologies (such as virus protection), security policies and education that are minimising the damage that these types of threats could cause.

    Groups such as CERT (Computer Emergency Response Team based at Carnegie Mellon University) are around the world researching and addressing security breaches by linking top scientists and security personnel to address security problems as they occur. Research such as that carried out by software providers, universities and diligence by companies can ensure that security is one step ahead of the people that wish to use technology to cause harm.