The document discusses threats to e-commerce, including security threats to electronic payment systems, e-cash, and credit/debit card fraud. It describes how hackers can steal personal and financial information through methods like data packet sniffing, IP spoofing, malware, and failing to patch software vulnerabilities. Fraud occurs because it is easy for hackers to obtain data on the black market and crimes are often not prosecuted due to the difficulty in detection and crossing international borders. Common fraud types are financial fraud like credit card and refund scams, phishing, spamming, and infecting systems with malware.

1. • THREAT TO E-COMMERCE
• E-Commerce refers to the activity of buying and selling things over the internet. Simply, it
refers to the commercial transactions which are conducted online. E-commerce can be drawn on
many technologies such as mobile commerce, Internet marketing, online transaction processing,
electronic funds transfer, supply chain management, electronic data interchange (EDI),
inventory management systems, and automated data collection systems.
• E-commerce threat is occurring by using the internet for unfair means with the intention of
stealing, fraud and security breach. There are various types of e-commerce threats. Some are
accidental, some are purposeful, and some of them are due to human error. The most common
security threats are an electronic payments system, e-cash, data misuse, credit/debit card frauds,
etc.
• ELECTRONIC PAYMENTS SYSTEM:
• With the rapid development of the computer, mobile, and network technology, e-commerce has
become a routine part of human life. In e-commerce, the customer can order products at home
and save time for doing other things. There is no need of visiting a store or a shop. The customer
can select different stores on the Internet in a very short time and compare the products with
different characteristics such as price, colours, and quality. The electronic payment systems have
a very important role in e-commerce. E-commerce organizations use electronic payment
systems that refer to paperless monetary transactions. It revolutionized the business processing
by reducing paperwork, transaction costs, and labour cost. E-commerce processing is user-
friendly and less time consuming than manual processing. Electronic commerce helps a business
organization expand its market reach expansion. There is a certain risk with the electronic
payments system.

2. Some of them are:
• The Risk of Fraud:
An electronic payment system has a huge risk of fraud. The computing devices use an identity of
the person for authorizing a payment such as passwords and security questions. These
authentications are not full proof in determining the identity of a person. If the password and the
answers to the security questions are matched, the system doesn't care who is on the other side. If
someone has access to our password or the answers to our security question, he will gain access to
our money and can steal it from us.
• The Risk of Tax Evasion:
The Internal Revenue Service law requires that every business declare their financial transactions
and provide paper records so that tax compliance can be verified. The problem with electronic
systems is that they don't provide cleanly into this paradigm. It makes the process of tax collection
very frustrating for the Internal Revenue Service. It is at the business's choice to disclose
payments received or made via electronic payment systems. The IRS has no way to know that it is
telling the truth or not that makes it easy to evade taxation.
• The Risk of Payment Conflicts:
In electronic payment systems, the payments are handled by an automated electronic system, not
by humans. The system is prone to errors when it handles large amounts of payments on a
frequent basis with more than one recipients involved. It is essential to continually check our pay
slip after every pay period ends in order to ensure everything makes sense. If it is a failure to do
this, may result in conflicts of payment caused by technical glitches.

3. •E-cash:
E-cash is a paperless cash system which facilitates the transfer of
funds anonymously. E-cash is free to the user while the sellers
have paid a fee for this. The e-cash fund can be either stored on a
card itself or in an account which is associated with the card. The
most common examples of e-cash system are transit card, PayPal,
GooglePay, Paytm, etc.
• E-cash has four major components-
1.Issuers - They can be banks or a non-bank institution.
2.Customers - They are the users who spend the e-cash.
3.Merchants or Traders - They are the vendors who receive e-cash.
4.Regulators - They are related to authorities or state tax agencies.
In e-cash, we stored financial information on the computer,
electronic device or on the internet which is vulnerable to the
hackers.

4. •CREDIT/DEBIT CARD FRAUD:
• A credit card allows us to borrow money from a recipient bank to make
purchases. The issuer of the credit card has the condition that the
cardholder will pay back the borrowed money with an additional agreed-
upon charge.
• A debit card is of a plastic card which issued by the financial organization to
account holder who has a savings deposit account that can be used instead
of cash to make purchases. The debit card can be used only when the fund
is available in the account.
• Some of the important threats associated with the debit/credit card are-
• ATM (Automated Teller Machine)-
It is the favourite place of the fraudster from there they can steal our card
details. Some of the important techniques which the criminals opt for getting
hold of our card information is:
1.Skimming-
It is the process of attaching a data-skimming device in the card reader of
the ATM. When the customer swipes their card in the ATM card reader, the
information is copied from the magnetic strip to the device. By doing this, the
criminals get to know the details of the Card number, name, CVV number,
expiry date of the card and other details.

5. 2.Unwanted Presence-
• It is a rule that not more than one user should use the ATM at a time. If we
find more than one people lurking around together, the intention behind this
is to overlook our card details while we were making our transaction.
3.Vishing/Phishing-
• Phishing is an activity in which an intruder obtained the sensitive
information of a user such as password, usernames, and credit card details,
often for malicious reasons, etc.
• Vishing is an activity in which an intruder obtained the sensitive information
of a user via sending SMS on mobiles. These SMS and Call appears to be
from a reliable source, but in real they are fake. The main objective of
vishing and phishing is to get the customer's PIN, account details, and
passwords.
4.POS Theft-
It is commonly done at merchant stores at the time of POS transaction. In
this, the salesperson takes the customer card for processing payment and
illegally copies the card details for later use.

6. TYPES OF THREATS AND CRIMES
• 1.CLIENT THREATS-
Reasons of client threats are malicious data (virus, logic bomb, worm)etc. This type of
code associated with stand alone personal computers but it can also affect networks.
The malicious code are-
i)Virus : A virus is a self replicating programs which main purpose is to propagate
itself to as many different places as possible. A virus propagate itself by modifying
another program to include itself. A virus can propagate itself by an act of a user of the
system in which it exist. Virus program do not differ any other computer programs.
They are created using common programming tools. A virus main concern is to remain
hidden from the computer user and from various antivirus programs.
ii)Trojan Horse : In general, a Trojan comes attached to what looks like a legitimate
program. In reality, it is a fake version of the app, loaded up with malware.
•
iii)Worm : A computer worm is a type of malware that spreads copies of itself from
computer to computer. A worm can replicate itself without any human interaction, and it
does not need to attach itself to a software program in order to cause damage.

7. COMMUNICATION CHANNEL THREAT
The Internet serves as the electronic chain linking a consumer to an electronic commerce
resource. The Internet is not at all secure.
The messages t passed through N number of intermediate computers and the path can vary
each time a message is sent.
It is impossible to guarantee that every computer on the Internet through which messaged pass
is safe, secure and non-hostile. It is very likely that some person can reach the message, alter
the contents or completely eliminate it from the network.
• Communication Channel Threats in E-commerce are:
1.Secrecy Threats:-
• “Secrecy threats refer to the threats of unauthorized information disclosure and
authentication of the source.”
• Privacy is the protection of individual rights to nondisclosure. Theft of sensitive or personal
information is a significant danger. Your IP Address and browser you use is continually
revealed while on the web.
• Thus the primary fear of conducting electronic commerce is the fear of theft of sensitive
personal information, including credit card numbers, names, addresses, and personal
preferences.
• Special software applications called sniffer programmers provide the means to tap into the
Internet and record information that passes through a particular computer while traveling from
its source to its destination.

8. 2.INTEGRITY THREATS:-
Integrity threats refer to the unauthorized modification of data in the Internet channel.
Active Threats:-
Active wiretapping takes place when an unauthorized person gets access to the signals carrying
the e-commerce message, for example, by tapping the telephone wires and changing the
content of the message stream of information. This affects the integrity of the data and makes it
unreliable.
Cybervandalism:-
Cybervandalism takes place when an unauthorized person changes the content of a Web page,
destroys it, defaces it, or replaces a Web site’s regular content with their own, for example,
hacking into the server of the website.
Masquerading:-
Here someone pretends to be someone else. This can be done by means of spoofing. Someone
creates a fictitious website in place of the real one. All orders to the real website are then
redirected to the fake website where the orders are changed before passing on to the real
website.
3.NECESSITY THREATS:-
The purpose of necessity threats (delay, denial or denial-of-service), is to disrupt normal
computer processing or delay processing entirely. A computer that has experienced a
necessity threat slows processing to an intolerable speed and this will encourage
customers to go to the websites of competitors.

9. SERVER THREATS
In computing, a server is a piece of computer hardware or software (computer program) that provides functionality
for other programs or devices, called "clients".
It is easy to get a server. Anyone can setup a machine in his basement and start publishing websites. Furthermore,
most web hosting companies offer leased servers and virtual private servers at affordable prices. All of this means that
someone with absolutely no experience can start a server, publish websites, or even host other people’s sites.
Fortunately, there are plenty of forums and online documentation to help newbie system administrators get started.
i)Data Packet Sniffing:
This refers to the use of Data Packet Sniffers, also known simply as sniffers. While it is an invaluable tool to the
Network Administrator for troubleshooting and diagnosis, an attacker can also use a sniffer to intercept the data
packet flow and analyze the individual data packets. Usernames, passwords, and other confidential customer data can
then be hijacked from the E-Commerce server. This is a very serious problem, especially in wireless networks, as the
data packets literally leave the confines of the network cabling and travel in the air. Ultimately, Data Packet Sniffing
can lead to hijacking sessions. This is when the attacker eventually takes control over the network connection, kicks
off legitimate users (such as your customers) from the E-Commerce server, and ultimately gains control of it.
ii)IP Spoofing:
The intent here is to change the source address of a data packet to give it the appearance that it originated from
another computer. With IP Spoofing, it is difficult to identify the real attacker, since all E-Commerce server logs will
show connections from a legitimate source.

10. iii)Careless Users:
The number one, most prevalent threat to a server’s security is user carelessness. If you or your users have passwords
that are easy to guess, poorly written code, unpatched software, or a lack of security measures like anti-virus software,
you are just asking for trouble. By enforcing strong security practices and secure authentication, you can lessen or
even eliminate most threats.
iv)Malware:
Malware can take many forms, but as the name implies, it is malicious software. It can take the form of viruses,
worms, trojans, and any other software intended to cause harm. In most cases, malware is installed without the user’s
direct consent. It may attack the user’s computer and/or attack other computers through the user’s own system.
Having proper firewall and security software protection can usually prevent malware from spreading.
v)Unpatched Software:
Unpatched software refers to computer code with known security weaknesses. Once the vulnerabilities come to light,
software vendors write additions to the code known as “patches” to cover up the security “holes.” Running unpatched
software is a risky activity because by the time a patch emerges, the criminal underground is typically well-aware of
the vulnerabilities. Most threats to a server can be prevented simply by having up-to-date, properly-patched software.
All server operating system vendors and distributions publish security updates. By installing them on your system in a
timely manner, you prevent attackers from using your server’s own vulnerabilities against it.

11. What is fraud?
Fraud is an intentional false representation of a fact. The purpose of fraud is to deceive
another party in order to obtain a profit. This profit can be:
-Money
-Goods
-Sensitive information
• Why does fraud take place?
With a large amount of card information stored and transferred online, it has been become easier for hackers to get
access to this information. Every time new measures are taken to prevent fraud, hackers step up their game and find
new ways to avoid the newly set barriers.
• There are two main reasons that online fraud occurs as often as it does:
1.It is fairly easy for hackers to steal the needed data. For fraudsters, it is easy to buy this information on
the black market.
2.Lack of prosecution for this type of crime.
• The lack of prosecution in fraud is due to the following three reasons:
1.It is hard to detect online fraud and catch the correct fraudster. The fraudster frequently creates a fake
email account and opens a post box under an alias revealing no information about himself.
2.The police do not prioritize online fraud nearly as highly due to the fact that the average amount of each
case is low.
3.Online fraud repeatedly crosses borders, which makes it harder to find a legal punishment.

12. FRAUDS AND SCAMS
1).Financial frauds:
Ever since the first online businesses entered the world of the internet, financial
fraudsters have been giving businesses a headache. There are various kinds of
Financial frauds prevalent in the e-commerce industry, but we are going to
discuss the two most common of them.
a)CreditCard Fraud-
It happens when a cybercriminal uses stolen credit card data to buy products on
your e-commerce store. Usually, in such cases, the shipping and billing addresses
vary. You can detect and curb such activities on your store by installing an AVS –
Address Verification System.
Another form of credit card fraud is when the fraudster steals your personal
details and identity to enable them to get a credit card.
b) Fake Return & Refund Fraud-
The bad players perform unauthorized transactions and clear the trail, causing
businesses great losses. Some hackers also engage in refund frauds, where they
file fake requests for returns.

13. 2)Phishing:
Several e-commerce shops have received reports of their customers receiving
messages or emails from hackers masquerading to be the legitimate store
owners. Such fraudsters present fake copies of your website pages or another
reputable website to trick the users into believing them.
3)Spamming:
Some bad players can send infected links via email or social media inboxes. They
can also leave these links in their comments or messages on blog posts and
contact forms. Once you click on such links, they will direct you to their spam
websites, where you may end up a victim.
4)Malware:
Hackers may design a malicious software and install on your IT and computer
systems without your knowledge. These malicious programs include spyware,
viruses, Trojan horses, and ransomware.
The systems of your customers, admins, and other users might have Trojan
Horses downloaded on them. These programs can easily swipe any sensitive
data that might be present on the infected systems and may also infect your
website.