A. Security threats – The
various types of ss exist in e-commerce.
Code – it is harmful code that harms the
computer system and makes it useless after attack. It includes virus, worms,
Trojan horse etc.
and Identity Theft – it is a type of attack
in which user data such as login credentials and credit and debit card numbers steal
by the attacker by providing an email, instant message. By clicking in this
malicious link and providing his/her details then, their data hack easily by
access- it includes illegal access to data or
systems for some malicious purpose. Two types of attack are included for
unauthorized access, one is passive unauthorized access, in which the hacker
keeps his eye only on the data that is over the network and further used it for
their own illegal ambitions. However, in active unauthorized access the hacker
modifies the data with the intention to manipulate it. Home computer,
point-of-sale and handheld devices can easily get affected by this attack.
of service- hackers flood a website with useless
traffic to target a computer or a network and to stop them working properly. It
may occur by spamming and virus. Spamming is an unusual email bombing on the
targeted device by the hacker. By sending thousands of email one after the
other, the system is affected by this attack.
and fraud- fraud occurs when the stolen data is
used or modified for illegal action. Hackers break into insecure merchant web
servers to harvest archives of credit card numbers generally stored along with
personal information when a consumer makes an online purchase. The merchant
back-end and database is also susceptible for theft from third party
fulfillment centers and other processing agents.
B. Defensive measures
against security threats
The defensive measures
used in transactions security are:
– it’s far the system of converting plain text or information into cipher text
that can’t be examined by using every person except the sender and receiver. It
is accomplished with the help of mathematical algorithm the key’s required to
decode the message. In an asymmetric key encryption each the sender and
receiver use the same key to encrypt and decrypt the messages whereas symmetric
or public key encryption makes use of two digital keys which are public and private
to encrypt and decrypt the messages.
Socket Layer – the SSL protocol provides data
encryption, server authentication, client authentication and message integrity
for TCP/IP connections. It prevents eavesdropping, tampering or forgery when
data is transported over the internet between two applications. It is system
networking protocol for securing connections between network
application clients and servers over an insecure network, such as the internet.
hypertext transfer protocol – An Internet protocol
for encryption of Hypertext Transfer Protocol (HTTP) traffic. Secure Hypertext
Transfer Protocol (S-HTTP) is an application-level protocol that extends the
HTTP protocol by adding encryption to Web pages. It additionally gives
mechanisms for authentication and signatures of messages.
Signature – A Digital Signature Certificate (DSC) is
a secure digital key that certifies the identity of the holder, issued by a
Certifying Authority (CA). It typically contains your identity (name, email,
country, APNIC account name and your public key). Digital Certificates use
Public Key Infrastructure meaning data that has been digitally signed or
encrypted by a private key can only be decrypted by its corresponding public key.
A digital certificate is an electronic “credit card” that establishes
your credentials when doing business or other transactions on the Web.