Introduction
E-Commerce (Electronic commerce) is one of the recent and emerging internet services. E-Commerce is simply, the doing of commerce using Electronic Technology such as internet, or other computer networks. The E-Commerce comprises the activities such as selling and buying of the products through internet. Security in the E-Commerce is one of the most challenging parts. As usual, there are several security threats associated with the E-Commerce, as in all kinds of the internet services. Though there are lots of advantages in conducting the business through e commerce, threats may keep people away from E-commerce.
What are threats in E-Commerce?
The popularity of internet makes the increase in threats to industry and organizations in the world. Website defacement, denial of service, theft of customer data or intellectual property, financial fraud etc are some threats in the E-commerce. Threats to E-Commerce can be classified into two general categories: threats to servers and threats to the customers. Threats to server may be from an actual attacker(s) or by technological failure.
Identity theft is one of the recent threats to the E-Commerce. This paper explores the details of identity theft – A recent threat in the E-Commerce.
What is identity theft?
Identity theft is a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else. Or in other words, identity theft can be defined as, the stealing of one person’s personal information by another to commit fraud or other crimes. The most common form of identity theft occurs when someone obtains another person’s social security number, date of birth or any other confidential data. Thieves utilize this information for retrieving money from our bank account, or to create fake driving license, or to apply for loan in our name etc. In the term Identity theft, the word ‘identity’ refers to any confidential data concerned with the user.
History of Identity Theft
The history of identity theft did not start with the arrival of the Internet. But it nowadays has become the most related with internet. Back at the beginning of the history of identity theft, if you wanted to steal someone’s identity, you had to kill him for it. Currently, identity theft is much less dangerous. Identity theft is widely considered to be the fastest growing crime in the world. The rapid growth of identity theft is due to popularity of internet and E-Commerce. Recently the subject ‘identity theft’ got more importance, because victims of identity theft are increasing rapidly. Few crimes have made people more anxious more quickly as the sudden attack of identity theft.
E-Commerce services are all about transactions, and these dealings are very largely driven by money. This attracts hackers, crackers and everyone to the E-Commerce with the knowledge of exploiting loopholes in a system. Hackers sometimes gain access to secured information like user accounts, user details, passwords, addresses, confidential personal information etc. It is a significant threat in view of the privileges one can avail with a false identity. For instance, one can effortlessly log in to an online shopping mart under a stolen identity and make purchases worth thousands of dollars.
He/she can then have the order delivered to an address other than the one listed on the records. One can easily see how those orders could be received by the impostor without arousing suspicion. While the fraudster gains, the original account holder continues to pay the price until the offender is caught. Once they get chance to intrude into server, they feed the system with numerous bits of dubious information to extract confidential data (This is called phishing). This is particularly dangerous as the data extracted may be that of credit card numbers, security passwords, transaction details etc. Also, Payment gateways are vulnerable to stop by unethical users. Cleverly crafted strategies can sift a part of the entire amount being moved from the user to the online vendor. (Pandey, 2009).
Method of identity thefts
Identity theft can affect all aspects of a victim’s daily life and often occurs far from its victims. Identity thieves use both traditional physical methods as well as internet related methods.
Traditional physical methods
This method consists of, stealing of information from personal computers, collecting confidential data from persons, by the trusted people, probing trash bins for retrieving documents, robbing of a purse or wallet, which may contain the credit card, password details etc., e-mail theft and rerouting, reading over your shoulder (“shoulder surfing”), dishonest employees, telemarketing and fake telephone calls.
Internet-related methods
With the popularity of email and the web, plus the rising use of electronic payment systems, it is easy to see why criminals are exploiting this field. Identity theft villains have adopted new techniques; in the virtual world, we see various types of attacks that apply to the real world: Hacking, unauthorized access to systems, and database theft. Apart from stealing hardware, criminals frequently compromise systems, diverting information directly or with the help of listening devices, such as sniffers and scanners, on the network. Hackers gain access to a large deal of data, decrypt it (if necessary), and use the data for utilizing somewhere else. (Paget, 2007).
Consequence of identity theft
The consequence of identity theft can be staggering. Generally, the result of threat in E-Commerce affects transaction, reputation and the trust of online trading of the business. The lack of consumer confidence is another effect of this threat. Threats like identity theft produce damage to image and the reputation of the firm, which is more severe than the loss of profit. This kind of attack ruins the company, if majority of its business occurs online, which will help the competitors. The threat of identity theft may even result in diminution of the popularity of E-commerce
The identity theft mainly affects the customers rather than the business organization. Life may be locked by this kind of attack. Thieves, who stole the customers’ identity, can spend their hard-earned money completely and can use their good name and credit record. In the meantime, victims may lose job opportunities, be refused loans, mortgages, education, housing or cars, or even get arrested for crimes they didn’t commit.
Prevention of identity theft
Whatever may be threat there should be a proper mechanism for simplifying the aftereffects of threat. The identity theft can be prevented to a certain extent by proper vigilance of both the customer and the organization. Our carelessness may cause the danger of loss to our life. It should be noted that half of all identity thefts are committed by someone victim know. Here are some steps which will help customers to prevent identity theft.
Protect your social security number and the credit card. When choosing a PIN, use one that is hard to guess. Commit all passwords or PIN to memory. Never write them or carry them. Don’t use it too freely, and don’t carry your social security card on your purse. Protect your garbage. Shred all documents containing personal information before throwing them in the garbage. Protect your credit report, and check it for irregularities, unexplained problems, and credit accounts that you did not open. Don’t give out the confidential data through telephone, mail, or over the internet. Never follow the links sent in the mistrusted mails. Destroy the hard drive or any other storage device of computer before selling, because it may contain confidential data.
Use firewall anti-spyware, and anti-virus software for your personal computer, and keep them up to date. The password should be carefully used and try to avoid the usage of birth date, nickname etc. as your password.
Risk assessment
Risk can be defined as the probability that a threat will take place. The risk is related to the threat, vulnerability and the consequence. Risk management is the process of identifying and controlling risk. Risk management includes assessment and mitigation of risk. Risk assessment means an assessment of the vulnerabilities and threats to the information and physical assets to yield the risk of compromise.
It includes threat analysis, asset valuation and vulnerability analysis. It is a collaborative process that attempts to answer the following questions: what assets need to be protected; who/what are the threats and vulnerabilities; what are the suggestions if the assets were damaged or lost; what is the value of the assets to the company; and what can be done to minimize exposure to the loss or damage. The main areas in a Risk Assessment are scope definition, data collection, policies and procedures review, threat and risk analysis, vulnerability assessment, and development, implementation, and audit of recommendations.
A Risk Assessment is also a continual process that should be reviewed regularly to ensure that the protection mechanisms are currently in place. Firewall is used in system to prevent the threats, and protect the data. Firewall enables this, by encrypting, authentication and authorization. (Risk assessment, n.d).
Conclusion
Hackers are interested in E-Commerce, because it is driven by the money. So security in the E-Commerce should be critical. The many threats including identity theft are people and process related, and not technical. The regular vigilance of both people and the business organization is the best solution for the prevention of threats like identity theft. Identity theft occurs when hackers steal our identity, so we should be aware of our information.
The company should be alert about their servers, which contain the confidential data of customer. The hacker is looking for a chance to intrude into server. So the organization must be aware of this by using up to date data securing software. The organization should implement revised strategies in a timely manner, and monitor the risks and analyze results. Security approaches propose to implement and retain a set of baseline controls suit for e-commerce system. It is also better to maintain user id and authentication via strong password, secure tokens or biometric.
References
Paget, Francois. (2007). Identity theft. McAfee. 6. Web.
Pandey, Sanjeev. (2009). Ecommerce threats and solutions. Ezine Articles. Web.
Risk assessment. (n.d.). Procinct Security. Web.