Page 75 - DCAP306_DCAP511_E-COMMERCE_AND_E-BUSINESS
P. 75
E-Commerce and E-Business
A secured system functions without displaying unintentional bugs. Let us now focus on the likely
attacks that can take place in an e-commerce system. We shall also consider the preventive strategies to
be implemented.
6.1 Security Concerns
In e-commerce, all the transactions are carried out over the Internet. Though the process seems to be
interactive and convenient, there are certain risks inherent to the process such as, duplication of bills are
difficult to detect and the transaction information can be altered without leaving any hint. Whereas,
when the transactions take place using paper, the purchase documents cannot be modified as there
would be some evidence such as signatures and trademarks that are left behind to trace it down.
Anup and Asha are the transacting partners in an online trading site, who are
aware of each other’s identity. When Anup sends a confidential document such as
a purchase order to Asha, Anup must make sure that, the purchase order is
receivable only by Asha and not by any other third party.
An efficient e-commerce system should bring in reliability in identifying and tracing any modifications
done to transaction documents such as bank cheque, purchase order, and replacement bills.
Whether the transactions are carried out using paper documents or electronic media, they should
ensure that the information is not destroyed, and any other third party user or hackers do not use it
inappropriately. An efficient e-commerce system should guarantee:
1. Confidentiality: The transaction information should be protected from unauthorized access by
internal users and hackers, as it is vulnerable to be intercepted during transmission over several
networks. The information should be encrypted to make it difficult for attackers to trace the
algorithm.
If your friend reads mails that are sent to you, then it is a breach of your confidential
information and privacy.
2. Integrity: The transaction document when retrieved from any communication network must be
reliable and should resemble the transmitted document without any addition, deletion, or
modification.
If a vendor adds extra amount to the bill in addition to your purchase price, then
the vendor has violated integrity with respect to bill charges.
3. Availability: The transaction information communicated across several networks should be
available when required. There are several reasons for the unavailability of transaction
information such as, virus attacks, abrupt shutdown of systems due to electricity failure, network
errors, and errors in product software and hardware.
When your friend sends an SMS and you do not receive it or it may be delivered to
you after a day, then it is termed as unavailability of information at the right time.
4. Authenticity: The retrieved transaction information needs verification to check whether it was sent
by the sender or by any other source claiming to be the sender. Likewise, it is also essential to
check if the information was delivered to the intended recipient.
When you forget your e-mail password the server asks for your e-mail ID and few
security questions that you had answered while creating an account. This process is
carried out to check whether you are the authenticated person to access the account.
68 LOVELY PROFESSIONAL UNIVERSITY
