Types of E- Commerce Threats
Since E-Commerce is based on information technology and computer networks, it inevitably faces a series of security issues compared with traditional businesses. E-Commerce security threats can be accidental (caused by a human error) or intentional.
Foreign or domestic, internal or external, group or individual, business rivals or disgruntled employees, terrorists or hackers anyone with the capability, technology, opportunity, and intent to do harm can be a potential threat to E-Commerce. Though every business has pitfalls E-Commerce business would face the following specific threats.
Viruses cause harm to the computers thereby harms the efficient and smooth functioning of E-Commerce. Some viruses destroy all the information stored in a computer and cause huge loss of revenue and time. The emergence of computer viruses and their variants has rapidly increased over the past decade. The Internet has turned to be the best medium for the spread of viruses. Many new viruses directly use the Internet as their mode of transmission causing huge economic losses to E-businesses.
1. Information leakage: The leakage of trade secrets in E-Commerce mainly includes two aspects: (a) the content of the transaction between the vendor and customer is stolen by the third party; (b) the documents provided by the merchant to the customer or vice versa are illegally used by the other. This intercepting and stealing of online documents is called information leakage.
Phishing is also a E-Commerce threat in which a target is contacted by e-mail, telephone or text message by someone who pretend himself as a genuine authority. They try to trap individuals to provide sensitive data such as, banking and credit card details, OTP, PIN or passwords. Once they succeed, the results would lead to devastating acts such as identity theft and financial loss.
2. Tampering: E-Commerce has the problem of the authenticity and integrity of business information. When hackers grasp the data transmitted on the network, it can be falsified in the middle through various technical means, and then sent to the destination, thereby destroying the authenticity and integrity of the data.
3. Payment frauds: Payment frauds have subsets like Friendly fraud (when customer demands false reclaim or refund), Clean fraud (when a stolen credit card is used to make a purchase) Triangulation fraud (fake online shops offering cheapest price and collect credit card data) etc.
4. Malicious code threats: Within an E-Commerce site, there are multiple vulnerable areas that can serve as an intrusion point for a hacker to gain payment and user information. Using malware, Cross Site Scripting or SQL Injection, an attacker will extract the credit card information and sell the acquired data on black markets. Fraud is then committed to extract the greatest value possible through E-Commerce transactions or ATM withdrawals, etc.
5. Distributed Denial of Service (DDoS) Attacks: It is a process of taking down an E-Commerce site by sending continious overwhelming request to its server. This attack will be conducted from numerous unidentified computers using botnet. This attack will slow down and make the server inoperative. DDoS attacks is also called as network flooding.
6. Cyber Squatting: Cybersquatting is the illegal practice of registering an Internet domain name that might be wanted by another person in an intention to sell it later for a profit. It involves the registering of popular trademarks and trade names as domain names before the particular company do. Cyber squatters also involve in trading on the reputation and goodwill of such third parties by inducing a customer to believe that it is an official web page.
In September 2015, the domain google.com was bought for 12 American dollars by a former Google employee which he later sold it for 6006.13 American dollars.
7. Typopiracy: Typopiracy is a variant of Cyber Squatting. Some fake websites try to take advantage of users’ common typographical errors in typing a website address and direct users to a different website. Such people try to take advantage of some popular websites to generate accidental traffic for their websites. e.g. www.goggle.com, www.faceblook.com
Hacking refers to unauthorized intrusion into a computer or a network. That is to say breaking security to gain access to a website illegally and intercept confidential information. They would then misuse such information to their advantage or modify and even destroy its contents to harm the competitors.