Abstract
Trust is an important factor when people are engaging in various transactions over the internet. If this is not met, customers are likely to go back to the traditional methods of transaction as far as business is concerned. Security issues in e-commerce must be addressed so that e-commerce transactions are not compromised.
E-commerce is a simplified and an important avenue for online business but with increasing network insecurity, internet operations may slow down. The author of this paper is going to discuss some pertinent issues surrounding e-commerce as far as security is concerned.
The issues will include insecurity in both network and computer services which is a threat to customers as well as the e-commerce itself. The perpetrators are believed to be hackers and the biggest concern is that insecurity originates from the e-commerce itself. This development may make customers shy away.
The author will also touch on the weaknesses of the security systems in place. Privacy becomes an important factor in e-commerce. Various controversies surrounding e- commerce will be analyzed in this paper. In conclusion, the author will give recommendations arising from the discussions in this paper.
Introduction
Electronic commerce involves buying and selling of goods and services over electronic systems such as the internet and other computer applications. Transactions conducted electronically include electronic funds transfer, online transaction processing among many others. Trust at this juncture becomes an important factor in this business.
If trust is not established, customers are likely to revert to traditional methods of trading (Craig & Mihajlo, 2011). Trust is being destroyed by frequent reports of hackers that attack e-commerce web sites compromising consumer security. Recently, viral attacks were launched against the Microsoft Outlook in the name of code red worms. To avert such scenarios, there is need to address insecurity (Mayor, 2009).
History of E-Commerce
Back in the 1970s, e-commerce was used by companies to forward transaction documents such as purchase orders and invoices. The rise of e-commerce in the 1980s was marked by the use of telephones, credit cards and most interesting booking for reservations in airlines. This was especially so in USA and the United Kingdom (Eisingerich, Andreas & Kretschmer, 2008).
A decade later, e-commerce added value to its services by including an enterprise resource planning system as well as data mining which resulted in data warehousing. This was the period during which the famous World Wide Web came into being. The person behind this important achievement was Tim Berners-Lee (Chan & Kwok, 2001).
There were major improvements in e-commerce but unfortunately, the founders were unable to use the internet until the year 1995. This was due to the fact that there were no security protocols as far as privacy was concerned. The introduction of security protocols was a big boost to the internet usage since privacy was guaranteed for most transactions.
Current Security Issues in E-Commerce
Currently, e-commerce has grown tremendously and this is observed when increasing numbers of people are reported to use online services. Online shopping goes up each holiday season due to the fact that people are interested in new and unique things and e-commerce is the only platform that they can realize this (Graham, 2008). People gain experience as they familiarize themselves with online services.
A study done by Comscore (a consultant in this field) states that when shoppers are experienced and comfortable with the services offered, spending shoots up increasing the use of internet services (Kotler, 2009).
Unfortunately as the transactions are taking place, many inconveniences arise. Many issues affect online transactions and e-commerce in general. Security is one of these issues that sometimes make users shy away from internet services
Security concerns in e-commerce occur when data is exposed to or accessed by unauthorized persons leading to compromised information that is rendered invalid (Kevin, 2005).
This is for example when hackers access personal information such as bank account details during a wire transfer. This is where privacy issues come in. Privacy involves having control over personal data without the interference of a third party. This issue affects all stakeholders in the e-commerce industry.
Electronic commerce security issues can be categorized under system availability, data integrity as well as information confidentiality (Chan & Kwok, 2001). For instance, system availability implies that relevant elements are in place to offer support to particular user’s communication needs.
On the other hand, data integrity provides that all messages that are sent over the network are received as they are without any alterations that could make them invalid. For example, hackers may alter the information sent via a Short Message Service (SMS) such that the receiver gets a message that is totally different from that which was sent.
Information confidentiality implies that messages are only viewed by the intended users only (Rowley, 2006). It is always necessary to continuously review network security at both the electronic commerce and consumer sites and put in place suitable counter- strategies.
These are for example passwords for emails and other accounts as stated above. This is because the security of internal systems and the external networks rely mostly on the security of the site.
Electronic commerce has grown tremendously leading to fast and effective ways of exchanging goods and services both locally and internationally.
This has been accompanied by an equal rise in the number of attacks as analyzed above putting at risk the security of online payment. Some of these attacks have increased vulnerabilities that have been published in reusable third party elements used by websites such as shopping cart software.
Security can be conceptualized from two perspectives in the software business (Sam, 2001). First, the software development community illustrates the security aspects of a system. In this case, safety strategy provides for secret codes that are sophisticated so as to reduce vulnerability during encrypting.
The second perspective entails protection against attacks and spywares which threatens internet usage. This is for example the use of firewalls and such other measures to protect data.
Security Problems in E-commerce Development
In the e-commerce arena, there exist threats that are likely to bring down the industry if no instant measures are put into account. Efforts to develop e-commerce are always affected by attacks that target the three systems. These are the network system, client system and the server system.
The inability to protect the integrity of the business data system is a major problem in the e- commerce industry. This problem extends to transaction security between the customers and the business (Bruce & Kok, 2008)
Viruses are considered to be the most serious and common threats surrounding e-commerce. All data and windows are prone to viral attacks. Sophisticated software and hardware are not fully dependable when it comes to protecting the system. For example, viruses such as Melissa and Resume affect at least part of the operating system if not the entire system (Ralph, 2000).
Another huge problem is the invention of hacking tools by those who develop operating systems. This is for example the Trojan horses which are so sophisticated in that they can operate a targeted computer system. The virus can send information anywhere posing as the legitimate user of the computer.
Other tools like VNCviewer normally used commercially can hack the systems and other web sites. Other hacking web sites are also playing a role in e- commerce insecurity. This is for example www.rootshell.com and many others which are the problem in development of the e-commerce security systems (Xiaoming, 2008).
The customers have their privacy affected. This is a problem that is developing roots and is drawing global attention. This is especially so given the fact that international governments are concerned with this issue. The initiation of Distributed Denial of Services Attacks (herein referred to as DDOS) is a form of software that can be used to compromise security during transactions between the business and the client.
They pose as the legitimate client and transacts with the online business operator. It is only much later that the organization realizes that a wrong transaction has been made. Both the business and the customer loses since the customer information has been hacked into and lose of money to both parties is exhibited. (Mauricio, 2010)
Electronic Commerce Security and Legal Issues
One of the parties addressing legal issues in e-commerce is the Electronic Commerce Working Group (ECWG). This group meets regularly to discuss security matters arising. Resolutions are then forwarded to other federal agencies for rectifications (Jeng, 2004).
Advice is normally given to the companies involved in e-commerce transaction process so as to address the issues effectively. Government regulations make it mandatory to provide public confidence through reliability in all transactions. Consumer protection has also been taken care of but some fraud cases are still being reported.
Government Regulations and Security in E- commerce
Some e- commerce activities in USA are controlled by the Federal Trade Commission (FTC). E-commerce activities such as business e-mails’ privacy and advertising are watched keenly to safeguard internet rights. Like other businesses, e-commerce operates under rules and regulations. E-commerce transcends international boundaries and hence there is need to comply with the regulations.
The economy and the national security depend highly on information technology which is a reliable infrastructure that targets large numbers of people at the same time (Ralph, 2000). It is noted that these computer networks also manage physical installations such as electricity transformers, stock markets, trains as well as radars. Hackers can attack such installations jeopardizing national security and the economy. This is why government regulation is crucial. To this end, the federal and local governments have major roles to play in order to maintain security as far as e-commerce is concerned (George, 2005).
The main problem is that the tools and methodologies currently used in these attacks on e- commerce are readily available. The technical capability and sophistication of tools used in attacks reduce the effectiveness of strategies used to fight insecurity. It is noted that relevant agencies, federal and local governments are best equipped to respond to an evolving internet threat (Ndou, 2004).
Controversies and Challenges Facing E-commerce
There are various challenges and problems facing e-commerce. For instance, most infrastructures and the internet on which they depend are owned and operated privately. This implies that it is difficult for the government to provide the needed security for electronic commerce (Xiaoming, 2008).
This calls for partnerships between the government, industry, academia, as well as non- governmental groups to provide security to electronic commerce. Very few if any of the organizations are willing to come out or even associate with others in order to offer the security needed in electronic commerce (Xiaoming, 2008).
Furthermore, it is not easy to identify all of the groups dealing with electronic business because some have not registered their businesses with the government. As a result, it becomes hard for such private businesses to come out and share their problems due to the fear of being prosecuted (Xiaoming, 2008).
Another challenge includes the lack of agreement in developing a national strategy in order to offer protection to the electronic commerce industry. This is because there is need to gather views from both the public and private sectors (Sheth, 2007).
This as a result leads to varying opinions that require time to scrutinize in order to come up with the best solution to achieve the objective of having a safe electronic commerce in all sectors in the country and the world as a whole. In some cases, the redrafting process may incorporate the suggestions made, but not everyone will accept each component of the national strategy to (Bruce & Kok, 2008).
This is because a significant number of issues may not be addressed and others are not yet ready for national policy. The approach is not absolute because events are bound to evolve (Kevin, 2005). Technological advance leads to more threats and increased vulnerability and thus improves people’s understanding of electronic commerce.
Impact of Security on E-commerce
Security is a significant challenge facing electronic commerce (Zeithaml, 2002). This is because without the assurance of privacy and safety, people are not willing to participate in electronic commerce. Burning issues on safety include the theft of personal data from the credit card by hackers. This makes the authorities question the suitability of providing public services online.
As a result of such cases of insecurity, the effectiveness of e-commerce as a driver of the economy is greatly reduced. This may lead to the deterioration of the services provided through electronic commerce thus affecting the production cost of goods and services. Security concerns are the biggest challenge in expanding the reach of electronic commerce (Zeithaml, 2002)
The attacks from hackers and web page vandals makes the general public and the government to be more cautious when carrying out sensitive transactions that may comprise personal or financial information via the internet (Xin, 2011). Every person desires to feel secure when conducting online businesses and hopes that their information will be safe and confidential.
Recommendations
To enhance security, most service providers try to make sure that only authorized users can send and receive information over the internet or over the phone. This is one of the reasons why e-mails have passwords and phones require the use of security codes and Personal Identification Numbers (PIN).
However, it is these safety protocols which are circumvented by hackers and other unauthorized third parties. This affects e-commerce that is conducted via such channels.
Electronic commerce providers have made efforts to address the security issues in their internal networks. A number of guidelines have been put in place to secure systems making networking available for the electronic commerce personnel to study and implement.
Training and educating the consumer on security issues is still in progress. For instance, Trojan horse programs initiated against customers’ systems become a risk to electronic commerce mainly because they can circumvent or undermine most of the verification and approval procedures used in electronic commerce (Luarn, 2003).
E-commerce requires the provision of security for the internet users. To achieve this, measures need to be put in place so as to win trust of the customers. This is for example video- hosting services on every website to speak to the customer directly if there is need to clarify on some issues (Luarn, 2003). Many people are not well informed on e-commerce mechanisms and how it works.
There should be efforts to create awareness about e-commerce so that everyone is knowledgeable about internet services (Sam, 2001). Consumer protection is an important area which should be addressed due to increased insecurity.
The consumer is the party most affected by online insecurities. To this end, there should be measures to safeguard the rights of the consumers. As much as there are new innovations on thefts’ and attacks’ software, there should also be innovations that track down any online offenders.
There should be customer oriented privacy practices to improve consumer satisfaction. This should include a system capable of showing how e-commerce organizations’ sites gather, handles, and uses personal information.
Private and non- governmental organizations with significant computing resources should be encouraged to take active roles in information sharing (Ndou, 2004). This is because colleges, corporations and universities have a vital role in identifying and reporting internet attacks.
Conclusion
The aim of this paper was to analyze security issues in e-commerce. The author started by looking at the historical background of e-commerce. The author also looked at several issues such as controversies revolving around e-commerce, problems encountered in e-commerce among others.
It was found that stakeholders such as federal and local governments have important roles to play in e-commerce. The author found that security is a major concern in e-commerce.
References
Bruce, C., & Kok, B. (2008). An empirical study of the use of e-security seals in e-commerce. Michigan: Michigan University Press.
Chan, M., & Kwok, L. (2001). Integrating security design into the software development process for e-commerce systems. Chicago: Free Press.
Craig, E., & Mihajlo, Z. (2011). A personalized approach to web privacy: Awareness, attitudes and actions. New York: Thimble.
Eisingerich, A., Andreas, B., & Kretschmer, T. (2008). In e-commerce, more is more. Harvard Business Review, 8(6): 20-21.
George, S. (2005). Rethinking e-commerce security. Harvard: Harvard University Press.
Graham, M. (2008). Warped geographies of development: The internet and theories of economic development. Geography Compass, 2(3): 771.
Jeng, C. (2004). Trust and privacy in electronic commerce. Boston: IEEE.
Kevin, K. (2005). We are the web. Managing Service Quality, 3(2), 23-39.
Kotler, P. (2009). Marketing management. Pearson: Prentice-Hall.
Luarn, P. (2003). A customer loyalty model for e-service context. Journal of Electronic Commerce Research, 4(4): 20-23.
Mauricio, S. (2010). Reducing online privacy risk to facilitate e-service adoption: The influence of perceived ease of use and corporate credibility. Journal of Services Marketing, 24(3): 219-229.
Mayor, S. (2009). E-commerce policies and customer privacy: Information Management and computer security. Boston: Cengage Learning.
Ndou, V. (2004). E-Government for developing countries: Opportunities and Challenges. New York: Free Press.
Ralph, T. (2000). IT security in electronic commerce: From cost to value driver. International Workshop on Database and Expert Systems Applications,16: 23-29.
Rowley, J. (2006). An analysis of the e-service literature: Towards a research agenda. Internet Research, 16 (3): 339-359.
Sam, R (2001). A framework for analyzing e-commerce security: Information Management and computer security. New York: Routledge.
Sheth, J. (2007). E-services: A framework for growth. Journal of Value Chain Management, 1(1/2): 1-20.
Xiaoming, M. (2008). Analyze and prevent the security risks of e-commerce privacy. Chicago: John and Wiley Publishing Company.
Xin, W. (2011). Study on information management and security of e-commerce system. California: LEE.
Zeithaml, V. A. (2002). Service excellence in electronic channels. Managing Service Quality, 12(3): 135-138.