The document discusses security issues in e-commerce. It outlines six key security concepts: privacy, authentication, authorization, integration, confidentiality, and non-repudiation. It then provides examples of each concept and how businesses can protect themselves, such as using secure connections, strong passwords, backups, and antivirus software. Overall, the document covers the main security risks in e-commerce transactions and how important concepts like privacy, authentication, and non-repudiation help to address those risks.

1. E-COMMERCE
TOPIC: - SECURITY
ISSUES IN
E-COMMERCE
SUBMITTED BY:
NIKITA TAHILYANI

2. •E-Commerce or Electronic Commerce, a subset of E-Business,
is the purchasing, selling and exchanging of goods and
services over computer networks (such as Internet) through
which transactions are performed.
•One of the main roadblocks to the wide acceptance of e-
commerce
by businesses and consumers alike is the perceived lack of
adequate security for on-line transactions.
•Increase in E-commerce has also led to increase in risks and
frauds in the E-business.
•For e.g. Consumers are growing increasingly worried about
providing credit card information over the Internet.

3. 1.Privacy
2.Authentication
3.Authorization
4.Integration
5.Confidentiality
6.Non-repudiation

4. •Privacy in Ecommerce means that information exchanged
must be kept from unauthorized parties.
•It means that information is intelligible only to its rightful
recipients. Although third parties may be able to read a copy
of the message sent, they must not be able to make sense of
it.
•It is the biggest threat in security .
•Privacy is for “people” and confidentiality is for
“information”
•Examples are breach of site collects names, physical and
email addresses, IP address , payment details etc.
Privacy:

6. •Authentication is the process of establishing confidence in user
identities electronically presented to an information system.
• Digital or e-authentication may be used synonymously when referring
to the authentication process that confirms or certifies a person's
identity and works.
•User proves his authorization to an information system and information
system has to confirm his identity.
•Example – Setting Password in any account

8. Authorization:
•Authorization is a security mechanism to determine access
levels or user/client privileges related to system resources
including files, services, computer programs, data and
application features.
•It is the process of granting or denying access to a network
resource which allows the user access to various resources
based on the user's identity.
•Example – access to file directories, storage space, hours
allocated etc

10. Integrity:
•Integrity in security means maintaining the accuracy, and
completeness of data.
• It is about protecting data from being modified or misused
by an unauthorized party. Integrity involves maintaining the
consistency and trustworthiness of data over its entire life
cycle.
•Example- A random user could try to enter a phone number
into a date field. If the system enforces data integrity, it will
prevent the user from making these mistakes.

11. Confidentiality:
•Confidentiality means that data, objects and resources are
protected from unauthorized viewing and other access.
•It means keeping the information between you and the
client.
•Confidential information often has value and systems are
therefore under frequent attack as criminals hunt for
vulnerabilities to exploit. Threat vectors include direct attacks
such as stealing passwords and capturing network traffic, and
more layered attacks such as social engineering and phishing.
•Example- Superior doesn’t tell subordinates about data of
client unless he has the permission from client.

13. Non-repudiation:
•Non-repudiation is the assurance that someone cannot deny the
validity of something.
• It is the inability to refute responsibility
•It refers to the assurance that the owner of a signature key pair that
was capable of generating an existing signature corresponding to certain
data cannot convincingly deny having signed the data.
•For example- If you take a pen and sign a contract your signature is
a non repudiation device. You cannot later disagree to the terms of the
contract or refute ever taking party to the agreement.

15. Ways to protect ecommerce site
from security threats:
•Choose a secure ecommerce platform.
•Use a secure connection for checkout (SSL) .
•Don't store sensitive user data.
•Request strong passwords from your users.
•Setup system alerts for suspicious activities.
•Use tracking numbers for all orders.
•Always backup your system and database.
•Use anti virus softwares and anti-malwares
•Deactivating auto-fills.
•Updating cookies.
•Encrypt and decrypt security and use two step verification methods.