WHAT IS E-COMMERCE SECURITY?
E-commerce security refers to the principles which guide safe electronic transactions, allowing the buying and selling of goods and services through the Internet, but with protocols in place to provide safety for those involved.
Security is an essential part of any transaction that takes place over the internet. Customers will lose faith in a e-business if its security is compromised.
WHAT IS E-POLICY?
Generally a good E-Commerce website needs a good E-Policy in place. A good website e-policy will explain what users can expect for example if: Any personal information is collected. How the business uses any information collected. What the website’s users can and cannot do. How to handle issues or returns if items are bought. If you’re missing these policies, potential customers might not find you trustworthy enough and find what they’re looking for somewhere else. Basically, these policies are the contract with your website’s users, establishing trust and accountability.
E-POLICY: TERMS OF SERVICE
Terms of Service or Terms and Conditions basically sets some rules for the users. They provide a guideline of what they can and cannot do whilst using the website as well as what they can expect from the business.
The Terms and Conditions depend on the type of website, it could be a simple disclaimer or a full user agreement if the website has a lot of information. Every aspect has to be taken into account so the terms will get more complex if the website has more information.
Terms of service typically cover topics including:
- User acceptance
- User rights and responsibilities
- Ownership of user content
- Acceptable and unacceptable use of the website
- Opt-out information
- Account termination procedures
- Disclaimers
- Limitation of liability
E-POLICY: PRIVACY POLICY
Almost every website will collect some sort of personal information from its users. The privacy policy will explain, what information a website collects and how it uses, stores, and protects that user information. Technically, the privacy policy is a subsection of terms of service, but because it is very important and lengthy, most of the time it is a separate agreement and incorporated into the full terms of service by reference.
Website privacy policies usually cover topics like:
- What information is collected
- How collected information is used
- How information is protected and stored
- If cookies or other tracking software is used
- Disclaimers.
E-POLICY: RETURNS POLICY
A good returns policy can be a key aspect in gaining your customers trust, a clear, simple returns policy can be vital to help close the sale as this will give customers confidence in your business and products. Good returns policies should include the time the customer has to return or exchange the product, if there is any limitations on return or exchange, the process the user has to go through to return or exchange products and how to contact the business about any returns or exchanges.
ESSENTIAL REQUIREMENT’S FOR SAFE E-PAYMENTS/TRANSACTIONS: CONFIDENTIALITY
The most obvious e-commerce security is confidentiality, when you shop online the information you share with the seller has to stay with the seller and it should not be shared with unauthorised parties.
The business is responsible to have encryption, virus protection and a firewall preventing anyone from accessing your information like bank details and credit card information.
INTEGRITY
Another essential requirement is integrity, this means that any information that is shared online should not be altered in any way, so the business can only use what the buyer have shared. If any of the information is tampered with, that means the business is breaking the confidence of the buyer in the security of the transaction and the integrity of the company.
AUTHENTICATION
For a sale to go through in e-commerce, both seller and buyer have to be who they say they are. A business cant sell anything unless its real and its products are real. The buyer also needs to provide a form of identification when shopping online, for example when you sign up to a mobile phone contract, you have to submit your id as part of the process of authentication. There are other types of authentications such as login and passwords credentials or credit card pin codes.
NON-REPUDIATION
Repudiation is denial and a good business depends on the people involve to follow through on their part of transactions and not denying those actions. Non-repudiation legal principle adds a level of security by confirming that the information which was sent between parties was received, meaning that the person who purchased a product cannot deny this as there is evidence to show it was in fact them such as signature or email.
If these requirement’s are not in place, customers will hesitate to buy and that could destroy an e-commerce business. Any breach will cost a business in customers trust and losing revenue.
ENCRYPTION
It is a very effective and practical way to safeguard the data being transmitted over the network. Sender of the information encrypts the data using a secret code and only the specified receiver can decrypt the data using the same or a different secret code.
- Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
- Availability − Information should be available wherever and whenever required at anytime.
- Authenticity −Authenticate a user before giving them access to the required information.
E-COMMERCE SECURITY THREATS
Price Manipulation: These systems automatic, starting from the first step to the final payment gateway. Price manipulation is commonly used for stealing. It allows an intruder to install a lower price into the URL and get away with sensitive data. Wi-Fi Eavesdropping – This is know to be one of the easiest ways to steal personal data. This is like “virtual listening” of information which is shared over Wi-Fi networks that are not encrypted such as public networks that have no security.
WAYS TO COMBAT E-COMMERCE THREATS
Encryption – Make sure any personal data is encrypted. Having digital certificates: This is a reliable digital certificate. The most important digital certificate is the serial number, expiry date and date of issue. Perform a security audit – A routine audit of the security procedures.
MEASURES TO ENSURE SECURITY
- Encryption − Information should be encrypted and decrypted only by an authorized user.
- Digital Signature −A digital signature is an e-signature authenticated through encryption and password.
- Security Certificates −A unique digital id used to verify the identity of an individual website or user.
SECURITY PROTOCOLS IN INTERNET: SECURE SOCKET LAYER (SSL)
This is the most commonly used protocol as it meets following security requirements:
- Authentication
- Encryption
- Integrity
- Non-reputability
- ‘https://’ is to be used for HTTP urls with SSL.
SHTTP extends the HTTP internet protocol with public key encryption, authentication, and digital signature over the internet. Secure HTTP supports a lot of security tools, providing security to the end-users. SHTTP works by arranging encryption scheme types used between the client and the server.
SECURITY PROTOCOLS IN INTERNET: SECURE ELECTRONIC TRANSACTION
Secure electronic protocol is developed by MasterCard and Visa. Theoretically, it is the best security protocol as it has the following components: Card Holder’s Digital Wallet Software −This allows the card holder to make secure purchases online with point and click interface. Merchant Software −This helps merchants to communicate with customers and financial institutions in a secure way.
Payment Gateway Server Software −This provides automatic and standard payment process. It also supports the process for merchant’s certificate request.
Certificate Authority Software −This is used by financial institutions to issue digital certificates to card holders and merchants, and to enable them to register their account agreements for secure electronic commerce.
REFERENCES
- https://www.liquidweb.com/blog/top-5-e-commerce-security-needs/
- https://www.techgenyz.com/2017/04/05/e-commerce-major-threats-e-commerce-security/
- https://www.tutorialspoint.com/e_commerce/e_commerce_quick_guide.htm
- https://www.cio.com/article/2384809/15-ways-to-protect-your-ecommerce-site-from-hacking-and-fraud.html
- https://ecommerce-platforms.com/ecommerce-selling-advice/essentials-ecommerce-security
- https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/newbie-retailers-guide-to-ecommerce-security/
- https://www.liquidweb.com/blog/top-5-e-commerce-security-needs/
- https://www.techgenyz.com/2017/04/05/e-commerce-major-threats-e-commerce-security/
- https://www.tutorialspoint.com/e_commerce/e_commerce_quick_guide.htm
- https://www.cio.com/article/2384809/15-ways-to-protect-your-ecommerce-site-from-hacking-and-fraud.html
- https://ecommerce-platforms.com/ecommerce-selling-advice/essentials-ecommerce-security
- https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/newbie-retailers-guide-to-ecommerce-security/