Data Security in the Digital Era:
Issues and Challenges
Dr. Jayanti Goyal Anjali Vijayvargiya
Jayanti Goyal Anjali
Dept. of Computer Science Assistant
Kanoria PG Mahila Mahavidyalaya Kanoria
PG Mahila Mahavidyalaya
No.: +91-9828458172 Contact
plays an important aspect in our daily routine; whether it is for accessing the
bank account or it is for paying the bill over the network. At present, in this
generation of digitalization, personal information vulnerabilities have
increased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, including
strong authentication, encryption and digital signatures; each ensuring that
our precious data is available only to those who have authorized access rights.
These security measures are very capable to prevent unauthorized access of
personal data. There are 2 major concerns for both e-commerce customers and
websites; Privacy is the control over one’s own data whereas Security
is the protection which prevents unauthorized access on the data over the network.
Customers will lose their faith towards e-commerce if their data security is
compromised at any level.
due to its ubiquitous nature, E-Commerce sites are accessed by anyone at
anywhere. As customers increases the risk have also increased in such a way
that we have to considered security as a major concern. This paper would throw light on E-commerce security, its
purpose, different security issues and challenges and how they affect trust and
behavior of a customer in the environment of purchasing.
E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security
or electronic commerce is widely considered as buying and selling the goods and
services over the network. It includes vast business area such as shopping,
banking, tickets booking, paying bills and taxes, food delivery and much other
option available. E-commerce is subdivided into three categories: business
to business or B2B (Cisco), business to consumer or B2C (Amazon), and consumer
to consumer or C2C (eBay). E-commerce Security is a part of the Information Security
framework and is specifically applied to the components that affect e-commerce
that include Computer Security, Data security and other wider realms of the
Information Security framework. E-commerce security has its own particular nuances
and is one of the highest visible security components that affect the end user
through their daily payment interaction with business.
As the new electronic
technologies emerges data security and privacy becomes a major concern for
sending the data over a network. Security is an essential part of any
transaction that takes place over the internet. Customers will lose his/her
faith in e-business if its security is compromised. Following are the essential
requirements for safe e-payments/transactions ?
Confidentiality ? Information should not
be accessible to an unauthorized person. It should not be intercepted during
Integrity ? Information should not be
altered during its transmission over the network.
Availability ? Information should be
available wherever and whenever required within a time limit specified.
Authenticity ? There should be a
mechanism to authenticate a user before giving him/her an access to the
Non-Repudiability ? It is the protection
against the denial of order or denial of payment. Once a sender sends a
message, the sender should not be able to deny sending the message. Similarly,
the recipient of message should not be able to deny the receipt.
Encryption ? Information should be
encrypted and decrypted only by an authorized user.
Auditability ? Data should be recorded in
such a way that it can be audited for integrity requirements.
e-commerce applications that handle payments such as electronic transactions
using credit cards or debit cards, online banking, PayPal or other tokens have
more compliance issues and are at increased risk from being targeted than other
websites as they suffer greater consequences if there is data loss or
alteration. Mule, Trojan horse and worms if launched against client systems,
pose the greatest threat to e-commerce privacy and security because they can
subvert most of the authorization and authentication mechanisms used in an
ecommerce transaction. Trust has always been an important element in
influencing consumer behavior toward merchants and has been shown to be of high
significance in uncertain environments such as Internet-based EC environments.
While a variety of factors such as branding and store reputation may influence
trust, one missing factor is the face-to-face communication and lack of touch
and feels which is present in physical interactions. Therefore, it has been
argued that trust would be favorably influenced by increase in perceptions of
security and privacy in EC transactions.
Issues in E-commerce:
Data is transferred over the network by login or by transaction details. To
secure those data from unauthorized access, E-commerce security provides a
protection layer on e-commerce assets. Consumers hesitate by the fear of losing
their financial data and e-commerce sites frighten about their financial losses
and that results to bad impact on publicity. There are many security issues
associated with e-commerce such as critical issues, social issues and
organizational issues. An online transaction requires a customer to disclose
sensitive information to the vendor in order to make purchase, placing him at
significant risk. Transaction security is concerned with providing privacy in
transactions to the buyers and sellers and protecting the network from
breakdowns and third party attack. It basically deals with-
related with customers or Clients Security – if their data is not
secured over the network, then it is an issue to think about. Organization has
to provide security feature and take guarantee that data is secured by them. Techniques
and practices that protect user privacy and integrity of the computing system.
related with Server Security – to protect web server, software and
associated hardware from break-ins, vandalism from attacks. If there is an
error in that software which implements security and by any reason it is not
providing that security so it is the second case which also takes seriously.
related with Transactions Security – to provide guarantee
protection against eavesdropping and intentional message modification such ad
tapping, intercepting and diverting the intended data.
A. Security threats
The various types of security threats exist in e-commerce.
Code – it is harmful code that harms the computer system and makes it useless
after attack. It includes virus, worms, Trojan horse etc.
and identity theft – it is a type of attack in which user data such as login
credentials and credit and debit card numbers steal by the attacker by
providing an email, instant message. By clicking in this malicious link and
providing his/her details then, their data hack easily by the intruder.
access- it includes illegal access to data or systems for some malicious
purpose. Two types of attack are included for unauthorized access, one is
passive unauthorized access, in which the hacker keeps his eye only on the data
that is over the network and further used it for their own illegal ambitions. However,
in active unauthorized access the hacker modifies the data with the intention
to manipulate it. Home computer, point-of-sale and handheld devices can easily
get affected by this attack.
of service- hackers flood a website with useless traffic to target a computer
or a network and to stop them working properly. It may occur by spamming and
virus. Spamming is an unusual email bombing on the targeted device by the
hacker. By sending thousands of email one after the other, the system is
affected by this attack.
and fraud- fraud occurs when the stolen data is used or modified for illegal
action. Hackers break into insecure merchant web servers to harvest archives of
credit card numbers generally stored along with personal information when a
consumer makes an online purchase. The merchant back-end and database is also
susceptible for theft from third party fulfillment centers and other processing
B. Defensive measures against security threats
The defensive measures used in transactions security are:
hypertext transfer protocol