Safety eCommerce

eCommerce

When speech comes about safety of eCommerce what the ordinary inhabitant at once recollects? About trust at fulfilment of electronic transactions. Article about report SET also has been devoted this theme. However if to peer more deeply into a problematics of information safety at electronic business dealing the trust to transactions is only a top of an iceberg which is visible to the user. For the company, the provider eCommerce, it is important, but it is not necessary to forget and about other aspects of safety. Here the most typical application e commerce service — acquisition of products and services through Internet.

This process can be described 7 steps:

1. The customer chooses a product or service through a Web-server of electronic shop and makes out the corresponding order.
2. The order is brought in a database of orders of shop.
3. Availability of the ordered product or service through the central database is checked.
4. If the product is not accessible, the customer receives about it the notice and process of acquisition of a product or service comes to the end. Depending on shop realisation, the inquiry about a product can be (with the permission of the customer) is redirected on other warehouse (for example, in other city).
5. In case of presence of a product or service the customer confirms payment and the order is located in a corresponding database. The electronic shop sends to the customer the notice. In most cases (especially the beginning companies) have a uniform database for orders, stock-takings of the goods etc.
6. The client in a mode online pays the order.
7. The goods are delivered to the customer.
According to the usual user, the basic problem from safety observance arises at 6th stage when through Internet number of a credit card and the accompanying information is informed. However the company realising services of electronic shop, starts to meet the questions connected with safety, already at the first stage. And these questions pursue on all extent of realisation of the electronic transaction.

eCommerce Shopping Cart

I will list the basic threats which trap eCommerce:

1. Substitution of page of a Web-server of electronic shop. The basic way of realisation of this threat — readdressing of inquiries of the user on other server. It becomes by replacement of records in tables of DNS-servers or in tables of routers. The greatest danger the given threat reaches at the sixth stage when the customer enters number of the credit card.
2. Creation of false orders and swindle from employees of electronic shop. Penetration into a database and change of procedures of processing of orders allows both external, and to internal malefactors to carry out the various not authorised manipulations with a database.
3. Interception of data in system of electronic commerce.
4. Penetration into an internal network of the company of eShop.
5. Realisation of attacks of type "denial of service" and infringement of functioning or infringement of work of knot of eCommerce.
eCommerce serviceAs a result of all these threats the company, — the provider of electronic transactions, loses trust of clients, loses money from potential transactions. In some cases of this company it is possible to sue for disclosing of numbers of credit cards. In case of realisation of attacks of type "denial of service" functioning of electronic shop on which restoration of working capacity material resources will be spent for replacement of the failed equipment can be blocked.

Set of application of various protection frames at all levels of system of electronic business dealing will allow to construct effective and reliable system of information safety eCommerce. Such system will be on guard of interests and users, and employees of the company-provider of electronic services. She will allow to lower, and in many cases and completely to prevent a damage from attacks to components and system resources e-business.

2009-12-22