Question

What type of security on e-commerce website? To whom or to what? What are the Potential threats to your website?

Answer 1

1,Use SSL is a digital certificate that encrypts information sent between a web browser.It is one of the most effective ways to achieve data security o your eCommerce website and to keep your customer data protected.SSL also promts customers that your website is secure enough to grant their credit card data.

PCI compliance is a security requirement created by major credit card brands in an attempt to reduce fraud and increase eCommerce website security.The Payment Card Industry Data Security Standard(PCI DSS) applies to all companies who process,transmit and store payment card data online.

2.Use a Real-Time Bot Detection Technology to Eliminate Price Scraping and other Online Frauds. The impact on an eCommerce business can be substantial in terms of compromised website,depressed sales and lost opportunities.Additionally,automated processes that constantly scan commerce sites for pricing data may hit many pages and use up server resources.

3.Use a Web Application Firewall fro Network Level Security. A WAF is a hardware or software system that essentially works as a gateway between two or more networks ,permitting authorized traffic and blocking unauthorized or potentially malicious traffic from accessing a network.

                  There are a few important things to keep in mind before you implement a WAF solution for your eCommerce website.For a firewall to be effective.it has to be properly configured.

6 dimensions of e-Commerce security

     1.Integrity:prevention against unauthorized data modification.

     2.Nonrepudiation: prevention against any one party from reneging on an agreement after the fact.

     3.Authenticity: authentication of data source.

     4. Confidentiality: protection against unauthorized data disclosure.

     5. Privacy: provision of data control and disclosure

    6. Availability: prevention against data delays or removal

E-COMMERCE THREATS:

Threats: anyone with the capability ,technology,opportunity,and intent to do harm Potential threats can be foreign or domestic,internal or external ,state-sponsored or a single rogue element Terrorists,insiders, disgruntled employees,and hackers are included in this profile .

1.Loss of Privacy/confidentiality ,data misuse/abuse.

2.Cracking,eavesdropping,spoofing,rootkits.

3.Viruses,Trojans,worms,hostile ActiveX and Java.

4.System unavailability,denial of service,natural disasters,power interruptions.

5.Intellectual property treats - use existing material found on the Internet without the owner's permission.

6.Client computer threats

      -Trojan horse

      -Active contents

    -Viruses

7.Communication Channel threats

      -Sniffer program

     -Backdoor

    -Spoofing

   -Denial - of service

8.Server threats

    -Privilege settings

    -Server side include (SSI),Common Gateway Interface(CGI).

    -File Transfer

   -Spamming.