Why does e-commence security matter?
Why does e-commence security matter? Research and identify a couple of recent e-commerce security attacks. What went wrong? What could have been done to prevent the attack?
Case Study Security Issues over E-Commerce and their Solutions
Abstract: E-commerce (electronic commerce) or EC is the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the internet. These business transactions occur either as b to b (business-to-business), b to c (business-to-consumer), c to c (consumer-to-consumer) or c to b (consumer-to-business).It is the trading or in products or services using computer networks like Internet or online social networks. Here the Business conducted through the use of computers, telephones, fax machines, barcode readers, credit cards, automated teller machines (ATM) or other electronic appliances without the exchange of paper-based documents or physically moving to a shopping mall. It includes activities such as procurement, order entry, transaction processing, online payment, authentication, inventory control, order fulfillment, shipment, and customer support. When a buyer pays with a bank card swiped through a magnetic-stripe-reader, he or she is participating in e-commerce. E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect ecommerce including of Data security and other wider realms of the Information Security framework. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-commerce security-Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability. Ecommerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats, hackings. Therefore it is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. In this paper we discussed with Overview of security for ecommerce, various steps to place an order, Security purpose in E-commerce, various security issues in E-commerce, guidelines for secure online shopping etc.
Keywords: E-commerce, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability.
Security in E-commerce is a part of the Information Security framework and is specifically applied to the components that affect e-commerce that include Computer Security, Data security. E-commerce needs high security components that affect the end user through their daily payment interaction with business. E-commerce required a reliable infrastructure and framework to enable a secure and successful e-commerce
E-payment E-marketing SCM Banking
Transaction over network.
Legal and public policy framework
Business service infrastructure
Security and encryption technology
[Fig.1 Basic infrastructure of E-Commerce]
Today, privacy and security are a major concern for electronic technologies. M-commerce (Mobile – Commerce) shares security concerns with other and organizations engaging with ecommerce. On the web ecommerce applications that handle payments like online banking, electronic transactions or using debit cards, credit cards, PayPal, E-cash, prepaid cards, master cards, visa cards or other tokens have more compliance issues, technologies in the field. Privacy concerns have been found, revealing a lack of trust in a variety of contexts, including commerce, electronic health records, erecruitment technology and social networking, and this has directly influenced users. Security is one of the most important factors that restrict customers and organizations engaging with ecommerce.
The e-commerce now addressing slowly for the security issues on their internal networks. There is such kind of guidelines for securing systems and networks available for the ecommerce systems personnel to read and implement. As most of the customers those are using online shopping some are literacy and some are illiteracy so to Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the ecommerce security architecture. Virus, worms, Trojan horse programs launched against client systems pose the greatest threat to e-commerce because they can bypass or subvert most of the authentication and authorization mechanisms used in an ecommerce transaction. These programs can be installed on a remote computer by the simplest of means: email attachments.
So some Privacy has become a major concern for consumers with the rise of identity theft and impersonation, and any concern for consumers must be treated as a major concern for e-Commerce providers.
II. RELATED WORK
Security is one of the crucial part restrict customers and organizations engaging with e- ecommerce. The aim of this paper is to explore the perception of security in ecommerce basically on business to customer B2C and customer to customer C2C websites from both customer
and organizational perspectives. 
With the rapid growth of global market in E-commerce, security issues are arising from people’s attention. The security for the online transaction is the core and key issues of the development of E-commerce. This paper about the security issues of Ecommerce activities put forward solution strategy from two aspects that are I. technology and system, so as to improve the environment for the development of E-commerce and ii. Promote the further development of E-commerce. 
Web applications increasingly integrate third-party services. The integration introduces new security challenges due to the complexity for a web application to coordinate its internal states with those of the component
services and the web client across the Internet. 
Now a days the owners of Ecommerce web site are thinking of how to attract more customers and how to make the visitors feel secured when purchasing goods on the site, on the other side how the end users should rate an ecommerce website and what they should do to protect themselves as one among the online community. The main objective of writing this research analysis journal is to make the readers to get clarity of thoughts on the web technology which will help all the online customers to do secure transactions along with safety tips and tricks. There for the online ecommerce site owners, have to make their online visitors to be of much comfort or Trust an ecommerce site via Trust marks, and by their security strategies. 
Every a transaction applies on the E-commerce has a security measures.
a. E-commerce transaction phases
a) Information phase
b) Registration phase
c) Negotiation phase
d) Payment phase
e) Delivery or shipment phase
b. Security measures
a. Access control for integrity checks
b. Secure contract identification
c. Digital signatures
e. Secured delivery of the products with integrity checks
f. Tracking of the products
Viruses, worms, Trajan horse are the biggest problems in the e-commerce world. They only disrupt e-commerce operations and should be classified as a Denial of Service (DoS) tool. Trojan horse programs allow data integrity and fraud attacks to originate from a seemingly valid client system and can be extremely difficult to resolve. A hacker could initiate fraudulent orders from a victim system and the ecommerce server wouldn‗t know the order was fake or real. Password protection, encrypted client-server communication, public private key encryption schemes are all negated by the simple fact that the Trojan horse program allows the hacker to see all clear-text before it
gets encrypted. 
[Fig.2 public/private key process]
The traditional authentication mechanism is based on identity to provide security or access control methods. To avoid this kind of problem some traditional encryption and authentication algorithm require for high computing power of computer equipment. How to improve the authentication mechanism and optimize the traditional encryption and authentication algorithm may be the focus of peer to peer (P2P) e-commerce. 
All the E-Commerce transactions offer the banking industry with a great opportunity, but at the same time it creates a set of new risks and problems such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. As the money transactions are very important factor for e-commerce they require a coordinated match of algorithm and technical solutions. 
Most of the e-commerce Transactions occur between buyers and sellers. This kind of transactions in ecommerce includes requests for quotation of prices, information, payment, delivery of orders, and finally services after receiving of the product to customer. The high degree of confidence needed in the authenticity, confidentiality, and timely delivery of such transactions
can be difficult to maintain where they are exchanged over the Internet. 
On e-commerce the Privacy and security can be viewed as ethical questions. At the same time the privacy and security area attracts a large amount of attention from the commercial sector because it has the potential to determine the success or failure of many business ventures, most obviously commerce activities.  In online shopping of e-commerce the payment function is the key issue to ensure that, the consumers or buyers are fast and convenient, there the safety and secrecy of the parties to a transaction, which requires a complete electronic trading systems. 
III. PURPOSE OF E-COMMERCE STUDY [Fig.4 Online Shopping Phases]
There are several kind of problems may arises over the e- Online shopping to place an order commerce. I. registering properly in an online portal ii. Start -> buyer -> e-commerce website->shop ->product Credit or debit card details iii. Proper delivery addresses database ->place order ->secure socket layer->check outIV. Loss or damage of products etc. so we need to give >redirect to bank or link with bank-> credit or debit card more focus on the below verification-> buyers account->payment made to seller->
• Study the overview security of e-commerce redirect to again online site-> product delivery-> product
• Understand the online shopping by giving proper received to customer information for delivery the products
• Security of online payments
• Discuss various issues in e-commerce
• Understand the secure online shopping guidelines
IV. THE LIFE CYCLE OF A DIGITAL ECOMMERCE
Now a day’s millions of people using online shopping because of easier and convenient. Instead of moving a physical shop customers use to buy at virtual shop because of saving of time, choice of various products, less price, delivery of product to customer door etc. Almost anything Can be bought such as music, toys clothing, cars, food and even porn. Even though some of these purchases are illegal we will be focusing on all the item‗s you can buy
legally on the internet. Some of the popular websites are [Fig-5 E-Commerce steps to place an order and Digital
eBay, iTunes, Amazon, HMV, Mercantile, dell, Best Buy, Payment methods in E-Commerce]
Flipkart, Snapdeal and much more.
V. SECURITY TOOLS FOR E-COMMERCE
E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. There are various dimensions of e-commerce security (Table 5.1)
Integrity: prevention against unauthorized data modification
No repudiation: prevention against any one party from reneging on an agreement after the fact
Authenticity: authentication of data source
Confidentiality: protection against unauthorized data disclosure
Privacy: provision of data control and disclosure
[Fig-3 E-Commerce life cycle] Availability: prevention against data delays or removal
There are various security measures to be taken for online shopping like
Firewalls – Software and Hardware
Public Key infrastructure
Biometrics – retinal scan, fingerprints, voice
Locks and bars – network operations centers
VI. PURPOSE OF SECURITY
1. Data Confidentiality – is provided by encryption /decryption.
2. Authentication and Identification – ensuring that someone is who he or she claims to be is implemented with digital Signatures.
3. Access Control – governs what resources a user may access on the system. Uses valid IDs and passwords.
4. Data Integrity – ensures info has not been tampered with. Is implemented by message digest or hashing.
5. Non-repudiation – not to deny a sale or purchase Implemented with digital signatures.
Plaintext/Clear text – message humans can read.
Cipher text – unreadable to humans, uses encryption. Reverse process is call decryption. A cryptographic algorithm is called a cipher. It is a mathematical function. Most attacks are focused on finding the ―key‖.
VII. SECURITY THREATS
There 3 types of security threats in e-Commerce a. Client threats
i. Active content ii. Malicious content
iii. Server-side masquerading
b. Communication channel threats
i. Confidentially threats ii. Integrity threats
iii. Availability threats
c. Server threats
i. Web-server threats ii. Commerce server threats iii. Database threats iv. Common gateway interface threats v. Password hacking
VIII. SECURE ONLINE SHOPPING GUIDELINES
a. Use Familiar Websites
Use a trusted site rather than shopping with a search engine. Search results can be rigged to lead you stray, especially when you drift past the first few pages of links. If you know the site, chances are it’s less likely to be a rip off. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, the sales on these sites might look enticing, but that’s how they trick you into giving up your info.
b. Look for the Lock
Never ever buy anything online using your credit card from a site that doesn’t have SSL (secure sockets layer) encryption installed—at the very least. You’ll know if the site has SSL because the URL for the site will start with HTTPS:// (instead of just HTTP ://). An icon of a locked padlock will appear, typically in the status bar at the bottom of your web browser, or right next to the URL in the address bar. It depends on your browser. Never give anyone your credit card over email.
c. Don’t Tell All
No online shopping store needs your social security number or your birthday to do business. However, if crooks get them, combined with your credit card number for purchases, they can lot of damage. The more they know, the easier it is to steal your identity. When possible, default to giving up the least amount of information.
d. Check Statements
After successful shopping regularly during the holiday season and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. (After all, there’s more than one way to get to your money.)If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems, however; after that, you might be liable for the charges anyway.
e. Use Strong Passwords
The best practice over online shopping is to change the passwords in periodically. Our tips for password can come in handy during a time of year when shopping around probably means creating new accounts on all sorts of e-commerce sites.
f. Think Mobile
Most of the young generation when they are going to purchase any product from online they start compare the products from various sites. The National Retail Federation says that 5.7 percent of adults will use their mobile devices to do comparison shopping before making a purchase. (And 32.1 percent will comparison shop online with a computer, as well.) For more complete information, be sure to also read our tips for shopping safely on a mobile device.)
g. Avoid Public Terminals
Hopefully we don’t have to tell you it’s a bad idea to use a public computer to make purchases, but we still will. If you do, just remember to log out every time you use a public terminal, even if you were just checking email.
h. Don’t Fall for “Phishing” Messages
Identity thieves send massive numbers of emails to Internet users that ask them to update the account information for their banks, credit cards, online payment service, or popular shopping sites. The email may state that your account information has expired, been compromised or lost and that you need to immediately resend it to the company. a
Some emails sent as part of such ―phishing‖ expeditions often contain links to official-looking Web pages. Other times the emails ask the consumer to download and submit an electronic form. For more information on phishing, visit www.antiphishing.org, and www.onguardonline.gov.
I. Count the Cards
Gift cards are the most requested holiday gift every year, and this year will be no exception. Stick to the source when you buy one; scammers like to auction off gift cards on sites like eBay with little or no funds on them.
j. Use Shopper’s Intuition
Look at the site with a critical eye. And heed the old
“If it looks too good to be true, it probably is.” If any of These questions trigger a warning bell in your head; you will be wise to find another online merchant:
Are there extraordinary claims that you question?
Do the company’s prices seem unusually low? Does it looks like the merchant is an amateur? Are there a lot of spelling or grammar errors?
Does the company’s phone go unanswered.
The use of a post office box might not send up a red flag, but a merchant who does not also provide the company’s physical address might be cause for concern.
IX. HOW PEOPLE FEEL SAFE WHEN SHOPPING ON-LINE?
When a customer is a regular to online shopping he/she must be follow the following guide lines.
1. Before purchasing the goods on global sites make sure about the currency or exchange rates.
2. Find the cost of delivery charges and whether the product is delivered to your location or not.
3. If you are bidding on E-bay check out the buyers and sellers feedback. This should become standard before you ever place a bid.
View publication stats
4. Find the FAQ’s on the online shopping sites for more information and their rules, acts and regulations.
5. If someone demands cash for a payment, ―say no‖. Use your credit card to make your payment; this will protect you against fraud. Credit card companies refund accounts where fraudulent activity transpires.
7. If you are unsure about a site, try doing a search with Google or any of the other search engines. You may find comments posted about the shopping site from other customers.
These simple guidelines should also apply when bidding
E-commerce is widely considered the buying and selling of products over the internet, but any transaction that is completed solely through electronic measures can be considered e-commerce. Day by day E-commerce and Mcommerce playing very good role in online retail marketing and peoples using this technology day by day increasing all over the world. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-commerce security; Integrity: prevention against unauthorized data modification, No repudiation: prevention against any one party from reneging on an agreement after the fact.
Authenticity: authentication of data Source. Confidentiality: protection against unauthorized data disclosure. Privacy: provision of data control and disclosure. Availability: prevention against data delays or