E-commerce is defined as the buying and selling of products and services over electronic systems, such as the Internet. The Internet has driven a huge increase in the level of trade conducted electronically. Everyone in retail is well aware of the growth of e-commerce. For example, we just saw a record $6.59 billion spent on Cyber Monday online transactions, and soon, online purchases may surpass in-store shopping sales.
But with this growth comes security issues in e-commerce that loss prevention professionals need to know about. Any e-commerce system must meet certain criteria to guard against potential threats.
Information exchanged must be kept from unauthorized parties. Privacy has become a major concern for consumers with the rise of identity theft. In the past decade, the US Attorney General’s office has issued hundreds of indictments surrounding e-commerce criminal activity. One of the largest cases involved a massive international security breach involving nine major retailers and more than 40 million credit and debit cards.
Integrity, Authentication, and Non-Repudiation
Security issues in e-commerce such as integrity, authentication and non-repudiation must be dealt with effectively for any online business to be successful. Data integrity is the assurance that data transmitted is consistent and correct. Authentication is a means by which both parties in an online transaction can be confident that they are who they say they are. Non-repudiation is the idea that no party can dispute that an actual transaction took place.
Other Online Attacks
Even when good security measures are in place, it is still possible to compromise data in transit through techniques such as phishing or man-in-the-middle attacks. Phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company. A man-in-the-middle attack is where the attacker secretly and invisibly relays or possibly alters the communication between two parties.
These vulnerabilities have led to the development of strong verification and security measures, like digital signatures and public key infrastructures (PKI). An electronic signature is legally defined as “any letters, characters or symbols manifested by electronic or similar means and executed or adopted by a party with the intent to authenticate a writing.” According to Wikipedia, a public key infrastructure is “a set of roles, policies and procedures needed to create, manage, distribute, store and revoke digital certification and manage public-key inscription.”
Technical attacks are one of the most challenging types of all e-commerce security issues. One popular form of technical attack is a denial-of-service attack. These are usually aimed at sites or services such as banks, credit card payment gateways, large online retailers and social networking sites. Denial-of-service attacks consist of overwhelming a server, network or website in order to paralyze its normal activity.
Another popular attack is phlashing. Phlashing is a permanent denial-of-service attack that damages a system so badly that it requires replacement or reinstallation of hardware.
These are just a few of the most common e-commerce security issues and concerns that must be dealt with as the result of the growth of online shopping. There are others. It’s true that many of these issues are highly technical and usually the domain of trained IT specialists. But LP professionals should be aware of the risks and concerns that come with the growth of e-commerce and keep up to date with new issues and mitigation solutions.
This article was originally posted in 2017 and was updated June 5, 2018.