The Blogger

My photo
Davao City, Region XI, Philippines

Thursday, April 24, 2008

E-commerce Security: The Threats and Defenses

The Business World and the World of Technology are now merging towards improving the lives of the many. It is not new to us that business transactions can be done through the internet. This makes the lives of every businessman convenient while earning a lot of money. However, due to the advent of hacking, there are now risks. There’s a need for a stricter security.

According to Business Link (http://www.businesslink.gov.uk/), these are the common threats that hackers pose to e-commerce systems:

• carrying out denial-of-service (DoS) attacks that stop access to authorized users of a website, so that the site is forced to offer a reduced level of service or, in some cases, ceases operation completely
• gaining access to sensitive data such as price lists, catalogues and valuable intellectual property, and altering, destroying or copying it
• altering your website, thereby damaging your image or directing your customers to another site
• gaining access to financial information about your business or your customers, with a view to perpetrating fraud
• using viruses to corrupt your business data

These threats have big impact in the business using e-commerce. Business Link offers the possible consequences that businesses may encounter if there e-commerce systems were hacked:

• Direct financial loss as a consequence of fraud or litigation.
• Subsequent loss as a result of unwelcome publicity.
• Criminal charges if you are found to be in breach of the Data Protection or Computer Misuse Acts, or other regulation on e-commerce.
• Loss of market share if customer confidence is affected by a DoS attack.

There are different potential methods that an attacker or hacker may use. According to IBM (http://www.ibm.com/), the methods are as follow:

• Tricking the shopper
• Snooping the shopper's computer
• Sniffing the network
• Guessing passwords
• Using denial of service attacks
• Using known server bugs
• Using server root exploits

Despite these strategic potential methods of hackers, there are defenses that could be done to prevent these hackers from getting into your system:

• Install personal firewalls for the client machines.
• Store confidential information in encrypted form.
• Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site.
• Use appropriate password policies, firewalls, and routine external security audits.
• Use threat model analysis, strict development policies, and external security audits to protect ISV software running the Web site.

But still education is the best defense you could possibly have because if you are well-informed and knowledgeable of the precautions, definitely no wise hacker can enter your system.

$6.00 Welcome Survey After Free Registration!

Related Posts by Categories



Widget by Scrapur

0 comments:

 
ss_blog_claim=26c21e25ef3a5bf657881383f1111e4c