There are many security problems in electronic commerce:
1-The intent of the Internet is to give people remote access to information. The system is inherently open, and traditional approaches of restricting access by the use of physical barriers are less viable, though organizations still need to restrict physical access to their servers.
2- Electronic commerce is based on computers and networks, these same technologies can be used to attack security systems.
 |
Hackers can use computers to intercept network traffic and scan it for confidential information. They can use computers to run repeated attacks on a system to breach its security (e.g., trying all words in the dictionary for an account's password). |
Technical Components of E-Commerce Security
|
Four components involved in E-Commerce Security. |
|
Each component has its own set of issues and challenges associated with securing them. |
|
Client software is becoming increasingly more security-focused, however single-user desktop operating systems historically have had no security features implemented. E-Commerce software that relies on the security of the desktop operating system is easily compromised without the enforcement of strict physical controls. |
3.4 Implementing Electronic Commerce Security
|
Server software is constantly under test and attack by the user community. Although there have been cases of insecurities, a system administrator keeping up with the latest patches and vendor information can provide a high degree of confidence in the security of the server itself. |
|
Operating systems used for hosting E-Commerce servers are securable, but rarely shipped from the vendor in a default configuration that is secure. E-Commerce servers must protect the database of customer information accumulating on the server as well as provide security while the server is handling a transaction. If it is easier for a thief to compromise the server to obtain credit card numbers, why bother sniffing the network for individual credit card numbers? |
|
Session transport between the client and server uses network protocols that may have little or no built-in security. In addition, networking protocols such as TCP/IP were not designed to have confidentiality or authentication capabilities. |