Data Security In E-commerce

Introduction

Ever since Michael Aldrich created online shopping in 1979 (Miva 2011), and with the advancement of technology, shopping at the comfort of one’s home has grown to become very popular nowadays. But with the existence of e-commerce, comes privacy issues (Muneer, Razzaq & Farooq 2018, p. 1) and security issues. This report will discuss the benefits of e-commerce along with the security issues faced by e-commerce users as well as the possible solutions to the problems.

Benefits of E-commerce

It is clear that e-commerce is very beneficial to both companies and potential customers. E-commerce allows businesses to reach a wider demographic audience to sell their products to and with a lower cost (Apruve 2017). The same source also mentioned that due to customer tracking and analytics, businesses are able to gain insights as to what their customer likes, and therefore the customer can have a more personalised shopping experience.

Tracking customers’ interests to improve their online shopping experience sounds like a good idea until you realise the possible privacy and security issues that come with it, which are discussed in the coming paragraphs.

Security and Privacy Issues

After some research, there are quite a number of security and privacy issues faced within the e-commerce industry, some of which are explained below.

Re-selling of Intellectual Property

A Journal written by Muneer, Razzaq and Farooq (2018, p. 2) said that “E-commerce business providers are freely re[selling] the intellectual property of their customers. This is also an issue of the privacy of the individual using online trading sites and sharing their personal stuff without knowing the reselling rights.”

This means that customers’ personal information are being sold by e-commerce businesses without the customers’ knowledge. This can be concerning to them because they are not aware of secondary use of their information by third parties, which may result in customer distrust and potentially, their private information being stolen. The merchant site in which a customer made the purchase may be secure and have strong encryption, but if their information is sold to third parties that lack security, hackers are able to attain the customer information.

After all, as Muneer, Razzaq & Farooq (2018, p. 1) also said, “[t]he growth and trust upon E-Commerce business totally depend on the security and privacy policy of the site” and the “most important factor is to build trust among users.”

Cybercriminals: the most dangerous issue?

As mentioned in the previous paragraphs, lack of security and encryption create opportunities for hackers to steal customers’ personal data, for example, credit card information. There are various ways in which cybercriminals can get one’s personal information, some of them are explained below.

Theft & Fraud

One of the most popular issues of e-commerce is theft and fraud. Hackers harvest customers’ personal data such as credit card numbers by breaking into the e-commerce site’s web servers (Menzheres 2018, Khan 2019). They can later sell the stolen information on black markets (Menzheres 2018).

According to Daly (2019), credit card fraud cases in the US has been steadily increasing since 2014. In 2014 there are 55,553 credit card fraud cases and that number nearly tripled within 4 years.

Man-in-the-Middle

The man-in-the-middle approach is where hackers gain customers’ personal information by tracking the activity when users of e-commerce are making a purchase. Users are tricked into connecting to a public wireless network by hackers. These hackers can then obtain information, such as browsing history, passwords, and credit card numbers after gaining access to the user’s devices if the site that they are visiting do not have strong encryptions (Menzheres 2018).

Phishing

Phishing is the act of tricking people into giving their personal information by pretending to be a trusted site or reputable company. Emails are sent to people’s inboxes with a link to a malicious site that mimics an e-commerce site with the intention of obtaining their private information, such as login credentials or credit card numbers (Menzheres 2018).

Possible Solutions

Use an Address Verification System (AVS)

Menzheres (2018) states that an AV system compares the billing address provided by the customer at checkout with the address stored on the debit or credit card issuer. If the information that the customer provided does not match with the information stored on the card, the system can block the transaction, hence making this system “[o]ne of the safest ways online retailers can facilitate credit card processing” (Menzheres 2018).

SSL Certificate

SSL certificates keeps users’ data secure by encrypting them so only the intended recipient can read it (SSL Shopper n.d.). These certificates prevent information loss or prevent customers of online retailers from financial fraud. They also provide authentication to identify the online retailer and also secure users’ data (Menzheres 2018).

Furthermore, SSL Shopper (n.d.) also states that SSL certificates provide trust. A trust seal (the green lock or bar next to the site address) is given by SSL providers to gain more trust from customers. Moreover, these certificates also protect users against phishing. The same source said that it is hard for attackers to obtain proper SSL certificate and thus they will not be able to “perfectly impersonate your site” because the malicious site that user is taken to will not have a trust seal. Therefore, it is unlikely that a user falls for the phishing attack if they do not see a trust indicator in their browser.

Two-Factor Authentication

All online payment or online banking services should implement a two-factor or two-step authentication to ensure that the user is actually trying to login or make a transaction. A piece of information only a user should know will be required in addition to their login credentials (Usman & Ishola 2017, p. 32), for example, a one-time pin (OTP). That pin will be sent to the user’s registered mobile number, and will be required to input it whenever they try to login or make a transaction. This way, it makes sure that the account holder is actually trying to access or modify their account. Using two-factor authentication also makes it harder for cybercriminals to hack into people’s accounts.

Ensure Secure Connection

The man-in-the-middle method that was mentioned previously tricks users into connecting to a public Wi-Fi so cybercriminals can listen to the communications made by users. Nield from WIRED (2018) said that “Ideally, you wouldn’t ever have to use it”, suggesting that one should not use public Wi-Fi. But if one must, using a VPN (Virtual Private Network) can keep a user secure. Kaspersky (n.d.) and Nield (2018) suggested that using a VPN helps one stay safe when using public Wi-Fi. Both sources said that a VPN encrypts data travelling through a network and connects the user to a secure server. By using a VPN, users are protected from attackers trying to steal their data.

Conclusion

Even though shopping can now be a fingertip away, shoppers must still be aware of the risks of online purchasing. In my opinion, most online shopping sites have already implemented a secure shopping experience, by using encryption and SSL certificates, most online banking services also use two-factor authentication to make sure the account holder is actually making a transaction, but cybercriminals are smart and will always try to find a loop hole to these protection mechanisms. It is important for shoppers to always have the risks of online shopping in mind so they do not fall for traps set up by cybercriminals.

Reference List

Apruve, 2017, ‘E COMMERCE ADVANTAGES AND DISADVANTAGES’, Apruve, 21 July, viewed 12 March 2020, .
Daly, L 2019, Identity Theft and Credit Card Fraud Statistics 2019, The Ascent from the Motley Fool, viewed 12 March 2020, .
Ishola, OB, Usman, M 2017, ‘Implementing a Secured E-Payment Authorisation System Using Two-Factor Authentication (T-FA)’, International Journal of Research in Engineering and Science (IJRES), vol. 5, no. 3, p.32.
Kaspersky, n.d., ‘Public Wifi Security’, Kapersky, viewed 13 March 2020, .
Khan, SW 2019, Cyber Security Issues and Challenges in E-commerce, Institute for Technology & Management, viewed 7 March 2020, .
Menzheres, A 2018, ‘Recent E-commerce Security Issues and Best Practices (2018)’, eTeam, 6 April, viewed 5 March 2020, .
Miva, 2011, ‘The History of Ecommerce: How Did It All Begin?’, Miva, 26 October, viewed 5 March 2020, .
Muneer, A, Razzaq, S, Farooq, Z 2018, ‘Data Privacy Issues and Possible Solutions in E-commerce, Journal of Accounting & Marketing, vol. 7, no. 3, pp. 1-2.
Nield, D 2018, ‘Simple Steps to Protect Yourself on Public Wi-Fi’, WIRED, 5 August, viewed 13 March 2020, .
SSLShopper, n.d., ‘Why SSL? The Purpose of Using SSL Certificates’, SSLShopper, viewed 10 March 2020, .