Introduction
E-commerce is becoming an important focus to many businesses across the globe because of the accompanying benefits and also because of the need to advance towards modern systems. Internet in this way holds a greater potential of business opportunity. In addition, individuals are increasingly appreciating and using the internet as a means of communication and a portal to carrying out operations like booking for international travels and holidays that were formerly done manually. On a general scale, records would indicate increasing usage of internet across the globe with more people visiting the internet than before. In order to take up the opportunities and the challenge, business companies are realizing the importance of not only automating their businesses but also expanding the operations to become multinational through usage of technological innovations that have emerged to link businesses, people, and communities.
As adoption of technology takes place in stages, companies are meeting the challenges involved in the implementation of the information systems that are necessary to boost their business operations, experience lesser costs and barrier reduction in their operations such as lessen time for selling (Wyckoff & Colecchia, 1999). The advantages and factors that have made usage of internet expand have on the other side contributed to the growth of internet. In order to ease operations, businesses are moving towards internet payment options that are done on the click of a button. Usage of internet with systems which are compatible with relatively traditional means of doing businesses like paying through credit cards and those systems which provide other payment options like online peer-to-peer payments (P2P), electronic bill presentment and payment (EBPP) and account aggregation which may be inter-linked with services innovations, and offerings of companies like the PayPal have gained increasing use to ease and quicken business transactions. Coming with these systems is the need to exchange information which may be personal. Because the exchange is through networks, data and electronic information is exposed to hacking and general data breach, which may result in the stealing of such information leading to actual theft for the money or improper usage of the information like illegal advertising among others. Protection of information that is being exchanged between the customer and the business service provider is becoming of importance. In addition, awareness may have increased with the data breaches and violation happening even to larger organizations. Thus securing the data becomes a challenge, because there appears to be people looking for the areas of weaknesses to strike through hacking and initiating data breaches. In addition, internet and electronic crime is in these days not only happening tragically but also through a well thought out and organized system.
Background
Although there exists techniques and means of solving internet hacking and data breaches, usually the information required for implementation require an expert because of the complexity and specialties in the requirements and investment on the whole hardware and software system which may be termed as additional cost to the already existing system. In addition, these systems may also require updates to take care of the emerging and upcoming needs. Diverse technological solutions have also been devised which means that the company may also require to consider which would be the best-usually through a specialist-but all the same this may take more time than would be expected. A survey conducted by Riemenschneider and McKinney (2001-2002 qtd. in Bharadwaj et al., 2007) involving 184 small business owners indicated that security and costs were the greatest handles facing small businesses in the adoption of e-commerce. Companies which have also found the need to connect with preferred suppliers in order to improve their businesses have linked them with internet to exchange vital information in time and considerable speed. Companies are also meeting the challenge to cope with already established rules and regulations concerning implementation of measures to avoid data breaches within certain countries and regions. Certain levels of security for the data being handles to and from these regions would be necessary to meet so as to keep on or launch their businesses in these places. For example, there are rules and regulations established by the Electronic Communication establishes guidelines for traffic data on matters of retention, for purposes of processing (for value added services, and marketing purposes), disputes, consent to processes involved and general provisions relating to traffic data processing (Electronic Communications Guidance Part 2, 2003).
Objective of the Paper
Internet security is an important factor to consider when implementing e-commerce and business information systems. Observance of high level of security is not just a tool for the current environment of advanced technology, but a necessity to ensure privacy in business operations to avoid loss of important company’s and customers’ private information. Loss of data as a result of failure to observe security measures can be as dangerous as the data breach or hacking, both of which may cause the company to incur losses. It is therefore necessary to ensure that data in a business or non-business organization is observed. The paper reviews the general security issues relating to company and customer information in the e-commerce internet environment. Further, the paper examines the loopholes of data breaches, data loses and hacking in a company in an e-commerce environment, which includes external and internal data losses and breaches and proposes ways in which these can be avoided and counteracted. This paper will discus both technological and regulation approach to providing solutions to data breaches, hacking of systems and data losses.
Literature Review
Security of data and information provided over the network is of significance. Existing and potential customers are today aware of the underlying needs of security observance and the dangers for failing to ensure security of their information. According to Johnson (2001), 63% of those interviewed in an IBM multinational privacy study which entailed 3000 customer participants of firms in Great Britain, Germany, and USA.
Emerging needs in the business arena is making business organizations to focus in implementing technological and informational systems that will enhance their businesses through improved efficiency, improved speed and cost. Adoption of business innovations is not an issue left to large corporations only, but even to small business ventures. Companies are aligning themselves to harness the changing consumer trends towards sophistication and the usage of website in purchasing. On the one hand, usage of internet has grown as a result of growth in technology which has created a good environment for invention and adoption of quicker systems while on the other hand companies have realized the benefits to enhance their operations via usage of evolving systems. Both have been coupled with the increasing acceptance or demand to use the internet by the existing and potential customer. Growth of internet usage has resulted into further inventions which have not only reduced the time spent for transactions and reduction in cost but also eliminated the actual contact between the customer and the buyer. Thus currently, companies are using technological innovations that support payments over the internet. These facilitate the transfer of ownership of commodities through exchange of banking information and therefore payments are made by charging the customers credit card or deposit accounts such as Paypal. Other systems like the Paypal do not only allow payment but that the customer can also deposit money into their account. These businesses have become a target by internet thieves who want to steal the information, and use it for other benefits.
Data loss has become easier with the increasing usage of data soft copy mechanisms that allow data to be stored and manipulated in soft copies. Data loss in a company to expose information to insecure contacts can either be through internal or external means. External exchange of information may present an opportunity for the malicious user intending to get illegally the information being exchanged. He/she may capture TCP/IP transmission which carries passwords and card information for example, by locating his/her equipment in between the two parties. The companies therefore need to use a system of encrypting all communication. Brute-force technique may be used to attack the system that stores customers’ information (Herzog, 2001; Viega & McGraw, 2002; qtd. in Sawma & Probert, n.d.) and obtain a copy of the “credential information” even if encryption for the information has been observed. The attacker may then succeed by applying numerous possible combinations of information to gain entry into the system. These possible combinations are also encrypted by using the algorithm that was used to originally encrypt the “true” credential information. A strong cryptography algorithm, for example RSA cryptosystem with a strong key as a standard system for secure cryptography can be helpful in such an operation.
Internal data losses present a security threat to personal information in business organizations. This is where the employees and the staff of the company may carry away customer or other information, leak it away, hack the system, irresponsible handling of data and deletion. A company may also be exposed to security threats and data breaches for information if they are unaware of the security protocols (Jankowski, n.d.). According to a Global Security Survey carried out by Delloitte in 2006, in 2005, 49% of those companies surveyed experienced internal data breaches and of these, 28% involved internal fraud. Although companies have relatively secured themselves from the attack from viruses through Instant Messaging, HTTP and FTTP Communications, content filtering and Webmail, usage of traditional methods of internal data losses is on course in many companies. What may be seen as an awakening to the potential danger of personal and other data loss is the implementation of the regulations in some countries covering data losses. Internal data breaches and hacking can be reduced by restricting the number of time the entry of passwords to systems is ensured so as to limit automated tries of combinations with huge databases to access information illegally after accessing a username (dictionary attacks). This can be enhanced by an email link to help the customer unblock the account (Sawma & Probert, n.d.). For example, regulations around about 35 states in the United States require that the company inform the customer when their personal identifiable information is breached. In addition, companies need to move faster to adopt measures to avoid data losses within the internal organization structure. Data losses contribute not only to loss of business revenue but also the government losses revenue. According to Hunter (2007), the United States Trade Representatives (USTR) reported that trade secret theft could be up for blame for loses of $250 billion for the US businesses. Any company dealing with customer transactions must put in place measures meant to ensure that the employees do not extract personal information from the data using certain preferences and avenues available when checking mechanisms, processes, carrying out investigations or retrieving information during normal operations. One way to ensure this is to determine who has access to what information and for what purposes and establishing penalties as well as strict measures to be taken against the violators. Other ways is the establishment of DLP (Data Loss Protection) solutions and compliance to regulations such as Payment Card Industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA). A company that exchanges data online for payment and selling purposes among other operations can for example implement the system called ironport that delivers unparallel data in motion through anti-spam, anti-spyware and antivirus tools.
An internet communication may also be prone through replaying where the malicious user resends the customer information to the server of a certain company so as to be authenticated as the real user (Sawma & Probert, n.d).
In order to avoid breaches of data, companies need to invest in monitoring of the data at rest, data in motion, and at the endpoints. This can help the company avoid damage of data through internet usage of suspicious programs and viruses by a suspect (Hunter, 2007). This can help them identify areas of breaches and act accordingly.
Finding and Analysis
Usage of information across the internet is increasing in the business field. Use of internet has been favored by the rising technological innovations that seek to reduce costs of operations, quicken and ease operations, and the usage by the businesses to realize these and other benefits. In addition to these, people are accepting and increasingly using the internet for payment and booking among other operations. Internet transactions hold an opportunity that will see companies achieve faster and cheaper means through usage of improved technology, if innovations continue at a higher pace in the e-commerce sector. In addition to gaining usage in operations such as payment and selling business transactions and bookings for travels and holidays among, other avenues that can be exploited by organizations through e-commerce systems include advertisement, promotion, and researching among others.
Customers are currently more aware of the needs to ensure information security in data exchange systems and therefore companies should be willing to invest in ensuring security in their systems. In order to ensure that they continue to have customer confidence and continued usage of internet financial systems freely without fear, companies should be wiling to restore confidence where it has been lost. Companies also need to respond fast to existing and emerging customer needs and preferences and tastes to usage of web-based transactions that are easier, more comfortable, answering the customer needs and more appealing. Another strategy would to adopt and implement systems that are built to link relatively traditional methods of transacting and not those that immediately de-link them. This is because customers would take time to adjust to emerging technology as it approaches the final stages unlike in the first stages of technological innovations in e-commerce. However, companies would be required to carefully access which stages of adoption of technological innovations they wish to invest in. investing at earlier stages of entry of innovations may give them advantages of monopoly, competitive advantages over those willing to invest at mature stages (Lazear, 1990) for example through lead times at initial stages (Levin et al, 1984) and a chance to further protect the innovations through patent rights (and earn via them like IBM (Jones, 2000)) although at the initial stages the risk is higher than mature stages, where competition will have set in.
Companies also need to carry out security checks and updates regularly to be able to counter organized internet crime that may advance with time and that do not only interfere with e-commerce but other spheres of life. Further options may also provide better and cheaper information systems.
Conclusion
Internet communications between the customers and the selling companies present an opportunity for the hackers to access information illegally. These opportunities include hacking through sniffing attacks where tools can be used to pick and store passwords and other information which can be avoided by encrypting data. Other areas of risks include use of brute-force to attack the storage system for customer information through use of combination sets of possible encrypted information. The company can eliminate or reduce the likelihood by usage of a strong encryption system with a stronger key and ensure that there is set maximum number of trials after which the account will lock to be blocked via the assistance of a link URL sent through an outside email account issued during registration.
Internal breaches which entail carrying away, hacking and leakage of information within the company, can be avoided by ensuring that strict measures are put in place including after one is caught having engaged in such deals.
References
Bharadwaj, Nagendra Prashanth, Soni & Ramesh G. The Scope and Effectiveness of E-commerce. Journal of Small Business Management. 2001. Web.
Carman Cindy. Data Loss Causes and Prevention. 2006. Web.
Guidance to the Privacy and Electronic Communications (E.C Directive) Regulations 2003. Information Commissioner. 2003
Herzog, P. 2001. “The Open Source Security Testing Methodology Manual”, version 1.5.
Hunter Bradley. Data Loss Prevention: Best Practices. 2007. Web.
Jankowski, Carrie. “Investing in payment innovations: Risks and rewards”. Chicago Fed Letter. FindArticles.com. 2009. Web.
Johnson Andrew. Data Protection and E-commerce; the case for new law, in the information age. 2001. Web.
Jones, Del. Businesses Battle Over Intellectual Property. USA Today. Final Edition. 2000, B1
Walsh James.The Most Common Causes of Data Loss. 2008. Web.
Wyckoff Andrew & Alessandra Colecchia. The Economic and Social Impact of Electronic Commerce: Preliminary Findings and Research Agenda. 1999. Paris; OECD Publications.
Sawma Victor and Probert Robert. E-commerce Authentication: An Effective Countermeasures Design Model. 2003. Web.