In order to reassure online consumers that their transactions are secure and their credit information is safe, governments, merchants, and computer system vendors need to promote the culture of security in e-commerce. Governments need to educate people on security issues and to give up-to-date information on the way of protecting themselves against attacks. Governments need also to set up e-commerce laws and to enforce them so as to take appropriate measures against cyber crime. Merchants need to purchase more sophisticated version of software applications that have strong encryption, firewalls and other security tools. They also need to set up within their business organizations policies regarding security of information systems and should include statements on privacy and security in their websites text and graphics so as to assure online consumers. Vendors of computer systems should acknowledge that they need to be part of the solution to e-commerce security problems. Thus, they need to develop new techniques and new products so as to cope with current and future hackers’ attacks. Through such commitment, safety and privacy will be promoted in e-commerce.
Table of Contents
1. Introduction
2. Security threats against the online consumer
3. Security threats against the consumer’s computer
4. Security threats against the Internet connection between consumer and the server of the merchant’s Web site
5. Security threats against the server of the merchant’s Website
6. Guessing passwords
Research Objectives and Topics
The primary objective of this essay is to identify and analyze the critical security threats facing Business-to-Consumer (B2C) e-commerce systems, specifically focusing on the vulnerabilities of the online consumer, their personal hardware, network connections, and merchant servers.
- Analysis of social engineering techniques and phishing schemes targeting online consumers.
- Examination of vulnerabilities in consumer computers and the necessity of firewalls.
- Evaluation of risks associated with insecure network connections, including packet sniffing and the importance of SSL encryption.
- Investigation of server-side threats such as Denial of Service (DoS) attacks, software bugs, and unauthorized access via root exploits.
Excerpt from the Book
Security threats against the online consumer
The possible attacks from a hacker can aim at tricking an online consumer to make the latter believe that he/she is the merchant that consumer was looking for. To achieve his/her goal, a hacker can use social engineering techniques that imply surveillance of the online consumer’s behavior and collecting information to use against that consumer.
In his article “Social engineering: 3 examples of human hacking”, posted on http://www.csoonline.com/article/663329/social-engineering-3-examples-of-human-hacking, accessed on July 25, 2011 at 7:00 p.m GMT, Joan Goodchild highlights the remarkable talents of a social engineering expert named Chris Hadnagy who was hired as a social engineering auditor to access the servers of a printing company that had many competitors. Even if in the beginning the Chief Executive Office of that company stated that hacking him would be hardly possible, Hadnagy managed to achieve his objective by using subtle tactics that can also be used by hackers against an online consumer.
First of all Hadnagy collected information so as to get to know where the servers were located, IP and e-mail addresses, mail servers, physical addresses, the names and job titles of employees, etc. He also got to know that CEO had a member of his family who had battled cancer and lived and that by that fact, he was committed in cancer fundraising and research. Via Facebook, he got other personal information about the CEO like his favorite restaurant and sports team.
Summary of Chapters
Introduction: Provides a foundational overview of e-commerce and defines the scope of B2C security, focusing on availability, integrity, and confidentiality.
Security threats against the online consumer: Details how social engineering and deceptive tactics are used to manipulate consumers and harvest personal information.
Security threats against the consumer’s computer: Discusses technical vulnerabilities in end-user devices and the crucial role of personal firewall implementation.
Security threats against the Internet connection between consumer and the server of the merchant’s Web site: Analyzes the dangers of data interception, such as packet sniffing, and the necessity of protocols like SSL/HTTPS.
Security threats against the server of the merchant’s Website: Examines server-side exploits, including Denial of Service attacks and the exploitation of known software bugs.
Guessing passwords: Explains the mechanics of automated password attacks and the importance of implementing robust account lockout and security auditing policies.
Keywords
E-commerce, Security threats, B2C, Social engineering, Phishing, Packet sniffing, Encryption, SSL, Denial of Service, DoS, Server security, Password guessing, Cybersecurity, Firewalls, Data integrity.
Frequently Asked Questions
What is the core focus of this paper?
The paper identifies and examines the various security threats inherent in Business-to-Consumer (B2C) e-commerce, specifically looking at how different components of the system can be compromised.
What are the primary target areas for hackers in B2C e-commerce?
The essay identifies four main points of attack: the online consumer, the consumer's computer, the network connection, and the merchant's server.
What is the main objective of this study?
The primary goal is to educate stakeholders—governments, merchants, and consumers—on existing threats and to propose defensive strategies such as encryption, auditing, and better education.
What scientific methods are utilized in this document?
The essay employs a qualitative analysis approach, synthesizing existing industry articles, cybersecurity reports, and technical guidelines to categorize and propose defenses against specific threat vectors.
What topics are covered in the main section of the essay?
The main sections cover social engineering, client-side hardware vulnerabilities, network security protocols, server-side exploits like DoS, and authentication security.
Which keywords best characterize this work?
Key terms include e-commerce security, B2C, social engineering, encryption (SSL), and network sniffing.
What is a "Trojan Horse" in the context of the example provided?
The paper uses the example of a manipulated PDF file sent to a CEO, which, once opened, installed a shell allowing unauthorized access to his machine, serving as a modern digital stratagem.
Why is standard SMS banking considered insecure according to the text?
The paper notes that SMS messages are often sent in plaintext across the global communication network without end-to-end encryption, making them susceptible to interception.
- Citation du texte
- Masters of Arts (Marketing) Jules Miller (Auteur), 2011, E-Commerce Security Threats, Munich, GRIN Verlag, https://www.grin.com/document/180609
