As an e-commerce site there will always be a threat of hackers trying to access banking details of customers. As well as this there are also the normal threats that all sites face from hacking that the site must defend against. The first topic to look at is a defence feature called encryption. Encryption is a generic term that refers to the act of encoding data. Encryption is a basic operation that anyone can do even on files on a computer.. A general key would assign random letters a number from 1 – 26 and then do the same for the numbers. However in a larger more complex scale the letters can be changed to any key that the computer can generate. The previous key would be under the term “symmetric key”. A more complex key would be an asymmetric key which consists of two keys a public key and a private key. This means one key can used to decrypt data and then another key must be used to decrypt that data. This creates a dual encryption level that would be extremely difficult to crack if the keys are made complex.
Another protection method that is used is a Fire wall. A firewall insulates a private network from a public network using carefully established controls on the types of request they will route through to the private network for processing. Firewalls exist to primarily detect and prevent external attacks to the site protecting the sites private server where information is held. They usually consist in two type’s application level gateways and proxy servers. A virtual private network (VPN) is a network that is constructed using public wires usually the Internet to connect to a private network, such as a company’s internal network. These would be used in conjunction with firewalls as a safe passage way that would be allowed to pass through the firewall once checked. This would be used in a dual level protection system as the VPN which is a secured passage way and then the firewall for checking the information passed through the gateway.
A common target for hackers would be websites that use open source code and tools. This is because open source coding and tools are open to everyone so coding methods can be easily identified and exploited by hackers. Due to the open-source nature of many ecommerce platforms and web programming languages, hackers, pen testers and white hat researchers are constantly exploring, testing, and publishing discovered vulnerabilities and the methods that were used or might be used to exploit the vulnerability. The two most commonly exploited open source codes would be magneto and WordPress. These both have e-commerce capabilities and would be very vulnerable to hackers.
These are just a number of the many implications and defences that are arisen when talking about security in e-commerce sites. There are many other areas that arise from this also however the areas that are covered here give a general overview of the field of e-commerce websites security.
Encryption, E-Commerce: An Introduction. 2017. Encryption, E-Commerce: An Introduction. [ONLINE] Available at: https://cyber.harvard.edu/olds/ecommerce/encrypt.html. [Accessed 10 May 2017]..
What is a VPN (Virtual Private Network)? Webopedia. 2017. What is a VPN (Virtual Private Network)? Webopedia. [ONLINE] Available at: http://www.webopedia.com/TERM/V/VPN.html. [Accessed 10 May 2017].
WindowSecurity.com. 2017. E-Commerce Security Technologies: Fire Wall . [ONLINE] Available at: http://www.windowsecurity.com/whitepapers/firewalls_and_VPN/ECommerce_Security_Technologies_Fire_Wall.html. [Accessed 10 May 2017].
BlueSnap. 2017. How Hackers Find Your Ecommerce Website.. [ONLINE] Available at: https://home.bluesnap.com/snap-center/blog/how-hackers-find-your-ecommerce-website/. [Accessed 10 May 2017].