E-commerce

FINAL TERM

5.1 The E-commerce Security Environment

The Internet and Cybercrime

The internet enables vast economic activity, including online shopping, banking, and global trade.
However, it also provides opportunities for criminals due to its open architecture, anonymity, and ease
of access. Attackers can target users, systems, and networks to commit fraud, steal data, or disrupt
operations.

The Scope of the Problem

Cybercrime is a growing global threat with estimated losses exceeding trillions of dollars annually.
Attacks affect businesses of all sizes. Due to fear of losing customer trust and public reputation, many
companies do not report breaches, leading to underestimation of the real extent of cyber threats.

What is Good E-commerce Security?

Good e-commerce security requires a layered approach involving technical tools (like firewalls and
encryption), legal regulations (like data protection laws), organizational policies (like access control), and
user behavior (like strong password practices). Its goal is to protect data, users, systems, and
transactions from unauthorized use, disruption, or destruction.

Dimensions of E-commerce Security

1. Integrity – Assures that data sent is not altered or tampered with during transmission.

2. Nonrepudiation – Prevents a party from denying the authenticity of a digital transaction.

3. Authenticity – Confirms that the people or entities involved are who they claim to be.

4. Confidentiality – Ensures that sensitive information is only accessible to authorized individuals.

5. Privacy – Provides individuals control over how their personal information is collected and used.

6. Availability – Makes sure that systems and services are accessible when needed, especially
during peak usage times.

The Tension Between Security and Other Values

Too much security can frustrate users by creating complexity (e.g., multi-step logins, CAPTCHA tests).
Businesses must strike a balance between strong protection and seamless, user-friendly experiences.
Over-securing can reduce performance, while under-securing invites attacks.

5.2 Security Threats in the E-commerce Environment

Overview

E-commerce platforms face threats at multiple levels: client devices (smartphones, computers), servers
(hosting the business), and communication channels (like networks and the Internet). Attackers use a
variety of methods to exploit vulnerabilities, disrupt services, or steal information.

Malicious Code

Malicious software—such as viruses, worms, Trojans, and ransomware—infects devices or systems.

These codes can delete data, lock users out of systems, or secretly collect information, often spreading
without user knowledge.

Insight on Society: Ransomware Everywhere

Ransomware has become a dominant cyber threat. It encrypts users’ data and demands payment for
decryption. It’s particularly dangerous for institutions like hospitals or government agencies where
access to data is critical for safety or service delivery.

Potentially Unwanted Programs (PUPs)

PUPs are programs that users install unknowingly, often bundled with free software. Though not always
illegal, they can harm user experience by showing pop-up ads, slowing down devices, or spying on user
activity.

Phishing

Phishing is a social engineering technique where attackers trick users into giving up sensitive information
such as passwords or credit card numbers. This is usually done through fake emails or deceptive
websites that mimic trusted sources.

Hacking, Cybervandalism, and Hacktivism

 Hacking is the unauthorized access to systems.

 Cybervandalism involves defacing or damaging websites.

 Hacktivism uses hacking as a form of political activism or protest. All these disrupt business and
can damage credibility.

Data Breaches

A data breach occurs when unauthorized parties access confidential data, often involving personal,
financial, or business information. The consequences include lawsuits, regulatory fines, and reputational
harm.

Credit Card Fraud/Theft

This involves the unauthorized use of someone’s credit card information, usually obtained through
breaches or phishing. Merchants bear the burden of lost revenue, chargebacks, and increased fraud
prevention costs.

Identity Fraud

In identity fraud, criminals use stolen personal information to impersonate someone, often to open fake
accounts, obtain loans, or make fraudulent purchases. This can cause long-term damage to both
individuals and companies.

Spoofing, Pharming, and Spam Websites

 Spoofing: Impersonating a trusted source (e.g., email addresses or websites).

 Pharming: Redirecting users to fake websites even when they enter the correct URL.

 Spam websites: Sites filled with misleading ads or malware, often designed to trick users into
clicks.

Sniffing and Man-in-the-Middle (MITM) Attacks

 Sniffing: Intercepting unencrypted data during transmission (e.g., Wi-Fi).

 MITM attacks: Intercepting communication between two parties to alter or steal information.
These attacks exploit unsecured or weakly encrypted communication channels.

Denial of Service (DoS) and Distributed Denial of Service (DDoS)

Attacks

DoS attacks flood a website with excessive, meaningless traffic to overwhelm the server, making it
unavailable for users. DDoS is a more powerful version, using thousands of compromised systems to
launch simultaneous attacks. These attacks can shut down e-commerce websites, leading to major
losses and reputational damage. Recent attacks involve "carpet-bombing" across multiple IP addresses
and are often used as smokescreens to insert malware or steal data

Insider Attacks

Insider threats are one of the most dangerous and costly security issues. These attacks come from
employees or internal users who misuse their access to steal data or harm the system. Sometimes, even
unintentional mistakes or carelessness can lead to severe breaches. The frequency and cost of such
attacks have significantly increased globally

Poorly Designed Software

Many cyberattacks exploit vulnerabilities in software that lacks proper validation or filtering. One
example is SQL injection (SQLi), where malicious code is entered into web forms to access or control
databases. Thousands of software flaws, including zero-day vulnerabilities, are found every year, making
applications frequent targets for hackers.

Social Network Security Issues

Social networks are rich targets for hackers who use them to spread malware, conduct phishing, or
impersonate users. Scams like fake giveaways, malicious apps, and hijacked accounts are common.
Social engineering attacks through platforms like Twitter or Facebook can result in widespread fraud, as
shown in major hacks of celebrity accounts.

Mobile Platform Security Issues

Smartphones carry sensitive personal and financial data and face threats like rogue apps, weak
encryption, and wireless interception. Even Apple's iOS has been compromised by spyware like Pegasus.
"Smishing" (SMS phishing) tricks users into clicking harmful links in text messages, making mobile users
vulnerable to increasingly sophisticated attacks.

Insight on Technology: Log4Shell Vulnerability

Log4Shell is a serious zero-day vulnerability found in Apache's Log4j tool, widely used in Java
applications. This flaw allows attackers to take control of servers remotely with minimal skill. Although
patches were released, the massive usage of Log4j means the threat could persist for years, affecting
thousands of systems globally.

Cloud Security Issues

Cloud services are now prime targets due to their popularity. DDoS attacks can disrupt cloud platforms,
while weak security practices put sensitive data at risk. Many companies wrongly rely on cloud providers
for security, despite being responsible for protecting their own data. Misconfiguration and limited
visibility also increase vulnerabilities.

Internet of Things (IoT) Security Issues

IoT devices like smart TVs, cameras, and thermostats often lack strong security. Hackers exploit them to
form botnets and launch DDoS attacks. One example is the Mirai botnet, which disrupted major
platforms by hijacking connected devices. IoT’s widespread use and poor protection make it a growing
concern.

Metaverse Security Issues

The metaverse, a virtual 3D space, faces threats like identity theft, harassment, and digital asset fraud.
Participants may unknowingly expose personal data or be targeted by malware. Since it's an emerging
platform, laws and protections are still evolving, leaving users vulnerable.

Protecting Internet Communications

Internet communication is vulnerable because it travels across multiple networks and public
infrastructure. Security tools such as encryption, firewalls, and secure channels are necessary to protect
sensitive data from being intercepted, modified, or read by unauthorized parties

Encryption

Encryption converts readable text (plain text) into unreadable code (cipher text), securing both stored
and transmitted data. It helps ensure message integrity, confidentiality, authentication, and
nonrepudiation—four of the six core dimensions of e-commerce security. Modern encryption uses keys
of 128, 192, or 256 bits (AES standard), and can be either symmetric (same key for sender/receiver) or
asymmetric (public/private key pairs).

Securing Channels of Communication

Transport Layer Security (TLS) is the main protocol for securing web communication, replacing the older
SSL. It encrypts the content exchanged during a session and authenticates the server using digital
certificates. When visiting secure sites (HTTPS), data such as credit card numbers are protected in
transit. TLS also helps verify identities and prevent tampering or spying.

Protecting Networks

Firewalls act as the gatekeepers of networks, controlling the traffic entering and exiting based on
security rules. They filter data packets using IP addresses, ports, and services, while proxy servers add
another layer by handling internal user requests and shielding the internal network's identity. Together,
they reduce vulnerability to external attacks.

Protecting Servers and Clients

Security also relies on strong end-point protection. This includes:

 Operating system updates to patch vulnerabilities,

 Anti-virus software to detect and eliminate malware, and

 Intrusion detection/prevention systems (IDS/IPS) to monitor for suspicious activity.

Servers and clients can be hardened through regular updates and real-time monitoring tools,
reducing the risk of exploitation.

Website Development & UX/UI

Importance of User Experience (UX): UX is about how a user interacts with a website—from
how easy it is to navigate to how fast it loads. A good UX encourages visitors to stay longer,
view more products, and make purchases. According to Laudon & Traver, positive UX increases
satisfaction and builds trust, which is critical for repeat sales.

Mobile-Friendly & Responsive Design: With a large number of users accessing websites via
mobile devices, responsive design is essential. A responsive site adjusts its layout and features
depending on the screen size, ensuring a consistent and user-friendly experience across
smartphones, tablets, and desktops.

CMS Platforms (Shopify, WooCommerce, Magento): Content Management Systems (CMS)

like Shopify, WooCommerce, and Magento simplify the process of building and managing an
online store. Shopify is user-friendly and ideal for beginners, WooCommerce integrates with
WordPress and offers flexibility, while Magento is powerful for large-scale operations.
Search Engine Optimization (SEO)

SEO Basics & Keyword Research: SEO helps websites rank higher in search engine results,
increasing visibility. Keyword research is the process of identifying the words and phrases
people use to search for products, which are then used in website content, product descriptions,
and blog posts to attract traffic.

Google Ads & PPC Campaigns: Google Ads allows businesses to create advertisements that
appear in search results. PPC (Pay-Per-Click) means the advertiser only pays when someone
clicks their ad. These campaigns target specific keywords and are effective in generating
immediate traffic.

Social Media Marketing: Social media platforms are used to connect with potential customers,
promote products, and share content. Tools like Facebook Ads and Instagram Stories allow
businesses to target audiences based on interests, behavior, and demographics, increasing
engagement and brand awareness.

E-Commerce Logistics & Supply Chain

Order Fulfillment & Last-Mile Delivery: Order fulfillment involves storing, picking, packing,
and shipping products. Last-mile delivery is the final step where the product reaches the
customer. This phase is crucial for customer satisfaction and often the most costly and complex
part of the delivery process.

Dropshipping & Inventory Management: Dropshipping allows retailers to sell products

without holding inventory. When an order is placed, it is sent to a third-party supplier who ships
directly to the customer. Inventory management involves keeping track of stock levels to avoid
over-selling or stockouts.

Amazon FBA & Warehousing: Amazon FBA (Fulfillment by Amazon) allows sellers to store
their products in Amazon’s warehouses. Amazon handles packaging, shipping, and customer
service. This model offers benefits like faster delivery, Prime eligibility, and reduced logistical
overhead.

Legal & Ethical Issues

GDPR & Data Privacy Laws: The GDPR is a European regulation that gives users control over
their personal data. Businesses must get user consent to collect data and must disclose how it is
used. Non-compliance can lead to significant fines.
Consumer Protection Laws: These laws are designed to protect buyers from fraud, unsafe
products, and misleading advertisements. They ensure transparency, product safety, clear return
policies, and truthful labeling.

Intellectual Property in E-Commerce: Intellectual Property (IP) includes trademarks,

copyrights, and patents. Protecting IP helps companies secure their logos, product designs, and
original content from unauthorized use or copying online.

Emerging Technologies

AI & Chatbots in E-Commerce: AI tools and chatbots help provide instant customer support,
process orders, and make personalized product recommendations. They improve efficiency and
customer service while reducing workload for human agents.

Augmented Reality (AR) & Virtual Reality (VR): AR and VR allow customers to view
products in 3D or simulated environments. For example, customers can “try on” clothes virtually
or see how furniture fits in their home, enhancing the shopping experience.

Personalization & Big Data Analytics: E-commerce platforms collect large amounts of data
about customer behavior. Big data analytics helps companies deliver personalized experiences,
such as suggesting products or tailoring emails based on a user’s preferences and history.

Cross-Border E-Commerce

Challenges in International E-Commerce: Expanding into international markets presents

challenges like language barriers, different consumer behaviors, local regulations, and customs
procedures. Businesses must adapt their websites and operations to local needs.

Currency Exchange & Taxation: Selling internationally requires handling multiple currencies
and understanding foreign exchange rates. Companies must also comply with tax laws in each
country, including duties and import taxes.

Global Payment Methods: To succeed in international markets, businesses must offer diverse
payment options like PayPal, credit cards, local mobile wallets, and region-specific methods.
Adapting to local payment preferences can improve sales and customer trust.