Fitsum ristu lakew transaction security on e-commerce

542 views
512 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
542
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Fitsum ristu lakew transaction security on e-commerce

  1. 1. Transaction security 1 TRANSACTION SECURITY ON E - COMMERCE FITSUM R. LAKEW ITEC-620 Prof. Elena Gortcheva University of Maryland University College AUGUST 09, 2010
  2. 2. Transaction security 2 Outline 1. Introduction a. Thesis Statement b. General Overview on e commerce transaction security 2. Background a. Security in online transaction b. Security management I. sensitive information ii. Software application 3. Internet security and users a. Firewalls b. Network security management 4. Authentication and verification a. Security goals 5. Internet security in Banking a. Intrusion detection system b. Insider threat c. Legal aspects 6. Improving internet security a. Consumer trust 7. Conclusion a. Recommendation 8. References
  3. 3. Transaction security 3 Abstract In recent years, e-commerce has considerable growth in the US and other European markets. The market is highly concentrated; this presents many values that can be utilized. As a consequence, the path towards full realization of the potential of E-commerce has experienced problems. There are many hurdles that need to be overcome. In a broad view customers have used e-commerce to pay for products and services. Customer experience is important in determining the success of e-commerce. On the other hand, it has been hard for it to be distinguished, evaluated and analyzed because there have been no contributions to estimate it in an objective way. Since this is a gap that needs to be filled, this paper will try to evaluate the experiences that come about with e-commerce transactions together with the possible security problems. This is in relation to customer experiences as far as security (transactions) in e-commerce is concerned. The whole process of executing transactions on an e-commerce website has gone through various stages. It involves landing, product identification, product presentation, cart, order completion and payment. E-commerce websites have had various strengths and weaknesses that have ended up exposing transactions to security problems. Therefore, there is need to evaluate the diverse customer experiences in an e-commerce transaction. This will be done in a quantitative way to identify various areas that need to be improved to enhance transactions. There are many challenges that face e-commerce as far as transactions are concerned. Generally, innovations and competition have been the driving factors behind the continued use of e-commerce. Because of the open nature of the internet, transaction security continues is a
  4. 4. Transaction security 4 concern in e-commerce. These continued transaction risk is likely to create a significant barrier (to market acceptance). There is need for proper control and management. All these are essential for the promotion of consumer confidence. 1. Introduction
  5. 5. Transaction security 5 Increase in online transactions people are able to transact easily and efficiently. However, online safety has to be considered. There are a variety of threats and vulnerabilities that have emerged from online businesses. This is because the online business environment has been changing consistently. In the long run, there have been occasions where online functionality has ended up undermining customer confidence. This compromises customer information and contravenes security implementations. These are real threats that need to be nullified. In doing so, online security management should be enhanced at all levels in the course of carrying out e- commerce transactions. The management is supposed to be active and review their online security approaches. Therefore this calls for proper policies and security measures that will redefine the way e- commerce transactions are carried out for efficiency. There are supposed to be good processes that will provide a proper framework to guide the application of security benchmarks. It is supposed to use proper information security standards which will be applied for online security measures. These measures are supposed to be utilized to enhance online business. Despite the fact that e-commerce has gained momentum in redefining the way business is done, most transactions have continued to face some risks. So, online security measures and policies will be instrumental in protecting the interests of those who conduct business using the internet. 2. Background
  6. 6. Transaction security 6 A. Security in online transactions Online transactions are supposed to protect the security of information. This includes online businesses and their customers. Businesses are supposed to maintain a competitive edge, customer confidence and build trust that will promote a good business reputation. In the process there should be a secure online business environment. It is quite clear that many organizations are now ready to protect their online business transactions (Gomez & Litchenberg, 2007, p.6). They are reinforcing this through enhanced information security policies. There is importance of placing proper management of security. Good information systems will protect companies from numerous security threats and vulnerabilities. There has been need to improve e-security and raise awareness about e-security issues for customers and businesses. This will improve security management in a wider scale. Development and application of online security measures is highly sought. Through these, any online business can be able to strengthen security measures. Online transactions face various threats from; infrastructure, organizational, network, and application security. The complexity of technology has demanded a lot of security in online transactions (e-commerce).Therefore, organizations have had to establish and implement efficient online security measures. B. Security management
  7. 7. Transaction security 7 Through proper security management, organizations can define their approach to online security (Pye & Warren, 2007, p.3). There are supposed to be good management practices that an online business will use for consistency. This wide approach secures the storage of information within a business. Some of the risks have been as a result of poor personnel management. In the long run there should be a response action to monitor these for future analysis. It is clear that there have been some infrastructure security concerns. Measures are supposed to be put in place to avoid damage, unauthorized access and interference in the course of doing online business. l. Sensitive information Sensitive business information has been accessed by unauthorized people and led to questionable transactions (Hole et al, 2006, p.12). All these have sent a wrong signal to customers and other businesses that use the internet to transact business. This calls for the emplacement of proper online processing. The businesses are supposed to guard themselves against the compromise of sensitive information. In the long run they will protect themselves from potential environmental business hazards. II. Software application Software applications have formed an integral part of online business which has had a bearing on e-commerce. This has affected transactions with a long term effect on security. Security controls are supposed to protect business information in wide scale. In doing business, some companies and organizations have encountered electronic mail security problems. Businesses have been compelled to control email access. It is also necessary to come up with proper user behavior education to reduce the potential risks.
  8. 8. Transaction security 8 In some occasions online business transactions have lacked user cryptographic controls. These are necessary to safeguard integrity, confidentiality and authenticity of information that is moved around for the public to access (customers). Online businesses data exchange has been enhanced by computer networks that convey information. To some extend this communication has ended up exposing some loopholes that have been used by people for negative reasons. 3. Internet security and users Some users have compromised the security measures and policies in place (Filipek, 2006, p.7). This calls for control of internal and external communication to seal all the loopholes that can be used to interfere with e-commerce transactions. A. Firewalls A proper way that businesses can use this is through efficient installation of firewalls to define online boundaries. There have been occasions where the systems have failed and led to unavailability. It has affected transactions leading to security concerns by those affected. Businesses have been compelled to have adequate capacity and resources for the growth of online business. B. Network security management Network security management will focus on protecting information. In doing online business there should be proper information to support infrastructure. The local network is
  9. 9. Transaction security 9 supposed to enhance online business by defining proper physical boundaries. External and internal users have logged systems and caused security breaches. Therefore, appropriate measures are supposed to be there for system monitoring to detect unauthorized activities. 4. Authentication and Verification Online customers are supposed to be given a protective barrier which calls for proper authentication and verification. This is supposed to cover the entire life cycle of the customers. Their identity should be validated before being given access to the online service or system. This authentication process for online businesses will identify users in a unique way before allowing them to interact with the business system. There has been a strong pursuit for transactions and business activities. This has seen a lot of sensitive data being exchanged which has further exposed online business to a lot of vulnerabilities and threats. In the process the transactions have been fraud and in extreme cases led to contract disputes. E-commerce is getting a lot of challenges from modifications and disclosures of sensitive information to unwanted users. A. Security goals A starting point should be assessed to ascertain the essential elements of conducting transactions on the internet. There is a necessity of benchmarking online security goals for sustainable business. A specific area that needs to be looked at is internet banking because it touches on both the customers and businesses. Banking and money have been extended into the cyberspace. Many banking institutions have launched e-retail banking over the internet. Competition has
  10. 10. Transaction security 10 driven many financial institutions into embracing internet banking to remain strategic in the market. 5. Internet Security in Banking Internet banking has become popular because of an increase in online business transactions. This has also been a strategy by businesses’ to support business reengineering and expand their market share. Customers have been attracted to online banking due to its convenience (Choton, 2005, p.13). Many products that have been availed online are tailored to fulfill wants and quality expectations with technological progeny. But, on the other hand they are less concerned about the looming identity theft and email scams. Most customers’ believe that internet banking and transactions are very safe due to their own perceptions. Blame can be laid on banks and other partners because they have not been vibrant in authentication of customers. Banks need proper authentication methods while looking at the possible attacks. There is a necessity to develop more secure online business transactions. Banks have insisted that customers access their account information by giving their PINs and social security numbers (like it is the case for Norwegian banks). Some crackers have accessed this information and posed as the real customers while their main intention is to steal. The internet is supposed to be exploited as a channel that can build and develop long term client relationships. A. Intrusion detection system There should be a bank intrusion detection system that will discover these attacks because the crackers can not hide. This is due to the open nature of the internet. All these should
  11. 11. Transaction security 11 be aimed at facilitating open transactions that will promote efficient e-commerce. Because banks form an integral part of e-commerce transactions they are supposed to be sufficiently involved in online business. The blame cannot be squarely laid on banks for bad transactions or problems in e- commerce business but should involve all the businesses and users to ensure that online business is safe. In supporting safe e-commerce transactions some banks have enhanced security by aiming to provide two factor authentications. B. Insider threat Information officers are having problems because of cyber crimes and insider threats. Internet based crime is a challenge to many organizations and companies. There is also an emerging danger to online security from insider sources. Most countries have had problems in e- commerce transactions because of their unprotected systems. Online based crimes have been costly as they lead to loss of customers and revenue. In the long run the business has ended up having a poor brand and reputation. The nature of online crimes has been changing and this means that companies are supposed to prepare a new way to combat this crime. This should be considered by the entire organization and its partners in the e- commerce business. This is an industry problem whereby all the players are supposed to participate instead of leaving it to individual companies and their users. Some mechanisms that companies have enforced to enhance transactions include the updating of firewalls and preventive controls. The concurrence of crimes that relate to online business are continuing at a very fast pace. Some
  12. 12. Transaction security 12 organizations have not been willing to report these online crimes because they fear that by doing so it might affect their business and ultimately customers. There is need to determine the primary source of these security problems in transactions and online business with abroad approach. In the United States, most online crimes are reported in the financial sector which is the heart of many transactions. The internet has a global reach where immediate connection to all internet protocols is available (Wang, 2009, p.8). This means that the internet cannot respect or observe any judicial boundaries. The ability to connect globally has not enhanced security which is a challenge to many countries that wish to regulate the way online transactions are carried out. Countries are supposed to regulate commerce with their foreign counterparts to give online business a new lease of life. Law enforcement will create a good platform by which those who are found violating online business ethics will be punished. C. Legal aspects Whenever there is an intrusion the management can use regulatory, legal and ethical issues to consider if this will be handled by law enforcers, the public or stockholders. Businesses have been discouraged to report due to the potential impact on the stock price. It means that when they report that their systems are experiencing online crimes customers will question their competence in the market. Although the U.S.A has tasked the CFAA to deal with security crimes, law enforcement has been impotent because some of the crimes are never reported. This has seen some companies outsourcing their security functions. Outsourcing of security operations is not viable as security
  13. 13. Transaction security 13 forms an integral part of the organization. The public is supposed to change its perception as far as online security problems are concerned to deal with this business menace. E-business is positively or negatively influenced by the knowledge and trusts that e- consumers have. When consumers lack trust, it becomes a big obstacle to the success of online business (e-commerce). This also hinders the success of online transactions. Good online practices are supposed to make the public more knowledgeable about online transaction security issues (Mangiaracina et al, 2009, p.14). This is because trust plays an important role whenever cases of risks and uncertainties arise in online business. One party is not supposed to take advantage of the other during and after transactions. Trust has been hard to build because online customers can not see each other physically when executing transactions. Initial trust and familiarity play a critical role in giving a positive impact on online transactions. In conducting online transactions, consumers can not see the products they are purchasing physically to check on their quality. They can not monitor the security and safety of personal information. This therefore implies that the success of e-commerce can only be guaranteed when customers trust the products and the sellers (that they can not be able to see). When there is no trust, secure transactions will not be maintained and developed. Considering increase in usage of e-commerce as a distribution channels, businesses ought to consider the impact of trust on transactions. When customers know more about the internet they will be able to understand that non secure transactions are real and can happen to anybody. Customers’ are supposed to be concerned about the trustworthiness of online transactions. Those with more knowledge know how to avoid online security issues.
  14. 14. Transaction security 14 Because of the potential pitfalls that may arise out of online e-commerce transactions, customers are supposed to be more knowledgeable on how they can make wise business decisions. Ability to make wise business decision increases inclination of customers to trust online transactions. This therefore calls on all businesses to increase their customers trust in online transactions. 6. Improving internet security E-commerce transactions can be more secure if the customers are knowledgeable with high levels of trust. Although there might be some security concerns more information will make the customers and consumers to know how to avoid online security issues. Therefore consumer education is important for the success of electronic commerce. This is because consumers will not be afraid of online transactions when they become knowledgeable about internet security. After all these developments, businesses are supposed to enhance e-commerce security (Liao & Cheung, 2003, p.19). This can be done through the continued use of an intrusion detection management system. This will ultimately protect the users and organizations by detecting threats and analyzing them to avoid any compromising situations. It will be able to use an attack analyzer that will gather information within the system and come up with a treatment plan. Organizations will be able to identify measures and rank them for efficient security controls. This is because e-commerce is still regarded as a distributed real time system. It is supposed to enhance customer interaction thereby managing different resources to provide the best quality. A. Consumer trust
  15. 15. Transaction security 15 In a large perspective online business is continuing to be popular with increased transactions. As far as this is concerned the environment that these businesses operate in should be regulated to avoid many problems that have manifested themselves in recent years. The internet continues to give many opportunities for businesses to expand but on the other hand this also posses’ risks that can not be ignored. Consumers who have seen the importance of doing their transactions on the internet should desist from any temptations that will make e-commerce unattractive to the larger population. Some companies have not accepted the reality that e-commerce is facing security threats and therefore should approach these issue with a sober mind to avoid any interruptions in their business. There is a gap that needs to be filled and therefore organizations are supposed to try and evaluate the experiences that come about with e-commerce transactions with the possible security problems. This will go in a long way to redefine the way e-commerce is executed for the benefit of businesses and consumers. 7. Conclusion In a broad view, customers have used e-commerce to pay for the products and services. Customer experience is important in determining the success of e-commerce. On the other hand, it has been hard for it to be distinguished, evaluated and analyzed because there have been no contributions to estimate it in an objective way.
  16. 16. Transaction security 16 E-commerce websites have had various strengths and weaknesses. This has exposed transactions to security problems. Therefore, there is need to evaluate the diverse customer experiences on an e-commerce transaction. This will be done in a quantitative way to identify various areas that need to be improved to enhance transactions. There are many challenges in e-commerce as a whole. Generally, innovations and competition have been the driving factors behind the continued use of e-commerce. Because of the open nature of the internet, transaction security continues to be a big concern in e-commerce. Therefore, it calls for proper policies and security measures that will redefine the way e- commerce transactions are carried out for efficiency. Recommendation There should be good processes to provide proper framework to guide the application of security benchmarks. The internet has a global reach where immediate connection to all internet protocols is available. This means that the internet cannot respect or observe any judicial boundaries. The ability to connect globally has not enhanced security which is a challenge to many countries that wish to regulate the way online transactions are carried out. Countries are supposed to regulate commerce with their foreign counterparts to give online business a new lease of life. Because of the potential pitfalls that may arise out of online, e-commerce transactions, customers are supposed to be more knowledgeable on how they can make wise business decisions. The trust propensity will influence the level of trust by the customers in online transactions.
  17. 17. Transaction security 17 References Basu, S.C. (2005). On Issues of Computer Crimes, Online Security and Legal Resources. Journal of information privacy and security, 1(4), 1-2. Filipek, R. (2006). Online security nightmares for CIOs. Internal auditor, 63(3), 19-20, Retrieved from http://www.ibm.com/us/en/.
  18. 18. Transaction security 18 Gomez, M, J., & Litchenberg, J. (2007). Intrusion Detection Management System for E- commerce Security. Journal of information privacy& security, 3(4), 19-31. Hole, K., Moen, V., & Tjostheim, T. (2006). Online banking security. IEEE security & privacy, Sweden University of Bergen, 3(3), 06. Liao, Z., & Cheung, T, M. (2003). Challenges to internet E-banking. Communications of the ACM, 46(12), 248-250. Mangiaracina, R., Brugnoli, G., & Parego, A. (2009). The e-commerce Customer Journey: A Model to assess and Compare the User Experience of the e-commerce Websites. Journal of internet banking& commerce, 14(3), 1-11. Pye, G., & Warren, M, J. (2007). A Model and Framework for Online Security Benchmarking. Journal of informatics, 31(2) 209-215. Wang, C., Chen, C., & Jiang, J. (2009). The Impact of Knowledge and Trust on E- Consumers' Online shopping activities: an empirical study. Journal of computers, 4(1) 11-18.

×