E- commerce, which is simply the system of transacting business through the use of electronic and digital media as the computer and mobile devices, has become not just a necessary but also an effective means of global economic development. The astronomical growth of interconnectivity through the computer network (I.e., internet) has made e-commerce a veritable tool for quick business relationships to be formed without any form of physical contact. At the click of the mouse, business transactions ranging from banking, shopping and all manner of trading are carried out by millions of internet users on a daily basis. Due to the impersonal nature of communication over the internet, and obviously, these processes take place in a public yet remote and therefore, untrusted network; there are many security concerns involved. These concerns range from the verification for the identities of the people concerned, to the protection and validity of data in transfer. Despite the increasing use of the internet in business transactions, a major security issue with e-commerce activities is associated with confidentiality of electronic payment details. Globally, security concerns continue to persist with many consumers still reluctant to impart credit card information over the Internet and mobile devices. This paper will discuss fundamental security threats associated with the increasing reliance of e-commerce for business transactions and various ways to minimize these threats. While we shall look generally at security threats and how they affect the various parties in an e-business transaction, our focus in this paper is on customer-to-business transactions over the internet and electronic payment systems that involves the exchange of value between consumers/customers and businesses.
E-COMMERCE AND BUSINESS COMMUNICATION
E-commerce thrives on the ability of the internet to ensure effective business communication between parties to a transaction. Consequently, threats or attacks to the information / communication system such as the internet can be considered a direct threat to e-commerce activities. Common security threats to internet users include : Eavesdropping - intercepting and reading messages intended for other computer user / hosts; Masquerading - sending/receiving messages using another computer host’s identity; Message tampering - intercepting and altering messages intended for other computer users Replaying - using previously sent messages to gain another computer user’s privileges; Infiltration - abusing a computer host’s authority in order to run hostile or malicious programs; Traffic analysis - observing the traffic to/from a principal; Denial-of-service - preventing authorized principals from accessing various resources. It is noteworthy to mention that the internet is a constantly and rapidly changing environment. Hence, the average internet and e-commerce user is always exposed to new and more efficient attacks. This presents a very potent security concern requiring very dynamic security solutions to cope with evolving vulnerabilities. There are currently various security options and services to help mitigate some of the risks above. The International Organization for Standardization defines the following basic security services: Authentication - ensures that a principal’s identity or data origin is genuine; Access control - ensures that only authorized principals can gain access to protected resources; Data confidentiality - ensures that only authorized principals can understand the protected data (also called privacy); Data integrity - ensures that no modification of data has been performed by unauthorized principals; Nonrepudiation - ensures that a principal cannot be denied from performing some action on the data (e.g., authoring, sending, receiving)
ELECTRONIC PAYMENT SYSTEMS
Electronic payment systems have evolved from traditional payment systems, and consequently the two types of...