Table of Contents
Part I: Research on Emergence of Electronic Commerce
With the increase in use of internet, most business entities are turning to the internet for their trades. This led to the emergence of electronic commerce, abbreviated as e-commerce (Loh, 2006). However, as most businesses become more reliant on the internet, their business systems as well become more exposed to different threats such as viruses, systems attacks and frauds. It is important, therefore, that every business takes appropriate steps in ensuring adequate security measures are observed to protect it from such threats. The organization should be able to identify the possible security threats its systems may encounter at an early stage and take desirable steps and control measures to counterattack such threats (Bidgoli, 2002).
Electronic commerce refers to the process of buying and selling of goods and services through an electronic media, usually the internet. It as well pertains to any form of business transaction in which both parties interact through electronic means via computer networks rather than through physical contact. It is important to note that e-commerce is different from e-business, though the terms are used interchangeably (Liu & Yiming, 2001). E-business refers to use of information and communications technology (ICT) in an organization’s processes to enhance the delivery of value-added quality goods through computer networking. E-commerce involves conducting business transactions via the internet and may take different forms such as business-to-business (B2B), business-to-consumer (B2C), business-to-government, consumer-to-consumer (C2C), mobile commerce (M-commerce) among others. E-commerce has greatly grown due to its ability to overcome the barriers of time and distance in trade. It allows the trading partners to electronically exchange goods and services. E-commerce development has been catalyst by the enhancement and continued of the internet and web-based technologies (Rahman & Raisinghani, 2000).
Such electronic transactions require exchange of information through the internet, a process referred to as Electronic Data Interchange (EDI). EDI requires both businesses and customers to set up data link where they can exchange data and other important information. This exchange of information through the internet requires high level of security in order to ensure that privacy and confidentially of both parties in preserved. The integrity of the information is equally important. Proper security will ensure that any information reveal through the internet is properly used only by the intended parties (Shi & Murthy, 2003).
Part II: Security Risks Face in E-Commerce
Different businesses may face different threats. Generally, some network attacks may be irritant whereas others may be very harmful to the business. Some of the possible threats that a business may face include the following:
- Hackers interfering with the system
- Manipulation and deletion of crucial data from the systems databases
- Use of business computers, systems and networks by employees for malicious purposes and own benefit.
- Stealing of confidential information from the systems by hackers and crackers
- Manipulation of prices by hackers and frauds.
Common E-Commerce Security Controls
In order to ensure that adequate security is maintained in the e-commerce systems, a business entity should introduce security control that will help reduce such risks. Such controls, however, should not complicate the transaction process or the business activities in general. Some of the most common security controls that can be used in e-commerce are discussed below.
- User authentication
This involves various techniques that can be used identification and verification of persons accessing the e-commerce website or system. Trough authentication, the user is required to log in into the systems using a provided user name and password, both which should be valid at that particular time. It also involves use of digital signatures that would provide the user with unique log-in keys. In some cases, authentication may apply the use of personal identification number (PIN) and physical attributes, also known as biometrics, for instance fingerprint, for secure access in addition to use of passwords (Khosrowpour, 2004).
- Access control
This implies control of people who may access a given set of data within the system. In access control, a user who is already log-in may be required to prove identity in order to continue accessing other information within the same system. Access control tools include applications that ensure individuals have limited access to information that they are entitled to only. For example, a customer may be allowed to log into the systems but cannot be allowed to manipulate any information within that system. Such manipulation should be done by the systems administrators only. In applying the access control technique, different persons/users are given different access privileges to limit their access of information and what they can do while loge into the e-commerce systems.
- Data encryption
This refers to the process of translating data into a secret code which will require another secret code to read or decrypt. The encrypt data is called the cipher text while the unencrypted data is referred to as plain text. Data encryption may take two forms, namely asymmetric and symmetric. It is usually used to secure information transmitted via the internet or data stored in the computer.
- System Firewall
A firewall refers to a hardware device that is used to filter information that gets in and out of a given network. Through firewalls, external users are denied access to information stored within the internal network of an e-commerce system. In most cases, firewalls are used to provide protection for workstations within the system.
- Intrusion detection
There various techniques and tools that can be used to monitor attempts made to access to a system. Through intrusive detection, suspected log-ins and attacks can be easily controlled and monitored. Systems critics, however, propose that this is not the best tool for security control, because it post-attack and thus does not offer any prevention surety (Maiwald, 2004).
In conclusion, security in e-commerce should be enhanced through use of appropriate technologies that provide privacy and confidentiality of data. Security should be extended to the data storage hardware as well. System software must be properly managed and kept upto date, to prevent hackers who constantly discover new vulnerabilities in both new and existing systems. Generally, security should start within the organization itself.
Part III: Delivery of the Presentation
This project proposal shall involve detailed analysis of an e-commerce system of a reputable organization. The steps that would be followed include:
i)Identification of a reputable organization that uses an e-commerce system
ii)Finding out the design and layout of the system.
iii)Identification of possible areas of weakness in the system that makes it prone to threats
iv)Identification of possible threats and the actual threats that the system faces
v)Recommendation of possible solutions to curb such threats. These might be similar to the ones discussed above
vi)Designing and implementing a new e-commerce system that would withstand any future threats as per the recommendations.
vii)Finally, there shall be education of the systems users, including the customers on better ways to prevent, control and curb internet threats, as well how to improve security during transactions.