E-Commerce Security

What do means by E-Commerce Security and what measure Taken for This Purpose?

When connecting your computer to a network, it becomes vulnerable (exposed) to attack.

In a typical e-Commerce experience, a shopper proceeds to a Web site to browse a catalog and make a purchase. This simple activity illustrates the four major players in e-Commerce security. One player is the shopper who uses his browser to locate the site. The site is usually operated by a merchant, also a player, whose business is to sell merchandise to make a profit. As the merchant business is selling goods and services, not building software, he usually purchases most of the software to run his site from third-party software vendors. The software vendor is the last of the three legitimate players. The attacker is the player whose goal is to exploit the other three players for illegitimate gains. Figure 2 illustrates the players in a shopping experience.

As mentioned, the vulnerability of a system exists at the entry and exit points within the system. In the e-Commerce system with several points that the attacker can target:

Shopper

Shopper’ computer

The network connection between shopper and Web site’s server

Web site’s server

Software vendor

Your system is only as secure as the people who use it. Education is the best way to ensure that your customers take appropriate precautions:

Install personal firewalls for the client machines.

Store confidential information in encrypted form.

Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site.

Use appropriate password policies, firewalls, and routine external security audits.

Use threat model analysis, strict development policies, and external security audits to protect ISV software running the Web site.