Wei TIAN,Xiao-hu YANG,Xiao-yao XIE

1999-01-01

Abstract:In this article,we present research work which is focused on the Electronic Taxation System and its network security on Internet.Through analysis of the procedures of taxation and considerations of some of the characteristics of the current pragmatic network security technologies,we proposed a security model of ETS with reference to the system on Internet.

Urvashi Kishnani,Sanchari Das

2024-10-19

Abstract:As e-commerce continues to expand, the urgency for stronger privacy and security measures becomes increasingly critical, particularly on platforms frequented by younger users who are often less aware of potential risks. In our analysis of 90 US-based e-commerce websites, we employed a dual-technique approach, combining automated tools with manual evaluations. Tools like CookieServe and PrivacyCheck revealed that 38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function, posing significant risks to users' Personally Identifiable Information (PII). Our manual assessment further uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication (MFA) and breach notification protocols. Additionally, we observed inadequate input validation, which compromises the integrity of user data and transactions. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols. These measures are essential for ensuring compliance with CCPA and COPPA, thereby fostering more secure online environments, particularly for younger users.

Cryptography and Security,Computers and Society

邓锦红,陈德人,苏斐琦

DOI: https://doi.org/10.3785/j.issn.1008-973X.2003.02.005

2003-01-01

Abstract:Security is an important element in the design of e-business sites. However, performance is the price to be paid for it. To learn how the mechanisms and protocols used to support security may impact system performance, an analysis of the security mechanisms such as TLS and SET protocol is provided. After identifying the dominant factor, i.e. bottleneck, Some auxiliary methods can be used to improve the performance of it. Dynamic load balancing, proxy servers and caches can be used for security at the network level; a combination of firewall and the single Sign-on technology can also be used at this level. For security at the server level, the use of cryptographic accelerator cards, more and faster processors, and the use of faster cryptographic algorithms can substantially reduce the time spent in the most expensive cryptographic operations so that performance is increased. In addition, an improved model based on Distributed Calculating environment and DES Cipher algorithm can effectively reduce the impact of security mechanisms on system performance.

Xia Wang,Ke Zhang,Qingtian Wu

DOI: https://doi.org/10.1109/iscid.2015.16

2015-01-01

Abstract:According to the development speed and security issues of e-commerce Web site in today's society, analyzed the most important currently security risks of the e-commerce website. A system design is proposed to test and evaluate the security vulnerabilities. This design is carried on the qualitative tests for vulnerability scanning and the quantitative assessment of the test data by using the result evaluation module. In addition, in order to make the evaluation results more intuitive, the test data are controlled and weighted based on the idea of mathematical modeling and analytic hierarchy process (AHP). Then generated evaluation judgment function so that evaluated the test data directly and effectively. Finally, we got the evaluation results contain vulnerability rating, vulnerability classification and Web site security level assessment. Not only that this design has also made some constructive suggestions for the security of e-commerce sites to provide some effective measures to protect. In this paper, this design was a combination of qualitative test and assessment, and has a certain protective effect on the security of e-commerce Web sites.

S. Srinivasan,Robert Barker

DOI: https://doi.org/10.4018/jisp.2012010101

2012-01-01

International Journal of Information Security and Privacy

Abstract:Security and trust play a critical role in e-commerce transactions. Web sites project the trustworthiness of the business. In this regard, web design should take into account the user perceptions concerning security and trust in facilitating e-commerce. In this study, the authors focused on these two key aspects. Successful interaction with an e-commerce site depends on attracting and maintaining user’s trust of the web business. To assess the security and trust perception, the authors designed and surveyed more than 1000 college students, a major group supporting e-commerce. The authors developed three hypotheses concerning e-commerce web site design with respect to trust, security, and privacy. In this paper, the authors identify important user expectations with regard to web site design and test the hypotheses. As E-commerce is global, this analysis includes results from other countries besides the U.S.

Biresh Kumar,Sharmistha Roy,Kamred Udham Singh,Saroj Kumar Pandey,Ankit Kumar,Anurag Sinha,Shubham Shukla,Mohd Asif Shah,Adil Rasool

DOI: https://doi.org/10.1109/access.2023.3247003

IF: 3.9

2023-01-01

IEEE Access

Abstract:Measurement of e-commerce usability based on static quantities variable is state-of-the-art because of the adoption of sequential tracing of the next phase in the categorical data. The global COVID-19 outbreak has completely disrupted society and drastically altered daily life. The concept refers to an electronic commerce network that appears with thorough, understandable conviction, demand, and rapid confirmation as a replacement for the economical market’s “brick-and-mortar” model, which replaces how we do everything, including business strategy, and provides a better understanding with the interpretation of e-commerce features. This study was supervised to analyze usability assessments using statistical methods and security assessments using online e-commerce security scanner tools to investigate e-business standards that consider the caliber of e-services in e-commerce websites across Asian nations. The method was developed to optimize complex systems based on multiple criteria. The initial (supplied) weights are used to determine the compromise ranking list and compromise solution. This paper examines the usability of e-commerce in rural areas using a new data set from the Jharkhand region. On the e-commerce websites of Jharkhand, India, usability is commonly considered in conjunction with learnability, memorability, effectiveness, engagement, efficiency, and completeness. Using a user-oriented questionnaire testing method, this survey attempts to close the gaps mentioned above. Then, across each column, divide each value by the column-wise sum that is created using their corresponding value, whichever produces a new matrix B. Finally, determine the row-wise sum of matrix B representing the ( $3 imes1$ ) matrix. Using model trees and bagging, this study addresses classification-related issues. This regression technique is useful for problems involving classification. The model is trained using secondary data from the MBTI 16 personality factors affecting personality category.

computer science, information systems,telecommunications,engineering, electrical & electronic

Stanislav Dakov,Anna Malinova

DOI: https://doi.org/10.12955/pns.v2.135

2021-10-24

Proceedings of CBU in Natural Sciences and ICT

Abstract:E-commerce security is part of the Web security problems that arise in all business information systems that operate over the Internet. However, in e-commerce security, the dimensions of web security – secrecy, integrity, and availability-are focused on protecting the consumer’s and e-store site’s assets from unauthorized access, use, alteration, or destruction. The paper presents an overview of the recent security issues in e-commerce applications and the usual points the attacker can target, such as the client (data, session, identity); the client computer; the network connection between the client and the webserver; the web server; third party software vendors. Discussed are effective approaches and tools used to address different e-commerce security threats. Special attention is paid to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), phishing attacks, SQL injection, Man-in-the-middle, bots, denial-of-service, encryption, firewalls, SSL digital signatures, security certificates, PCI compliance. The research outlines and suggests many security solutions and best practices.

Urvashi Kishnani,Sanchari Das

2024-10-19

Abstract:The surge in website attacks, including Denial of Service (DoS), Cross-Site Scripting (XSS), and Clickjacking, underscores the critical need for robust HTTPS implementation-a practice that, alarmingly, remains inadequately adopted. Regarding this, we analyzed HTTP security headers across N=3,195 globally popular websites. Initially, we employed automated categorization using Google NLP to organize these websites into functional categories and validated this categorization through manual verification using Symantec Sitereview. Subsequently, we assessed HTTPS implementation across these websites by analyzing security factors, including compliance with HTTP Strict Transport Security (HSTS) policies, Certificate Pinning practices, and other security postures using the Mozilla Observatory. Our analysis revealed over half of the websites examined (55.66%) received a dismal security grade of 'F' and most websites scored low for various metrics, which is indicative of weak HTTP header implementation. These low scores expose multiple issues such as weak implementation of Content Security Policies (CSP), neglect of HSTS guidelines, and insufficient application of Subresource Integrity (SRI). Alarmingly, healthcare websites (n=59) are particularly concerning; despite being entrusted with sensitive patient data and obligations to comply with data regulations, these sites recorded the lowest average score (18.14). We conclude by recommending that developers should prioritize secure redirection strategies and use implementation ease as a guide when deciding where to focus their development efforts.

Cryptography and Security,Computers and Society

Raju Barskar,Anjana Jayant Deen,Jyoti Bharti,Gulfishan Firdose Ahmed

DOI: https://doi.org/10.48550/arXiv.1005.4266

2010-05-24

Cryptography and Security

Abstract:E-Commerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats. Information security, therefore, is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Still, its definition is a complex endeavor due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. Ecommerce is not appropriate to all business transactions and, within e-commerce there is no one technology that can or should be appropriate to all requirements. E-commerce is not a new phenomenon; electronic markets, electronic data interchange and customer e-commerce. The use of electronic data interchanges as a universal and non-proprietary way of doing business. Through the electronic transaction the security is the most important phenomena to enhance the banking transaction security via payment transaction.

Mujeeb-ur- Rehman Jamali,Shahmurad Chandio,Nadeem Ahmed Kanasro

DOI: https://doi.org/10.21015/vtse.v11i1.1391

2023-03-26

VFAST Transactions on Software Engineering

Abstract:E-commerce and mobile commerce are two new business methodologies that utilize the cloud. A new technology called cloud computing uses the Internet to process and store data from a network of distant computers that are dispersed around the globe. Any online transaction must have security as a necessary component. Therefore, one of the main issues with the cloud is security. If electronic commerce's security is breached, customers can lose trust in it. An unauthorized individual should not have access to or be able to intercept a customer's personal information while it is being transmitted. Data integrity is a major problem since personal information shouldn't be changed before, during, or even after it is at rest on the network. The suggested solution ensures the protection of personal data and the avoidance of security problems. We have developed a solution in this study to address issues with privacy, confidentiality, and the integrity of data stored in the cloud, among other security-related issues. The suggested method employs over-encryption that is double encryption, to avoid the various security issues. It can be inferred from the results that ECC (secp256r1) utilised less time for encryption operation as compared to others asymmetric algorithms with small dispersion from means and recorded results behaviour of data is consistent because data point tends to be very close, Decryption operation ElGamal during of time was smaller than ECC and RSA with small consistent behaviour.

Akash Bhardwaj

Abstract:the ideas, Trust, Risk, Privacy and Security, are broadly utilized in different investigations done by numerous controls, and they are frequently mistakenly allowed to nearly as equivalent words. The point is to clear up the ideas from the buyer perspective in internet business. The discoveries of our subjective examination recommend a few connections between the four ideas and fills in as building obstructs for further research. Electronic business has expanded significantly as of late, as a result of the transformation in data innovation. The administrations given by online business organizations could be influenced by a few factors, for example, protection, security, trusts and saw dangers. In this paper, we propose a fundamental hypothetical model that researches the connection between protection, security concerns, and saw dangers, and how it would identify with clients' dimension of trust in internet business. An overview that includes 100 members has been directed and broke down testing various theories concentrated on concentrate the qualities of each factor, and its impact on the apparent dangers related with startling circumstances. The aftereffects of this examination think about demonstrate that a positive relationship exists between the apparent dangers and a portion of the security properties, for example, control and notice. A positive relationship additionally exists between the apparent dangers and a portion of the security traits, for example, privately and uprightness. Further, the investigation exhibits a positive connection between saw dangers and clients' dimension of trust.

Computer Science,Business

Ashish Kr. Luhach,Sanjay K Dwivedi,C K Jha

DOI: https://doi.org/10.48550/arXiv.1407.2421

2014-07-09

Cryptography and Security

Abstract:Rapid evolution of information technology has contributed to the evolution of more sophisticated E- commerce system with the better transaction time and protection. The currently used E-commerce models lack in quality properties such as logical security because of their poor designing and to face the highly equipped and trained intruders. This editorial proposed a security framework for small and medium sized E-commerce, based on service oriented architecture and gives an analysis of the eminent security attacks which can be averted. The proposed security framework will be implemented and validated on an open source E-commerce, and the results achieved so far are also presented.

Sachin Saurabh

DOI: https://doi.org/10.22214/ijraset.2022.44571

2022-06-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Electronic Commerce is that the process of conducting business on internet. The person sitting in his house ahead of the personal computer can pierce all websites to shop or vend these products. As compared traditional trade requires one to perform task similar as carrying the products etc., ecommerce experience has made the client to do no such task therefore saving precious time. E-Commerce launched in the early 1990s has taken an enormous shift within the computer world, but the reality has hindered the expansion of e-commerce security. Security is an e-commerce challenge now and important progress has been made in the security sector. The great betterment of ecommerce over conventional trading is that the user can browse online stores, analogize costs, and order home- grounded deals on his personal computer. Accelerating e-commerce use in developing nations B2Be-commerce is employed to ameliorate access to global enterprises of enterprises in developing nations. For a developing nations advancement in the e-commerce sector is pivotal. The exploration strategy demonstrates the significance of ecommerce in developing nations with business operations. Electronic Commerce covers a broad range of distinct kinds of companies, from consumer- grounded marketing traffic, through sales or music websites, to the commercialization of merchandise and services between companies. It's presently one of the most significant internet features to arise.

Anne James,Waleed Bul’ajoul,Yahaya Isah Shehu,Yinsheng Li,Godwin Attah Obande

DOI: https://doi.org/10.1049/pbse001e_ch6

2018-01-01

Abstract:The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyberattacks. This chapter outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are (1) biometrics for authentication, (2) parallel processing to increase power and speed of defenses, (3) data mining and machine learning to identify attacks, (4) peer-to-peer security using blockchains, (5) enterprise security modeling and security as a service, and (6) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated.

Kuo-Sui Lin

DOI: https://doi.org/10.11648/j.ajomis.20170201.12

2017-01-04

Abstract:Over the past decade, e-commerce creates exciting new opportunities for business but also brings new web application vulnerabilities and transaction security risks. A stream of news of phishing attacks, website spoofing, payment card skimming (credit /debit cards), fraud in online transactions, malware attack (malicious code attack of viruses, worms, Trojans, and bots), hacker/cracker infiltration, vandalism, identity theft and data breaches of payment card or bank details are increasingly reported. Web application security risk management, therefore, is essential for secure e-commerce online transactions, including order processing, payment transaction, banking and clearing processing. Therefore, the main purpose of this study was to propose a web application security risk management methodology to perform e-commerce web application security risk management, helping organizations understand and improve their e-commerce web application security risks. In order to achieve this purpose, the goal of this study has been two-fold: (1) How will organizations measure threat likelihood, impact consequence and severity of their e-commerce web application security risk? (2) What management methodology is required to prompt the e-commerce web application security vulnerabilities measurement and improvement? Using OWASP Top Ten Vulnerabilities as target items, the proposed management methodology is disciplined in a PDCA based ISO/IEC 27005 iterative process activities, integrating Common Criteria attack potential ratings as threat likelihood scales and the FIPS 199 impact categories as impact consequence scales to categorize severity of every e-commerce web application vulnerabilities. Following the proposed management procedure, all the critical e-commerce web application vulnerabilities can be reviewed, analyzed, prioritized and remedied effectively and efficiently, moving on again in a continuous cycle.

Computer Science,Business

Shirley A. Becker,Anthony Berkemeyer

DOI: https://doi.org/10.4018/jeco.2004100101

2004-10-01

Journal of Electronic Commerce in Organizations

Abstract:GlobalUBid.com is a B2B (business-to-business) e-commerce company offering excess and obsolete inventory to online customers. GlobalUBid is rapidly expanding into the global online marketplace; but recently, its Web site crashed due to a denial-of-service (DOS) attack. A lack of security awareness at an organizational level has left GlobalUBid’s online system vulnerable to internal and external attacks. Though informal security policies are in place, many employees are not aware of them nor are they enforced on a regular basis. Unsecured aspects of the physical workplace make the organization vulnerable to disgruntled employees, hackers, and unscrupulous competition. GlobalUBid has hired URSecure consultants to conduct a security assessment in uncovering internal and external vulnerabilities. URSecure has made recommendations for improved security, though the organization must develop most of the implementation details. GlobalUBid management recognizes the need for improved security, though there is a concern about the financial implications of implementing a security plan.

Sazzadur Rahaman,Gang Wang,Danfeng,Yao

DOI: https://doi.org/10.48550/arXiv.2002.02855

2020-02-07

Cryptography and Security

Abstract:The massive payment card industry (PCI) involves various entities such as merchants, issuer banks, acquirer banks, and card brands. Ensuring security for all entities that process payment card information is a challenging task. The PCI Security Standards Council requires all entities to be compliant with the PCI Data Security Standard (DSS), which specifies a series of security requirements. However, little is known regarding how well PCI DSS is enforced in practice. In this paper, we take a measurement approach to systematically evaluate the PCI DSS certification process for e-commerce websites. We develop an e-commerce web application testbed, BuggyCart, which can flexibly add or remove 35 PCI DSS related vulnerabilities. Then we use the testbed to examine the capability and limitations of PCI scanners and the rigor of the certification process. We find that there is an alarming gap between the security standard and its real-world enforcement. None of the 6 PCI scanners we tested are fully compliant with the PCI scanning guidelines, issuing certificates to merchants that still have major vulnerabilities. To further examine the compliance status of real-world e-commerce websites, we build a new lightweight scanning tool named PciCheckerLite and scan 1,203 e-commerce websites across various business sectors. The results confirm that 86% of the websites have at least one PCI DSS violation that should have disqualified them as non-compliant. Our in-depth accuracy analysis also shows that PciCheckerLite's output is more precise than w3af. We reached out to the PCI Security Council to share our research results to improve the enforcement in practice.

Mohammad Nabil Almunawar

DOI: https://doi.org/10.48550/arXiv.1207.4292

2012-07-18

Cryptography and Security

Abstract:Many reports regarding online fraud in varieties media create skepticism for conducting transactions online, especially through an open network such as the Internet, which offers no security whatsoever. Therefore, encryption technology is vitally important to support secure e-commerce on the Internet. Two well-known encryption representing symmetric and asymmetric cryptosystems as well as their applications are discussed in this paper. Encryption is a key technology to secure electronic transactions. However, there are several challenges such as crytoanalysis or code breaker as well as US export restrictions on encryption. The future threat is the development of quantum computers, which makes the existing encryption technology cripple.

Maha A . Sayal

DOI: https://doi.org/10.33899/edusj.2020.164371

2020-03-01

JOURNAL OF EDUCATION AND SCIENCE

Abstract:The issue of security on the Internet is at the top of the interest for most users, especially those who want to buy online and therefore find a large majority of users, especially new ones refrain from buying online and are afraid to go into such an experiment to complete the image and know more safety in the use of credit cards for some websites.      In order to increase confidence in online business transactions, we have proposed a safe environment for commercial sites by installing a private server and then submitting on certificate authority for digital certificates and obtaining Secure Socket Layer SSL technology, certificate it, and adding it to the server as well as hosting sites to secure its data and renew the certificate at expiration. This allows the business website owner to host that website on the secure server so the customer information and data will be protected.

Kaif Qureshi,Aditya Choudhary,Aakash Sharma,Anant Singh,Kinjal Singh

DOI: https://doi.org/10.56025/ijaresm.2023.1205242072

2024-01-01

Abstract:Cyber Security plays an important role in the field of information technology. As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. Securing the information have become one of the biggest challenges in the present day. Whenever we think about the cyber security the first thing that comes to our mind is ‘cyber crimes’ which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber-crimes. The Internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Besides various measures cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber. Threats to the integrity, security and dependability of the World Wide Web (WWW) are ever-evolving. Conventional security solutions sometimes find it difficult to keep up with the ever-evolving strategies used by hackers. By combining adaptive security mechanisms designed especially for protecting the WWW with dynamic threat analysis approaches, our research offers a unique way to handle this difficulty.