One of the most popular activities on the online is shopping invention of the very old notion of “sell and buy” process of execution of commercial transactions electronically appeared in the late 1970s and allowed business companies and organizations to send commercial documentation electronically. History Electronic Data Interchange Electronic Funds Transfer appeared in the late 1970s and allowed business companies and organizations to send commercial documentation electronically.
Commercial enterprise on the Internet was strictly rohibited until 1991 around 1994 when the first internet online shopping started it took about five years to introduce security protocols end of 2000, many European and American business companies offered their services through the World Wide Web Timeline (http://en. wikipedia. org/wiki/Electronic_commerce) Types of E-commerce Business to Consumer (B2C) Business to Business (82B) Consumer to Consumer (C2C) peer to peer (P2P) mCommerce USbased multinational electronic commerce company Jeff Bezos founded Amazon. com, Inc. in 1994 and launched it online in 1995 originally named Cadabra,
Books music Cds videotapes and DVDs Almost anything under the sun. portable ebook reader. software, hardware and network platform developed by Amazon. com subsidiary Lab126 online auction website first items sold on eBay was a broken laser pointer for $14. 83 Chris Agarpao was hired as eBay’s first employee Jeffrey Skoll was hired as the first Pierre Omidyar president Meg Whitman was hired as eBay President and CEO in March 1998 Millions of collectibles, decor, appliances, computers, furnishings, equipment, vehicles, and other miscellaneous items are listed, bought, or old daily on eBay. 005, eBay launched its Business & Industrial category, breaking into the industrial surplus business. Generally, anything can be auctioned on the site as long as it is not illegal and does not violate the eBay Prohibited and Restricted Items policy. E-commerce Security Issues A secure system accomplishes its task with no unintended side effects. In the software development community, it describes the security features of a system. Common security features are ensuring passwords that are at least six characters long and encryption of sensitive data.
Customer Security: Basic Principles privacy: information must be kept from unauthorized parties. integrity: message must not be altered or tampered with. authentication: sender and recipient must prove their identities to each other. nonrepudiation: proof is needed that the message was indeed received. Securities On-line Certificates Secure Socket Layers PCI, SET, Firewalls and Kerberos Practical Consequences The merchant is always responsible for security of the Internetconnected PC where customer details are handled Where customers order by email, information hould be encrypted.
Where credit cards are taken online and processed later, it’s the merchant’s responsibility to check the security of the hosting company’s webserver. The criminal incentive Why is ecommerce vulnerable? Is ecommerce software more insecure compared to other software? Incentives of an ecommerce exploit are a bargain compared to other illegal opportunities Something to think about.
Common Robbery Online access to a computer and an Internet connection tools necessary to perform an attack Bank branches do not keep a take a penny from every account t any one of the major banks lot of cash on hand local bank robber is restricted can rob a bank in another to the several branches country requires careful planning and make himself anonymous and the source of the attack untraceable precautions detailed building maps and city maps of his target easily and freely finds information on hacking and cracking.
Points the attacker can ta rget Shopper Shopper’s computer Network connection between shopper and Web site’s server Web site’s server Software vendor Attacks Snooping the shopper’s computer Sniffing the network Guessing passwords Using denial of service attacks Using known server bugs Tricking the shopper Using server root exploits Attacks and their defenses Install personal firewalls for the client machines.
Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer Use appropriate password policies Use threat model analysis, strict development policies, and external security audits Assignment Create your own password policies. Practices you can implement to help secure your site. 7 pages. This is in LaTex format. Include your resources.