One of the critical success factors of e-commerce is its security. Without a great degree of confidence by the customers that credit card numbers and other extremely sensitive personal information will be kept secure, e-commerce will simply not work. However, the successful functioning of e-commerce security depends on a complex interrelationship between several components, including the applications development platforms, database management systems, systems software and network infrastructure. The following outline the needs and threats of e-commerce (Kesh, 2002:54):
If access control is properly implemented, many other security problems, like lack of privacy, will either be eliminated or mitigated. Access control ensures only those that legitimately require access to resources are given access and those without valid access cannot have access. This includes both physical access as well as logical access to resources. Various types of threats exist for access control. For example, being able physically to enter a building or having access to network equipment is one example of a threat.
Privacy ensures that only authorized parties can access information in any system. The information should also not be distributed to parties that should not receive it. Issues related to privacy can be considered as a subset of issues related to access control.
Protection of privacy requires access control, however access control deals with the larger picture. Due to this, the threats to privacy are similar to that of access control. Integrity ensures that only authorized parties make changes to the documents transmitted over the network. Lack of integrity of the system can be devastating for e-commerce. While the threats to integrity are similar to the threats to access, being a threat to integrity is possible only when one has access at a level consistent with someone having the rights to alter a document. For example, if a customer places an order, and someone can access the system as the customer, they may be able to alter the contents of the order placed.
Authentication ensures that the origin of an electronic message is correctly identified. This means having the capability to determine who sent the message and from where or which machine. Without proper authentication, it will be impossible to know who actually placed an order and whether the order placed is genuine or not.
Non-repudiation is closely related to authentication and this ensures the sender cannot deny sending a particular message and the receiver cannot deny receiving a message. If this happens infrequently, it may not significantly harm e-commerce, however, on a large scale this can be devastating. For example, if many customers receive goods and then deny placing an order, the shipping, handling and associated costs with the order can be significant for the company processing the orders.
Availability ensures that the required systems are available when needed. For an e-commerce site this means that the customer order systems are available all the time. Two major threats to availability problems are virus attacks and denial of service.
One complicating factor for any e-commerce venture is security for customer information, such as credit card numbers and personal data, that most customers do not wish to have shared. Hardly a month goes by without media reports of security breaches over the Internet. Internal security problems, as well as hackers, can plague firms. Guarantees, seals of approval, testimonials, etc., can help ease consumer worries since most sites lack track records (Peeples, 2002:26)
Transaction security has kept many customers from purchasing products on the Internet. Much resistance has come from privacy issues such as giving credit card number and personal information. There are continual reminders of how unsafe these practices can be, even though "secure" software programs have been developed and continue to become more protective. Foolproof systems may never be developed and, therefore, the customer is left to weigh the potential cost of privacy with the benefits of conducting business over the Internet (Peeples, 2002:27)
Kesh, S. et al. 2002. "A framework for analyzing e-commerce security". Information Management & Computer Security. Vol.10, Iss.4.
Peeples, D. 2002. "Instilling consumer confidence in e-commerce". Advanced Management Journal. Vol.67, Iss.4.
Anna Caldwell 19:38, 26 Oct 2005 (EST)
