· Jack Young · Education · 6 min read
Unit 8 (M2): Security in E-Commerce Systems
Discuss how security issues in e-commerce can be overcome.
Security Issues
Discuss how security issues in e-commerce can be overcome (M2)
Protection of Hacking
To avoid being hacked, make sure you do the following points to be secure:
- Before connecting your computer to the Internet, it’s important to install a firewall.
- Install antivirus software and keep it up-to-date.
- Consider using an Internet email account as your primary email account instead of using an email program on your computer.
- Only open email attachments from people you know; even then, you should scan the attachment with an antivirus program before opening it.
- Choose better passwords.
Viruses
Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it’s from and you are expecting it.
To help avoid computer viruses, it’s essential that you keep your computer current with the latest updates and antivirus tools, stay informed about recent threats and that you follow a few basic rules when you surf the Internet, downloading files and opening attachments.
Identity Theft
Identity theft is any kind of fraud that results in the loss of personal data, such as passwords, user names, banking information, or credit card numbers. Thieves have always found ways to illegally acquire people’s personal information through confidence scams, stealing mail from mailboxes, or even looking through trash cans or dumpsters. Now that identity theft has moved online criminals can scam greater numbers of people, which makes it much more profitable.
Firewall
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you can’t start Windows Firewall or you are getting an error, use our free tool to diagnose and fix problems.
If you use a computer at home, the most effective and important first step you can take to help protect your computer is to turn on a firewall. Windows Vista or higher have a firewall built-in and turned on by default. If you have more than one computer connected in the home, or if you have a small-office network, it is important to protect every computer. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.
If your computer is part of a business, school, or other organisational network, you should follow the policy established by the network administrator.
HTTPS / SSL
HTTPS is short for Hypertext Transfer Protocol over Secure is a secure method of accessing or sending information across a web page. All data sent over HTTPS is encrypted before it is sent, this prevents anyone from understanding that information if intercepted. Because data is encrypted over HTTPS, it is slower than HTTP, which is why HTTPS is only used when requiring login information or with pages that contain sensitive information such as an online bank web page.
SSL is short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https instead of http.
RSA Certificates
The RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of computer processing power and time. The RSA algorithm has become the de-facto standard for industrial-strength encryption, especially for data sent over the Internet. It is built into many software products, including Netscape Navigator and Microsoft Internet Explorer. The technology is so powerful that the U.S. government has restricted exporting it to foreign countries.
Strong Passwords
An ideal password is long and has letters, punctuation, symbols, and numbers. These are some other recommendations for a strong password:
- Whenever possible, use eight characters or more.
- Don’t use the same password for everything. Cyber criminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
- Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
- The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing “and” to ”&” or “to” to “2.”
- Use the entire keyboard, not just the letters and characters you use or see most often.
Alternate Authentication Methods
The challenge-response method uses passwords, but the password is never sent. Instead, an authentication centre sends a random number to the user. The user then responds by combining the password with the random number and then using a hash function to create the equivalent of a digital fingerprint. The authentication centre, which knows the password, random number and hash function, is able to produce the same fingerprint and compare them. If they match, then the user is authenticated. This system is secure because even if an attacker knows the random number and hash function used, it is not enough to calculate the password.
Public key encryption is based on mathematical operations that are easy to perform but very difficult to undo. Multiplying very large prime numbers is the most common example. While multiplying them is easy, if a second person were given the product, it would be nearly impossible to then determine which two primes had been multiplied together. These one-way functions create a public key and a private key. Anyone can use the public key to encrypt information, which can only be decrypted with the private key. In the public key authentication protocol, user A encrypts a random number with user B’s public key. User B decrypts the number, encrypts it with user A’s public key and then sends it back. It is user B’s ability to decrypt the original message that proves his identity.
Biometrics, the direct measurement of a physical or behavioural characteristic, can also be used for authentication. Fingerprinting, DNA tests and retinal scans are among the most familiar biometric methods, while written signatures can be considered a biometric method, as well. Less commonly, systems that recognise a person’s voice, walking gait or typing cadence are all used as biometric authentication methods.