DataSecurity in the Digital Era: Issues and ChallengesDr. Jayanti Goyal Anjali Vijayvargiya Author DetailsDr. Jayanti Goyal AnjaliVijayvargiya HOD, Dept. of Computer Science AssistantProfessor,Kanoria PG Mahila Mahavidyalaya KanoriaPG Mahila MahavidyalayaAddress: Address: Contact No.: +91-9828458172 Contact No.
: +91-9461641495E-mail: [email protected]
in E-mail:[email protected] Abstract:Dataplays a critical aspect in our daily routine; whether it is for getting accessto the bank account or it is for paying the bill over the network. At present, onthis technology of digitalization, personal information vulnerabilities haveincreased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, includingstrong authentication, encryption and digital signatures; each ensuring thatour valuable information is available only to those who have authorized accessrights. These security measures are very capable to prevent unauthorized accessof personal data. There are 2 major concerns for both e-commerce customers andwebsites; Privacy is the control over one’s own data whereas Securityis the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data iscompromised at any level.Today,due to its ubiquitous nature, E-Commerce sites are accessed by anyone atanywhere. As customers increases the risk have also increased in such a waythat we need to considered security as a major challenge.
This paper would throwlight on data security, its objective, various security issues and challengesrelated to e-commerce transaction and the way they affect behavior and trust ofa customer in the case of selling or buying the product. Keywords:E-Commerce, Authentication, Encryption, Digital Signature, Privacy, SecurityIntroduction:E-Commerceor electronic commerce is broadly considered as buying and selling the goodsand services over the network. It includes significant business area such asshopping, banking, tickets booking, paying bills and taxes, food delivery andmuch more other option available. E-commerce is mainly categorizing into various categories: business tobusiness or B2B (IBM), business to consumer or B2C (Flipkart, Amazon) andconsumer to consumer or C2C (ebay, olx). In an online transaction, e-commerce securityplays an important role from the perspective of consumers as well as merchants,to make the data secure over the network. It is carried out the variouscomponents that affect e-commerce such as data integrity, confidentiality,privacy, availability, no repudiation and authenticity.Webe-commerce applications consider payments such as online transactions with theuse of credit cards or debit cards, online wallet, PayPal or other tokens havemore security issues those are increased with the use of these onlinetechniques.
Trojan horse, virus and worms, if these are launched against user(client)systems, they will pose the greatest threat to e-commerce security and privacy becausethey can lead to illegal and unauthorized access. Consumer behavior is mainlyinfluenced toward e-commerce sites by two main considerable factors – Trust andbelieve. Trust is affected by various influencing factors such as branding andstore reputation, the missing factors in this phenomenon, are the lack of touchand feels and face-to-face communication which exists in physical interactionsof product and services. Therefore, trust would be influenced by factors likesecurity and privacy in E-commerce transactions. How e-commerce works?A customer wants to order a product online by his/her computer. Web browser then communicate with the web server that manages the e-commerce store’s website.
The Web server sends the order to the order manager which is the central computer that operates orders from submission to dispatch through every stage of processing.The order manager then queries the store database to check whether the customer wants is actually in stock or not.If the item is not found in stock database, then the system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock database then the order manager continues to process it. Next it communicates with the merchant system to make payment using the customer’s credit or debit card number.
The bank computer confirms whether the customer has enough funds.The merchant system authorizes the transaction to go ahead after done with payment.Then merchant system contacts to order manager after payment being done.
The order manager confirms that the transaction has been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that order has been processed and the transaction has been complete to the customer. The order manager then requests to the warehouse to dispatch the goods to the customer.A dispatch truck then collects the goods from the warehouse.Once the goods have been dispatched, the warehouse computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.Purposeof Study:Thepurpose behind choose data security is following-· Tounderstand the process behind online shopping.
· Todeal with the purpose of security in e-commerce.· Todiscuss the different security issues which are faced during e-commercetransactions· Todiscuss various security threats. Purposeof Security in E-Commerce:E-commercesecurity is a crucial part of any online transactions that happens often andtakes place over the network. There are various dimensions of e-commercesecurity.
Ø Integrity: It refers to prevention against unauthorized data modification.That means information or data should not be altered during its transmissionwhich takes place online. Ø NoRepudiation: It refers to preventionagainst the denial of order or payment. Once a sender sends her transactiondetails, the sender should not be able to deny sending the message.
Similarly, the receiver of message should not be able to deny the receipt. Ø Authenticity: It refers to authentication of data source. Thereshould be a mechanism to give authentication only authorized person or user. Ø Confidentiality: It refers to protection against unauthorized data disclosure.That means data or information should not be accessible or available to anunauthorized person. The data has to be between the client and server only. Itshould not be intercepted over the transmission.
Ø Privacy: It refers to provision of data control anddisclosure of data. Ø Availability: It refers to prevention against data delays orremoval of data. Information should be available whenever and wherever itrequired. SecurityIssues in E-commerce:Data is transferred overthe network by login or by transaction details. To secure those data fromunauthorized access, E-commerce security provides a protection layer one-commerce assets. Consumers hesitate by the fear of losing their financialdata and e-commerce sites frighten about their financial losses and thatresults to bad impact on publicity. There are many security issues associatedwith e-commerce such as critical issues, social issues and organizationalissues.
An online transaction requires a customer to disclose sensitiveinformation to the vendor in order to make purchase, placing him at significantrisk. Transaction security is concerned with providing privacy in transactionsto the buyers and sellers and protecting the network from breakdowns and thirdparty attack. It basically deals with-1. Issuesrelated with customers or Clients Security – if their data is notsecured over the network, then it is an issue to think about. Organization hasto provide security feature and take guarantee that data is secured by them.
Techniques and practices that protect user privacy and integrity of thecomputing system.2. Issuerelated with Server Security – to protect web server, software andassociated hardware from break-ins, vandalism from attacks. If there is anerror in that software which implements security and by any reason it is notproviding that security so it is the second case which also takes seriously.3.
Issuerelated with Transactions Security – to provide guaranteeprotection against eavesdropping and intentional message modification such adtapping, intercepting and diverting the intended data. A. Security threats – Thevarious types of security threats exist in e-commerce. 1. MaliciousCode – it is harmful code that harms thecomputer system and makes it useless after attack. It includes virus, worms,Trojan horse etc. 2. Phishingand Identity Theft – it is a type of attackin which user data such as login credentials and credit and debit card numbers stealby the attacker by providing an email, instant message.
By clicking in thismalicious link and providing his/her details then, their data hack easily bythe intruder.3. Unauthorizedaccess- it includes illegal access to data orsystems for some malicious purpose. Two types of attack are included forunauthorized access, one is passive unauthorized access, in which the hackerkeeps his eye only on the data that is over the network and further used it fortheir own illegal ambitions. However, in active unauthorized access the hackermodifies the data with the intention to manipulate it. Home computer,point-of-sale and handheld devices can easily get affected by this attack.4.
Denialof service- hackers flood a website with uselesstraffic to target a computer or a network and to stop them working properly. Itmay occur by spamming and virus. Spamming is an unusual email bombing on thetargeted device by the hacker. By sending thousands of email one after theother, the system is affected by this attack.
5. Theftand fraud- fraud occurs when the stolen data isused or modified for illegal action. Hackers break into insecure merchant webservers to harvest archives of credit card numbers generally stored along withpersonal information when a consumer makes an online purchase. The merchantback-end and database is also susceptible for theft from third partyfulfillment centers and other processing agents.
B. Defensive measuresagainst security threatsThe defensive measuresused in transactions security are:1. Encryption– it’s far the system of converting plain text or information into cipher textthat can’t be examined by using every person except the sender and receiver. Itis accomplished with the help of mathematical algorithm the key’s required todecode the message.
In an asymmetric key encryption each the sender andreceiver use the same key to encrypt and decrypt the messages whereas symmetricor public key encryption makes use of two digital keys which are public and privateto encrypt and decrypt the messages.2. SecureSocket Layer – the SSL protocol provides dataencryption, server authentication, client authentication and message integrityfor TCP/IP connections. It prevents eavesdropping, tampering or forgery whendata is transported over the internet between two applications. It is systemnetworking protocol for securing connections between networkapplication clients and servers over an insecure network, such as the internet.3. Securehypertext transfer protocol – An Internet protocolfor encryption of Hypertext Transfer Protocol (HTTP) traffic. Secure HypertextTransfer Protocol (S-HTTP) is an application-level protocol that extends theHTTP protocol by adding encryption to Web pages.
It additionally givesmechanisms for authentication and signatures of messages.4. DigitalSignature – A Digital Signature Certificate (DSC) isa secure digital key that certifies the identity of the holder, issued by aCertifying Authority (CA). It typically contains your identity (name, email,country, APNIC account name and your public key). Digital Certificates usePublic Key Infrastructure meaning data that has been digitally signed orencrypted by a private key can only be decrypted by its corresponding public key.A digital certificate is an electronic “credit card” that establishesyour credentials when doing business or other transactions on the Web.Challenges:Almost all data securityissues are caused by the lack of effective measures provided by antivirussoftware and firewalls.
Here are the following measures, on the basis of whichsecurity is being determined.Some organizations cannot provide access controls to divide the level of confidentiality within the company.Access control encryption and connections security can become inaccessible to the IT specialists who rely on it.Unethical IT specialists practicing information mining can gather personal data without asking users for permission or notifying them.When a system receives a large amount of information, it should be validated to remain trustworthy and accurate; this practice doesn’t always occur, however.
Automated data transfer requires additional security measures, which are often not available.Most distributed systems computations have only a single level of protection, which is not recommended.Conclusion:Today, e-commerce is widely taken into consideration forthe buying and selling of goods and services over the internet, however any digitaltransaction that is completed entirely through digital measures can be consideredin e-commerce. Day by day e-commerce playing very good role in online retailmarketing and peoples using this technology day by day increasing all over the world. So it is very essential to take securityparameter seriously in case of e-commerce transactions.
E-commerce security isthe protection of e-commerce assets from unauthorized access, use, alteration, ordestruction. Notonly must e-commerce sites and consumers judge security vulnerabilities andassess potential technical solutions, they must also assess, evaluate, andresolve the risks involved. A networked application cannot offer completemeasures of connectivity, security, and ease-of-use simultaneously; there appearsto be an intrinsic trade-off here, and some sacrifice is unavoidable. For thatreason, the security concerns at first place over the other from an e-commercemerchant’s perspective and web servers has to provide the customer that.Furthermore, sensitive servers should be kept highly specialized, by turningoff and removing all inessential services and applications (e.
g., ftp, email).Until e-commerce vendors achieve the necessary delicate balance of privacy,trust and security. Therefore, the mechanisms such as encryption, protection,verification and authentication are used to implement security in proper way.The marketplace can be trustworthy only when consumers sense trust intransacting in that surroundings.