Category: 

What are the Issues Surrounding Ecommerce Security?

Article Details
  • Written By: Amy Hunter
  • Edited By: Andrew Jones
  • Last Modified Date: 08 September 2016
  • Copyright Protected:
    2003-2016
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
Due to synthetic materials and furnishings, new homes burn about five times faster than those built 30 years ago.  more...

September 25 ,  1789 :  The US Bill of Rights was adopted.  more...

Ecommerce security is a concern for many online retailers. With the growing number of online transactions being conducted, the number of online attacks and frauds are increasing as well. It is important for online retailers to prevent ecommerce problems, because the loss of trust in an online vendor can result in the company going out of business. Ecommerce security is also a concern for purchasers because of the headache and wasted time that occurs when attempting to straighten out problems due to identity theft or computer hijacking.

Four areas make up ecommerce security: privacy, integrity, authentication, and non-repudiation. Privacy is the process of keeping unauthorized individuals from viewing information. Integrity is the act of securing a message so that it cannot be changed in route to its destination. Authentication means that the sending and receiving computers must recognize and identify each other. Non-repudiation is the proof that messages are received.

Six different forms of ecommerce security risks represent the greatest concern. Weak authentication and authorization is a major concern. Ways to recognize this problem are that the website allows users to make multiple log-in attempts without locking the account, or it does not pass session IDs over secure socket layers (SSL).

Ad

Another common ecommerce concern is cross-site scripting, or XSS. Cross site-scripting works on the assumption that we often do not understand what we are clicking on or agreeing to online. With cross-site scripting, a malicious script hijacks JavaScript, and will often pop up an "okay" box for the user to click on. The click allows the script to collect session cookies, or even redirect the browser to a malicious or phishing website. This is the type of security breach that occurs when people believe they are signing on to their bank or credit card website, but actually end up on a malicious site that looks identical to the one they believe they are visiting.

SQL injection occurs when the attacker inserts his own malicious SQL-meta characters into the code sent by a user. This code, if not rejected, allows the user to have backdoor access to the commerce site, potentially gaining access to credit card data and other transaction details. Price manipulation is another commerce problem that targets the commerce website. It allows the attacker to change the price in the online shopping cart. It modifies the payment information as it moves between the browser and the web server.

Buffer overflows are a basic ecommerce security concern that occurs when the attacker overwhelms the database with data. The script cannot handle the information, and generates an error message. The error message pinpoints the exact location of the error, allowing the attacker to access the administration area of the commerce site. The most aggressive and devastating form of ecommerce security vulnerability is when a web application attacks a computer, allowing the attacker to execute their own operating system commands on the user's computer.

Ad

You might also Like

Recommended

Discuss this Article

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email