Data Security in the Digital Era:
Issues and Challenges
Dr. Jayanti Goyal Anjali Vijayvargiya
Jayanti Goyal Anjali
Dept. of Computer Science Assistant
Kanoria PG Mahila Mahavidyalaya Kanoria
PG Mahila Mahavidyalaya
No.: +91-9828458172 Contact
plays a critical aspect in our daily routine; whether it is for getting access
to the bank account or it is for paying the bill over the network. At present, on
this technology of digitalization, personal information vulnerabilities have
increased so far. So security becomes a crucial part in any online transaction.
This information can keep private by various security measures, including
strong authentication, encryption and digital signatures; each ensuring that
our valuable information is available only to those who have authorized access
rights. These security measures are very capable to prevent unauthorized access
of personal data. There are 2 major concerns for both e-commerce customers and
websites; Privacy is the control over one’s own data whereas Security
is the protection which prevents unauthorized access on the data over the network.
Clients will lose their faith towards e-commerce if their valuable data is
compromised at any level.
due to its ubiquitous nature, E-Commerce sites are accessed by anyone at
anywhere. As customers increases the risk have also increased in such a way
that we need to considered security as a major challenge. This paper would throw
light on E-commerce security, its purpose, different security issues and challenges
and the way they affect trust and behavior of a customer within the environment
of purchasing or buying the product.
E-Commerce, Authentication, Encryption, Digital Signature, Privacy, Security
or electronic commerce is broadly considered as buying and selling the goods
and services over the network. It includes significant business area such as
shopping, banking, tickets booking, paying bills and taxes, food delivery and
much more other option available. E-commerce is subdivided into three categories: business
to business or B2B (Cisco), consumer to consumer or C2C (eBay) and business to consumer
or B2C (Amazon). E-commerce Security is a part of the Information Security
framework and is in particular carried out to the components that affect
e-commerce that include Computer Security, Data security and other wider realms
of the Information Security framework.
e-commerce applications that take care of payments such as electronic
transactions using credit cards or debit cards, online banking, PayPal or other
tokens have more compliance issues and are at increased risk from being
targeted than other websites as they suffer greater consequences if there is
data loss or alteration. Mule, Trojan horse and worms if launched against
client systems, pose the greatest threat to e-commerce privacy and security
because they can subvert most of the authorization and authentication
mechanisms used in an ecommerce transaction. Trust has always been an important
element in influencing consumer behavior toward merchants and has been proven
to be of high significance in uncertain environments such as Internet-based environments.
While a variety of factors such as branding and store reputation may influence
trust, one missing factor is the face-to-face communication and lack of touch
and feels which is present in physical interactions. Therefore, it has been
argued that trust would be favorably influenced by increase in perceptions of
security and privacy in E-commerce transactions.
How e-commerce works?
A customer wants to order a product online by
his/her computer. Web browser then communicate with the web server that
manages the e-commerce store’s website.The Web server sends the order to the order
manager which is the central computer that operates orders from submission
to dispatch through every stage of processing.The order manager then queries the store
database to check whether the customer wants is actually in stock or not.If the item is not found in stock database then the
system can order new supplies from the wholesalers or manufacturers. And if the item or product found in the stock
database then the order manager continues to process it. Next it communicates with the merchant system
to make payment using the customer’s credit or debit card number. The bank computer confirms whether the
customer has enough funds.The merchant system authorizes the transaction to go
ahead after done with payment.Then merchant system contacts to order manager after
payment being done.The order manager confirms that the transaction has
been successfully processed and then notifies the Web server.The Web server shows a Web page confirming that
order has been processed and the transaction has been complete to the
customer. The order manager then request to the warehouse to
dispatch the goods to the customer.A dispatch truck then collects the goods from the
warehouse.Once the goods have been dispatched, the warehouse
computer e-mails the customer to confirm that goods are on the way.The goods are delivered to the customer.
purpose behind choose data security is following-
the process behind online shopping.
To deal with
the purpose of security in e-commerce.
To discuss the
different security issues which are faced during e-commerce transactions
various security threats.
of Security in E-Commerce:
security is a crucial part of any online transactions that happens often and
takes place over the network. There are various dimensions of e-commerce
It refers to prevention against unauthorized data modification.
That means information or data should not be altered during its transmission
which takes place online.
It refers to prevention against the denial of order or payment. Once a sender
sends her transaction details, the sender should not be able to deny sending
the message. Similarly, the receiver of message
should not be able to deny the receipt.
It refers to authentication of data source. There should be a mechanism to give
authentication only authorized person or user.
It refers to protection against unauthorized data disclosure.
That means data or information should not be accessible or available to an
unauthorized person. The data has to be between the client and server only. It
should not be intercepted over the transmission.
It refers to provision of data control and disclosure of data.
It refers to prevention against data delays or removal of data. Information
should be available whenever and wherever it required.
Issues in E-commerce:
Data is transferred over the
network by login or by transaction details. To secure those data from
unauthorized access, E-commerce security provides a protection layer on
e-commerce assets. Consumers hesitate by the fear of losing their financial
data and e-commerce sites frighten about their financial losses and that
results to bad impact on publicity. There are many security issues associated
with e-commerce such as critical issues, social issues and organizational
issues. An online transaction requires a customer to disclose sensitive
information to the vendor in order to make purchase, placing him at significant
risk. Transaction security is concerned with providing privacy in transactions
to the buyers and sellers and protecting the network from breakdowns and third
party attack. It basically deals with-
Issues related with customers or Clients
Security – if their data is not secured over the network, then it is an
issue to think about. Organization has to provide security feature and take
guarantee that data is secured by them. Techniques and practices that protect
user privacy and integrity of the computing system.
Issue related with Server Security
– to protect web server, software and associated hardware from break-ins,
vandalism from attacks. If there is an error in that software which implements
security and by any reason it is not providing that security so it is the
second case which also takes seriously.
Issue related with Transactions Security
– to provide guarantee protection against eavesdropping and intentional message
modification such ad tapping, intercepting and diverting the intended data.
A. Security threats – The
various types of security threats exist in e-commerce.
– it is harmful code that harms the computer system and makes it useless after
attack. It includes virus, worms, Trojan horse etc.
Phishing and Identity Theft
– it is a type of attack in which user data such as login credentials and
credit and debit card numbers steal by the attacker by providing an email,
instant message. By clicking in this malicious link and providing his/her
details then, their data hack easily by the intruder.
it includes illegal access to data or systems for some malicious purpose. Two
types of attack are included for unauthorized access, one is passive
unauthorized access, in which the hacker keeps his eye only on the data that is
over the network and further used it for their own illegal ambitions. However,
in active unauthorized access the hacker modifies the data with the intention
to manipulate it. Home computer, point-of-sale and handheld devices can easily
get affected by this attack.
Denial of service-
hackers flood a website with useless traffic to target a computer or a network
and to stop them working properly. It may occur by spamming and virus. Spamming
is an unusual email bombing on the targeted device by the hacker. By sending
thousands of email one after the other, the system is affected by this attack.
Theft and fraud-
fraud occurs when the stolen data is used or modified for illegal action.
Hackers break into insecure merchant web servers to harvest archives of credit
card numbers generally stored along with personal information when a consumer
makes an online purchase. The merchant back-end and database is also
susceptible for theft from third party fulfillment centers and other processing
B. Defensive measures
against security threats
The defensive measures used in
transactions security are:
– it’s far the system of converting plain text or information into cipher text
that can’t be examined by using every person except the sender and receiver. It
is accomplished with the help of mathematical algorithm the key’s required to
decode the message. In an asymmetric key encryption each the sender and
receiver use the same key to encrypt and decrypt the messages whereas symmetric
or public key encryption makes use of two digital keys which are public and private
to encrypt and decrypt the messages.
Secure Socket Layer
– the SSL protocol provides data encryption, server authentication, client
authentication and message integrity for TCP/IP connections. It prevents
eavesdropping, tampering or forgery when data is transported over the internet
between two applications. It is system networking protocol for
securing connections between network application clients and servers over an
insecure network, such as the internet.
Secure hypertext transfer protocol
– An Internet protocol for encryption of Hypertext Transfer Protocol (HTTP)
traffic. Secure Hypertext Transfer Protocol (S-HTTP) is an application-level
protocol that extends the HTTP protocol by adding encryption to Web pages. It
additionally gives mechanisms for authentication and signatures of messages.
Digital Signature –
A Digital Signature Certificate (DSC) is a secure digital key that certifies
the identity of the holder, issued by a Certifying Authority (CA). It typically
contains your identity (name, email, country, APNIC account name and your
public key). Digital Certificates use Public Key Infrastructure meaning data
that has been digitally signed or encrypted by a private key can only be
decrypted by its corresponding public key. A digital certificate is an
electronic “credit card” that establishes your credentials when doing
business or other transactions on the Web.
Almost all data security issues are
caused by the lack of effective measures provided by antivirus software and
firewalls. Here are the following measures, on the basis of which security is
Some organizations cannot provide access controls to
divide the level of confidentiality within the company.Access control encryption and connections security
can become inaccessible to the IT specialists who rely on it.Unethical IT specialists practicing information
mining can gather personal data without asking users for permission or
notifying them.When a system receives a large amount of
information, it should be validated to remain trustworthy and accurate;
this practice doesn’t always occur, however.Automated data transfer requires additional security
measures, which are often not available.Most distributed systems computations have only a
single level of protection, which is not recommended.
Today, e-commerce is widely taken into consideration for
the buying and selling of goods and services over the internet, however any digital
transaction that is completed entirely through digital measures can be considered
in e-commerce. Day by day e-commerce playing very good role in online retail
marketing and peoples using this technology day by day increasing all over the world. So it is very essential to take security parameter seriously
in case of e-commerce transactions. E-commerce security is the protection of e-commerce
assets from unauthorized access, use, alteration, or destruction.
only must e-commerce sites and consumers judge security vulnerabilities and
assess potential technical solutions, they must also assess, evaluate, and
resolve the risks involved. A networked application cannot offer complete
measures of connectivity, security, and ease-of-use simultaneously; there appears
to be an intrinsic trade-off here, and some sacrifice is unavoidable. For that
reason, the security concern at first place over the other from an e-commerce
merchant’s perspective and web servers has to provide the customer that.
Furthermore, sensitive servers should be kept highly specialized, by turning
off and removing all inessential services and applications (e.g., ftp, email).
Until e-commerce vendors achieve the necessary delicate balance of privacy,
trust and security. Therefore the mechanisms such as encryption, protection,
verification and authentication are used to implement security in proper way.
The marketplace can be trustworthy only when consumers sense trust in
transacting in that surroundings.
1 “E-Commerce- Study of Privacy, Trust and Security from Consumer’s Perspective”
International Journal of Computer
Science and Mobile Computing, IJCSMC, Vol. 5, Issue. 6, June 2016, pg.224 – 232
2 “Security Issues over E-Commerce
and their Solutions” https://www.researchgate.net/publication/317612828_Security_Issues_over_ECommerce_and_their_Solutions
3 Website Link http://www.bbamantra.com/transaction-security-e-commerce/
4 Website Link http://www.datacenterknowledge.com/archives/2016/01/19/nine-main-challenges-big-data-security