THE INSTITUTE OF FINANCE MANAGEMENT (IFM)
MWANZA CAMPUS
e-Business
ITU 08509
Lecture Four
e-Commerce - Security Systems
Security is an essential part of any transaction that takes place over the internet. Customer
will lose his/her faith in e-Business if its security is compromised. Following are the essential
requirements for safe e-Payments/transactions:
o Confidential − Information should not be accessible to unauthorized person. It
should not be intercepted during transmission.
o Integrity − Information should not be altered during its transmission over the
network.
o Availability − Information should be obtainable wherever and whenever
required within time limit specified to authorized person.
o Authenticity − There should be a mechanism to authenticate user before giving
him/her access to required information.
o Non-Reputability − It is protection against denial of order or denial of payment.
Once a sender sends a message, the sender should not able to deny sending the
message. Similar the recipient of message should not be able to deny receipt.
o Encryption − Information should be encrypted and decrypted only by authorized
user.
o Auditability − Data should be recorded in such a way that it can be examined
for integrity requirements.
Measures to ensure Security
These are some of the measure to ensure security during online payments (e-Payments):
1. Encryption − Encryption is a process of converting plain text or data into ciphertext
so that the transmitted information cannot be accessed by anyone other than the
receiver and the sender. The idea of encryption is (1) to secure stored data and (2)
to guard information transmission.
2. Digital Signature − Digital signature is an encrypted message with a unique private
key capable of verification. The signature is linked to the data in such a way that in
case the data is altered, the electronic signature is automatically invalidated.
Page 1 of 3
�3. Security Certificates − Security certificate is unique digital id used to verify
identity of an individual website or user. A website security certificate is a validation
and encryption tool, part of the HTTPS protocol, which secures and encrypts data
going back and forth between the server and the client browser. It is issued by a
trusted certification authority (CA) who verifies the identity of the owner of a
website. The certificate then ensures the user that the website it is connected to is
legitimate and that the connection is safe and secure.
4. Secure Socket Layer (SSL) - The SSL implements data encryption, optional client
authentication, server authentication, and message integrity for TCP/IP connections.
The protocol’s design aims to prevent eavesdropping, tampering of information, and
forgery while transmitting data over the Internet between two interacting
applications.
Secure Socket Layer is a traditional protocol, widely adopted across the e-Commerce
industry. It meets the following security provisions: −
Authentication
Encryption
Integrity
Non-reputability
"https://" is to be used for HTTP urls with SSL, whereas "http:/" is to be used for
HTTP urls without SSL.
5. Secure Hypertext Transfer Protocol (SHTTP) - SHTTP extends the HTTP internet
protocol with public key encryption, authentication and digital signature over the
internet. Secure HTTP strives to make transactions more secure by negotiating
encryption schemes used between a server and the client. Created to coexist and
seamlessly integrate with the HTTP, it enables optimal end user security through
multiple defense mechanisms.
6. Secure Electronic Transaction (SET) - The SET specification, collaborated by
MasterCard and VISA, ensure the safety of all parties involved in an e-Commerce
transaction. It is specifically designed to perform critical functions like:-
Authenticating cardholders and merchants
Ensuring confidentiality of information and payment data
Define protocols and electronic security service providers
7. Educate users (employees & customers) -This is the key to everything:
customers and employees must be educated about how they can best protect
themselves. This can be done through installing a "frequently asked security
questions" page on your e-Commerce website (storefront or Auction). Questions
include the name of the customer's mother's middle name. You should also include
security measures that employees and customers can include within their e-
Commerce site to ensure privacy.
Page 2 of 3
�8. Firewall your servers and application - is a network security device or application
that monitors incoming and outgoing network traffic and decides whether to allow or
block specific traffic based on a defined set of security rules.
9. Access controls - Authentications and authorizations ensure that no intrusion
attempts are made to access the network (primary internet). Most companies use
two-factor authentication and though it can add inconvenience to users, it can
ensure that even in case of password hacks the user information is not
compromised. The most common two-factor authentication method is creating a
one-time password and messaging it to the cell phone.
Page 3 of 3
