Thursday, September 12, 2019

E-commerce security and fraud protection Term Paper

E-commerce security and fraud protection - Term Paper Example E-commerce refers to the buying and selling of goods and services by via electronic platforms such as the Internet and other computer-based networks (Schneider, 2011). It has grown to be a necessary tool for efficiency in business. However, this platform has been faced with a myriad of challenges with Moftah, Abdullah and Hawedi (2012) indicating that the problems relate to consumers’ protection in their transactions which call for trust and privacy across the different geographical locations. Mohapatra (2013) argues that e-commerce transactions have been constrained by security, with consumers wary of the privacy of their personal information and the use of credit cards to make online purchases. The increased use of mobile devices has even further complicated security provision in e-commerce. Thus, a secured system would be needed to enhance e-commerce growth. E-commerce is online, thus accessible to the general public. The increase in cyber crime has also seen an increase in security threats in e-commerce. According to Mohapatra (2013), amounts reported globally, largely from frauds and hacking in e-commerce, stand at over $ 388 billion per year. As such, e-commerce has suffered the resultant liabilities, loss of trust and additional cost for clean-up. This calls for an effective security systems that would protect consumers and merchants from such losses. According to Schneider (2011), such a system would be pegged on a complex interaction of several database management systems, applications development platforms, network infrastructure and systems software. This encompasses preservation of integrity, confidentiality and availability of computer and data resources, referred to as the security triad. Further to this, there would be need for non-repudiation, access control and privacy. Access Control Approaches The first way in which e-com merce has been secured and protected against fraud is through access control. Physically, access control would involve the restriction of an unauthorized person into a building, property or room. In a similar manner, e-commerce has applied several technologies that control access to Internet resources, including authorization, authentication and audit (Farshchi, Gharib and Ziyaee, 2011). The model in this case entails the subjects, these being entities that could perform an action on the system, and objects, these being entities to which access needs to be controlled. Both of these should be taken as software entities as opposed to human users since a human user would only have an impact on the system through software entities on which they have control. First, user IDs, passwords, biometrics and tokens have been used to authenticate an individual. As observed by Mohapatra (2013), authentication involves what the user knows such as a password, what a user possesses such as a token o r what the user is, such as biometric characteristic. The user ID/password approach verifies a user against a set of ID and password. This has however been noted to be the least secure technique in e-commerce because of the threat of guessing, eavesdropping, external disclosure, host compromise and replay attacks (Schneider, 2011). Thus, user IDs and passwords could be combined with physical tokens, creating a multiple factor authentication so as to

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.