Privacy and Security Issues in E-commerce
E-commerce or e-business is a recent phenomenon that refers to different forms of business transacted over the Internet such as online buying and selling, online cataloguing, online customer service, e-learning, and e-supply chains. Dealings concerning privacy and security have resulted to critical issues for consumers and businesses as e-commerce continues to grow. Privacy refers to issue of control over one’s own personal information. Meanwhile, security issues refer to attempted access to personal information by unauthorized bodies. Lack of online privacy and security is a major concern for business because customers may refrain from visiting or shopping websites that have privacy and security issues. Similarly, the operations of sites are often compromised when there are privacy and security issues. As a result, businesses are making efforts to address the issues. This paper critically evaluates the various privacy and security issues facing consumers and businesses in the online environment, as well the ways by which these issues are currently being addressed.
Privacy
Privacy is currently a major concern in e-commerce. Privacy is defined as “the ability of an individual to control the terms under which their personal information is acquired and used” (Habiyaremye 2013, p.3). Rapid developments in information technology in general and the increasing use of inter-networking technologies in particular have further facilitated the collection, distribution and us of personal information, resulting in considerable benefits to both business and consumers, privacy concerns among online shoppers, and regulatory efforts to govern this new environment. By nature, privacy as a business element is highly susceptible to changes in the surrounding context. Business issues and possibilities can be dramatically altered by changes in consumers’ expectations (e.g. when they get accustomed to transfer of data in commercial settings) or in regulatory governance aspects such as introduction of new laws and governmental regulations (King 2008, p.34). The proliferation of technology has meant that e-commerce sites are able to collect significant amounts of consumer data relating to their personal preferences, information search and use patterns, together with their shopping patterns to the advantage of product positioning and marketing (Joseph 2012, p.23). New computational capabilities enable business to engage in data mining about consumer buying patterns along with other personal trends, after which the information is used to personalize customers’ online shopping experience, enhance a business’ customer support, and improve specific e-site experience for customers. Unfortunately, these business practices that generate value for online firms and their customers also result in major privacy concerns for both parties.
A growing number of customers are contacting business websites off certain sites from their databases due to the concern that the organizations are using their personal information in improper ways. According to results of a Business Week/Harriss Poll (2000), over forty percent of online shoppers expressed concern over the unwise use of their personal information by businesses and 57 percent demanded for some kind of regulations on the collection and use of personal data (Habiyaremye 2013, p.54). Similarly, Culnan (2000) concluded that privacy concerns significantly influenced people’s decision to not go online or provide false information to online sites. The concern over privacy is major because a modest number of shoppers believe that they hold significant control over the manner in which their personal information they give online is used or sold by business. An integration of current business practices, fear in consumes, and media pressure have contributed to the emergence of privacy as a potent issue for electronic commerce.
Efforts to tackle privacy issues online always meet a variety of challenges. Privacy discussions usually turn into heated debates rather quickly. There is a dilemma to the problem in the sense that while some consumers and businesses regard privacy as a fundamental right, others believe that it is a tradable commodity. Etzioni (1999) argues to the effect that privacy is societally infeasible or illegitimate, while Davies (1997) believes that it has degenerated into a squandered right (Habiyaremye 2013, p.75). In most cases, both business and consumers often have legitimate point of views pertaining to issue of privacy in the online business environment. A person’s privacy is usually in a perpetual state of tension considering it must be defined in line with the capabilities of others to undertake business transactions as well as control their individual privacy online. In certain transactions, therefore, consumers have to trade off their privacy so as to facilitate business transactions on sites e.g. in accessing credit or maintaining quality of health care. Such societal needs often transcend e-commerce consumer’s privacy concerns. In the United States, for instance, the larger majority of online shoppers concerned with privacy are willing to trade their personal data for greater benefit such as excellent customer service and personalized e-commerce shopping experiences (Joseph 2012, p.87).
However, despite the need of such inherent tradeoffs, individuals as online consumers still desire to have control of their personal data from inappropriate sale, deliberate cyber-attack, and accidental leakage or loss. A significant number of online shoppers are of the belief that many e-commerce sites use customers’ data they gather in unethical ways. A modest number of consumer trust e-commerce business promise to keep their data private. Online consumers have concerns about unauthorized access to the personal information they provide to e-commerce sites as a result of security breaches and lack of internal control. Consumers also have worries over the risk of secondary use i.e. the secret reuse of personal information by business for such unrelated purpose as sharing with third parties outside the transaction and the aggregation of online shopper’s transaction and personal data to develop a profile.
The problem is exacerbated by the fact that proper data management online is increasingly challenging to even the largest and most complex enterprises. This was highlighted by the Securities and Exchange Commission in 2011, to which it issued guidelines demanding that publicly-held US companies disclose the material risks of their cyber incidents. It has been estimated that companies spend an average of $5.5m, or an equivalent of $194 per customer, in the effort to address date breach issues (Joseph 2012, p.120). These data breaches have the potential to diminish the brand value and organizational reputation by between 17-31%, or $184m to in excess of $330m.
Privacy Protection Efforts
The rapid growth of the e-commerce concept has been accompanied by increasing efforts to protect privacy of both consumers and business on the Internet. The first such effort was the anonymizer, which provided individuals and organization with the capability to sanitize all packet headers sent from the client to the server. Initial versions included software serving as proxy server that intercepted all communication between a browser and a server and filtering out all information about the request. At present, Secure Sockets Layer (SSL) technology exists for relaying URL requests, facilitating encrypted communications between a user and an anonymizer proxy, then routing traffic via several proxy servers. In addition, there exist software tools that provide pseudonym proxy to log on to company Websites, thus providing users with consist access to the registration-based systems while safeguarding personal data. However, some specialized servers can be maliciously used in intercepting and altering information between the client and server (Habiyaremye 2013, p.94).
Other technology-based solutions for protecting privacy include tools for filtering HTML to enable users block some URLs, Web cookies-managing software, and anonymous re-mailers. In general, the overall penetration of such technology-based privacy protection tools remains minimal due to the lack of knowledge of their existence among users, doubts about their effectiveness, their complexity or bothersome, and lack of privacy concerns among some consumers (King 2008, p.64).
Security Issues of E-commerce
Security is a major concern for e-commerce websites and consumers. Consumers fear security issues that lead to the loss financial data whereas, e-commerce sites fear bad publicity brought by financial losses associated with break-ins. Therefore, consumers judge e-commerce sites on security vulnerabilities necessitating the need to assess, evaluate and resolve the security risk.
Security Vulnerabilities in E-commerce Sites
There are several points of failure and vulnerabilities in an e-commerce. Even in the most basic environment –where a user to an e-commerce gives his credit card information and billing address – many potential points of failure exists. Certainly, even in such a basic scenario, there are number of systems and networks that make it complex (Yuanqiao et al, 2008).
At some point users of the web site must login and identify themselves or the authentication process. Unfortunately, during such a process they are number of security threats. Hackers could possible steal e-commerce data and identification from users (Yuanqiao et al, 2008). One such vulnerability is the home cookie program which hackers and hostile web-site can easily crack, ineffective encryption programs or lack of encryption in a wireless environment. In addition, mail borne viruses that are developed to steal financial data from the computers or when worse keystroke programs. Even though, there efforts to eliminate these threats these problems still persist (Wu, 2008).
Once a user connects to the merchants front-end they are number of security threats he or she is exposed. Merchants usually store or cache credit card information and recent orders for 90 days. This contains all data required for credit card fraud. Naturally, if hackers break into insecure servers and harvest credit card information it poses a security threat. Recently, thefts of that scale have netted over 100,000 to 300,000 and 3.7 million credit card information respectively (Yuanqiao et al, 2008). To counter such a threat web servers of achieves of recent orders should be behind a firewall and not at the front –end. In addition, security sensitive servers should have only essential applications. This safe-guards will help improve the overall security of the servers.
The e-commerce back-end and database. An e-commerce serves can be weaken by the company’s internal network. This cannot be easily cured, due to the fact that web servers need a both local area connection and wide area connection to function (Wu, 2008). Therefore, the cost of failure in such as case if often very high and could lead to theft of both corporate and customer information. In addition, the back-end often may connect to a third party for processing increasing the security concern (Yuanqiao et al, 2008). Arguably, for merchant have controls that safe-guard them against such and track payments and delivery. But third parties are more valuable data through their own security vulnerabilities.
Security Technologies
There are many securities technologies that include cryptographic technologies to mitigate against such risk. However, none is full proof or the silver bullet. Therefore, we are going to do a review of all relevant security technologies their advantages and disadvantage, complete description and review of each.
One of the most common and visible security technologies are encryption algorithms. This have been extensively discussed in various security technology books. Public key infrastructure in one such systems. PKI is a secure protocol used in the e-commerce through Secure Socket Layer (SSL). PKI is very flexible key-distribution where each participant carries two cryptographic key on for encryption and another for decryption making-up what we call an asymmetric key pairs (PR Newswire, 2000). The advantage of PKI is that it does not require to be centralized to secure each transaction but it makes it difficult to know when a key is stolen or compromised. This issues still remain unresolved and is a major source of its weakness
Another security technology employed is a digital signature that is the salient application of public-key cryptography and analog or handwritten signature. While digital signature have been in existence little has been adopted to date. There is little research for the potential failure and understanding for the legal and economic issues involved to resolve it widespread adoption to secure e-commerce transactions (PR Newswire, 2000).
Symmetric key systems are used for both encryption and decryption but the secret key must always be safe guarded. Implementation in an e-commerce environment include ciphers such as DES, AES, and RC4 (PR Newswire, 2000). The advantage of symmetric keys cryptography is that they run at faster rate the public key cryptography.The ciphers have proved successful but the challenge lies in authenticating users and identifying information must be private but the internet is broadcast mechanism.
References
PR Newswire 2000, Entegrity solutions and gradient technologies to merge combination poised to lead hyper-growth B2B e-commerce security market. Available from: <http://search.proquest.com/docview/447823596?accountid=11243>. [Date of Access].
Habiyaremye, JD 2013, E-commerce security threats, Grin Verlag.
Joseph, PT 2012, E-commerce: an Indian perspective, Prentice-Hall of India Pvt.
Ltd., New Delhi.
King, VC 2008, Online privacy and security of internet digital certificates: a study of the awareness, perceptions, and understanding of internet users, ProQuest, Michigan.
Wu, Y 2008, Study on the method of e-commerce security. (order No. H298301, Tianjin University (People’s Republic of China)). PQDT – Asia. Available from: <http://search.proquest.com/docview/1026788186?accountid=11243>. [Date of Access].
Yuanqiao, W, Chunhui, Z, Juan, M, Kezhong, L, 2008, “Research on e-commerce security issues”, Business and Information Management, ISBIM ’08. International Seminar, vol. no. 1, pp. 186-189.