Page 337 - Introduction to Electronic Commerce and Social Commerce
P. 337
324 10 E-Commerce Security and Fraud Issues and Protections
Reisinger (2014) lists additional security issues such as policies and measures for EC sites need to address the
data theft and unlocked jailbreaking devices. The prolifera- insider threats. In addition, insiders can be victims of secu-
tion of BYOD also brings threat to the enterprise (see rity crimes. Therefore, companies should educate employ-
Westervelt 2013). ees, especially new hires, about such threats.
3. What is the key to establishing strong e-commerce
The Defense security? Most discussions about security focus on tech-
nology, with statements like, “all messages should be
To defend mobile systems it is necessary to implement tools encrypted.” Although technologies are important, no secu-
and procedures such as those described in Section 10.6, and rity solution is useful unless it is adopted by the employ-
modify them for the mobile environment. A practical check- ees. Determining business requirements is the first step in
list for reducing security risks is offered by Lenovo (2013). creating a security solution. Business requirements, in
Finally, a major problem is the theft of mobile devices. Two turn, determine information requirements.
solutions are at work: First, automatic security that enables
only the owners to use their devices and, second, make a kill
switch a mandatory feature in all smartphones (scheduled SUMMARY
for 2015). In 2016, this feature was still only available in
California. In this chapter, you learned about the following EC issues as
they relate to the chapter’s learning objectives.
SECTION 10.8 REVIEW QUESTIONS 1. The importance and scope of EC information secu-
rity. For EC to succeed, it must be secure. Unfortunately,
1. If senior management is not committed to EC security, this is not an easy task due to many unintentional and
how might that impact the e-business? intentional hazards. Security incidents and breaches
2. What is a benefit of using the risk exposure method for interrupt EC transactions and increase the cost of doing
EC security planning? business online. Internet design is vulnerable, and the
3. Why should every company implement an acceptable use temptation to commit computer crime is increasing with
policy? the increased applications and volume of EC. Criminals
4. Why is training required? are expanding operations, creating an underground
5. List the major reasons why it is difficult to stop computer economy of valuable information that was stolen. A
crimes. strategy is needed to handle the costly defense technol-
ogy and operation, which includes training, education,
project management, and the ability to enforce security
MANAGERIAL ISSUES policy. EC security will remain an evolving discipline
because threats are changing continuously. Therefore,
Some managerial issues related to this chapter are as e-business needs to adapt. An EC security strategy is
follows. needed to optimize EC security programs for efficiency
and effectiveness.
1. What steps should businesses follow in establishing a 2. Basic EC security issues. The security issue can be
security plan? Security management is an ongoing pro- viewed as a battleground between attackers and attacks
cess involving three phases: asset identification, risk and defenders and defense. There are many variations on
assessment, and implementation. By actively monitoring both sides and many possible collision scenarios. Owners
existing security policies and procedures, companies can of EC sites need to be concerned with multiple security
determine which of them are successful or unsuccessful issues: authentication, verifying the identity of the par-
and, in turn, which should be modified or eliminated. ticipants in a transaction; authorization, ensuring that a
However, it also is important to monitor changes in busi- person or process has access rights to particular systems
ness processes and business environments and adjust the or data; and auditing, being able to determine whether
plans accordingly. In this way, an organization can keep particular actions have been taken and by whom.
its security policies and measures up-to-date. 3. Threats, vulnerabilities, and technical attacks. EC
2. Should organizations be concerned with internal secu- sites are exposed to a wide range of attacks. Attacks may
rity threats? Except for malware, breaches committed by be nontechnical (social engineering), in which a crimi-
insiders may be much more frequent than those done by nal lures people into revealing sensitive personal infor-
outsiders. This is true for both B2C and B2B sites. Security mation. Alternatively, attacks may be technical, whereby
