See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342154378

A Survey of E-Commerce; Its Security Issues and Way-Out

Article · June 2020

CITATIONS READS

0 284

2 authors:

Emmanuel Chukwudi Agbaraji Benjamin Agwah

Federal Polytechnic Nekede Federal Polytechnic Nekede
28 PUBLICATIONS 78 CITATIONS 7 PUBLICATIONS 10 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Emmanuel Chukwudi Agbaraji on 13 June 2020.

The user has requested enhancement of the downloaded file.

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

A Survey of E-Commerce; Its Security Issues and

Way-Out
Agbaraji C. Emmanuel1 and Agwah C. Benjamin2
Department of Electrical and Electronic Engineering, Federal Polytechnic Nekede, Owerri, Imo State, Nigeria

Abstract - Electronic Commerce is trading of products or establishments can run their business transactions through
services conducted through the Internet as its market place. It the internet without physical involvements. Prices of
has provided numerous benefits to business owners and their business goods and services can now be placed on the web
customers thereby making it a vital business transaction sites with clear photos and descriptions, which enable
means in the societies globally. E-commerce has suffered a lot buyers to make selections and purchase as well through the
of security failures such as identity theft, hacking, card fraud, internet transactions. Hence, e-commerce makes business
phishing etc. The objective of this paper is to survey the e- transactions easier and cheaper irrespective of the distance
commerce, its security vulnerabilities and recommend the between seller and buyer compared to the physical process.
best way to address the issues. The results of the survey Advances in information and communication technologies
showed that identity theft recorded lowest with 13.5% while and the emergence of the internet have revolutionized
lost/ stolen merchandise recorded highest with 40% from
business activities enabling new ways of conducting
business referred to as electronic commerce [2; 3].
2010 to 2013. Secondly, fraudulent transactions through
Electronic commerce (e-commerce) describes the process
alternative payments recorded the lowest in average with
of buying, selling, transferring, or exchanging products,
19.75% compare to others while Credit card recorded highest
services, and/or information through computer networks,
in average with 62.25% from 2010 to 2013. It was therefore
RT
principally the Internet [3]. Electronic commerce can also
concluded that there is higher security failure in lost/ stolen
be defined as ―the sharing of business information,
merchandise and credit card fraud. However, ThreatMetrix maintaining of business relationships, and conducting of
can detect stolen credit cards in real-time and also it can business transactions by means of telecommunications
IJE

secure customer user accounts to ensure they are not networks‖ [2]. The Increase mobility and changing online
compromised. Therefore, ThreatMetrix was recommended to shopping practices, advert and other business transactions
be deployed in all e-commerce transactions to protect the are creating shifts in the role e-Commerce plays in overall
merchants and the customers from the most occurring retail operations. A subset of e-business is e-commerce,
security failures. which describes the buying and selling of products,
services, and information or making transactions via
Keyword - Chargeback; Customers; E-Commerce; E- computer networks, including the Internet.
Commerce Security; Internet fraud; Merchants
Electronic commerce activities include the inter-
I. INTRODUCTION organizational processes of market-based sell-buy
relationships and collaboration (known as business-to-
Electronic commerce, commonly known as E-commerce or business, or B2B, commerce) and consumer-oriented
e-Commerce, is trading in products or services conducted activities (business-to-consumer, i.e., B2C, and consumer-
via computer networks such as the Internet. Electronic to-consumer, or C2C), as well as the intra-organizational
commerce draws on technologies such as mobile processes that support them [2]. Electronic commerce as a
commerce, electronic funds transfer, supply chain way of doing business has significant advantages;
management, Internet marketing, online transaction organizations are embracing e-commerce as a means of
processing, electronic data interchange (EDI), inventory expanding markets, improving customer service, reducing
management systems, and automated data collection costs, and enhancing productivity [4]. Efficiencies are
systems. Modern electronic commerce typically uses the experienced in marketing and advertising; ecommerce
World Wide Web at least at one point in the transaction's makes disintermediation possible, eliminating the
life-cycle, although it may encompass a wider range of middleman [3]. Other efficiencies include reduced
technologies such as e-mail, mobile devices, social media, inventory and round the clock access at no additional cost.
and telephones as well [1]. Ecommerce enables higher customization [5] allowing
organizations to improve customer service. A vital benefit
E-commerce has brought about remarkable developmental of ecommerce is access to global markets which enables
changes in the general buying and selling process globally businesses to expand their reach. The Internet allows for
by providing a lift to the traditional business transaction unconstrained awareness, visibility and opportunity for an
processes. Today, individuals, private and public owned organization to promote its products and services [6].

IJERTV3IS070500 www.ijert.org 495

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

comScore presentation [11] reports that nearly 70 percent

However, the security problems arising from e-commerce of customers consider the Internet to be an important factor
vulnerabilities keeps increasing with time due to the in making buying decisions, and 60 percent have gone
continuous increase in fraud and hacking practices. online to do research before purchasing items in a store.
Customers and merchants have suffered tremendous
categories of loss in their e-commerce transactions as a Electronic commerce is a shorthand term that clinches a
result of one failure or the other in the electronic commerce complex and continuous growing amalgam of technologies,
transaction. There are two major key players or ends in the infrastructures, processes, and products. It brings together
e-commerce: the customer and the merchant or the whole industries and narrow applications, producers and
business owner. Security failures can occur in any of the users, information exchange and economic activity into a
ends. Since e-commerce uses the internet as its market global marketplace called ―the Internet.‖ Hence, the
place therefore; it suffers all the security problems internet is the major factor which provides the services of
encountered by the internet users. Moreover, the internet electronic commerce to the sellers and buyers of business
fraud has generally been at the increase as the internet and goods and services. Therefore, increasing the availability of
computer technology (ICT) grows. Hence, in order to internet directly helps to expand the electronic commerce
achieve the benefits of e-commerce in the society, the market place. There is no universal definition of electronic
internet fraud prevention must be given adequate attention commerce because the Internet marketplace and its
to protect merchants and customers in e-commerce participants are so numerous and their intricate
transactions. relationships are evolving so rapidly [12]. Nonetheless, one
of the best ways of understanding electronic commerce is
Internet fraud prevention is the act of stopping various to consider the elements of its infrastructure, its impact on
types of internet fraud. Due to the many different ways of the traditional marketplace, and the continuum of ways in
committing fraud over the Internet, such as stolen credit which electronic commerce is manifested. This approach
cards, identity theft, phishing, and chargeback, users of the shows clearly how electronic commerce is intricately
Internet must make sure to avoid such scams. Internet fraud woven into the fabric of domestic economic activity and
must be prevented on two ends. First, there is the basic user international trade. Electronic commerce as it has evolved
who may be susceptible to giving away personal today requires three types of infrastructure:
information in a phishing scam, or have it be acquired by  Technological infrastructure to create an Internet
RT
rogue security software or a keylogger [7]. In a 2012 study, marketplace. Electronic commerce relies on a variety of
Mcfee found that 1 in 6 computers do not have any sort of technologies, the development of which are proceeding
antivirus protection, making them very easy targets for at breakneck speeds (e.g., interconnectivity among
IJE

such scams [8]. Business owners and website hosts are also telecommunications, cable, satellite, or other Internet
engaged in the ongoing battle of preventing Internet fraud. ‗backbone;‘ Internet service providers (ISPs) to connect
Due to the illegal nature of fraud, they must ensure that the market participants to that backbone; and end-user
users of their services are legitimate. Websites with file devices such as PCs, TVs, or mobile telephones).
hosting must work to verify uploaded files to check for  Process infrastructure to connect the Internet
viruses and spyware, while some modern browsers perform marketplace to the traditional marketplace. This
virus scans prior to saving any file (there must be a virus infrastructure makes payment over the Internet possible
scanner previously installed on the system) [9]. However, (through credit, debit, or Smart cards, or through online
most files are only found to be unclean once a user falls currencies). It also makes possible the distribution and
prey to one. delivery (whether online or physical) of those products
purchased over the Internet to the consumer.
II. LITERATURE REVIEW  Infrastructure” of protocols, laws, and regulations.
This infrastructure affects the conduct of those
Joved and Vinod [10] suggested that electronic commerce, businesses engaging in and impacted by electronic
or e-commerce, refers to the purchase and sale of goods commerce, as well as the relationships between
and services over the Internet. Fundamentally, e-commerce businesses, consumers, and government. Examples
is about the people, process, and technology involved in include technical communications and interconnectivity
allowing a consumer or business to purchase goods or standards; the legality and modality of digital
services from another business or individual. They stated signatures, certification, and encryption; and disclosure,
that for centuries, traditional commerce has involved privacy, and content regulations.
physical brick and mortar businesses, stores, shopping
malls, catalog sales, and so on. In the last hundred years, Electronic commerce can be considered as a package of
other channels for commerce, such as telephone and innovations [2]. The dependent variable is adoption of
television sales were established. With the growth and ecommerce. Adoption of ecommerce is defined as the use
widespread availability of the Internet in the 1990s, a of computer networks, principally the internet, for sharing
sizeable commerce activity moved to the World Wide of business information; maintaining of business
Web. Today, consumers go to their favorite e-commerce relationships; and conducting of business transactions [2;
sites to not only to buy and sell, but to conduct research, 3]. The likelihood of ecommerce adoption was put into
review, or comment on products and services. A recent operations as a dichotomy: whether the business has or has

IJERTV3IS070500 www.ijert.org 496

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

not adopted ecommerce. According to Lavin et al [13] a good anti-virus or breakdown of firewalls etc. Some
business is defined as having adopted ecommerce if it is current examples include a popular home-banking system
achieved interactive ecommerce status. There are six-phase that stores a user‘s account number in a Web ―cookie,‖
ecommerce status indicators relevant to ecommerce in which hostile Web sites can crack [16], ineffective
mostly the developing countries; which are: no ecommerce, encryption or lack of encryption for home wireless
connected e-commerce, static ecommerce, interactive networks [17], and mail-borne viruses that can steal the
ecommerce, transaction ecommerce, and integrated user‘s financial data from the local disk [18] or even from
ecommerce. the user‘s keystrokes [19]. Whereas these specific security
problems will be fixed by some software developers and
Security of E-Commerce Web site administrators, similar problems will continue to
occur with increasing rate. Alternatives to the home
Mark and Donald [14] stated that security is a major computer include point-of-sale (POS) terminals in bricks-
concern for e-commerce sites and consumers alike. They and-mortar stores, as well as a variety of mobile and
argued that Consumers fear the loss of their financial data, handheld devices with continually updated anti-virus and
and ecommerce sites fear the financial losses associated operating systems.
with break-ins and any resulting bad publicity. Not only
must e-commerce sites and consumers judge security According to Mark and Donald [14], the user‘s Web
vulnerabilities and assess potential technical solutions, they browser connects to the merchant or business owner on the
must also assess, evaluate, and resolve the risks involved. front end. When a consumer makes an on-line purchase,
the merchant‘s Web server usually caches the order‘s
The internet and its services have suffered a lot of security personal information in an archive of recent orders. This
problems especially in the recent times. Since the archive contains everything necessary for credit card fraud.
electronic commerce makes use of the internet as its market Further, such archives often hold 90 days‘ worth of
place, it has equally suffered the same security issues customers‘ orders. Naturally, hackers break into insecure
causing a lot of loss in the transaction and thereby reducing Web servers to harvest these archives of credit card
the trust and dependability of the technology. It is numbers. Several recent thefts netted 100,000, 300,000,
unfortunate that online fraud collectively costs merchants and 3.7 million pieces of credit card data. Accordingly, an
billions of dollars each year, and it is not going away. A e-commerce merchant‘s first security priority should be to
RT
recent Internet Retailer survey (Fraud rates increase for keep the Web server‘s archives of recent orders behind the
24% of web retailers over the past year) shows that 24% of firewall, not on the front-end Web server [20]. In addition,
respondents say that fraud rates for online transactions sensitive servers should be kept highly specialized by
IJE

have increased over the past year [15]. Meanwhile, fraud turning off and removing all nonessential services and
rates have stayed the same for 63% of respondents; just applications such as FTP, e-mail etc. Other practical
12% say fraud rates have decreased [15]. suggestions to secure Web servers can be found in [21; 22;
23].
Unfortunately, just as merchants, internet service providers,
and computer system and software manufacturers find Furthermore, the back end may connect with third party
ways to bolster protection in one area of the e-commerce, fulfillment centers and other processing agents through the
criminals soon find new weak spots and techniques, same internet connection. Arguably, the risk of stolen
triggering another round of costly fraud and detection product or information is the merchant‘s least important
measures. Operating a secure online store and general security concern, because most merchants‘ traditional
business transaction is challenging, to say the least. Yet, by operations already have careful controls to track payments
minimizing losses due to fraud and using security to build and deliveries. However, these third parties can release
online business through customer confidence, merchants valuable data purposely or otherwise through their own
can increase the profitability of their e-Commerce vulnerabilities. The description above is the simplified
initiatives. model of e-commerce architecture, nonetheless, a number
of security problems still exist. It was even note that
E-Commerce Security Issues encrypted e-commerce connections do little to help solve
any but network security problems and whereas other
There are many points of failure, or vulnerabilities, in an e- problems might be addressed by encryption, there are still
commerce environment. In some e-commerce cases, a vulnerabilities in the software clients and servers.
customer contacts a business web site for e-commerce
transaction and then gives his or her credit card details and Types of Frauds Threatening E-Commerce
address information for shipping a purchase and these
personal information the customers give out can be used Typically, all online retailers and other e-commerce
against the owner by fraud stars [14]. Typically, transaction users are scared of online fraud. Keeping the
authentication begins on the customer‘s home computer business and customers safe should always be at the top of
and its browser. However, security problems in home your priority list of every business owner. Often times, e-
computers offer hackers other ways to steal e-commerce commerce business owners are troubled about what types
data and identification data from users due to either lack of of fraud they should look out for to protect their business

IJERTV3IS070500 www.ijert.org 497

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

and customers. The following is list of fraud and tips on payments provider to host your payments page on their
how you can protect yourself from such breaches: server. From the customer‘s end he or she should
ensure that the latest version of the CMS (Content
1. Card fraud – this is probably the most common of Management System) is always used on which the
online scams. Essentially a thief gets their hands on website is built and that the hosting is secure.
someone‘s card details and uses those to pay for goods Regularly change passwords to the website and make
on the Internet. Fortunately thanks to schemes such as sure that any third party software and plugins used are
3D Secure (―Verified by Visa‖ or ―MasterCard also secure and trustworthy.
SecureCode‖) most consumers will have set up a 5. Phishing - Phishing is a scam or fraudulent activity by
special password to protect themselves from such which an e-mail user is duped into revealing personal
occurrences. If that is not the case then you as a or confidential information which the scammer
business can help by monitoring your sales and using (phisher) can use illicitly [27]. Communications
advanced fraud tools to spot suspicious transactions. If purporting to be from popular social web sites, auction
you feel that the person using a card is potentially a sites, banks, online payment processors or IT
thief, you can simply refuse to authorize the purchase administrators are commonly used to lure unsuspecting
[24]. According to Wikipedia [1], Credit card fraud is public. Phishing emails may contain links to websites
the unauthorized use of a credit card to make a that are infected with malware [28]. Phishing is
transaction. This fraud can range from using the credit typically carried out by email spoofing or instant
card to obtain goods without actually paying, or messaging and it often directs users to enter details at a
performing transactions that were not authorized by fake website whose look and feel are almost identical
the card holder. Credit card fraud is a serious offense, to the legitimate one. There are four main types of
and punished under the charge of identity theft. The phishing techniques: link manipulation, filter evasion,
majority of this type of fraud occurs with counterfeit website forgery, and phone phishing. Legislation, user
credit cards, or using cards that were lost or stolen. training, public awareness, and technical security
Approximately 0.01% of all transactions are deemed measures are all attempts to control the growing
fraudulent, and approximately 10% of Americans have number of phishing attacks. The damage caused by
reported some type of credit card fraud in their phishing ranges from denial of access to email to
lifetimes [25]. substantial financial loss. It is estimated that between
RT
2. The man-in-the-middle attack – this is where a cyber- May 2004 and May 2005, approximately 1.2 million
criminal eavesdrops on a session between your shop computer users in the United States suffered losses
and the customer and records the cardholder data being caused by phishing, totaling approximately US$929
IJE

exchanged. The best way to stop such attempts is by million. United States businesses lose an estimated
using an SSL certificate. All payment service US$2 billion per year as their clients become victims
providers will use such protection on their payment [29]. The address that the individual knows is the
gateways and you will also need to obtain one for your company's genuine website can be typed into the
website. This should eradicate most attacks [24]. address bar of the browser, rather than trusting any
3. Identity Theft - Identity theft, also called identity fraud, hyperlinks in the suspected phishing message this will
is a term used to refer to a crime in which someone help to prevent phishing. Nearly, all legitimate e-mail
steals and uses another person‘s personal information messages from companies to their customers contain
and data without permission. It is a crime usually an item of information that is not readily available to
committed for economic gain. Stolen personal data phishers. It is up to the customer to use his or her
includes Social Security Number's (SSN), passport discretion to separate genuine emails from phishing
numbers, or credit card numbers, which can easily be emails and prevent phishing attacks [30].
used by another person for profit. It is a serious crime 6. Malicious Code – there are different types of malware
that can have negative effects on a person‘s finances, used by criminals. The most common include key-
credit score and reputation. There are three specific loggers or spyware (captures data as the user enters it),
types of identity theft aside from the broad term. Tax- backdoor (gives the hacker remote access to your
related identity theft is when a criminal uses someone computer), command and control (looks for and
else's SSN to get a tax refund or a job. Child identity executes commands). The best way to protect one from
theft is when a criminal uses a child‘s SSN to apply for such attacks is to keep any software on the computer
governmental benefits, open bank accounts, or apply up to date, use an anti-virus programme and perform
for a loan. Medical identity theft is when a criminal regular scans on the machine.
uses someone else's name or health insurance to see a 7. Chargeback - A chargeback is not necessarily a
doctor, get a prescription or other various medical fraudulent activity. In its most basic sense, a
needs [26]. chargeback is when an issuing bank, a bank where
4. Hacking – this is a very bad scenario where a fraudster consumers acquire credit cards, reverses a prior charge
gains access to the control tools of your website. This from a bank account or credit card at the request of a
gives them unrestricted access to all of the pages, cardholder because there was a problem with a
including the payment page. You can minimize the transaction. The problem could be anything from a
damage from such an attack by allowing your situation where the consumer did not receive the

IJERTV3IS070500 www.ijert.org 498

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

product they purchased [31], to one where the third body: a key distribution center. The keys are not
cardholder was not satisfied with the quality of the identical, but each is shared with the key distribution
product, to a situation where the cardholder was a center, which allows the message to be read. Then the
victim of identity theft [32]. The concept of a symmetric keys are encrypted in the RSA manner, and
chargeback rose as a measure of consumer protection rules set under various protocols. Naturally, the private
taken by issuing banks and credit card companies. keys have to be kept secret, and most security lapses indeed
Chargebacks were a measure to protect cardholders arise here.
from identity theft and the unauthorized transitions
from identity theft. Chargebacks also provide inventive Encryption also involves using the key pair but in reverse.
to producers and sellers to provide products of Once your message is completed you encrypt the file using
consistent quality and efficient customer service. the recipient's public key ensuring that only the recipient
can ever access that message with their private key
However, with the rise of technology [33], and the
resulting increase in online and telephone transactions Digital Signatures and Certificates
and commerce, it has become easier to commit fraud
via chargebacks. Chargebacks are an interesting Digital signatures meet the need for authentication and
concept because the process protects consumers from integrity. To vastly simplify matters (as throughout this
identity theft fraud, but opens the door for consumers page), a plain text message is run through a hash function
to commit chargeback fraud. Chargeback fraud is also and so given a value: the message digest. This digest, the
known as ―friendly fraud.‖ Friendly fraud is the term hash function and the plain text encrypted with the
for when a consumer authorizes a transaction for an recipient's public key is sent to the recipient. The recipient
online purchase on his or her credit card, receives the decodes the message with their private key, and runs the
product or products the consumer paid for, but then message through the supplied hash function to that the
later the same consumer files for a chargeback [31]. message digest value remains unchanged (message has not
The fraudulent filing for a chargeback results in a been tampered with). Very often, the message is also times
consumer keeping and avoiding paying for the tamped by a third party agency, which provides non-
products they ordered. repudiation.
The best way to prevent friendly fraudsters is for
RT
producers to require signatures for the delivered What about authentication? How does a customer know
packages upon their arrival. This will provide very that the website receiving sensitive information is not set
specific information to the producers about the up by some other party posing as the e-merchant? They
IJE

delivery. The only drawback to signature confirmation check the digital certificate. This is a digital document
is the fact that it increases shipping costs, which still issued by the CA (certification authority: Verisign, Thawte,
hurt producers‘ bottom line [34]. etc.) that uniquely identifies the merchant. Digital
certificates are sold for emails, e-merchants and web-
III. SECURITY METHODS servers. Digital signature shall be discussed in detail in
subsequent units of this course.
The electronic commerce merchants continually provide
solutions to the security issues to protect their business and Secure Socket Layers
customers, unfortunately, the fraudsters and hacker work
with the same pace to break possible security methods. SSL stands for Secure Sockets Layer. This is the technique
However, the best security in e-commerce can be achieved in which web servers and web browsers encrypt and
with proper carefulness in applying the most updated decrypt all of the information that they transmit and
security method. The following are some certified security receive. Secret decoder rings time. Both ends establish and
methods [15]. use the same scheme for making sure that no one else is
listening to their conversation. Information sent over the
Encryption Internet commonly uses the set of rules called TCP/IP
(Transmission Control Protocol / Internet Protocol). The
Privacy is handled by encryption. In PKI (public key information is broken into packets, numbered sequentially,
infrastructure) a message is encrypted by a public key, and and an error control attached. Individual packets are sent by
decrypted by a private key. The public key is widely different routes. TCP/IP reassembles them in order and
distributed, but only the recipient has the private key. For resubmits any packet showing errors.
authentication (proving the identity of the sender, since
only the sender has the particular key) the encrypted SSL uses PKI and digital certificates to ensure privacy and
message is not encrypted again, but this time with a private authentication. The procedure is something like this: the
key. Unfortunately, PKI is not an efficient way of sending client sends a message to the server, which replies with a
large amounts of information, and is often used only as a digital certificate. Using PKI, server and client negotiate to
first step — to allow two parties to agree upon a key for create session keys, which are symmetrical secret keys
symmetric secret key encryption. Here sender and recipient specially created for that particular transmission. Once the
use keys that are generated for the particular message by a

IJERTV3IS070500 www.ijert.org 499

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

session keys are agreed, communication continues with her user accounts and their credentials. With ThreatMetrix
these session keys and the digital certificates. the customer can secure user accounts, ensure they are not
compromised or a source of e-commerce fraud.
ThreatMetrix detects compromised accounts across
multiple dimensions, including [35]:
 Automated logins from bots and compromised
PCI, SET, Firewalls and Kerberos devices.
 Phishing attacks and detection of compromised
Credit card details can be safely sent with SSL, but once accounts being used to commit fraud.
stored on the server they are vulnerable to outsiders  Malicious software, including web-based and
hacking into the server and company network. A PCI machine resident malware.
(peripheral component interconnect: hardware) card is  Access from suspicious locations, unrecognized
often added for protection, therefore, altogether is adopted: computer settings or from masked machines.
SET (Secure Electronic Transaction). Developed by Visa
and Master-card, SET uses PKI for privacy, and digital TrustDefender Cybercrime Protection Platform
certificates to authenticate the three parties: merchant,
customer and bank. More importantly, sensitive The TrustDefender Cybercrime Protection Platform‘s
information is not seen by the merchant, and is not kept on unique and game-changing approach leverages the
the merchant's server. Firewalls (software or hardware) collective power of the Global Trust Intelligence Network.
protect a server, a network and an individual PC from ThreatMetrix detects web fraud by analyzing online
attack by viruses and hackers. Equally important is identities and their associated devices, using anomaly and
protection from malice or carelessness within the system, velocity rules to make real-time decisions. It builds a
and many companies use the Kerberos protocol, which uses comprehensive online persona of each user attempting an
symmetric secret key cryptography to restrict access to online transaction, by combining online identities and
authorized employees. device fingerprints while also detecting anomalies and
malware-based compromises. Business policies allow
Transaction Fraud Prevention configuration of user trust levels to fit each organization‘s
business model. Shared intelligence across millions of
RT
In transaction fraud prevention security approach, e- daily transactions processed by the Global Trust
commerce sites must make instant decisions about card- Intelligence Network provides predictive analytics, to
not-present (CNP) interactions by deploying some proven protect online businesses and reduce customer friction. The
IJE

techniques such as the ThreatMetrix. The ThreatMetrix TrustDefender Cybercrime Protection Platform is the only
detects stolen credit cards in real-time by combining device solution that offers all of these critical components and
attributes, malware detection and sophisticated analytics provides them in a single, integrated solution. This
with the user identity and transaction details. This real- collective approach ensures that customers have maximum
time analysis offers online merchants an additional layer of visibility into the activities of fraudsters and hackers [15].
protection to reduce the costs of fraud while protecting the
online experience for legitimate customers. Reduce costs of IV. E-COMMERCE FRAUD RESULTS AND
transaction fraud charge backs and fees. It also performs DISCUSSIONS
the following duties [35]:
 Protect transactions and customers from malware There are numerous statistical reports concerning the
targeting their credit cards and online identity. incessant and creasing rate of fraud against e-commerce
 Reduce lost sales from false negatives with transactions. E-commerce security failures had been
advanced device identification and context- categorized by fraud types which are can be: identity theft,
sensitive fraud detection. friendly fraud, fraudulent request for return/refund, or lost
 Address payment card industry (PCI) standards or stolen merchandise. The statistical report in figure 1
for preventing data breaches. shows that identity theft occurred lowest with 13.5%
average from 2010 to 2013 compared to other fraud types.
Account Take-over Protection It gradually increased from 11% in 2010 to 17% in 2013.
Electronic commerce consumers often lack the client-side This signifies that fraud through identity theft has been in
security they need to protect themselves from account good control but there is an increase in security failure
compromise. Using ThreatMetrix, the customer can toward such fraud type.
identify a variety of attacks designed to steal user account
credentials, the precursor to e-commerce fraud. There is an average decrease in the growth of friendly fraud
ThreatMetrix detects Trojans, phishing attacks, man-in-the- and fraudulent request for return/refund from 20% in 2010
browser (MitB) attacks and other attacks on computers, to 18% in 2013 which shows that the security measures
smartphones, tablets and other web-enabled devices. It also applied are effectively working towards reducing the
detects activity from already compromised accounts. By occurrence of such frauds.
using the account takeover prevention solution, the
customer gains instant visibility into the integrity of his or

IJERTV3IS070500 www.ijert.org 500

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

The report shows that lost or stolen merchandise recorded

highest with an average value of 40% from 2010 to 2013. It
was shown in the result that it recorded lowest with 36% in
2013 and highest with 45% in 2010. This signifies that
despite the unsteady nature of the fraud type and high
occurrence, there was success in the recent result towards
reducing the occurrence of such fraud. The distribution of
fraud types is shifting towards those associated with the
greatest costs. Lost and stolen merchandise declined from
45% to 36% over the past year. This type of fraud may be
factored into shrink, and does not typically burden
merchants with additional costs beyond replacing and
redistributing merchandise. ID fraud, which can result in
greater liability for merchants, rose from 12% of fraud in
2012 to 17% in 2013 [36]. Figure 3: Fraud incidents by type of payment methods [37]

Mobile merchants are incurring the greatest fraud losses as

a percent of revenue among all merchant segments (0.75%
in 2013). This is the only segment to have not benefitted
from a decrease in fraud as a percent of revenue from 2012
to 2013, yet mobile merchants are seeing an increase in
revenue through this channel (from 14% in 2012 to 19% in
2013) [36].

V. CONCLUSION AND
RECOMMENDATIONS
Figure 1: Percent of Fraudulent Transactions Attributable to Fraud Types
[36] Electronic Commerce is a business method which makes
RT
use of the internet as its market place where the merchants
Figure 2 shows the percent of fraudulent transactions showcase and market their business products and services
attributable to payments methods among merchants and the customers can make selections and purchase the
goods and services using their payment detail and address
IJE

accepting specific payment methods. From the report,

fraudulent transactions through alternative payments information. It has numerous benefits which can help both
(PayPal, BillMeLater, eBillme, Google checkout etc.) the merchants and the customer to make their transactions
recorded the lowest in average with 19.75% compare to quickly with ease and low cost. However, the problem of
others while Credit card recorded highest in average with security has affected the e-commerce progress in the
62.25%. The result also shows that fraudulent transactions society at large. The security problems of e-commerce can
through credit card reduced from 66% in 2010 to 58% in be attributed to the failures of internet which provides the
2013 showing slight success in reducing its occurrence. market platform, the merchant and the customer ends.
There are many types of fraud which have troubled the
users of e-commerce which can be in the form of the
following: Card fraud, the man-in-the-middle attack,
Malicious Code etc.

The results of the survey carried out on the e-commerce

security shows that identity theft as a fraud type recorded
lowest with 13.5% while lost/ stolen merchandise recorded
highest with 40% from 2010 to 2013. It was therefore
concluded that there is higher security failure in lost/ stolen
merchandise. Since ThreatMetrix can detects stolen credit
Figure 2: Percent of Fraudulent Transactions Attributable to Payments cards in real-time by combining device attributes, malware
Methods among Merchants Accepting Specific Payment Methods [36]. detection and sophisticated analytics with the user identity
and transaction details, it should be deployed generally to
The result illustrated in figure 3 also shows that fraudulent solve the security problem in the lost/ stolen merchandise.
transactions committed through credit/ debit card recorded
highest with 75% from 2012 to 2013. While refund fraud From the results, fraudulent transactions through
and voucher/ gift fraud recorded the lowest with 3% each. alternative payments (PayPal, BillMeLater, eBillme,
Google checkout etc.) recorded the lowest in average with
19.75% compare to others while Credit card recorded
highest in average with 62.25% from 2010 to 2013.
Therefore, it was concluded that more fraudulent

IJERTV3IS070500 www.ijert.org 501

 International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
Vol. 3 Issue 7, July - 2014

transactions are carried out through credit/ debit cards. [24] ―Top Types of Fraud Threatening Your E-Commerce‖,
http://www.paypoint.net/ideas/business-support/online-fraud-
Since ThreatMetrix can secure customer user accounts to
types/, Retrieved July 6, 2014
ensure they are not compromised or a source of e- [25] ―Credit Card Fraud Statistics‖,
commerce fraud and also detects compromised accounts http://www.statisticbrain.com/credit-card-fraud-statistics/,
across multiple dimensions. Therefore, ThreatMetrix was Retrieved July 6, 2014
[26] ―Consumer Information: Identity Theft‖,
recommended to be deployed in e-commerce transactions
http://www.comsumer.ftc.gov/features/feature-0014-identity-
to protect the merchants and the customers. theft, Retrieved July 6, 2014
[27] Merriam-Webster Dictionary http://www.merriam-
REFERENCE webster.com/dictionary/phishing, Retrieved July 6, 2014
[28] Niels, P., 2014, ―Safe Browsing. Google Blog‖,
[1] Wikipedia. ―E-Commerce‖, http://en.wikipedia.org/wiki/E- http://googleonlinesecurity.blogspot.jp/2012/06/safe-browsing-
commerce, Retrieved June 22, 2014 protecting-web-users-for.html, Retrieved July 6, 2014
[2] Zwass, V. ―Electronic Commerce and Organizational Innovation: [29] Paul L. P., 2013, ―How Can We Stop Phishing and Pharming
Aspects and Opportunities‖, International Journal of Electronic Scams?‖
Commerce, 2003. http://web.archive.org/web/20080324080028/http:/www.csoonlin
[3] Turban, E., King, D., Lee, J., & Viehland, D., ―Electronic e.com/talkback/071905.html, Retrieved July 6, 2014
Commerce: A Managerial Perspective‖, New Jersey: [30] Wayback Machine, 2006, ―Anti Phishing Tips You Should Not
Pearson/Prentice Hall, 2004. Follow‖,
[4] Wenninger, J., ―The Emerging Role of Banks in E-Commerce‖, http://web.archive.org/web/20080320035409/http:/www.hexview.
Current Issues in Economics and Finance, 6(3) 2000. com/sdp/node/24, Retrieved July 6, 2014
[5] Choi, S. & Winston, A., ―Benefits and requirements for [31] ―Chargeback Guide‖,
interoperability in electronic marketplace‖, Technology in https://www.paypal.com/us/webapps/mpp/security/chargeback-
Society, 22, pp33–44, 2000. guide, Retrieved July 6, 2014
[6] Senn, J. Business-to-business e-commerce. Information Systems [32] ―Chargebacks: A Survival Guide‖
Management, Spring, 2000, pp23–32, http://www.cardfellow.com/blog/chargebacks/, Retrieved July 6,
[7] Wiki. ―Internet Fraud Prevention‖, 2014
http://en.wikipedia.org/wiki/Internet_fraud_prevention, Retrieved [33] ―Chargeback Fraud‖, https://chargebacks911.com/chargeback-
July 2, 2014 fraud/, Retrieved July 6, 2014
[8] Tomsh, 2012. ―1 in 6 Windows PCs Have Zero Antivirus [34] Sarasota F.L, 2012, ―Common Charge Backs Often Associated to
Protection‖, http://www.tomshardware.com/news/M,15826.html, Friendly Fraud‖, http://fraudpractice.com/News-Friendly-Fraud-
Retrieved July 1, 2014 Chargebacks.html, Retrieved July 6, 2014
[9] Mozillazine, 2012. [35] ThreatMetrix, 2014, ―Less fraud, more orders. Use real-time
―Browser.download.manager.scanWhenDone‖, defenses to minimize credit card fraud and account takeover risks
RT
http://kb.mozillazine.org/Browser.download.manager.scanWhen while keeping the customer experience hassle-free‖,
Done, Retrieved July 3, 2014 http://www.threatmetrix.com/industries/e-commerce/, Retrieved
[10] Javed S. and Venod S., ―A Prescriptive Architecture of Electronic July 6, 2014
Commerce and Digital Marketing‖, Microsoft Corporations, [36] LexisNexis, ―Merchants Struggle against an Onslaught of High-
IJE

Version 2.0, 2010. Cost Identity Fraud and Online Fraud‖ Annual Report,
[11] comScore, ―State of the U.S. Online Retail Economy Through LexisNexis Inc., 2013
Q1 2009‖, comStore, Inc., 2009. [37] ―Retail Crime Survey-E-Commerce Retailers Fight Online
[12] OECD 1999, ―The Economic and Social Impact of Electronic Fraud‖, Payments Cards and Mobile (PCM),
Commerce‖, www.oecd.org/dsti/sti/it/ec/act/SACHER.HTM, http://www.paymentscardsandmobile.com/retail-crime-survey-e-
Retrieved July 2, 2014 commerce-retailers-fight-online-fraud/, Retrieved July 7, 2014
[13] Lavin A. Xaveria F. and Lindh J, ―Factors Affecting E-
Commerce Adoption in Nigerian Banks‖, Jonkoping International
Business School, Jönköping University, 2006.
[14] Mark S.A and Donald T.D., ―Privacy and Security Issues in E-
Commerce‖, Elsevier Science (USA), 2003.
[15] Gerald C. O., ―E-Business Security‖, National Open University of
Nigeria, 2009.
[16] Graves, P., and Curtin, M. 2000, ―Bank One Online Puts
Customer Account Information At Risk.‖
http://www.interhack.net/pubs/bankone-online, Retrieved July 3,
2014
[17] Borisov, N., Goldberg, I., and Wagner, D. ―Intercepting Mobile
Communications: The Insecurity of 802.1‖, Proceedings of the
Seventh Annual International Conference on Mobile Computing
and Networking, 2001, 180–189.
[18] Roberts, P. 2002, ―Bugbear Virus Spreading Rapidly‖ PC World
Online, October 2, 2002.
[19] Neyses, J.. ―Higher Education Security Alert From the U.S.
Secret Service: List of Keystroke Logging Programs.‖
http://www.unh.edu/tcs/reports/sshesa.html, Retrieved July 1,
2014
[20] Winner, D. ―Making Your Network Safe for Databases‖, SANS
Information Security Reading Room, July 21, 2002.
[21] Tipton, H., and Krause,M.―Information Security Management
Handbook‖, New York: CRC Press, 2002
[22] Garfinkel, S., ―Web Security, Privacy and Commerce.‖
Cambridge, MA: O‘Reilly and Associates, 2002
[23] Garfinkel, S., Schwartz, A., and Spafford, G. ―Practical Unix
Internet Security‖, Cambridge, MA: O‘Reilley, 2003

IJERTV3IS070500 www.ijert.org 502

View publication stats