E-commerce involves the transaction of any kind of business over an electronic system or utilising electronic systems. An e-commerce website is a business in which transactions occur over the Internet, an intranet or an extranet. E-commerce websites utilise internal networks that may interface with the World Wide Web. The nature of e-commerce introduces internal and external risks to both the website and the business systems to which it is connected. External threats to an e-commerce website come from many sources, including the macroeconomic environment and risks associated with the external Internet and related networks. Internal threats come from employees, the internal network and business processes, and from management.
The greatest internal threat to an e-commerce website is poor management. If management is not committed to ensuring security and providing budgets for purchasing antivirus software licenses and for keeping the internal networks robust, the e-commerce website is vulnerable to attack. Any internal systems to which it is connected are also vulnerable. Ideally, management should commit to regular IT security audits of the system to ensure that security is optimised and any potential problems are prevented or handled as soon as they occur. In smaller businesses, management may have other priorities and leave the e-commerce site vulnerable by default.
An e-commerce website is vulnerable to fraud from both internal and external sources. Fraudulent activities include credit card fraud, which exposes the site to threat from customers and external sources, and internal fraud, such as fraudulent transactions being entered into the system from the back-end by rogue employees. Fraudulent transactions can also be introduced into the system by hackers or Trojan horses, with such fraudulent transactions appearing identical to real customers' transactions.
E-commerce security issues relate to the internal business network and the interface between the customer's transactions and the network. Hackers pose a threat to the security of the network, as they can gain access to internal systems via the e-commerce website. These threats can be mitigated by using a firewall between the website and the internal network, and by encrypting the transactional data.
Computer viruses and malicious software are some of the biggest threats to an e-commerce website. Viruses originate from external sources and can corrupt files if introduced into the internal network. They can completely halt or destroy a computer system and disrupt the operations of the website. Malicious software such as Trojan horses pose an even greater threat as they can capture information on the client side before any encryption software can take effect. They can also impersonate a customer and pass bad or malicious code into the server running the website, where it becomes an internal problem.