A SURVEY OF E-COMMERCE SECURITY THREATS AND SOLUTIONS
đź”—Abstract
E-commerce security is part of the Web security problems that arise in all business information systems that operate over the Internet. However, in e-commerce security, the dimensions of web security – secrecy, integrity, and availability-are focused on protecting the consumer’s and e-store site’s assets from unauthorized access, use, alteration, or destruction. The paper presents an overview of the recent security issues in e-commerce applications and the usual points the attacker can target, such as the client (data, session, identity); the client computer; the network connection between the client and the webserver; the web server; third party software vendors. Discussed are effective approaches and tools used to address different e-commerce security threats. Special attention is paid to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), phishing attacks, SQL injection, Man-in-the-middle, bots, denial-of-service, encryption, firewalls, SSL digital signatures, security certificates, PCI compliance. The research outlines and suggests many security solutions and best practices.
UDC Classification: 004.42, DOI: https://doi.org/10.12955/pns.v2.135 Keywords: e-Commerce, security, user experience.
đź”—Introduction
Nowadays, a significant amount of internet traffic is used for surfing e-commerce websites. The coronavirus pandemic situation has led to unprecedented growth of e-commerce during the lockdown of 2020. According to Statista (Statista, 2021), online retail websites have made strong traffic gains due to the global coronavirus pandemic. For instance, Amazon.com had a monthly traffic average of almost 3.68 billion visitors in 2020, followed by eBay.com with 1.01 billion visits on average each month. E- commerce sales are expected to reach $6.5 trillion by 2023 (Bhatti, 2020). This steady rise in the e- commerce retail market also means more exposure to e-commerce security violations. Security is one of the most important aspects of an e-commerce business, and customers’ trust is a top priority. Trust is essential to the users in their decision to risk time, money, and personal data on a website. E-commerce is expected to provide safe web browsing and secure transactions. To provide customers with the safest possible online shopping experience, there are some main security threats that e-commerce websites should deal with. Internet security of web applications is generally considered to include three main elements: secrecy, integrity, and availability. Secrecy refers to protection against unauthorized data disclosure and ensuring the authenticity of the data source. Integrity is about prevention against unauthorized data modification. Availability refers to preventing data delays or denials (removal). In this paper, we consider the main security threats and possible solutions focusing on how they apply to e-commerce. A common approach to investigate e-commerce security is to follow the transaction- processing flow, beginning with the consumer and ending with the webserver (or servers) at the e- commerce site, including any other computers connected to the web servers. This means exploring client threats, communication channel threats, and server threats. In our approach, we concentrate on the assets that must be protected to ensure security in e-commerce. The rest of the paper explores the main security threats and aims to identify the factors that enhance or damage the credibility of e-commerce sites.