SlideShare a Scribd company logo

security issue in e-commerce

Download as DOCX, PDF
Palavesa Krishnan
Palavesa Krishnan

introdution

Education
1 of 7
A STUDY ON SECURITY ISSUES IN E-COMMERCE S.PALAVESAKRISHNAN SADAKATHULLAH APPA COLLEGE TIRUNELVELI Introduction E-commerce is defined as the buying and selling of products or services over electronic systems such as the internet and toa lesser extent, other computer networks.it is generally regarded as the sales and commercialfunction of E-business.There has been a massive increase in the level of trade conducted electronically since the widespread penetration of the internet .A wide variety of commerce is conducted via E-commerce ,including electonic funds transfer,supply chain management,internet marketing,online transaction processing,electronic data interchange(EDI),inventory management system,and automated data collection systems. I. Authentication and Identification Though the Internet eliminates the need for physical contact, it does not do away with the fact that any form of contract or transaction would have to be authenticated and in certain instances recorded. Different authentication technologies have evolved over a period of time for authenticating documents and also to ensure the identity of the parties entering into online transactions. Further in relation to an e-commerce business, processing payments forms a vital part of the transaction and in this regard various payment systems to carry on an e-commerce business have also developed. Transactions on the internet, particularly consumer-related transactions, often occur between parties who have no pre-existing relationship. This may raise concerns of the person’s identity and authenticity with respect to issues of the person’s capacity, authority and legitimacy to enter the contract. Electronic signatures may be considered as one of the methods used to determine the authority and legitimacy of the person to authenticate an electronic record.
In fact the IT Act gives legal recognition to the authentication of any information by affixing an electronic signature as long as it is in compliance with the manner as prescribed under the IT Act. Further, the IT Act also provides the regulatory framework with respect to electronic signatures including issuance of electronic signature certificates. In particular the IT Act provides that an electronic signature shall be deemed to be a secure electronic signature if: 1.The signature creation data, at the time of affixing the signature, was under the exclusive control of the signatory and no other party; and 2. The signature creation data was stored and affixed in such exclusive manner as may be prescribed. A. Identity Theft and Impersonation  The IT Act provides that the identity of a person shall be deemed to have been stolen when any unique identification of a person (such as her electronic signature or password) is fraudulently or dishonestly used. The Act prescribes a penalty of imprisonment of up to 3 years and fine up to INR 1 lakh.  The IT Act provides that whoever, by means of any communication device or computer resource cheats by impersonation, shall be punished with imprisonment of up to 3 years and with fine of up INR 1 lakh  The IPC further provides that any person who cheats by personation shall be punishable with imprisonment of up to three years and/ or fine. II. Privacy For an e-commerce platform, it is almost difficult to complete any online transaction without collecting some form of personal information of the users such as details about their
identity and financial information. Apart from the collection of primary data from the users, e- commerce platforms may also collect a variety of other indirect information such as users’ personal choices and preferences and patterns of search. Hence, an important consideration for every e-commerce platform is to maintain the privacy of its users. Two primary concerns that a user of e-commerce platforms would have are: i. Unauthorized access to personal information ii. Misuse of such personal information. v State of UP and People's Union of Civil Liberties v. the Union of India recognised the “right to privacy” as a subset of the larger “right to life and personal liberty” under Article of the Constitution of India. However a right under the Constitution can be exercised only against any government action. Non-state initiated violations of privacy may be dealt with under principles of torts such as defamation, trespass and breach of confidence as applicable. The IT Act deals with the concept of violation of privacy in a limited sense; it provides that the privacy of a person is deemed to be violated where images of her private body areas are captured, published or transmitted without her consent in circumstances where she would have had a reasonable expectation of privacy and prescribes a punishment of imprisonment of up to 3 years and/or fine of up to INR 2 lakhs. III. Data Protection India has in the year 2011 notified rules under Section 43A of the IT Act titled “Reasonable practices and procedures and sensitive personal data or information Rules, 2011” which provide a framework for the protection of data in India (“Data Protection Rules”). A. Kinds of Information coveredunder the Data ProtectionRules
There are basically two categories of information which are covered under the IT Act which need to be considered with respect to data protection. i. Personal information (“PI”) which is defined as any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. ii. Sensitive personal data or information (“SPDI”) which is defined means such PI of a person which consists of a. password; b. financial information such as Bank account or credit card or debit card or other payment instrument details ; Historically, the concept of privacy and data protection were not addressed in any Indian legislation. In the absence of a specific legislation, the Supreme Court of India in the cases of Kharak Singh c. physical, physiological and mental health condition; d. sexual orientation; e. medical records and history; f. Biometric information. The Data Protection Rules, inter alia, set out compliances which to protect SPDI in the electronic medium by a corporate entity which possess, deals with or handles such SPDI such as: i. The need to have a privacy policy in accordance with the parameters set out in the Data Protection Rules; ii. The need to obtain consent in a specific manner from the provider of SPDI;
iii. The need to provide an opt out option to the provider of SPDI; iv. The need to maintain reasonable security practices and procedures in accordance with the requirements of the Data Protection Rules (discussed below). We have previously published two write ups (Hotlines) which discuss the compliances required in respect of SPDI. You may access these at i.http://www.nishithdesai.com/New_Hotline/IT/ Technology%20Law%20Analysis_June1811.htm ii. http://www.nishithdesai.com/New_Hotline/IT/ IT%20Hotline_final_aug%2026.htm B. PotentialLiability under the Data ProtectionRules The IT Act prescribes penalties for arongful disclosure of PI by way of imprisonment up to three years and/ or a fine up to INR 5 lakhs. The IT Act also prescribes compensation to be awarded by companies that are negligent in the protection of SPDI of any person. IV. Security of Systems Security over the Internet is of immense importance to promote e-commerce. Since e- commerce companies keep sensitive information (includingc. physical, physiological and mental health condition; d. sexual orientation; e. medical records and history; f. Biometric information.
The Data Protection Rules, inter alia, set out compliances which to protect SPDI in the electronic medium by a corporate entity which possess, deals with or handles such SPDI such as: i. The need to have a privacy policy in accordance with the parameters set out in the Data Protection Rules; ii. The need to obtain consent in a specific manner from the provider of SPDI; iii. The need to provide an opt out option to the provider of SPDI; iv. The need to maintain reasonable security practices and procedures in accordance with the requirements of the Data Protection Rules (discussed below). We have previously published two write ups (Hotlines) which discuss the compliances required in respect of SPDI. You may access these at i.http://www.nishithdesai.com/New_Hotline/IT/ Technology%20Law%20Analysis_June1811.htm ii. http://www.nishithdesai.com/New_Hotline/IT/ IT%20Hotline_final_aug%2026.htm B. PotentialLiability under the Data ProtectionRules The IT Act prescribes penalties for arongful disclosure of PI by way of imprisonment up to three years and/ or a fine up to INR 5 lakhs. The IT Act also prescribes compensation to be awarded by companies that are negligent in the protection of SPDI of any person. IV. Security of Systems Security over the Internet is of immense importance to promote e-commerce. Since e- commerce companies keep sensitive information (includingSPDI) on their servers, e-commerce companies must ensure that they have adequate security measures to safeguard their systems from any unauthorized intrusion. A company could face security threats externally as well as
internally. Externally, the company could face problems from hackers, viruses and trojan horses. Internally, the company must ensure security against its technical staff and employees. Conclusion In the E-commerce industry faces a challenging future in terms of the security risks it must avert.With increasing technical knowledge, and its widespread availability on the internet,criminals are becoming more and more sophisticated in the deceiptions and attacks strategies and vulnerabilities only reallybecome known once a perpetrator has uncover ed and exploited them. In saying this,there are multiple secuirity stategies which any E-commerce provider can instigate to reduce the risk of attack and compromise significantly. Awarness of the risks and the implementation of multi-layered security protocols,detailed and open privacy policies and strong authentication and encryption measures will go a long way to assure the consumer and insure the risk of compromise is kept minimal.

Recommended

An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database Protection
Singhania2015
 
Manoj 1
Manoj 1Manoj 1
Manoj 1
manojnd
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
Cyber Crimeand Cyber Laws
Cyber Crimeand Cyber LawsCyber Crimeand Cyber Laws
Cyber Crimeand Cyber Laws
Suryakanta Rout
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
Network Intelligence India
 
Roots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRoots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRAL
Rahul Gurnani
 
Section 66 of Information Technology Act.
Section 66 of Information Technology Act.Section 66 of Information Technology Act.
Section 66 of Information Technology Act.
anveshika thakur
 
Cyber law cases
Cyber law casesCyber law cases
Cyber law cases
Monica Thakur
 

Recommended

An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database Protection
Singhania2015
 
Manoj 1
Manoj 1Manoj 1
Manoj 1
manojnd
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
Cyber Crimeand Cyber Laws
Cyber Crimeand Cyber LawsCyber Crimeand Cyber Laws
Cyber Crimeand Cyber Laws
Suryakanta Rout
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
Network Intelligence India
 
Roots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRALRoots of Indian IT ACT 2000- UNCITRAL
Roots of Indian IT ACT 2000- UNCITRAL
Rahul Gurnani
 
Section 66 of Information Technology Act.
Section 66 of Information Technology Act.Section 66 of Information Technology Act.
Section 66 of Information Technology Act.
anveshika thakur
 
Cyber law cases
Cyber law casesCyber law cases
Cyber law cases
Monica Thakur
 
Information technology act
Information technology actInformation technology act
Information technology act
AKSHAY KHATRI
 
It act,2000
It act,2000It act,2000
It act,2000
Priya Kushwah
 
Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
Talwant Singh
 
IT act 2000
IT act 2000 IT act 2000
IT act 2000
PAYAL SINHA
 
I.T ACT 2000
I.T ACT 2000 I.T ACT 2000
I.T ACT 2000
RAJ ANAND
 
it act 2000
it act 2000it act 2000
it act 2000
virtualatall
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Matthew Kurnava
 
Cyber law
Cyber lawCyber law
Cyber law
Arnab Roy Chowdhury
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
Sagar Rahurkar
 
Cyber Law and Cyber Crime
Cyber Law and Cyber Crime Cyber Law and Cyber Crime
Cyber Law and Cyber Crime
Col Mukteshwar Prasad
 
Photo presentation
Photo presentationPhoto presentation
Photo presentation
jakedreiling
 
Tarea 1.3 terminada
Tarea 1.3 terminadaTarea 1.3 terminada
Tarea 1.3 terminada
Ibán Villanueva
 
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
Varthak India
 
OpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every StudentOpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every Student
Adam Blum
 
Fiberglass bathtub repair service westchester ny
Fiberglass bathtub repair service westchester nyFiberglass bathtub repair service westchester ny
Fiberglass bathtub repair service westchester ny
Roy carmen
 
OpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and StudentOpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and Student
Adam Blum
 
Remodeling services
Remodeling servicesRemodeling services
Remodeling services
Mighty Does
 
Education
EducationEducation
Education
Varthak India
 
Right to Information Act (India) Section 4 Suo-muto disclousure in marathi
Right to Information Act (India) Section 4 Suo-muto disclousure in marathiRight to Information Act (India) Section 4 Suo-muto disclousure in marathi
Right to Information Act (India) Section 4 Suo-muto disclousure in marathi
Sanjay Barve
 
ExpoPromoter
ExpoPromoterExpoPromoter
ExpoPromoter
klymenko2703
 
Дизайн сайта, темы
Дизайн сайта, темыДизайн сайта, темы
Дизайн сайта, темы
Alexander Gruzov
 
Sight to Information Act (India) Section 4
Sight to Information Act (India) Section 4 Sight to Information Act (India) Section 4
Sight to Information Act (India) Section 4
Sanjay Barve
 

More Related Content

What's hot

Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
Talwant Singh
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Matthew Kurnava
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
Sagar Rahurkar
 

What's hot (10)

Information technology act
Information technology actInformation technology act
Information technology act
 
It act,2000
It act,2000It act,2000
It act,2000
 
Cyber law & information technology
Cyber law & information technologyCyber law & information technology
Cyber law & information technology
 
IT act 2000
IT act 2000 IT act 2000
IT act 2000
 
I.T ACT 2000
I.T ACT 2000 I.T ACT 2000
I.T ACT 2000
 
it act 2000
it act 2000it act 2000
it act 2000
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
 
Cyber law
Cyber lawCyber law
Cyber law
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
Cyber Law and Cyber Crime
Cyber Law and Cyber Crime Cyber Law and Cyber Crime
Cyber Law and Cyber Crime
 

Viewers also liked

Photo presentation
Photo presentationPhoto presentation
Photo presentation
jakedreiling
 
OpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every StudentOpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every Student
Adam Blum
 
OpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and StudentOpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and Student
Adam Blum
 
Дизайн сайта, темы
Дизайн сайта, темыДизайн сайта, темы
Дизайн сайта, темы
Alexander Gruzov
 
วารสาร ปอ3
วารสาร ปอ3วารสาร ปอ3
วารสาร ปอ3
Suwannee Pun
 
Как выбрать доменное имя
Как выбрать доменное имяКак выбрать доменное имя
Как выбрать доменное имя
Alexander Gruzov
 
Presentación1
Presentación1Presentación1
Presentación1
Manuelieda
 

Viewers also liked (20)

Photo presentation
Photo presentationPhoto presentation
Photo presentation
 
Tarea 1.3 terminada
Tarea 1.3 terminadaTarea 1.3 terminada
Tarea 1.3 terminada
 
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
Restaurents american,european,goan,japanese,maharashrian,marwadi,mughlai,ori...
 
OpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every StudentOpenEd - The Right Resource for Every Standard and Every Student
OpenEd - The Right Resource for Every Standard and Every Student
 
Fiberglass bathtub repair service westchester ny
Fiberglass bathtub repair service westchester nyFiberglass bathtub repair service westchester ny
Fiberglass bathtub repair service westchester ny
 
OpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and StudentOpenEd - The Right Resource for Each Standard and Student
OpenEd - The Right Resource for Each Standard and Student
 
Remodeling services
Remodeling servicesRemodeling services
Remodeling services
 
Education
EducationEducation
Education
 
Right to Information Act (India) Section 4 Suo-muto disclousure in marathi
Right to Information Act (India) Section 4 Suo-muto disclousure in marathiRight to Information Act (India) Section 4 Suo-muto disclousure in marathi
Right to Information Act (India) Section 4 Suo-muto disclousure in marathi
 
ExpoPromoter
ExpoPromoterExpoPromoter
ExpoPromoter
 
Дизайн сайта, темы
Дизайн сайта, темыДизайн сайта, темы
Дизайн сайта, темы
 
Sight to Information Act (India) Section 4
Sight to Information Act (India) Section 4 Sight to Information Act (India) Section 4
Sight to Information Act (India) Section 4
 
אימא'לה ג'וק
אימא'לה ג'וקאימא'לה ג'וק
אימא'לה ג'וק
 
วารสาร ปอ3
วารสาร ปอ3วารสาร ปอ3
วารสาร ปอ3
 
Restaurents
Restaurents Restaurents
Restaurents
 
Как выбрать доменное имя
Как выбрать доменное имяКак выбрать доменное имя
Как выбрать доменное имя
 
Residential maintenance services
Residential maintenance servicesResidential maintenance services
Residential maintenance services
 
Social mediathetrap
Social mediathetrapSocial mediathetrap
Social mediathetrap
 
Presentación1
Presentación1Presentación1
Presentación1
 
Pizza Any Brand Pizza Hut
Pizza Any Brand Pizza HutPizza Any Brand Pizza Hut
Pizza Any Brand Pizza Hut
 

Similar to security issue in e-commerce

The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
Rajesh Sakhare
 
Ronit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxRonit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptx
ManuGupta344215
 

Similar to security issue in e-commerce (20)

IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008IT Act 2000 & IT Act 2008
IT Act 2000 & IT Act 2008
 
Cie 2 cyber law
Cie 2 cyber lawCie 2 cyber law
Cie 2 cyber law
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
The Indian IT act.pptx
The Indian IT act.pptxThe Indian IT act.pptx
The Indian IT act.pptx
 
Regulatory Framework of E-Commerce
Regulatory Framework of E-CommerceRegulatory Framework of E-Commerce
Regulatory Framework of E-Commerce
 
It act 2000
It act 2000It act 2000
It act 2000
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...The government of india enacted its information technology act 2000 with the ...
The government of india enacted its information technology act 2000 with the ...
 
Ronit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxRonit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptx
 
Presentation (004).pptx
Presentation (004).pptxPresentation (004).pptx
Presentation (004).pptx
 
Legal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerceLegal Aspect Pertaining to E-commerce
Legal Aspect Pertaining to E-commerce
 

Recently uploaded

Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 

security issue in e-commerce

  • 1. A STUDY ON SECURITY ISSUES IN E-COMMERCE S.PALAVESAKRISHNAN SADAKATHULLAH APPA COLLEGE TIRUNELVELI Introduction E-commerce is defined as the buying and selling of products or services over electronic systems such as the internet and toa lesser extent, other computer networks.it is generally regarded as the sales and commercialfunction of E-business.There has been a massive increase in the level of trade conducted electronically since the widespread penetration of the internet .A wide variety of commerce is conducted via E-commerce ,including electonic funds transfer,supply chain management,internet marketing,online transaction processing,electronic data interchange(EDI),inventory management system,and automated data collection systems. I. Authentication and Identification Though the Internet eliminates the need for physical contact, it does not do away with the fact that any form of contract or transaction would have to be authenticated and in certain instances recorded. Different authentication technologies have evolved over a period of time for authenticating documents and also to ensure the identity of the parties entering into online transactions. Further in relation to an e-commerce business, processing payments forms a vital part of the transaction and in this regard various payment systems to carry on an e-commerce business have also developed. Transactions on the internet, particularly consumer-related transactions, often occur between parties who have no pre-existing relationship. This may raise concerns of the person’s identity and authenticity with respect to issues of the person’s capacity, authority and legitimacy to enter the contract. Electronic signatures may be considered as one of the methods used to determine the authority and legitimacy of the person to authenticate an electronic record.
  • 2. In fact the IT Act gives legal recognition to the authentication of any information by affixing an electronic signature as long as it is in compliance with the manner as prescribed under the IT Act. Further, the IT Act also provides the regulatory framework with respect to electronic signatures including issuance of electronic signature certificates. In particular the IT Act provides that an electronic signature shall be deemed to be a secure electronic signature if: 1.The signature creation data, at the time of affixing the signature, was under the exclusive control of the signatory and no other party; and 2. The signature creation data was stored and affixed in such exclusive manner as may be prescribed. A. Identity Theft and Impersonation  The IT Act provides that the identity of a person shall be deemed to have been stolen when any unique identification of a person (such as her electronic signature or password) is fraudulently or dishonestly used. The Act prescribes a penalty of imprisonment of up to 3 years and fine up to INR 1 lakh.  The IT Act provides that whoever, by means of any communication device or computer resource cheats by impersonation, shall be punished with imprisonment of up to 3 years and with fine of up INR 1 lakh  The IPC further provides that any person who cheats by personation shall be punishable with imprisonment of up to three years and/ or fine. II. Privacy For an e-commerce platform, it is almost difficult to complete any online transaction without collecting some form of personal information of the users such as details about their
  • 3. identity and financial information. Apart from the collection of primary data from the users, e- commerce platforms may also collect a variety of other indirect information such as users’ personal choices and preferences and patterns of search. Hence, an important consideration for every e-commerce platform is to maintain the privacy of its users. Two primary concerns that a user of e-commerce platforms would have are: i. Unauthorized access to personal information ii. Misuse of such personal information. v State of UP and People's Union of Civil Liberties v. the Union of India recognised the “right to privacy” as a subset of the larger “right to life and personal liberty” under Article of the Constitution of India. However a right under the Constitution can be exercised only against any government action. Non-state initiated violations of privacy may be dealt with under principles of torts such as defamation, trespass and breach of confidence as applicable. The IT Act deals with the concept of violation of privacy in a limited sense; it provides that the privacy of a person is deemed to be violated where images of her private body areas are captured, published or transmitted without her consent in circumstances where she would have had a reasonable expectation of privacy and prescribes a punishment of imprisonment of up to 3 years and/or fine of up to INR 2 lakhs. III. Data Protection India has in the year 2011 notified rules under Section 43A of the IT Act titled “Reasonable practices and procedures and sensitive personal data or information Rules, 2011” which provide a framework for the protection of data in India (“Data Protection Rules”). A. Kinds of Information coveredunder the Data ProtectionRules
  • 4. There are basically two categories of information which are covered under the IT Act which need to be considered with respect to data protection. i. Personal information (“PI”) which is defined as any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. ii. Sensitive personal data or information (“SPDI”) which is defined means such PI of a person which consists of a. password; b. financial information such as Bank account or credit card or debit card or other payment instrument details ; Historically, the concept of privacy and data protection were not addressed in any Indian legislation. In the absence of a specific legislation, the Supreme Court of India in the cases of Kharak Singh c. physical, physiological and mental health condition; d. sexual orientation; e. medical records and history; f. Biometric information. The Data Protection Rules, inter alia, set out compliances which to protect SPDI in the electronic medium by a corporate entity which possess, deals with or handles such SPDI such as: i. The need to have a privacy policy in accordance with the parameters set out in the Data Protection Rules; ii. The need to obtain consent in a specific manner from the provider of SPDI;
  • 5. iii. The need to provide an opt out option to the provider of SPDI; iv. The need to maintain reasonable security practices and procedures in accordance with the requirements of the Data Protection Rules (discussed below). We have previously published two write ups (Hotlines) which discuss the compliances required in respect of SPDI. You may access these at i.http://www.nishithdesai.com/New_Hotline/IT/ Technology%20Law%20Analysis_June1811.htm ii. http://www.nishithdesai.com/New_Hotline/IT/ IT%20Hotline_final_aug%2026.htm B. PotentialLiability under the Data ProtectionRules The IT Act prescribes penalties for arongful disclosure of PI by way of imprisonment up to three years and/ or a fine up to INR 5 lakhs. The IT Act also prescribes compensation to be awarded by companies that are negligent in the protection of SPDI of any person. IV. Security of Systems Security over the Internet is of immense importance to promote e-commerce. Since e- commerce companies keep sensitive information (includingc. physical, physiological and mental health condition; d. sexual orientation; e. medical records and history; f. Biometric information.
  • 6. The Data Protection Rules, inter alia, set out compliances which to protect SPDI in the electronic medium by a corporate entity which possess, deals with or handles such SPDI such as: i. The need to have a privacy policy in accordance with the parameters set out in the Data Protection Rules; ii. The need to obtain consent in a specific manner from the provider of SPDI; iii. The need to provide an opt out option to the provider of SPDI; iv. The need to maintain reasonable security practices and procedures in accordance with the requirements of the Data Protection Rules (discussed below). We have previously published two write ups (Hotlines) which discuss the compliances required in respect of SPDI. You may access these at i.http://www.nishithdesai.com/New_Hotline/IT/ Technology%20Law%20Analysis_June1811.htm ii. http://www.nishithdesai.com/New_Hotline/IT/ IT%20Hotline_final_aug%2026.htm B. PotentialLiability under the Data ProtectionRules The IT Act prescribes penalties for arongful disclosure of PI by way of imprisonment up to three years and/ or a fine up to INR 5 lakhs. The IT Act also prescribes compensation to be awarded by companies that are negligent in the protection of SPDI of any person. IV. Security of Systems Security over the Internet is of immense importance to promote e-commerce. Since e- commerce companies keep sensitive information (includingSPDI) on their servers, e-commerce companies must ensure that they have adequate security measures to safeguard their systems from any unauthorized intrusion. A company could face security threats externally as well as
  • 7. internally. Externally, the company could face problems from hackers, viruses and trojan horses. Internally, the company must ensure security against its technical staff and employees. Conclusion In the E-commerce industry faces a challenging future in terms of the security risks it must avert.With increasing technical knowledge, and its widespread availability on the internet,criminals are becoming more and more sophisticated in the deceiptions and attacks strategies and vulnerabilities only reallybecome known once a perpetrator has uncover ed and exploited them. In saying this,there are multiple secuirity stategies which any E-commerce provider can instigate to reduce the risk of attack and compromise significantly. Awarness of the risks and the implementation of multi-layered security protocols,detailed and open privacy policies and strong authentication and encryption measures will go a long way to assure the consumer and insure the risk of compromise is kept minimal.