Data Security in the Digital Era:Issues and ChallengesDr. Jayanti Goyal Anjali Vijayvargiya Author DetailsDr.Jayanti Goyal AnjaliVijayvargiya HOD,Dept. of Computer Science AssistantProfessor,Kanoria PG Mahila Mahavidyalaya KanoriaPG Mahila MahavidyalayaAddress: Address: ContactNo.: +91-9828458172 ContactNo.: +91-9461641495E-mail:[email protected]
in E-mail:[email protected] Abstract:Dataplays an important aspect in our daily routine; whether it is for accessing thebank account or it is for paying the bill over the network. At present, in thisgeneration of digitalization, personal information vulnerabilities haveincreased so far. So security becomes a crucial part in any online transaction.This information can keep private by various security measures, includingstrong authentication, encryption and digital signatures; each ensuring thatour precious data is available only to those who have authorized access rights.These security measures are very capable to prevent unauthorized access ofpersonal data. There are 2 major concerns for both e-commerce customers andwebsites; Privacy is the control over one’s own data whereas Securityis the protection which prevents unauthorized access on the data over the network.Customers will lose their faith towards e-commerce if their data security iscompromised at any level.
Today,due to its ubiquitous nature, E-Commerce sites are accessed by anyone atanywhere. As customers increases the risk have also increased in such a waythat we have to considered security as a major concern. This paper would throw light on E-commerce security, itspurpose, different security issues and challenges and how they affect trust andbehavior of a customer in the environment of purchasing. Keywords:E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security Introduction:E-Commerceor electronic commerce is widely considered as buying and selling the goods andservices over the network. It includes vast business area such as shopping,banking, tickets booking, paying bills and taxes, food delivery and much otheroption available. E-commerce is subdivided into three categories: businessto business or B2B (Cisco), business to consumer or B2C (Amazon), and consumerto consumer or C2C (eBay).
E-commerce Security is a part of the Information Securityframework and is specifically applied to the components that affect e-commercethat include Computer Security, Data security and other wider realms of theInformation Security framework. E-commerce security has its own particular nuancesand is one of the highest visible security components that affect the end userthrough their daily payment interaction with business.As the new electronictechnologies emerges data security and privacy becomes a major concern forsending the data over a network. Security is an essential part of anytransaction that takes place over the internet. Customers will lose his/herfaith in e-business if its security is compromised. Following are the essentialrequirements for safe e-payments/transactions ?· Confidentiality ? Information should notbe accessible to an unauthorized person. It should not be intercepted duringthe transmission.· Integrity ? Information should not bealtered during its transmission over the network.
· Availability ? Information should beavailable wherever and whenever required within a time limit specified.· Authenticity ? There should be amechanism to authenticate a user before giving him/her an access to therequired information.· Non-Repudiability ? It is the protectionagainst the denial of order or denial of payment. Once a sender sends amessage, the sender should not be able to deny sending the message. Similarly,the recipient of message should not be able to deny the receipt.· Encryption ? Information should beencrypted and decrypted only by an authorized user.· Auditability ? Data should be recorded insuch a way that it can be audited for integrity requirements. Webe-commerce applications that handle payments such as electronic transactionsusing credit cards or debit cards, online banking, PayPal or other tokens havemore compliance issues and are at increased risk from being targeted than otherwebsites as they suffer greater consequences if there is data loss oralteration.
Mule, Trojan horse and worms if launched against client systems,pose the greatest threat to e-commerce privacy and security because they cansubvert most of the authorization and authentication mechanisms used in anecommerce transaction. Trust has always been an important element ininfluencing consumer behavior toward merchants and has been shown to be of highsignificance in uncertain environments such as Internet-based EC environments.While a variety of factors such as branding and store reputation may influencetrust, one missing factor is the face-to-face communication and lack of touchand feels which is present in physical interactions. Therefore, it has beenargued that trust would be favorably influenced by increase in perceptions ofsecurity and privacy in EC transactions. Securityin E-Commerce: SecurityIssues in E-commerce:Data is transferred over the network by login or by transaction details. Tosecure those data from unauthorized access, E-commerce security provides aprotection layer on e-commerce assets. Consumers hesitate by the fear of losingtheir financial data and e-commerce sites frighten about their financial lossesand that results to bad impact on publicity. There are many security issuesassociated with e-commerce such as critical issues, social issues andorganizational issues.
An online transaction requires a customer to disclosesensitive information to the vendor in order to make purchase, placing him atsignificant risk. Transaction security is concerned with providing privacy intransactions to the buyers and sellers and protecting the network frombreakdowns and third party attack. It basically deals with-1. Issuesrelated with customers or Clients Security – if their data is notsecured over the network, then it is an issue to think about. Organization hasto provide security feature and take guarantee that data is secured by them. Techniquesand practices that protect user privacy and integrity of the computing system.2.
Issuerelated with Server Security – to protect web server, software andassociated hardware from break-ins, vandalism from attacks. If there is anerror in that software which implements security and by any reason it is notproviding that security so it is the second case which also takes seriously.3. Issuerelated with Transactions Security – to provide guaranteeprotection against eavesdropping and intentional message modification such adtapping, intercepting and diverting the intended data.
A. Security threatsThe various types of security threats exist in e-commerce. 1. MaliciousCode – it is harmful code that harms the computer system and makes it uselessafter attack. It includes virus, worms, Trojan horse etc. 2. Phishingand identity theft – it is a type of attack in which user data such as logincredentials and credit and debit card numbers steal by the attacker byproviding an email, instant message.
By clicking in this malicious link andproviding his/her details then, their data hack easily by the intruder.3. Unauthorizedaccess- it includes illegal access to data or systems for some maliciouspurpose. Two types of attack are included for unauthorized access, one ispassive unauthorized access, in which the hacker keeps his eye only on the datathat is over the network and further used it for their own illegal ambitions. However,in active unauthorized access the hacker modifies the data with the intentionto manipulate it. Home computer, point-of-sale and handheld devices can easilyget affected by this attack.4.
Denialof service- hackers flood a website with useless traffic to target a computeror a network and to stop them working properly. It may occur by spamming andvirus. Spamming is an unusual email bombing on the targeted device by thehacker.
By sending thousands of email one after the other, the system isaffected by this attack.5. Theftand fraud- fraud occurs when the stolen data is used or modified for illegalaction. Hackers break into insecure merchant web servers to harvest archives ofcredit card numbers generally stored along with personal information when aconsumer makes an online purchase. The merchant back-end and database is alsosusceptible for theft from third party fulfillment centers and other processingagents.
B. Defensive measures against security threatsThe defensive measures used in transactions security are:1. Encryption2.
SecureSocket Layer3. Securehypertext transfer protocol4. DigitalSignature5. DigitalCertificateChallenges:Conclusion:References: