Chapter Summary 219
based on their charge- back percentages. Electronic price tag alteration occurs when hackers
manipulate the shopping cart software code and alter prices. It is estimated that one- third of
all shopping cart applications have software holes.
Traditional password protection, which is used to control system and database access, is
not sufficient for e- commerce security. Secure e- commerce requires that both parties to a trans-
action be positively mutually identified. This mutual authentication process prevents intruders
from acquiring valuable information or goods under false pretenses. It is also essential that
e- commerce transaction information be secured against theft. Encrypting the information
before it is sent, then decrypting it when received can protect transaction communications.
This security technique is designed to foil intruders who may intercept the transaction some-
where in the transmission path.
E- commerce transaction information, which is stored on computer systems and servers,
must be carefully protected. This is usually accomplished by defensive hardware and soft-
ware, which can include firewall and intrusion detection mechanisms. The goal is to keep
systems safe from external and internal theft attempts. Confidential data, such as credit card
numbers and account information, should be encrypted. Encryption can make the informa-
tion unusable in the event e- thieves gain access to the system.
Attacks that use destructive techniques such as denial of service and viruses also pose a
threat to e- commerce. Interruption of service caused by such attacks can be very costly to an
e- commerce organization. Because access to the site may be blocked, both immediate cus-
tomers and potential customers may be lost. A number of security measures can be effective
in mitigating these types of attacks. Anti- virus software and the same measures used to foil
theft are useful against these threats.
E- commerce involves Internet use for purchases of such items as airline tickets, computer
hardware and software, books, and miscellaneous products. It involves a number of meth-
ods for securing transactions, authorizing payments, and moving money between accounts.
B2B is defined as e- commerce where both the buyers and sellers are organizations. B2C is a
business selling online to individual consumers. Lastly, C2C involves individuals buying and
selling over the Internet.
EDI is a process whereby standardized forms of e- commerce documents are transferred
between remotely located computer systems, usually to and from organizations providing some
product or service. These computerized forms include purchase orders and invoices.
SET is a specification for handling credit card transactions over a network, with empha-
sis on the Web and Internet. A digital certificate is a digital signature that can be used for
authentication, to ensure the sender is validated, and to ensure the message has not been
altered in transit. Secure transactions are critical for e- commerce on the Internet. Additional
security mechanisms include SSL, SHTTP, and PCT.
Two types of keys are utilized in the security environment. A public key is used in an
asymmetric encryption system. It is used in conjunction with a corresponding private key. A
59940_Newman_02Print.indb 219 2/6/09 11:42:53 AM

Get Computer Security: Protecting Digital Resources now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.