E-Commerce Vulnerabilities

Sviatoslav Braynov, University of Illinois, Springfield

Introduction

E-Shoplifting

Poor Input Validation

Poor Session Management

Credit Card Payments

Traditional Credit Card Fraud

Online Credit Card Fraud

Identity Theft and Identity Management

Protecting Credit Card Payments

Secure Electronic Transactions

Secure Socket Layer and Transport Layer Security

VISA 3-D Secure

MasterCard SPA

PayPal Security

Check Digit Algorithm (ISO 2894)

One-Time-Use Credit Card Numbers

Online Auctions

Basic Auction Types

Cheating Auctioneers

Cheating Bidders

Cheating Intermediaries

Cryptographic Auctions

The Cocaine Auction Protocol

Nonrepudiation

Concept and Definition

Types of Nonrepudiation

Mechanisms for Nonrepudiation

Trust and Reputation

Conclusion

Glossary

Cross References

References

Further Reading

INTRODUCTION

E-commerce has both promises and dangers. One promise is to dramatically change the way business is conducted by lowering the costs, reaching larger markets, and creating new distribution channels and new forms of business interaction. One danger is that the more successful e-commerce becomes, the more likely it is to attract abusive actions, fraud, and deception. Every year, companies and customers lose billions of dollars from fraudulent transactions, credit card abuse, and identity theft.

What makes e-commerce extremely vulnerable to computer attacks is the fact that the three main components of every commercial activity—the agents, the process, and the commodity—can ...