Barriers to entering e-commerce are comparatively low, but new opportunities can be accompanied by new risks. Risk assessment means listing all of the risks a business might face and assigning varying degrees of importance to them. Risk management means prioritizing these risks and formulating policies and practices to balance and mitigate them. Every business can benefit from conducting a risk assessment of their e-commerce systems, although smaller businesses may not need to implement some of the more sophisticated techniques described in this guide. Under written are the risks that you need to be aware of or ask your e-commerce developer about. It also explains how risk assessment and management can help in recognizing and quantifying the risks and how to balance them against the potential gains. However, e-commerce has unavoidably invited its share of trouble makers. As much as e-commerce simplifies transactions, it is occasionally plagued by serious concerns that jeopardize its security as a medium of exchanging money and information. Identifying risks in e-commerce
Today's threats to e-commerce systems include:
Physical threats - threats posed to the IT infrastructure by, for example, fire or flood. Data threats - threats posed to software, files, databases, etc by viruses, Trojans and so forth. Errors by people, eg employees clicking on links within messages received on social networking websites that are found to be malicious or the accidental deletion of data by an employee. Technical failure, eg software bugs.
Infrastructure failures, eg server crashes.
Credit card and payment fraud.
Malicious attacks from inside or outside your business. Hacker threats should your computers become part of a larger group of infected, remote-controlled computers known as a botnet. Typical threats to e-commerce systems
Risk to corporate information and intellectual property from internal staff and trading partners. It is difficult to control how sensitive information will be handled by third parties or contract workers. Few organizations have systems in place to ensure common standards in vetting staff and provide security mechanisms between trading partners. Hacker exploitation of errors in software application design, technical implementation or systems operation. In addition, vulnerabilities in technical security mechanisms and operating systems are now widely published for anyone to read or experiment with. Website defacement - where the corporate image or messages on the website are changed - and virus attacks can lead to commercial embarrassment and damage to the way the business is viewed by its trading partners and the public. Denial-of-service attacks - which use a flood of false messages to crash a business' systems - can have a devastating impact upon a business, especially if it is dependent on its e-commerce system. The growth of the internet means that there are wider opportunities to mount such an attack, with the anonymity afforded by the internet meaning that there is a correspondingly lower risk of traceability. Hackers are increasingly using botnets - a group of computers infected with malicious software and controlled remotely - to cause these attacks. They are also operating the attacks in such a manner so that servers aren't crashing but slowing down considerably. Breach of Security:
Also, Payment gateways are vulnerable to interception by unethical users. Cleverly crafted strategies can sift a part or the entire amount being transferred from the user to the online vendor. Identity thefts
Hackers often gain access to sensitive information like user accounts, user details, addresses, confidential personal information etc. It is a significant threat in view of the privileges one can avail with a false identity....