Security in the Digital Era: Issues and Challenges
Dr. Jayanti Goyal Anjali Vijayvargiya
Dr. Jayanti Goyal Anjali
HOD, Dept. of Computer Science Assistant
Kanoria PG Mahila Mahavidyalaya Kanoria
PG Mahila Mahavidyalaya
Contact No.: +91-9828458172 Contact No.: +91-9461641495
plays a critical aspect in our daily routine; whether it is for getting access
to the bank account or it is for paying the bill over the network. At present, on
this technology of digitalization, personal information vulnerabilities have
increased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, including
strong authentication, encryption and digital signatures; each ensuring that
our valuable information is available only to those who have authorized access
rights. These security measures are very capable to prevent unauthorized access
of personal data. There are 2 major concerns for both e-commerce customers and
websites; Privacy is the control over one’s own data whereas Security
is the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data is
compromised at any level.
due to its ubiquitous nature, E-Commerce sites are accessed by anyone at
anywhere. As customers increases the risk have also increased in such a way
that we need to considered security as a major challenge. This paper would throw
light on data security, its objective, various security issues and challenges
related to e-commerce transaction and the way they affect behavior and trust of
a customer in the case of selling or buying the product.
E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security
or electronic commerce is broadly considered as buying and selling the goods
and services over the network. It includes significant business area such as
shopping, banking, tickets booking, paying bills and taxes, food delivery and
much more other option available. E-commerce is mainly categorizing into various categories: business to
business or B2B (IBM), business to consumer or B2C (Flipkart, Amazon) and
consumer to consumer or C2C (ebay, olx). In an online transaction, e-commerce security
plays an important role from the perspective of consumers as well as merchants,
to make the data secure over the network. It is carried out the various
components that affect e-commerce such as data integrity, confidentiality,
privacy, availability, no repudiation and authenticity.
e-commerce applications consider payments such as online transactions with the
use of credit cards or debit cards, online wallet, PayPal or other tokens have
more security issues those are increased with the use of these online
techniques. Trojan horse, virus and worms, if these are launched against user(client)
systems, they will pose the greatest threat to e-commerce security and privacy because
they can lead to illegal and unauthorized access. Consumer behavior is mainly
influenced toward e-commerce sites by two main considerable factors – Trust and
believe. Trust is affected by various influencing factors such as branding and
store reputation, the missing factors in this phenomenon, are the lack of touch
and feels and face-to-face communication which exists in physical interactions
of product and services. Therefore, trust would be influenced by factors like
security and privacy in E-commerce transactions.
How e-commerce works?
A customer wants to order a product online by
his/her computer. Web browser then communicate with the web server that
manages the e-commerce store’s website.The Web server sends the order to the order
manager which is the central computer that operates orders from submission
to dispatch through every stage of processing.The order manager then queries the store
database to check whether the customer wants is actually in stock or not.If the item is not found in stock database, then the
system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock
database then the order manager continues to process it. Next it communicates with the merchant system
to make payment using the customer’s credit or debit card number. The bank computer confirms whether the
customer has enough funds.The merchant system authorizes the transaction to go
ahead after done with payment.Then merchant system contacts to order manager after
payment being done.The order manager confirms that the transaction has
been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that
order has been processed and the transaction has been complete to the
customer. The order manager then requests to the warehouse to
dispatch the goods to the customer.A dispatch truck then collects the goods from the
warehouse.Once the goods have been dispatched, the warehouse
computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.
purpose behind choose data security is following-
understand the process behind online shopping.
deal with the purpose of security in e-commerce.
discuss the different security issues which are faced during e-commerce
discuss various security threats.
of Security in E-Commerce:
security is a crucial part of any online transactions that happens often and
takes place over the network. There are various dimensions of e-commerce
Ø Integrity: It refers to prevention against unauthorized data modification.
That means information or data should not be altered during its transmission
which takes place online.
Repudiation: It refers to prevention
against the denial of order or payment. Once a sender sends her transaction
details, the sender should not be able to deny sending the message.
Similarly, the receiver of message should not be able to deny the receipt.
Ø Authenticity: It refers to authentication of data source. There
should be a mechanism to give authentication only authorized person or user.
Ø Confidentiality: It refers to protection against unauthorized data disclosure.
That means data or information should not be accessible or available to an
unauthorized person. The data has to be between the client and server only. It
should not be intercepted over the transmission.
Ø Privacy: It refers to provision of data control and
disclosure of data.
Ø Availability: It refers to prevention against data delays or
removal of data. Information should be available whenever and wherever it
Issues in E-commerce:
Data is transferred over
the network by login or by transaction details. To secure those data from
unauthorized access, E-commerce security provides a protection layer on
e-commerce assets. Consumers hesitate by the fear of losing their financial
data and e-commerce sites frighten about their financial losses and that
results to bad impact on publicity. There are many security issues associated
with e-commerce such as critical issues, social issues and organizational
issues. An online transaction requires a customer to disclose sensitive
information to the vendor in order to make purchase, placing him at significant
risk. Transaction security is concerned with providing privacy in transactions
to the buyers and sellers and protecting the network from breakdowns and third
party attack. It basically deals with-
related with customers or Clients Security – if their data is not
secured over the network, then it is an issue to think about. Organization has
to provide security feature and take guarantee that data is secured by them.
Techniques and practices that protect user privacy and integrity of the
related with Server Security – to protect web server, software and
associated hardware from break-ins, vandalism from attacks. If there is an
error in that software which implements security and by any reason it is not
providing that security so it is the second case which also takes seriously.
related with Transactions Security – to provide guarantee
protection against eavesdropping and intentional message modification such ad
tapping, intercepting and diverting the intended data.
A. Security threats – The
various types of security threats exist in e-commerce.
Code – it is harmful code that harms the
computer system and makes it useless after attack. It includes virus, worms,
Trojan horse etc.
and Identity Theft – it is a type of attack
in which user data such as login credentials and credit and debit card numbers steal
by the attacker by providing an email, instant message. By clicking in this
malicious link and providing his/her details then, their data hack easily by
access- it includes illegal access to data or
systems for some malicious purpose. Two types of attack are included for
unauthorized access, one is passive unauthorized access, in which the hacker
keeps his eye only on the data that is over the network and further used it for
their own illegal ambitions. However, in active unauthorized access the hacker
modifies the data with the intention to manipulate it. Home computer,
point-of-sale and handheld devices can easily get affected by this attack.
of service- hackers flood a website with useless
traffic to target a computer or a network and to stop them working properly. It
may occur by spamming and virus. Spamming is an unusual email bombing on the
targeted device by the hacker. By sending thousands of email one after the
other, the system is affected by this attack.
and fraud- fraud occurs when the stolen data is
used or modified for illegal action. Hackers break into insecure merchant web
servers to harvest archives of credit card numbers generally stored along with
personal information when a consumer makes an online purchase. The merchant
back-end and database is also susceptible for theft from third party
fulfillment centers and other processing agents.
B. Defensive measures
against security threats
The defensive measures
used in transactions security are:
– it’s far the system of converting plain text or information into cipher text
that can’t be examined by using every person except the sender and receiver. It
is accomplished with the help of mathematical algorithm the key’s required to
decode the message. In an asymmetric key encryption each the sender and
receiver use the same key to encrypt and decrypt the messages whereas symmetric
or public key encryption makes use of two digital keys which are public and private
to encrypt and decrypt the messages.
Socket Layer – the SSL protocol provides data
encryption, server authentication, client authentication and message integrity
for TCP/IP connections. It prevents eavesdropping, tampering or forgery when
data is transported over the internet between two applications. It is system
networking protocol for securing connections between network
application clients and servers over an insecure network, such as the internet.
hypertext transfer protocol – An Internet protocol
for encryption of Hypertext Transfer Protocol (HTTP) traffic. Secure Hypertext
Transfer Protocol (S-HTTP) is an application-level protocol that extends the
HTTP protocol by adding encryption to Web pages. It additionally gives
mechanisms for authentication and signatures of messages.
Signature – A Digital Signature Certificate (DSC) is
a secure digital key that certifies the identity of the holder, issued by a
Certifying Authority (CA). It typically contains your identity (name, email,
country, APNIC account name and your public key). Digital Certificates use
Public Key Infrastructure meaning data that has been digitally signed or
encrypted by a private key can only be decrypted by its corresponding public key.
A digital certificate is an electronic “credit card” that establishes
your credentials when doing business or other transactions on the Web.
Almost all data security
issues are caused by the lack of effective measures provided by antivirus
software and firewalls. Here are the following measures, on the basis of which
security is being determined.
Some organizations cannot provide access controls to
divide the level of confidentiality within the company.Access control encryption and connections security
can become inaccessible to the IT specialists who rely on it.Unethical IT specialists practicing information
mining can gather personal data without asking users for permission or
notifying them.When a system receives a large amount of
information, it should be validated to remain trustworthy and accurate;
this practice doesn’t always occur, however.Automated data transfer requires additional security
measures, which are often not available.Most distributed systems computations have only a
single level of protection, which is not recommended.
Today, e-commerce is widely taken into consideration for
the buying and selling of goods and services over the internet, however any digital
transaction that is completed entirely through digital measures can be considered
in e-commerce. Day by day e-commerce playing very good role in online retail
marketing and peoples using this technology day by day increasing all over the world. So it is very essential to take security
parameter seriously in case of e-commerce transactions. E-commerce security is
the protection of e-commerce assets from unauthorized access, use, alteration, or
only must e-commerce sites and consumers judge security vulnerabilities and
assess potential technical solutions, they must also assess, evaluate, and
resolve the risks involved. A networked application cannot offer complete
measures of connectivity, security, and ease-of-use simultaneously; there appears
to be an intrinsic trade-off here, and some sacrifice is unavoidable. For that
reason, the security concerns at first place over the other from an e-commerce
merchant’s perspective and web servers has to provide the customer that.
Furthermore, sensitive servers should be kept highly specialized, by turning
off and removing all inessential services and applications (e.g., ftp, email).
Until e-commerce vendors achieve the necessary delicate balance of privacy,
trust and security. Therefore, the mechanisms such as encryption, protection,
verification and authentication are used to implement security in proper way.
The marketplace can be trustworthy only when consumers sense trust in
transacting in that surroundings.