E-Commerce Security

Mr. Lokesh Rathore

MCA, MTech.

Associate Faculty

Institute of Computer Science,

Vikram University Ujjain

​

Elements �Threats�Best Practices

Presented by:

What id E-Commerce

• Buying and selling things on the internet instead of going to physical stores.
• People use websites or apps to shop for products or services online.
• Includes online buying clothes and gadgets, ordering food and booking services like flights or hotel rooms.

​

Some examples of E-Commerce

• Online Shopping: Amazon, Flipkart, or eBay.
• Food Delivery: Swiggy or Zomato.
• E-Ticket Booking: MakeMyTrip or IRCTC.
• Electronic Payments: PhonePe and Paytm
• Online Bookstores: Amazon Kindle or Flipkart Books.
• Video Streaming: Netflix, Disney+ and Amazon Prime Video.

People use these online services on internet using websites and Apps to by making transactions over the internet.

​

​

E-Commerce Functioning

Slide 5-4

E-Commerce Attacks

Slide 5-5

Elements of E-Commerce Security

• Confidentiality
• Authentication
• Integrity
• Nonrepudiation

Slide 5-6

Ecommerce security is a set of guidelines that ensures safe online transactions. Just like physical stores invest in security guards or cameras to prevent theft, online stores need to defend against cyberattacks. In order to protect your E-Commerce website from attack, you first need to know four key terms that are essential to understanding ecommerce security protocols.

Confidentiality

• Only the sender and intended recipient recipient(s) should be able to access the contents of a message.
• Confidentiality gets comprised if an unauthorized person(Attacker) is able to access a message.
• Protected by Encryption.

Authentication

• It establish proof of identities between sender and recipients while exchanging data over the internet.
• Fabrication is possible in absence of proper authentication
• Protected by Digital signature, digital certificate.

Integrity

• Integrity means that data cannot be modified/change without Authorization

​

Non-Repudiation

• It is a complex term used to describe the lack of deniability of ownership of a message, piece of data, or Transaction.

​

Security Threats in E-commerce Environment

• Three key points of vulnerability in e-commerce environment:
1. Client
2. Server
3. Communications pipeline (Internet communications channels)

Vulnerable Points in an E-commerce Transaction

Slide 5-12

Most Common Security Threats in the �E-commerce Environment

• Malwares like -Virus, Worm, Trojan horse, spyware, Adware, Ransomware
• Phishing
• Skimming
• SQL Injection
• Cross site scripting(XSS)
• Weak Password
• Brute force
• Denial of Services(DoS)
• Spoofing
• Spam (junk)
• Insider

Most Common Security Threats in the �E-commerce Environment

• Malicious code
• Virus: A malicious program that can replicate itself and infect other software or files.
• Worm: a self-replicating malware program that spreads independently through computer networks and can cause harm by consuming system resources or compromising security.
• Trojan horse: Looks like actual program but it be fake. Used to execute malicious code to harm system.
• Spyware: Malicious program that gathers information about a user's activities without their knowledge for the purpose of stealing sensitive information.
• Adware: Malicious program that displays advertisements on a user’s system.
• Ransomware: Malicious program that encrypts a victim's files or locks them out of their computer system, and then demands a ransom (usually in cryptocurrency) from the victim in exchange for a decryption key or to regain access to their data or system.

Most Common Security Threats in the �E-commerce Environment

• Phishing: Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication.
• Skimming: occurs when devices illegally installed on ATMs, point-of-sale (POS) terminals, or fuel pumps capture data or record cardholders' PINs.
• SQL Injection: Placement of malicious code in SQL statements, via web page input.
• Cross site scripting(XSS): Attacker put harmful code into websites, which can then harm users or steal their information when they visit those sites.
• Denial of Services(DoS): Attacker intentionally floods a computer system or network with excessive traffic or requests to overwhelm it, making it slow down or become inaccessible to legitimate users.
• Weak Password: your name, date of birth based on your identity
• Brute force: Attempting many times to crack your credentials
• Spoofing: Change Source ID by attacker ID.
• Spam: promise to offer products but are just full of ads
• Insider: attacks caused by employees

​

​

SQL Injection

Cross Site scripting(XSS)

Slide 5-17

Technology Solutions

• Cryptography:
• Protecting Internet communications using Encryption and decryption techniques.
• Convert Plain text into Cipher text using an algorithm with secrete key called encryption. (Hello🡪Ifmmp)
• Sender use private or public key of receiver for encryption then receiver use private key to decrypt sending message.
• It provides all 4 security features as confidentiality, authenticity, integrity and non repudiation.
• SSL(Secure Socket Layer), Digital Signature, Digital Certificate etc. are common example for securing data while transmitting over the internet.

​

Public Key Cryptography: A Simple Case

Secure Negotiated Sessions Using SSL/TLS

Firewalls and Proxy Servers

Slide 5-21

E-Commerce best practices

• Follow strong password policy.(use at least 8 character, one Capital letter, one small letter, one digit, one special symbol)- erWz#q12w
• Never share basic details on unknown link like DOB, Mobile number.
• Change password regularly.
• Never share OTP to untrusted person or website.
• Don’t share password with family members specially Childrens.
• Always use https://domainname.com not http://
• Try to type ecommerce website on address bar not search by using any search engine like google.
• Keep good antivirus and enable firewalls on system.
• Never click on any link received via message or email.
• Try to choose “cash on delivery” option for payment.
• Order items having return policies.
• Avoid the use of public wifi for internet connectivity.

​

Slide 5-23

Thank you