E Commerce Threats

Topics

• Security Issues

• E-Commerce Threats
 Security in Cyberspace
• The field of electronic security focuses on designing
measures that can enforce security policies.
• Security in e-commerce generally employs
procedures such as authentication, ensuring
confidentiality, and the use of cryptography to
communicate over open systems.
•The electronic system that supports
e-commerce is susceptible to abuse and failure in
many ways
 Security in Cyberspace
 The electronic system that supports e-commerce is
susceptible to following threats:
• Fraud
– Resulting in direct financial loss.
– Funds might be transferred from one account
to another, or financial records might simply
be destroyed.

Electronic Business MS114

 Security in Cyberspace
• Theft
– Theft of confidential, proprietary, technological, or
marketing information belonging to the firm or to
the customer.
– An intruder may disclose such information to
a third party, resulting in damage to a key
customer, a client, or the firm itself.
• Disruption
– Disruption of service resulting in major losses
to business or inconvenience to the customer.
Electronic Business MS114
 Security in Cyberspace
• Loss
– Loss of customer confidence stemming from
illegal intrusion into customer files or company
business, dishonesty, human mistakes, or network
failure.

Electronic Business MS114

 Security Issues
Security concerns generally include the following
issues:
• Confidentiality
– Knowing who can read data.
– Ensuring that information in the network remains
private.
– This is done via encryption.
• Identification and Authentication
– Making sure that message sender or principal are
authentic.
Electronic Business MS114
 Security Issues
• Availability
– System resources are safeguarded from tampering
and are available for authorized users at the time
and in the format needed
• Integrity
– Making sure that information is not accidental or
maliciously altered or corrupted in transit.
• Access Control
– Restricting the use of resources to authorized
principals.
Electronic Business MS114
 Security Issues
• Nonrepudiation
– Ensuring that principal cannot deny that they sent
the message.
• Privacy
– Individual rights to nondisclosure
• Firewalls
– A filter between corporate network and the
Internet to secure corporate information and files
from intruders but allowing access to authorized
principals.
Electronic Business MS114
 Security Threats in the E-commerce
Environment
• Three key points of vulnerability:
– Client
– Server
– Communications channel
• Most common threats:
– Malicious code
– Hacking and cybervandalism
– Credit card fraud/theft
– Zombied PC
– Phishing
– Denial of service attacks
– Sniffing
– Spoofing
Electronic Business MS114
 A Typical E-commerce Transaction

Electronic Business MS114

 Vulnerable Points in an E-commerce Environment

Electronic Business MS114

 Malicious Code
• Virus-
– It is a software program which attach it self to other
programs without the owner of program being aware of it.
– When the main program is executed the virus is
spread causing damage.
• Worms –
– designed to spread from computer to computer
– It can spread without any human intervention.
– It can propagate through network and can affect hand held
devices.
• Trojan horse-
– It is software that appears to perform a desirable function
for the user prior to run or install.
– Perhaps in addition to the expected function,
steals information or harms the system
 Malicious Code
• Bad applets (malicious mobile code)-
– malicious Java applets or ActiveX controls that may be
downloaded onto client and activated merely by surfing to a
Web site

Electronic Business MS114

 Examples of Malicious Code

Business MS114

Electronic
 Hacking and Cybervandalism
• Hacker: Individual who intends to gain unauthorized access to
a computer systems
• Cracker: Used to denote hacker with criminal intent (two
terms often used interchangeably)
• Cybervandalism: Intentionally disrupting, defacing or
destroying a Web site

• Types of hackers include:

– White hats – Members of “tiger teams” used by corporate
security departments to test their own security measures
– Black hats – Act with the intention of causing harm
– Grey hats – Believe they are pursuing some greater good
by breaking in and revealing system flaws

Electronic Business MS114

 Credit Card Fraud
• Fear that credit card information will be stolen deters
online purchases
• Hackers target credit card files and other
customer information files on merchant servers; use
stolen data to establish credit under false identity
• One solution: New identity verification mechanisms

Electronic Business MS114

 Kinds of Threats or Crimes
• Zombied PC’s - A zombie computer (often
shortened as zombie) is a computer connected to the
Internet that has been compromised by a hacker,
computer virus or Trojan horse.
– Generally, a compromised machine is only one of many in a
botnet and will be used to perform malicious tasks of one sort
or another under remote direction. Most owners of zombie
computers are unaware that their system is being used in
this way. Because the owner tends to be unaware, these
computers are metaphorically compared to zombies.

Electronic Business MS114

 Kinds of Threats or Crimes
• Phishing - is the criminally fraudulent process of
attempting to acquire sensitive information such
as usernames, passwords and credit card details
by masquerading as a trustworthy entity in an
electronic communication
– Phishing is typically carried out by e-mail or
instant messaging, and it often directs users to enter
details at a fake website whose look and feel are almost
identical to the legitimate one.
– Phishing is an example of social engineering
techniques used to fool users, and exploits the poor
usability of current web security technologies.
Electronic Business MS114
 Kinds of Threats or Crimes
• DoS - A denial-of-service attack (DoS attack) or distributed
denial-of-service attack (DDoS attack) is an attempt to make
a computer resource unavailable to its intended users.
– Although the means to carry out, motives for, and targets of
a DoS attack may vary, it generally consists of
the concerted efforts of a person or people to prevent
an Internet service or service from functioning efficiently or
at all, temporarily or indefinitely.
– Perpetrators of DoS attacks typically target sites or services
hosted on high-profile web servers such as banks,
credit card payment gateways, and even root name servers.

Electronic Business MS114

 Kinds of Threats or Crimes
– The term is generally used with regards to
computer network, but is not limited to this field, for
example, it is also used in reference to CPU resource
management.
– One common method of attack involves saturating the
target machine with external communication requests, such
that it cannot respond to legitimate traffic, or responds
so slowly as to be rendered effectively unavailable.
 Kinds of Threats or Crimes
• Sniffing:
– type of eavesdropping program that monitors
information traveling over a network; enables
hackers to steal proprietary information from anywhere
on a network
• Spoofing:
– Misrepresenting oneself by using fake e-mail addresses or
masquerading as someone else
 Summary
These slides discussed about the security issues like
fraud & theft of information & Electronic commerce
threats like denial of service attack.