emis 528_assignment(security in e commerce)

7/25/2019 EMIS 528_Assignment(Security in E Commerce)

1/24

Submitted By

MD. ABDULLAH AL AHAD | ID: 61323-16-029MAHMUD PARVEJ | ID: 61325-18-052SHUVAJYOTI ROY | ID: 61426-19-020

SECURITY IN E-COMMERCE

EMIS-528 (Information Security Management System)

Submitted To

Md. Rakibul Hoque

Assistant Professor

Department of Management Information Systems

University of Dhaka

MBA (Evening) Program,Department of Management Information SystemsUniversity of Dhaka


2/24

1 | P a g e Security in E-Commerce

Executive Summary

Electronic Commerce may include any computer mediated business process, but a

common usage is to use it to describe commerce (buying and selling of a product orservice) taking place using the World Wide Web (WWW) as an enabling transport [1].

Since the invention of WWW in 1989, Internet-based electronic commerce has been

transformed from a mere idea into reality. Consumers browse through catalogues,

searching for best offers, order goods, and pay them electronically. Most financial

institutions have some sort of online presence, allowing their customers to access and

manage their accounts, make financial transactions, trade stocks, and so forth.

Electronic mails are exchanged within and between enterprises, and often alreadyreplace fax copies. Soon there is arguably no enterprise left that has no Internet

presence, if only for advertisement reasons [2].

Thus, doing some electronic business on the Internet is already an easy task. As is

cheating and snooping. Several reasons contribute to this insecurity: The Internet does

not offer much security per-se. Eavesdropping and acting under false identity is

simple. Stealing data is undetectable in most cases. Popular PC operating systems

offer little or no security against virus or other malicious software, which means thatusers cannot even trust the information displayed on their own screens. At the same

time, user awareness for security risks is threateningly low. In this paper, various

probable crime through e-commerce along with their potential reasons and plausible

security measures are outlined.


3/24


Table of ontents

Introduction ................................................................................................................ 3

Security Issues in E-commerce .................................................................................. 5

Dimensions of E-commerce Security .................................................................................................. 5

The Tension between Security and Other Values ............................................................................... 6

Security Threats in the E-commerce Environment ............................................................................. 6

A Typical e-commerce transaction ................................................................................................. 6

Vulnerable Points ............................................................................................................................ 7

Detailing of Security vulnerabilities in electronic commerce ............................................................. 7

Viable causes behind Security Threats ............................................................................................... 9

Probable Crimes in E-commerce Environment ........................................................ 10Most Common Security Threats in the E-commerce Environment .................................................. 10

Unwanted Programs ......................................................................................................................... 10

Phishing and Identity Theft ............................................................................................................... 11

Hacking and Cyber vandalism ........................................................................................................... 11

Credit Card Fraud .............................................................................................................................. 11

Spoofing (Pharming) and Spam (Junk) Web Sites ............................................................................. 12

DoS and DDoS Attacks ...................................................................................................................... 12

Denial of Service ............................................................................................................................... 13

SMURF Attack ................................................................................................................................... 13

Other Security Threats ...................................................................................................................... 13

Security Steps to Protect E-Commerce .................................................................... 14

Technology Solutions ........................................................................................................................ 15

Protecting Internet Communications: Encryption ........................................................................ 15

Network Transport Security .......................................................................................................... 17

Conclusion ............................................................................................................... 21References ............................................................................................................... 22


4/24


Introduction

The utilization of the internet is increasing rapidly every year; availability of low cost

peripheral devices. and wider internet accessibility options are key contributingfactors [3]. The progression of technology over the recent years have enabled the

consumer a broader and much more enriched interactive experience [4]. The

availability of a wide variety of applications and simple point and click interfaces has

further contributed to this experience by its ease of usability.

A wide variety of commerce is conducted via e-Commerce, including electronic funds

transfer, supply chain management, Internet marketing, online transactionprocessing, electronic data interchange (EDI), inventory management systems, and

automated data collection systems. US online retail sales reached $175 billion in 2007

and are projected to grow to $335 billion by 2012 [5].

Due to this, IT usage in present times has become a common practice.

Business to customer (B2C) transactions and business (B2B) transactions are

commonly used in the market. The fusion and integration of these two types of

transactions has produced e-commerce [6] [7]. Chen and Dhillon have defined

e- commerce as the transaction of goods and services over the internet [4]. It is also

described as the sharing, transferring and exchanging of information [8]. Over the

past few years E-commerce has maintained a rapid yet steady pace. It has been

a dynamic force, a catalyst in changing the nature of business transactions and

operations all around the world [9]. It should also be noted that unlike traditional

commerce; EC does not allow physical interaction between the consumers and

retailers or suppliers for that matter [4]. This fact raises a number of risks and issues

including technological, security, privacy, trust, legal and other related issues [9]. The

following research focuses on two of these issues, security and privacy. The

factoring of Security and privacy in e-commerce models is of considerable

importance to consumers, businesses, and regulators [10]. The majority of

customers feel insecure towards the existing policies and guidelines with respect

to privacy and security online. Such insecurities have a negative impact upon any

economic model. That said, online security breaches can be considered as a fast


5/24


spreading menace in current day economical settings around the world. E-Commerce

providers must also protect against a number of different external security

threats, most notably Denial of Service (DoS). The financial services sector still bears

the brunt of e-crime, accounting for 72% of all attacks. But the sector that experienced

the greatest increase in the number of attacks was e-Commerce. Attacks in this sector

have risen by 15% from 2006 to 2007 [11].


6/24


Security Issues in E-commerce

In e-commerce development security is a critical factor to consider [12]. It is one of the

pivotal success factors of e-commerce. Security is defined as the protection ofdata against accidental or intentional disclosure to unauthorized persons, or

unauthorized modifications or destruction [13]. It usually refers to the provision of

access control, privacy, confidentiality, integrity, authentication, non-repudiation,

availability and effectiveness [9][14][15]. Surveys conducted and compiled recently

shows increasing concerns on security risks and have become a global issue [6].

When customers lose confidence in a systems ability to protect sensitive and

confidential data such as credit card information its feasibility will becompromised. The system t thus will be rendered helpless [16].

Electronic commerce has been weakened by the deterioration of confidence

held towards it by the consumer public. This in turn poses an immense threat to the

overall expansion and success of it. [13]. In fact, Hoffman et al. stated that 63%

of online end-users intentionally delay when providing personal information due

to diminished confidence and trust in sites [4]. If credibility is to be achieved,

improvised security and privacy protocols should be incorporated . At presentsecurity is pivotal and concerns surrounding its efficiency is perhaps the key cause

for web users not making online purchases [13]. The US- based Better Business

Bureau confirmed that online security was a great concern in 2001[4]. Types

of security threats include identity theft i.e. the illegal use of personal information and

is in fact the USAs leading occurrence of fraud [17]. List of other threats include

gaining physical access to premises, accessing wiretaps, unauthorized acquiring

of information, viruses, lack of integrity, financial fraud, vandalism, etc [16][9].Dimensions of E-commerce Security

Integrity: ability to ensure that information being displayed on a Web site or

transmitted/received over the Internet has not been altered in any way by an

unauthorized party

Nonrepudiation: ability to ensure that e-commerce participants do not deny

(repudiate) online actions

Authenticity: ability to identify the identity of a person or entity with whom youare dealing on the Internet


7/24


Confidentiality: ability to ensure that messages and data are available only to

those authorized to view them

Privacy: ability to control use of information a customer provides about

himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as

intended Copyright

The Tension between Security and Other Values

Security vs. ease of use: the more security measures added, the more

difficult a site is to use, and the slower it becomes

Too much security can harm profitability, while not enough security can put

you out of business

Tension between the desire of individuals to act anonymously (to hide their

identity) and the needs to maintain public safety that can be threatened by

criminals or terrorists.

The Internet is both anonymous and pervasive, an ideal communication tool

for criminal and terrorist groups (Coll and Glasser 2005)

Security Threats in the E-commerce Environment

Three key points of vulnerability:

Client

Server

Communications channel

A Typical e-commerce transaction


8/24


Vulnerable Points

Detailing of Security vulnerabilities in electronic commerce

There are many points of failure, or vulnerabilities, in an e-commerce environment.

Even in a simplified e-commerce scenarioa single user contacts a single web site,

and then gives his credit card and address information for shipping a purchasemany

potential security vulnerabilities exist. Indeed, even in this simple scenario, there are

a number of systems and networks involved. Each has security issues:

A user must use a web site and at some point identify, or authenticate, himself

to the site. Typically, authentication begins on the users home computer and

its browser. Unfortunately, security problems in home computers offer hackers

other ways to steal e- commerce data and identification data from users. Some

current examples include a popular home-banking system that stores a users

account number in a Web cookie which hostile web-sites can crack [18];

ineffective encryption or lack of encryption for home wireless networks [19];

and, mail-borne viruses that can steal the user's financial data from the local

disk [20] or even from the user's keystrokes [21]. While these specific security

problems will be fixed by some software developers and web-site

administrators, similar problems will continue to occur. Alternatives to the home


9/24


computer include Point-of-Sale (POS) terminals in brick-and-mortar stores, as

well as a variety of mobile and handheld devices.

The users web browser connects to the merchant front-end. When a

consumer makes an online purchase, the merchant's web-server usually

caches the order's personal information in an archive of recent orders. This

archive contains everything necessary for credit-card fraud. Further, such

archives often hold 90 days' worth of customers' orders. Naturally, hackers

break into insecure web servers to harvest these archives of credit card

numbers. Several recent thefts netted 100,000, 300,000, and 3.7 million credit-

card data, respectively. Accordingly, an e-commerce merchant's first security

priority should be to keep the web servers' archives of recent orders behind the

firewall, not on the front-end web servers [22]. Furthermore, sensitive servers

should be kept highly specialized, by turning off and removing all inessential

services and applications (e.g., ftp, email). Other practical suggestions to

secure web servers can be found in [23] and [24], among many others.

The merchant back-end and database. A sites servers can weaken the

company's internal network. This not easily remedied, because the web

servers need administrative connections to the internal network, but web server

software tends to have buggy security. Here, the cost of failure is very high,

with potential theft of customers identities or corporate data. Additionally, the

back-end may connect with third party fulfillment centers and other processing

agents. Arguably, the risk of stolen product is the merchant's least-important

security concern, because most merchants' traditional operations already have

careful controls to track payments and deliveries. However, these third parties

can release valuable data through their own vulnerabilities.

This is a simplified model of an e-commerce architecture; yet even in its simplicity,

there are a number of security problems. Note that encrypted e-commerce

connections do little to help solve any but network security problems. While other

problems might be ameliorated by encryption, there are still vulnerabilities in the

software clients and servers that must use the data. We will discuss the

implications of these vulnerabilities below users who may themselves release

data or act in ways that place sites at jeopardy, the constant pressure of new

technologies and the resulting constant threat of new vulnerabilities, as well as the


10/24


requirements for critical organizational processes. However, before discussing

potential requirements for e-commerce sites and their consumers, it is important to

survey potential security technologies.

Viable causes behind Security Threats

Reasons for high security risks include the imperfection of e-commerce laws,

regulations, systems, technology and the internet . Security is a key integral

issue for users, regardless of what the application maybe, ranging from locking a

computer to conducting business via the internet [17]. The rapid development of e-

business and e-commerce applications have resulted in increased the amount

of illegal infiltration into information systems which were deemed initially safe [6].Since E-commerce is completely reliant on IT, it could be stated that future

developments in e-commerce will solely depend on IT security and risk management.

Garg et al. states that "a percentage between 36 and 90 percent of organizations

confirmed security breaches in the past year alone [6]. These statistics help increase

or maintain customers negative perception of the e-market and explains why a lot of

people are fearful or insecure about buying or performing sensitive transactions online.

It seems like the only solution to extract the problem and increase e-sales is to providefully secured networks that guarantee confidentiality and safety. It is however not that

simple. Technologies that provide flawless security measures and guarantees

are very expensive and in most cases not easily acquired. Web based e-commerce

is comprised of hyperlinked web pages alongside applications and incompatible

technologies to bring about business transactions amongst different companies

spanning the globe [7]. Therefore, even if a business tries to deploy error free security

software, success is not guaranteed as there are many factors influencing the

flow and security of information in cyberspace. Moreover, in order for e-commerce

to develop customer trust, the change has to be done in a collective manner,

not just a few companies. In the case of small to medium businesses it is

difficult and costly to incorporate complete IT security [6]. Leaving aside the

multifaceted technologies required, e-commerce systems are founded and based on

the World Wide Web which coincidently has a history of exposure to a variety of

security threats [7]


11/24


Probable Crimes in E-commerce Environment

Most Common Security Threats in the E-commerce Environment

Malicious code (viruses, worms, Trojans)

Unwanted programs (spyware, browser parasites)

Phishing/identity theft

Hacking and cyber vandalism

Credit card fraud/theft

Spoofing (pharming)/spam (junk) Web sites

DoS and dDoS attacks Sniffing

Insider attacks

Poorly designed server and client software

Try to impair computers, steal email addresses, logon credentials, personal

data, and financial info.

Viruses: computer programs that have ability to replicate and spread to other

files; most also deliver a payload of some sort (destructive or benign);include macro viruses, file-infecting viruses, and script viruses

Worms: Designed to spread from computer to computer; can replicate without

being executed by a user or program like virus

Trojan horse: Appears to be benign, but then does something other than

expected

Bots: Can be covertly installed on computer; responds to external commands

sent by the attacker to create a network of compromised computers forsending spam, generating a DDoS attack, and stealing info from computers

Unwanted Programs

Installed without the users informed consent

Browser parasites: Can monitor and change settings of a users browser

Adware: Calls for unwanted pop-up ads


12/24


Spyware: Can be used to obtain information, such as a users keystrokes, e-

mail, IMs, etc

Phishing and Identity Theft

Any deceptive, online attempt by a third party to obtain confidential

information for financial gain

Most popular type: e-mail scam letter, e.g., Nigerians rich former oil minister

seeking a bank account to deposit millions of dollars, fake account

verification emails from eBay or CitiBankasking to give up personal account

info, bank account no., and credit card no. One of fastest growing forms of e-commerce crime

197,000 unique new phishing emails sent within the first 6 months of 2007,

18% increased

Hacking and Cyber vandalism

Hacker: Individual who intends to gain unauthorized access to computersystems

Cracker: Hacker with criminal intent (two terms often used interchangeably)

Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site

Types of hackers include:

White hatshired by corporate to find weaknesses in the firms computer

system

Black hatshackers with intention of causing harm Grey hatshackers breaking in and revealing system flaws without

disrupting site or attempting to profit from their finds

Credit Card Fraud

Fear that credit card information will be stolen deters online purchases


13/24


Overall rate of credit card fraud is lower than users think, 1.6-1.8% of all

online card transactions.

USs federal law limits liability of individuals to$50 for a stolen credit card.

Hackers target credit card files and other customer information files onmerchant servers; use stolen data to establish credit under false identity

One solution: New identity verification Mechanisms

Spoofing (Pharming) and Spam (Junk) Web Sites

Spoofing (Pharming) Misrepresenting oneself by using fake e-mail addresses or masquerading as

someone else

Threatens integrity of site; authenticity

Spoofing a Web site is called pharming, which involvesredirecting a Web

link to another IP address different from the real one

Pharming is carried out by hacking local DNS servers.

Threatens integrity of site by stealing business from the true site, or alteringorders and sending them to the true site for processing and delivery.

Threatens authenticity by making it hard to discern the true sender of a

message.

Spam (Junk) Web sites

Use domain names similar to legitimate one, redirect traffic to spammer-

redirection domains

DoS and DDoS Attacks

Denial of service (DoS) attack

Hackers flood Web site with useless traffic to inundate and overwhelm

network

Use of bot networks built from hundreds of compromised workstations.


14/24


No. of DoS attacks per day grew from 119 during last 6 months of 2004 to

927 during first 6 months of 2005, a 679% increase [11].

Distributed denial of service (DDoS) attack

Hackers use numerous computers to attack target network from numerouslaunch points

Microsoft and Yahoo have experienced such attacks

Denial of Service

Ping Flooding

Attacker sends a flood of pings to the intended victim The ping packets will saturate the victims bandwidth

SMURF Attack

Uses a ping packet with two extra twist

Attacker chooses an unwitting victim

Spoofs the source address Sends request to network in broadcast mode

Other Security Threats

Sniffing: Type of eavesdropping program that monitors information traveling

over a network; enables hackers to steal proprietary information from

anywhere on a network

Insider jobs: Single largest financial threat

64% of business firms experienced an insidesecurity breach in their

systems in 2006.

Poorly designed server and client software : Increase in complexity of

software programs (e.g., MSs Win32 API) has contributed toMS s increase is

vulnerabilities that hackers can exploit


15/24


Security Steps to Protect E-Commerce

There are many relevant technologies, including cryptographic technologies that can

mitigate the previously mentioned vulnerabilities. However, none is comprehensive orairtight by itself. Accordingly, we next present a brief overview of the major

technologies, also considering the advantages and disadvantages of each.

There are four components involved in E-Commerce Security: client software, server

software, the server operating system, and the network transport. Each component

has its own set of issues and challenges associated with securing them:

Client software is becoming increasingly more security-focused, however

single-user desktop operating systems historically have had no security

features implemented. E-Commerce software that relies on the security of the

desktop operating system is easily compromised without the enforcement of

strict physical controls.

Server software is constantly under test and attack by the user community.Although there have been cases of insecurities, a system administrator keeping

up with the latest patches and vendor information can provide a high degree of

confidence in the security of the server itself.

Operating systems used for hosting E-Commerce servers are securable, but

rarely shipped from the vendor in a default configuration that are secure. E-

Commerce servers must protect the database of customer information

accumulating on the server as well as provide security while the server is

handling a transaction. If it is easier for a thief to compromise the server to

obtain credit card numbers, why bother sniffing the network for individual credit

card numbers?

Session transport between the client and server uses network protocols that

may have little or no built-in security. In addition, networking protocols such as

TCP/IP were not designed to have confidentiality or authentication capabilities


16/24


Technology Solutions

Protecting Internet communications (encryption)

Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls)

Protecting servers and clients

Protecting Internet Communications: Encryption

In the mass media, the most visible security technologies are the encryption

algorithms. For a general introduction to these technologies see [25]; a popularization

can be found in [26]. Two classic textbooks are [27] and [28], and encyclopedic

compendia include [29] and [30].

Encryption: Process of transforming plain text or data into cipher text that cannot be

read by anyone other than the sender and receiver

Purpose: Secure stored information and information transmission

Provides:

Message integrity

Nonrepudiation

Authentication

Confidentiality

Symmetric Key Encryption:

Symmetric key encryption is also known as secret key encryption. Secret-keycryptography is the more traditional form, and has been used for all kinds of

communications throughout the ages. In this method, one "key" is used to both

encrypt and decrypt the data. A key can be anything from a secret-decoder ring

found in a cereal box to a highly complex mathematical algorithm; keys really

only differ in the ease with which they can be broken by third parties. In secret-

key cryptography, the sender and receiver must have the same key in order for

the transmission to work correctly.


17/24


Both the sender and receiver use the same digital key to encrypt and decrypt

message

Requires a different set of keys for each transaction

Advanced Encryption Standard (AES): Most widely used symmetric keyencryption today; offers 128-, 192-, and 256-bit encryption keys; other

standards use keys with up to 2,048 bits

Public Key Encryption:

The key management problem inherent to secret-key cryptography needed to be

addressed in order for large-scale, secure use of data encryption techniques. In 1976,Whitfield Diffie, a cryptographer and privacy advocate, and Martin Hellman, an

electrical engineer, working together discovered the concept of public-key encryption.

Instead of having one key shared among both users of an encrypted transmission,

each user has his or her own public/private key pair. A user makes the public key open

and available to anyone (by publishing it on-line or registering it with a public key

server), and keeps the private key hidden away where (hopefully) no one can get at it.

The private key is mathematically derived from the public key, and thus the two arelinked together. In order to send someone a message, the sender encrypts the

transmission with the receiver's public key. This can then only be decrypted by the

receiver's private key. Thus, anyone can encrypt a message with someone else's

public key, but only that person would ever be able to read it.

Solves symmetric key encryption problem of having to exchange secret key

Uses two mathematically related digital keyspublic key (widely disseminated)and private key (kept secret by owner)

Both keys used to encrypt and decrypt message

Once key used to encrypt message, same key cannot be used to decrypt

message

For example, sender uses recipients public keyto encrypt message; recipient

uses his/her private key to decrypt it


18/24


Digital signatures

Public-key also provides a mechanism for authenticating messages that secret-key

techniques do not: digital signatures. The sender of a message completes acalculation (performed by a hash function) involving the actual file structure to be

transmitted, and his or her private key, and the result of this (the digital signature itself)

is appended to the end of the transmission. The receiver can then perform a

calculation involving the received message and the sender's public key, and if

everything is valid, the sender's identity will have been verified. A benefit of this

signature method is that it not only verifies the sender's identity; it also verifies that the

original contents of the transmission have not been altered in anyway. Because the

signature is derived from both the key and the data itself, changing the data later on

will cause the receiver's verification to fail. This provides authentication that is even

better than a signature on a paper document: a signature can be forged, or the

contents of the document could somehow be secretly altered, but with public-key

authentication, this cannot be done.

Network Transport Security

Models such as SET, CAF, DigiCash, First Virtual, and Millicent provide a secure

payment method. However, the transaction still depends on the privacy and

authentication of the data stream. Basic TCP/IP networking protocols do not include

encryption and strong authentication. Higher level protocols such as HTTP, FTP, and

Telnet do little to provide advanced security measures beyond user id and password

authentication. All information sent using these protocols is unencrypted, so the datastream lacks confidentiality.


19/24


20/24


IPSec (Ipv6)

IPSec is a framework of open standards developed by the Internet Engineering Task

Force (IETF). IPSec provides security for transmission of sensitive information over

unprotected networks such as the Internet. IPSec acts at the network layer, protecting

and authenticating IP packets between participating IPSec devices ("peers"), such as

Cisco routers.

Secure Socket Layer (SSL)

SSL is the Secure Sockets Layer protocol. Version 2.0 originated by Netscape

Development Corporation, and version 3.0 was designed with public review and inputfrom industry. SSL (Secure Sockets Layer) is a communication system that ensures

privacy when communicating with other SSL-enabled products. Technically speaking,

SSL is a protocol that runs above TCP/IP and below HTTP or other top-level protocols.

It is symmetric encryption nested within public-key encryption, authenticated through

the use of certificates. An SSL connection can only occur between an SSL-enabled

client and an SSL-enabled server. In fact, when a server is running in SSL mode, it

can only communicate through SSL.S-HTTP was designed by E. Rescorla and A. Schiffman of EIT to secure HTTP

connections. S-HTTP provides a wide variety of mechanisms to provide for

confidentiality, authentication, and integrity. Separation of policy from mechanism was

an explicit goal. The system is not tied to any particular cryptographic system, key

infrastructure, or cryptographic format. The Internet draft is fairly clear in its

presentation of the protocol, although implementation details are sketchy.

S-HTTP is a superset of HTTP, which allows messages to be encapsulated in various

ways. Encapsulations can include encryption, signing, or MAC based authentication.

This encapsulation can be recursive, and a message can have several security

transformations applied to it. S-HTTP also includes header definitions to provide key

transfer, certificate transfer, and similar administrative functions. S-HTTP appears to

be extremely flexible in what it will allow the programmer to do. S-HTTP also offers the

potential for substantial user involvement in, and oversight of, the authentication &

encryption activities.


21/24


How SSL relates to TCP/IP and application protocols.

An SSL connection is initiated by a network browser when it asks a server to send a

document through HTTPS, LDAPS, SNEWS, or other secure protocol.

Transport Layer Security (TLS)

TLS, more commonly known as SSL, is a popular mechanism for enhancing TCP

communications with privacy and authentication. TLS is in wide use with the HTTP

protocol, and is also being used for adding security to many other common protocols

that run over TCP.


22/24


Conclusion

In summary, the e-commerce industry faces a challenging future in terms of the

security risks it must avert. With increasing technical knowledge, and its widespreadavailability on the internet, criminals are becoming more and more sophisticated

in the deceptions and attacks they can perform. Novel attack strategies and

vulnerabilities only really become known once a perpetrator has uncovered and

exploited them.

Both privacy and security are still ongoing research problems. Privacy is now

understood, by many, to be a social construction with expectations the largest

consideration. Yet, privacy is also considered a public issue by regulators, who havenonetheless largely allowed technology to unfold to date. Security is now understood

to be largely imperfect, the continual cat-and-mouse game of security expert and

hacker.

In saying this, there are multiple security strategies which any e-commerce provider

can instigate to reduce the risk of attack and compromise significantly. Awareness of

the risks and the implementation of multi-layered security protocols, detailed and

open privacy policies and strong authentication and encryption measures will go

a long way to assure the consumer and insure the risk of compromise is kept minimal.


23/24


References

[1] http://www.msen.com/~chad/ecomm_sec.html

[2] Peixian LI, Issues of Security and Privacy in Electronic Commerce[3] Mayor.S.Desai, Thomas.C.Richards and Kiran.J.Desai, E-commerce

policies and customer privacy. Information management and computersecurity, 2003(11/1).

[4] Bruce Chien-Ta ho and Kok-Boon Oh, An empirical study of the use of e-security seals in e-commerce. E-security seals in e-commerce, 2008.

[5] MULPURU, S. (2008) B2C eCommerce Expected To Top $300B In Five

Years. Forrester, Research, 1

7.[6] Atul Gupta and Rex Hammond, Information systems security issues and

decisions for small businesses. IS security issues and decisions 2003.

[7] M.T.Chan and L.F.Kwok, Integrating security design into the softwaredevelopment process for e-commerce systems. Informationmanagement and computer security, 2001(9/3).

[8] Xiaoming Meng, Analyze and prevent the security risks of e-commerceprivacy.International conference on management of e-commerce and e-

government, 2008(7/8).[9] George. S. Oreku, Jianzhong Li, Rethinking e-commerce security. CIMGA-

IAWTIC, 2005(0/05).

[10] Mauricio. S. Featherman, Anhtony. D. Miyazaki and David. E. Sprott,Reducing online privacy risk to facilitate e- service adoption: the influence ofperceived ease of use and corporate credibility. Journal of services marketing,2010(24/3).

[11] SYMANTEC (2007) Attacks rise as e

tailers lag finance sector on security. Computer, Weekly, 44.

[12] Xin Tian, Wei Dai, Study on information management and security of e-commerce system. LEE, 2101. (9/10)

[13] Godwin. J. Udo, Privacy and Security. Information management and computersecurity, 2001(9/4)

[14] Licun Wang, Changing Zou, Shubin Zhang, A study on the commercesecurity characteristics for electronic business. International conferenceone-business and e-government, 2010. (3/10)
http://www.msen.com/~chad/ecomm_sec.htmlhttp://www.msen.com/~chad/ecomm_sec.html


24/24

[15] Ralph Holbein, Thomas Gaugler, IT security in electronic commerce:from cost to value driver. International Workshop on Database and ExpertSystems Applications, 1999. (4/7)

[16] Someswar Kashe, Sam Ramanujan, Sridhar Nerur, A framework for analyzing

e-commerce security. Information management and computer security,2001(10/4).

[17] Norman Desmarais, Body language. Library Hi Tech, 2000(18/1).

[18] Graves, P., and M. Curtin. 2000. Bank One Online Puts Customer AccountInformation At Risk.http://www.interhack.net/pubs/bankone-online.

[19] Borisov, N., I. Goldberg, and D. Wagner. 2001. Intercepting MobileCommunications: The Insecurity of 802.1. Proceedings of the Seventh AnnualInternational Conference on Mobile Computing and Networking : 180-189.

[20] Roberts, P. 2002. Bugbear Virus Spreading Rapidly. PC World Online,Ocotober 2, 2002,

[21] Neyses, J. 2002. Higher Education Security Alert From the U.S. SecretService: List of Keystroke Logging Programs.http://www.unh.edu/tcs/reports/sshesa.html.

[22] Winner, D. 2002. Making Your Network Safe for Databases. SANSInformation Security Reading Room, July 21, 2002,

[23] Tipton, Harold, and Micki Krause. 2002. Information Security ManagementHandbook. New York: CRC Press.

[24] Garfinkel, Simson, Alan Schwartz, and Gene Spafford. 2003. Practical UnixInternet Security. Cambridge, MA: O'Reilley.

[25] Treese, G. Winfield, and Lawrence C. Stewart. 1998. Designing Systems ForInternet Commerce. New York: Addison-Wesley.

[26] Levy, Steven. 2001. Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age. New York: Viking.

[27] Denning, D. 1983. Cryptography and Data Security. New York: Addison-Wesley.

[28] Koblitz, N. 1994. A course in number theory and cryptography. Berlin:Springer-Verlag.

[29] Schneier, B. 1996. Applied Cryptography. New York: John Wiley & Sons.

[30] Menezes, Alfred J., Van Oorschot, Paul C., and Scott A. Vanstone. 1996.Handbook of Applied Cryptography. New York: CRC Press.
http://www.interhack.net/pubs/bankone-onlinehttp://www.unh.edu/tcs/reports/sshesa.htmlhttp://www.unh.edu/tcs/reports/sshesa.htmlhttp://www.interhack.net/pubs/bankone-online

emis 528_assignment(security in e commerce)

Documents