Ecommerce security is a concern for many online retailers. With the growing number of online transactions being conducted, the number of online attacks and frauds are increasing as well. It is important for online retailers to prevent ecommerce problems, because the loss of trust in an online vendor can result in the company going out of business. Ecommerce security is also a concern for purchasers because of the headache and wasted time that occurs when attempting to straighten out problems due to identity theft or computer hijacking.
Four areas make up ecommerce security: privacy, integrity, authentication, and non-repudiation. Privacy is the process of keeping unauthorized individuals from viewing information. Integrity is the act of securing a message so that it cannot be changed in route to its destination. Authentication means that the sending and receiving computers must recognize and identify each other. Non-repudiation is the proof that messages are received.
Six different forms of ecommerce security risks represent the greatest concern. Weak authentication and authorization is a major concern. Ways to recognize this problem are that the website allows users to make multiple log-in attempts without locking the account, or it does not pass session IDs over secure socket layers (SSL).
Another common ecommerce concern is cross-site scripting, or XSS. Cross site-scripting works on the assumption that we often do not understand what we are clicking on or agreeing to online. With cross-site scripting, a malicious script hijacks JavaScript, and will often pop up an "okay" box for the user to click on. The click allows the script to collect session cookies, or even redirect the browser to a malicious or phishing website. This is the type of security breach that occurs when people believe they are signing on to their bank or credit card website, but actually end up on a malicious site that looks identical to the one they believe they are visiting.
SQL injection occurs when the attacker inserts his own malicious SQL-meta characters into the code sent by a user. This code, if not rejected, allows the user to have backdoor access to the commerce site, potentially gaining access to credit card data and other transaction details. Price manipulation is another commerce problem that targets the commerce website. It allows the attacker to change the price in the online shopping cart. It modifies the payment information as it moves between the browser and the web server.
Buffer overflows are a basic ecommerce security concern that occurs when the attacker overwhelms the database with data. The script cannot handle the information, and generates an error message. The error message pinpoints the exact location of the error, allowing the attacker to access the administration area of the commerce site. The most aggressive and devastating form of ecommerce security vulnerability is when a web application attacks a computer, allowing the attacker to execute their own operating system commands on the user's computer.