KYAMBOGO UNIVERSITY

P.O. BOX 1, KYAMBOGO-KAMPALA, UGANDA

SCHOOL OF COMPUTING AND INFORMATION SCIENCE

DEPARTMENT OF COMPUTER SCIENCE

BACHELOR OF INFORMATION TECHNOLOGY AND COMPUTING.

COURSE UNIT: NETWORKING MANAGEMENT CONCEPTS AND SECURITY

LECTURER: DR. LEONALD NKALUBO

YEAR OF STUDY: YEAR TWO.

TASK: GROUP ASSIGNMENT

GROUP MEMBERS

NAME REG. NUMBER SIGNATURE

1 MUYANJA WILBERFORCE 23/U/ITD/220/GV
2 ZIMULA FARID 23/U/ITD/15871/PD
3 MUGASI VAN SURRENDER 23/U/ITD/08263/PD
4 BEKISA PAULINE AGENO 24/U/ITD/426/GV
5 ARINAITWE HELLEN 23/U/ITE/15005/PE
6 NYEKO TREVOR 23/U/ITD/11482/PD
7 AYEBALE IAN PEREZ 23/U/ITE/04835/PE
8 MUGOOLI MARTIN 23/U/ITD/08327/PD
9 BUSUULWA SWAMADU 23/U/ITD/086/GV
10 MUNDURU ALLEN MOREEN 23/U/ITD/08596/PD
11 MUTIBWA TALIQUE TWALIK 23/U/ITD/08810/PD
12 AYOM PATRICK 23/U/ITD/14465/GV
E-COMMERCE SECURITY TECHNOLOGY

E-commerce is the exchange of goods and services and the transmission of funds and data
over the internet.

E-commerce security refers to measures and protocols used to protect online transactions,
customer’s data and other sensitive information when hosting an e-commerce site.

Historical Background

History of e-commerce Here is a brief timeline of the rise of e-commerce businesses, from
inception, all the way to modern developments

1979: Michael Aldrich invents electronic commerce. Michael Aldrich invented e-commerce
when he connected a modified television to a transaction processing computer via a telephone
line. This technology was already readily available and made it possible to transmit payment
data securely and became the foundation for modern e-commerce.

1982: The first e-commerce company launches Boston Computer Exchange launched in
1982 and became the first online marketplace for people interested in selling their used
computers. The 1990s saw the emergence of e-commerce as we know it today.

1992: The first e-commerce marketplace launches Book Stacks Unlimited was launched in
1992 by Charles M. Stack. Originally it was a dialup bulletin board, but it was later launched
as an online marketplace from the books.com domain.

1994: Netscape navigator launches as a web browser Netscape was the world’s first web
browser. It became the primary web browser on the Windows platform in the 1990s.

1995: Amazon launches. Jeff Bezos launched the business to become the world’s largest e-
commerce marketplace. It initially started as an e-commerce platform for books. That same
year, the famous SSL security protocol was launched which helped make online transactions
more secure.

1998: PayPal launches as the first e-commerce payment system It was started as a money
transfer tool that later merged with Elon Musk’s online banking. It first offered payment
processing for online vendors and other commercial users and then spread out from there to
the general public.

i
Types of Electronic Commerce

1. Business-to-Business (B2B)
Business-to-Business (B2B) e-commerce encompasses all electronic transactions of
goods or services conducted between companies. E.g wholesalers selling to retailers.
2. Business-to-Consumer (B2C)
The Business-to-Consumer type of e-commerce is distinguished by the establishment
of electronic business relationships between businesses and final consumers. It
corresponds to the retail section of e-commerce, where traditional retail trade
normally operates.e.g online retail stores like Amazon.
3. Consumer-to-Consumer (C2C)
Consumer-to-Consumer (C2C) type e-commerce encompasses all electronic
transactions of goods or services conducted between consumers.e.g eBay

Advantages of E-commerce
Global Reach: E-commerce enables businesses to access global markets, allowing
businesses to reach customers worldwide.
Availability: Online stores are always open compared to physical stores that only
operate during fixed working hours.
Low operational costs: E-commerce reduces many costs associated with physicals
stores such as rent, bills and utililes.
Wide Range of Products: E-commerce is not limited to physical shelfs as compared
to physical stores thus customers are able to choose from a wide range of goods.
Disadvantages of E-commerce
Security concerns: Online transactions are vulnerable to cyber attacks, hacking and
identity theft which leads to concerns about the safety of personal and financial
information.
Lack of Personal Touch: E-commerce lacks personal assistance and personal
interactions that customers often experience in physical stores.

ii
BODY

There are six dimensions or principles of Ecommerce security:

1. Confidentiality: This is a property that ensures that information is not made available
to unauthorized individuals or entities.
2. Integrity: This is property that ensures that information, data or resources remain
consistent, accurate and unaltered during transmission and processing.
3. Availability: This is a property that ensures that information resources are available
to authorized users when needed.
4. Authentication: This is a property that ensures that the identity of devices, users or
systems is verified before access is granted to information or resources.
5. Non-repudiation: This is a property that a party involved in a communication or
transaction cannot deny having sent or received information.
6. Access Control: This is a property that allows only authorized users to acess specific
information or resources.

E-commerce Security threats

1. Financial frauds
Ever since the first online businesses entered the world of the internet, financial
fraudsters have been giving businesses a headache. There are various kinds of
financial frauds prevalent in the e-commerce industry, but we are going to discuss the
two most common of them.
 Credit Card Fraud
It happens when a cybercriminal uses stolen credit card data to buy products on your
e-commerce store. Usually, in such cases, the shipping and billing addresses vary.
You can detect and curb such activities on your store by installing an AVS– Address
Verification System.
Another form of credit card fraud is when the fraudster steals your personal details
and identity to enable them to get a new credit card.
2. Phishing
Phishing is a type of cyberattack where attackers attempt to deceive individuals into
providing sensitive information, such as usernames, passwords, credit card numbers,
or other personal data.
1
 Several e-commerce shops have received reports of their customers receiving
messages or emails from hackers masquerading to be the legitimate store owners.
Such fraudsters present fake copies of your website pages or another reputable
website to trick the users into believing them. For example, see this image below. A
seemingly harmless and authentic email from PayPal asking to provide details.
3. Spamming
Spamming refers to the practice of sending unsolicited, irrelevant, or repetitive
messages, usually in large quantities, to a wide audience.
Some bad players can send infected links via email or social media inboxes. They can
also leave these links in their comments or messages on blog posts and contact forms.
Once you click on such links, they will direct you to their spam websites, where you
may end up being a victim.
4. DoS & DDoS Attacks
Distributed Denial of Service (DDoS) attacks are cyber-attacks where multiple
compromised systems are used to flood a target (usually a server or network) with
overwhelming amounts of traffic, rendering it unusable or severely slowing it down.
Many e-commerce websites have incurred losses due to disruptions in their website
and overall sales because of DDoS (Distributed Denial of Service) attacks. What
happens is that your servers receive a deluge of requests from many untraceable IP
addresses causing it to crash and making it unavailable to your store visitors.

5. Malware
Malware is any malicious software designed with an intent to exploit, harm and
compromise a system, network or device without the owner’s consent.
Hackers may design a malicious software and install on your IT and computer
systems without your knowledge. These malicious programs include spyware, viruses,
trojan, and ransomware.
The systems of your customers, admins, and other users might have Trojan Horses
downloaded on them. These programs can easily swipe any sensitive data that might
be present on the infected systems and may also infect your website.

2
 E-commerce security technologies or tools include:
1. Antivirus Software
Antivirus Software scans your systems for malicious software and blocks any threats.
Once it detects a threat, it will alert you and take necessary steps to remove it.
It’s essential to have an antivirus installed on all computers used in the business and
on any mobile devices that accesses the network. This is because malicious software
can spread quickly, and you don’t want to risk your customers’ data.
When choosing antivirus software, you must ensure that it is up-to-date and provides
the latest protection. Software developers add more layers of security when they
update their software, so remember to keep up with the latest versions.

2. Firewalls
Firewalls are another essential security tool for any e-commerce business. They act as
a barrier between your network and the outside world, blocking malicious traffic from
entering your system. Firewalls can be either hardware or software, but the ideal
configuration is to have both. This will ensure maximum protection for your network
and customers’ data.
This type of security tool is also helpful for allowing remote access to a private
network through secure authentication certificates. Many businesses use this type of
access to manage their networks remotely.

3. Encryption Software
Encryption software protects sensitive data, such as credit card numbers and
passwords. It works by scrambling the data so that it cannot be read or understood by
anyone who does not have the encryption key. This ensures that even if someone were
to gain access to your system, they would not be able to read the data.
Encryption software is also useful for protecting data in transit, such as when it is sent
over the Internet. This ensures that the data remains secure even when it is being
transmitted from one computer to another.
When choosing encryption software, make sure that it meets the latest security
standards and provides strong encryption algorithms. You should also ensure that the
software is regularly updated with new features and security patches.

3
 4. Biometrics: Another tech trend in the world of cybersecurity is biometrics.
Biometrics uses a person’s physical characteristics to verify their identity and
authenticity. These include your eyes(iris), voice, or behavioural characteristics.
Biometric data is perhaps one of the most reliable ways to confirm a person’s
legitimacy since it can’t be replicated or forged easily.
Biometric authentication systems are becoming more popular in e-commerce. You
can use this system to verify the identity of customers and employees and protect
sensitive data. Common biometric authentication systems include fingerprint
scanners, iris scanners, and facial recognition software.
5. Access Management
When handling sensitive data, it’s important to have a system that controls who has
access to it. Access management works by assigning roles and privileges to each user.
This allows you to control who can view, modify, or delete data. It also helps to
ensure that only authorized personnel have access to sensitive information.
As a result, you may want to consider implementing an access management system
for your e-commerce business. This will help you protect your data and ensure that
only authorized personnel can access it.

6. Digital Certificates
Digital certificates are another important security tool for any e-commerce business.
They are used to verify the identity of a website or server and ensure that the data is
secure. When customers visit your website, they can check the digital certificate to
make sure that it is valid and that their data is secure.
Digital certificates utilize Public Key Infrastructure (PKI), which enables secure e-
commerce and Internet-based communication. They’re issued by a Certificate
Authority (CA) and contain information about the owner, such as their name, address,
and public key. This information is used to verify the owner’s identity for secure
communication.

7. Digital Signatures
Digital signatures are another important security tool for e-commerce businesses.
They are used to verify the authenticity of digital documents, such as contracts and
invoices. Digital signatures use encryption technology to ensure that the document has
not been tampered with and is from a legitimate source.
4
 They use encryption technology to generate a unique code attached to the document
or transaction. The recipient can then verify this code, ensuring that the document or
transaction is genuine.

8. Tokenization:
Tokenization replaces sensitive data with unique tokens that are useless if intercepted.
This protects sensitive information, especially in payment processing.

How it works: When a customer enters their credit card number, the system replaces
the number with a randomly generated token. This token is meaningless without the
decryption key stored on a secure server.
Impact on e-commerce: In the event of a breach, tokenized data cannot be exploited,
providing an additional layer of security for payment information.

9. Secure Sockets Layer (SSL)/Transport Layer Security (TLS):

SSL and TLS are cryptographic protocols designed to provide communication security
over a computer network. TLS is the successor to SSL, offering stronger encryption
methods.

How it works: SSL/TLS establishes an encrypted connection between the user’s web
browser and the web server. This encryption ensures that any data transferred, such as
personal details or credit card numbers, cannot be intercepted or modified by attackers.

5
Recommendations

In order to improve the security and resilience of e-commerce platforms in Uganda, the
following strategic measures should be implemented:

Develop a comprehensive security policy: E-commerce platforms should establish and

regularly update a comprehensive security policy. This policy should outline protocols for
data protection, incident response, user authentication and access management.

Continuous Security Audits and Monitoring: To maintain a strong security posture,

businesses should schedule regular security audits to assess vulnerabilities and ensure
compliance with best practices.

Prioritize Employee Training and Awareness: Employees are often the weakest link in
cybersecurity. E-commerce businesses should invest in continuous training programs to
educate employees on the latest security threats, phishing scams and best practices for
safeguarding sensitive information.

a
Conclusion

E-commerce security technologies are vital for protecting both businesses and consumers in
an increasingly digital world. As the volume and sophistication of cyber threats grow, the
adoption of robust security measures has become a necessity for e-commerce platforms.
From encryption and secure payment gateways to tokenization, two-factor authentication, and
blockchain, the integration of cutting-edge technologies plays a critical role in safeguarding
sensitive information and preventing fraud.

b
 References
1. E-Commerce Security: Weak Links, Best Defences, Anup K. Ghosh, 2002, published
by Wiley
2. Secure Electronic Commerce: Building the infrastructure for Digital Signatures and
Encryption, Charles Kaufman, Radia Perlman and Mike Speciner, published by
Wiley.
3. Handbook of E-commerce Security, Joao Manuel R.S Tavares, Brojo Kishore Mishra,
Raghvendra Kumar and Noor Zaman, 2019, published by CRC Press.
4. https://redskydigital.com/8-must-have-security-tools-in-e-commerce/ visited on 26 th
September, 2024 1:20pm.
5. https://bloomidea.com/en/blog/types-e-commerce visited on 26th September, 2024
1:35pm.
6. https://www.getastra.com/blog/knowledge-base/ecommerce-security-threats/ visited
on 26th September, 2024 2:24pm.s
7. https://www.investopedia.com/terms/e/ecommerce.asp visited on 13th September,
2024 2: 14pm
8. Aniruddh Diwan, September 29th 2023, What is e-commerce security and why is it
important published by LinkedIn. https://www.linkedin.com/pulse/what-e-commerce-
security-why-important-aniruddh-diwan visited on 13th September 2024 2:50pm.