Internet is a public network system that consists of thousands of private computer networks connected
together. These private computer networks are exposed to potential threats from anywhere on the
public network. Internet provides a good opportunity to the businesses but along with the convenience
also come new risks. The valuable data or information that travels on the Internet may be misused,
stolen, corrupted or lost. For example, while making online purchase on the E-commerce website,
customer needs to provide the credit card number and personal details. This information is transmitted
to the merchant server. The merchant server sends it to the issuing bank for authorization through
payment gateway. All these transmissions occur on the public network i.e. Internet. An unauthorized
user may read the credit card number during the transmission and misuse it later on. Also, there are
possibilities that order information might be changes in between. If the customer has ordered 10 items,
and somehow the merchant receives order of 100 items, he would ask us to pay for 100 items. An
intruder can steal or tamper information anywhere in the world while sitting on his computer. He can
create new programs and run them on remote computers causing it to malfunction or break down in
worst cases while hiding his identity.
E-commerce / M-commerce sites have to keep their online data such as customer’s personal details,
their bank details and many more safe. They have to be aeware of all the frauds that are taking place
now days. As E-commerce deals with payments such as online banking, electronic transactions, using
debit cards, credit cards and many others; the E-commerce / M-commerce websites have more security
issues. They are at more risk of being targeted than other normal websites. Thus, it becomes very
important to secure the data on Internet.
The E-commerce / M-commerce security must meet four important aspects as mentioned below:
It refers to the secrecy of the information so that unauthorized user cannot read it.
It is achieved by using cryptography in which all the messages transmitted are encrypted and only the
receiver can read it after decrypting the message using appropriate key.
This protects the data from private attacks and ensures that the message is not revealed or leaked to
anyone as it travels to the destination.
It helps in protecting the protecting the confidential data like credit card number.
It ensures that the information must not be accidentally or maliciously altered or tampered in transit.
The receiver should receive the same message as was sent by the sender.
If the message is altered in between the transition, it should be detected.
This removes the problem of modifying the order quantity in between and later creating the payment
It ensures that only authentic users are allowed to use the system.
The login and password is one of the ways to achieve authentication.
It ensures that the sender of the message cannot deny that he / she has sent the message.
It prevents sender or receiver from denying a transmitted message when in fact they did send it.
For example,. If the customer denies of sending a purchase order for any reason, then it can be proved
that the customer has send the message. It is usually accomplished via digital signatures or a Trusted
Third Party (TTP).