The most common and most damaging forms of security threats to e-commerce site include:
Malicious code: Virus, worms, Trojan horses and ―bad applets‖ are a threat to a system‘s integrity and continued operation, often changing how a system functions or altering documents created on the system
Hacking and cyber-vandalism: Intentionally disturbing, defacing or even destroying a site
Credit card fraud/theft: One of the most feared occurrences and one of the main reasons more consumers do not participate in e-commerce. The most common cause of credit card fraud is lost or stolen card that is used someone else, followed employee theft of customer numbers and stolen identities.
Spoofing: Occurs when hackers attempt to hide their true identities or misrepresent themselves using fake e-mail addresses or masquerading as someone else. Spoofing can also involve redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination.
Denial of service attacks: hackers flood a web site with useless traffic to inundate and overwhelm the network, frequently causing it to shutdown and damaging a site‘s reputation and customer relationship.
Sniffing: a type of eavesdropping program that monitors information traveling over network, enabling hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files and confidential reports. The threat of sniffing is that confidential or personal information will be made public.
Insider jobs- although the bulk of internet security efforts are focused on keeping outsider out, the biggest threat is from employees who have access to sensitive information and procedures.
The major dimensions of e-commerce security are
Integrity: The ability to ensure that information displayed on the web site or sent or received via the internet has not been altered in any way an unauthorized party.
Non-repudiation: the ability to ensure that e-commerce participants do not deny their online actions.
Authenticity: refers to the ability to verify an individual or business‘s identity
Confidentiality: determines whether the information shared online, such as credit card number, e- mail communication can be viewed anyone other than the intended recipient.
Privacy: Deals with the use of information shared during online transaction consumers want to limit the extend to which their personal information can be divulged to other organizations, while merchants want to protect such information from failing into the wrong hands.
Availability: Determines whether a web site is accessible and operational at any given moment.