E-Commerce Security

Requirement

  • Privacy / Confidential / Access Control: Information should not be assessible to unauthorized user.
  • Authenticity: The mechanism to authenticate user
  • Integrity / Audibility: prevention against unauthorized data modification
  • Non-repudiation: prevention against any one party from reneging on an agreement after the fact
  • Availability:  The information should be available within time limit specified

Solution

  • Encryption
  • Digital Signature
  • Security Certificates

Security Issues

  • home-banking system that stores a user’s account number in a Web “cookie” which hostile web-sites can crack
  • ineffective encryption or lack of encryption for home wireless networks
  • mail-borne viruses that can steal the user’s financial data from the local disk and even from the user’s keystrokes
  • When a consumer makes an online purchase, the merchant’s web-server usually caches the order’s personal information in an archive of recent orders
  • encrypted e-commerce connections do little to help solve any but network security problems

Reference: