Chapter 5 Electronic Commerce | Security Source: E-Commerce by K.C Laudon Organize by - Qasim Rafique System Analyst (Hailey College of Commerce | University of the Punjab

What is Security The state of being free from danger or threat. In information technology, security is the protection of information assets through the use of technology, processes, and training. Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

E-Commerce Security E-commerce security is the protection of e-commerce assets from unauthorized access, use, disclose, alteration, or destruction. Protection of E-Commerce Environment such as : Client Computer (Customer) Communication Pipeline (Internet) Server Computer (Merchant) Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

Dimension of E-Commerce Security Integrity Non – Repudiation Authenticity Confidentiality Privacy Availability Achieved through Encryption Technique i.e SSL Certificate - means Pages that contain https Protocol Depend on Merchant Credibility & Hardware, Software Infrastructure Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

Integrity prevention against any one party from denying on an agreement after the fact This is the ability to ensure that information being displayed on a Web site or being transmitted/received over the Internet has not been altered in any way by an unauthorized party. Integrity ensures data remains as is from the sender to the receiver. Example 1: Postman Change the Letter content before delivering the post. Example 2: Customer Place $25 Order Amount on a website but Merchant Received $100 Order Amount. Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall

Non – Repudiation prevention against any one party from denying on an agreement after the fact the ability to ensure that e-commerce participants do not deny their online actions. Example 1:An example of a repudiation incident would be a customer ordering merchandise online and later denying that he or she had done so. Example 2: Postman deliver the Post but Receiver denied . Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

Authenticity authentication of data source Authenticity is the ability to identify the identity of a person or entity you are transacting with on the Internet. Example 1: One instance of an authenticity security breach is “spoofing,” in which someone uses a fake e-mail address, or poses as someone else. This can also involve redirecting a Web link to a different address. Example 2:One instance of an authenticity security breach in which postman deliver the mail to a wrong address. Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

Confidentiality protection against unauthorized data disclosure Privacy concerns people or control over information, whereas confidentiality concerns data. Confidentiality: The ability to ensure that messages and data are available only to authorized viewers. One type of confidentiality security breach is “sniffing” in which a program is used to steal proprietary information on a network including e-mail messages, company files, or confidential reports. Example 1: Bank send credit card pin on your address but someone (postman etc) read it. (it is breach of confidentiality) Example 2: During Transaction some one hack your credit card detail from the communication pipeline(Internet) through some sniffing programs(Software’s) and no one (Customer, Merchant) knows it happened. Copyright © 2015Pearson Education, Inc. Publishing as Prentice Hall

Privacy provision of Customer Personal data control and disclosure The ability to control the use of information a customer provides about him or herself to an e-commerce merchant. Example 1: A hacker breaking into an e-commerce site and gaining access to credit card or other customer information. This violates the confidentiality of the data and also the privacy of the people who supplied the data. Example 2: Merchant disclose the personal information (profiles) of customers or sell them for financial gain. Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall

Availability prevention against data delays or removal This is the ability to ensure that an e-commerce site continues to function as intended. Availability ensures you have access and authorized to resources. Example 1 :One availability security breach is a DoS (Denial of Service) attack in which hackers flood a Web site with useless traffic that causes it to shut down, making it impossible for users to access the site. Example 2:If the post office destroys your mail or the postman takes one year to deliver your mail, he has impacted the availability of your mail. Example 3: insufficient Webservers leads to un-availability of website to customers. Copyright © 2015 Pearson Education, Inc. Publishing as Prentice Hall