Internet is a public network system that
consists of thousands of private computer networks connected
together. These private computer networks are exposed
to potential threats from anywhere on the
public network. Internet provides a good opportunity to the
businesses but along with the convenience
also come new risks. The valuable data or information that travels
on the Internet may be misused,
stolen, corrupted or lost. For example, while making online purchase on
the E-commerce website,
customer needs to provide the credit card number and
personal details. This information is transmitted
to the
merchant server. The merchant server sends it to the issuing
bank for authorization through
payment gateway. All these transmissions occur on the public
network i.e. Internet. An unauthorized
user may read the credit card
number during the transmission and misuse it later on. Also, there are
possibilities that order
information might be changes in between. If the customer has ordered 10 items,
and
somehow the merchant receives order of 100 items, he would ask us to pay for
100 items. An
intruder can steal or tamper information anywhere in the world
while sitting on his computer. He can
create new programs and run them on
remote computers causing it to malfunction or break down in
worst cases while
hiding his identity.
E-commerce / M-commerce sites have to keep
their online data such as customer’s personal details,
their bank details and
many more safe. They have to be aeware of all the frauds that
are taking place
now days. As E-commerce deals with payments such as
online banking, electronic transactions, using
debit cards, credit cards and
many others; the E-commerce / M-commerce websites have more security
issues. They are at more risk of being targeted than
other normal websites. Thus, it becomes very
important to secure the
data on Internet.
The E-commerce / M-commerce security must
meet four important aspects as mentioned below:
Confidentiality
It refers to the secrecy of the information
so that unauthorized user cannot read it.
It is achieved by using cryptography in which
all the messages transmitted are encrypted and only the
receiver can read it
after decrypting the message using appropriate key.
This protects the data from private attacks
and ensures that the message is not revealed or leaked to
anyone as it travels
to the destination.
It helps in protecting the protecting the
confidential data like credit card number.
Integrity
It ensures that the information must not be
accidentally or maliciously altered or tampered in transit.
The receiver should receive the same message
as was sent by the sender.
If the message is altered in between the
transition, it should be detected.
This removes the problem of modifying the
order quantity in between and later creating the payment
problems.
Authorization
It ensures that only authentic users are
allowed to use the system.
The login and password is one of the ways to
achieve authentication.
Non-repudiation
It ensures that the sender of the message cannot
deny that he / she has sent the message.
It prevents sender or receiver from denying a
transmitted message when in fact they did send it.
For example,. If the customer denies of
sending a purchase order for any reason, then it can be proved
that the customer
has send the message. It is usually accomplished via digital
signatures or a Trusted
Third Party (TTP).
No comments:
Post a Comment