Security Issues in E-commerce

E-commerce is nothing but buying and selling products or services over electronic systems such as Internet. Nowadays, wide variety of commerce is conducted via e-Commerce. E-commerce systems are based upon internet use developed by ecommerce solution providers in India and across globe, which provides open and easy communications on a global basis. Consumers browse through catalogues, searching for best offers, order goods and pay them electronically.

Doing some electronic business on the Internet is already an easy task. As is cheating and snooping. The use of the internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. So threats to e-Commerce systems are increasing day by day.

Some of the more common threats  to e-commerce systems include:

• Carrying out denial-of-service (DoS) attacks that stop access to authorised users of a website, so that the site reduces level of its service.
• Gaining access to sensitive data such as price listing, service catalogues and valuable intellectual property and altering, destroying or copying it
• Altering your website and so harming your reputation or directing your customers to another site
• Gaining access to financial information about your business or your customers, with a view to committing a fraud
• Using viruses to corrupt your business data

Security of E-commerce is protecting e-commerce assets from unauthorized access, use, alteration, or destruction. Some major security features are as follows:

• Authentication:
  Verifies who you say you are.
  It enforces that you are the only one who can login to your Internet banking account.
• Authorization:
  Allows only you to manipulate your resources.
  This can help you prevent increasing the balance of your account or deleting a bill.
• Encryption:
  Deals with information hiding.
  It ensures cardholder data is hidden during Internet banking transactions.
• Auditing:
  Keeps a record of operations. 
  Sellers use auditing to confirm that you bought specific merchandise.
• Integrity:
  Prevention against unauthorized data alteration.
• Non-repudiation:
  Prevention against any one party from disagreeing on an agreement after the fact.
• Availability:
  Prevention against data delays or removal.

There are majorly three types of security threats for e-Commerce:

1. Denial of service
2. Unauthorized access
3. Theft and fraud

Denial of service attack:

Two primary types of DOS attacks: spamming and viruses

Spamming:

• Sending unsolicited emails to everyone.
• A hacker responsible for E-mail bombing targeting one computer or network, and sending many number of email messages to it.
• Surfing involves hackers placing software agents onto a third-party system and setting it off to send requests to a specific target.
• DDOS (distributed denial of service attacks) involves hackers placing software agents onto a number of third-party systems and setting them off to simultaneously send requests to an intended target.

Viruses:

• Compromised computer programs designed to perform unwanted events.

Unauthorized access:

• Illegal access to systems, applications or data
• Listening to communications channel for finding secrets.

Theft and fraud:

• Cardholder data theft during online shopping using e-Commerce.
• Fraud occurs when the stolen data is modified or misused.
• Steal software via illegal copying from company‘s servers.
• Steal hardware, specifically laptops.

Conclusion:

There are so many security issues going on in e-Commerce. This is very major concern for ecommerce solution providers in India and across globe. So there should be some security mechanisms to overcome these security issues.

References

Books

[1] E-Commerce Payment Solutions Implementation and Integration Using IBM Websphere Payment Manager, IBM Redbooks, Vervante

[2] http://www.mastercard.com/us/company/en/newsroom/McWilton_Future_of_Electronic_Payments_whitepaper.pdf

[3] http://thismatter.com/money/banking/payment-systems.htm

[4] http://www.wired.com/2010/02/ff_futureofmoney

[5] https://en.wikipedia.org/wiki/Apple_Pay

[6] http://zeendo.com/info/googles-mobile-payment-system-past-present-and-future

[7] http://sixrevisions.com/tools/online-payment-systemsBooks

URL

[1] E-Commerce Payment Solutions Implementation and Integration Using IBM Websphere Payment Manager, IBM Redbooks, Vervante

[2]http://www.mastercard.com/us/company/en/newsroom/McWilton_Future_of_Electronic_Payments_whitepaper.pdf

[3] http://thismatter.com/money/banking/payment-systems.htm

[4] http://www.wired.com/2010/02/ff_futureofmoney

[5]https://en.wikipedia.org/wiki/Apple_Pay

[6] http://zeendo.com/info/googles-mobile-payment-system-past-present-and-future

[7] http://sixrevisions.com/tools/online-payment-systems

[8]http://www.ifourtechnolab.com/

Emerging payment challenges

As the Business-to-Consumer (B2C) commerce model progresses, further complex requirements will be made on the payments software of the future. The following sections,suggested by software development companies, outline real-life payments scenarios that will require electronic payments solutions in any payment system of the future.

Manufacturers’ coupons

When customers purchase products from Internet or ecommerce development company , at that time they can use manufacture coupons to discount the amount. The coupons often have expiration date.

For supporting these feature the payment system require to be have knowledge of the item details of shopping cart so that the coupon can be authorized and redeemed for payment.

Deferred credit 

Retails sector provide buy-now, pay –later offers same way online store also provide same concept over Internet.  Customer provide details of credit card and direct payment would need to be collected by commerce store and a method of indicating to the payment system that the purchase is a deferred credit purchase  Decisions on where the order would lie dormant would need to made. The e-commerce system not holds the information. Therefore the merchant would require some form of authorization check on the consumer’s payment details before the goods were released to the customer.

Multiple payments installments 

Many time customers want purchase product on EMI base. In online store they provide such facility only on debit card. The challenge is how to provide multiple payments installments and how the payment does keeps system track of the regular payments and notify the merchant/consumer of any failures.

Future payments

Following are few other payment options suggested by eCommerce solution provider companies.

E-Money

In credit/ debit card payment transaction, issuing bank charges the merchants a significant fee for each transaction, therefore cards are not good way to sell items for little money. Because of this transaction charge numerous businesses comes in market with special services e-money.

PayPal is successful business that allows people to send money to other people or to merchants without a merchant account with a bank.

Bitcoins and Crypto currencies

Another type of installment getting media consideration as of late is through the utilization of bitcoins or different crypto currencies. A percentage of the primary points of interest progressed for bitcoin are that:

The supply is entirely constrained and not controlled by the government.

Bitcoins are often divided into smaller payments, permitting micro-payments, and

The expense of exchanges are greatly low.

Wireless payments

Payments which are done through wireless device are known as wireless payments.  For example when you want to take dinner in restaurant but you have no money with you at that time. You do, however mobile phones have with you so you can transfer money from mobile using NFC or via your own bank account.

Today two Apple provides this concept through apple pay and Google via Google wallet.

Apple Pay

Apple Pay could be a mobile payment service that lets sure Apple mobile devices build payments at retail and on-line checkout. It digitizes and replaces the credit or debit magnetic tape card group action at MasterCard terminals. The service lets Apple devices wirelessly communicate with purpose of sale systems employing a close to field communication (NFC) antenna, a "dedicated chip that stores encrypted payment information" (known because the Secure Element), and Apple's Passbook and Touch ID.

The administration keeps customer installment information non-open from the distributer, and makes a "dynamic security code [...] produced for each exchange". Apple would not track use, which may keep between the customers, the sellers, furthermore the banks.

Google mobile payment system

This Google Mobile installment framework is in light of the NFC (Near Field Communication), the innovation that permits exchanging data remotely starting with one gadget then onto the next. Furthermore, yes, it bodes well for an organization like Google to make its invasion into this field. The acquiring routine of individuals is completely cherished data for the promoting organizations. These organizations can use the data gathered by Google to market their items and administrations.

Google wallet mobile payments

Google Wallet is a cell phone application that transforms your telephone into a virtual MasterCard/card-less paying gadget Google Wallet will have this image at the clerk:

To pay, you just tap the Google Wallet application on your telephone, punch in a 4-digit PIN code to open it, and touch the telephone to the terminal. This will send a safe installment by means of Near Field Communication (NFC). A Google Prepaid Card is really a virtual card in which you include fiscal trusts from any of your current charge cards.

The New Ways to Pay

 eCommerce solution provider companies suggest following new ways to make payment online.

Twitpay

Using Twtipay, user can transfer money to friend’s paypal account.

Zong

Zong allows customers to provide payment through their phone number instead of credit card details. And the charges reflect on their monthly bill.

Square

Square is ¾ inch cube, which can convert your iPhone into credit card reader.

GetGiving

This mobile application uses for charities to accept small amount donation from public without taking any credit card transaction fee.

Hub Culture

Hub Culture provides users to virtual currency, so they can avoid fees of swapping dollars for rupees.

Electronic payments and their value

If Electronic Payments not exist then

• E-commerce doesn’t exist. It would become very difficult to process online payments for eCommerce solution providers. 
• You can’t purchase product or services online.
• You can’t reserve hotel room or air tickets.
• You can’t perform banking transactions.

Impact of Electronic payment

• A low cost for businesses for software development company.
• A higher exchange of goods and services.
• Transaction can perform easily without geographic boundaries.
• Easy way to manage transactions.
• Unlike cheques, electronic payments don’t ‘bounce’ – as payments will not be effected unless the funds are available in the first place , validation made by payment system development company.

Terminology for Online Payment Systems

• ACH payments
  ACH stands for Automated Clearing House. It provides customers to make payment from their bank accounts by using electronic credit and debit transfers. ACH payments commonly uses for monthly- and subscription-based transactions like online loan repayment, bill payment system developed by software development company. It is used for B2B, B2C and P2P payments.  ACH payments do not provide real time authorization of funds like credit card.

• Merchant Account
  
  A merchant account is a bank account through that customer can receive payments through credit or debit cards. It comes under an agreement between an acceptor and a merchant’s bank for settlement of credit / debit card transactions. In many process it act as merchant account as well as payment gateway.

• Payment Gateway
  
  A payment gateway provides secure way to pass credit/ debit card details to perform transaction between merchants and customer and also between merchant and the payment processor. It comes in middle level between merchant and bank.
• Payment Processor
  
  It is a company which allows merchant to perform credit/debit card transactions. It provides protection from fraud to the customer and merchant.
• PCI compliance
  When payment gateway or merchant starts their working environment, at that time they meet the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a information security standard for organizations that handle branded credit cards from the major card schemes including American Express, Discover, Visa, and MasterCard.