"The unique nature of the threats to e-commerce companies requires new technologies and systems to provide a secure transaction environment." (School of International Business, 2004, p.85) Tying in with many payment issues, the security of websites can never be 100% assured, however several technologies can be employed to help reduce the risk of information being compromised when conducting e-commerce transactions.
Passwords: Password protection is the most common form of security found online. There are passwords for email accounts, bank accounts, store accounts, eBay account, and more. Passwords are used to protect information which is stored online, and allows or prevents access to secured areas by asking users for a Username/ID and password before entering the site. By setting up accounts, customers can store personal details and information to avoid having to enter it in for every single transaction. The main disadvantage of this is that passwords are often not protected – people tell others their password, write them down or choose ones that are easy for others to guess (birthdate, name spelt backwards, etc). Even if the person trying to hack into you account doesn’t know you that well, clues like Hotmail’s ‘secret question’ can make it easier to obtain or change the current password.
Encryption: To ensure information is kept private whilst it is being transferred across the Internet, the data is encoded or encrypted into another ‘language’ (some form of mathematical formula usually) and is then decoded at the receivers end. “Most encryption software uses formulas so complex that it would take most powerful computers years to decode the messages.� (School of International Business, 2004, p.86)
Public Key Infrastructure: PKI is an added form of security which prevents a third party who steals encrypted information from decrypting it with any type of software. Encryption software uses pieces of additional software known as ‘keys’ to ensure that only the creators and recipients of information are able to access it. A set of two keys – a public key and a private key – are required to transmit encrypted data from one computer to another. Firstly the public key encrypts the data, and it is sent to the computer with the corresponding private key for decryption. In e-commerce, these keys are installed on Web servers and then sent to users of websites (browsers) automatically. The only involvement the user has in the process is agreeing that he or she trusts the Web server. A ‘tunnel’ is established between the browser and the server (called the Secure Sockets Layer, or SSL) and the user can then confidently send encrypted information that only that server can decrypt. (School of International Business, 2004, p.87)
Securing Companies from External Attack: It is not only consumers that potentially suffer from fraud or viruses online and through e-commerce. Companies need to protect themselves against a host of criminals worldwide – thieves, hackers and virus makers to name a few. To prevent against these threats companies use several tools.
Screening Routers: On route to its destination, a router will check packets and in accordance to the network administrators (company’s) security policy, will decide whether or not to pass the packet on.
Proxy Servers: Proxy servers act as the ‘middle man’ for computers wishing to see data (like webpages). Instead of the actual computer requesting information from a main server, it tells the Proxy server what it wants, and it is the Proxy server who actually requests the information from the main server. The Proxy then passes the information back to the computer and that computers identity is never discovered, as all requests are made by the Proxy. This anonymity makes it harder for hackers to access computers on internal networks, and keeps the network more secure. (School of International Business, 2004, p.90)
Firewalls: A company’s internal network is often protected by a firewall. A firewall is essentially “a computer (or specialized appliance) that sits between the Internet and anything a company wants to protect (such as a Web server or the company’s internal network)". (School of International Business, 2004, p.90) Firewalls function in a similar way to anti-virus software, by searching files (packets) while they are in transit across networks.
Queensland University of Technology, School of International Business (2004) Introduction to e-business Australia: McGrawHill & QUT Custom Publication, ISBN 7777772570.
Melanie Mackrodt 13:57, 3 Sep 2004 (EST)
Catherine Cherry 11:02, 29 Oct 2004 (EST)
Back to ECommerce
