in the e-commerce environment (Parker et al, 2004). All three parts of security may be affected
by purely technical issues, natural phenomena, or accidental or deliberate human causes.
Confidentiality refers to limitations of information access and disclosure to authorized users and
preventing access by or disclosure to unauthorized users.
In other words, confidentiality is an
assurance that information is shared only among authorized persons or organizations.
Authentication methods, like user IDs and passwords that identify users can help to reach the
goal of confidentiality. Other control methods support confidentiality, such as limiting each
identified user's access to the data system's resources. Additionally,
critical to confidentiality
(also to integrity and availability) are protection against malware, spyware, spam and other
attacks.
Confidentiality is related to the broader concept of information privacy: limiting access to
individuals' personal information. The concept of
integrity relates to the trustworthiness of
information resources. It is used to ensure that information is sufficiently
accurate for its
purposes. The information should be authentic and complete. For example, forwarding copies of
sensitive e-mail threatens both the confidentiality and integrity of the information.
Availability
refers to the availability of information resources. The system is responsible for delivering,
processing, and storing information that is accessible when needed, by those who need it. An
information system that is not available when you need it is at least as bad as no system at all. It
may be much worse if the system is the only way to take care of a certain matter.
As the society and its economic patterns have evolved from the heavy-industrial era to that of
information, in terms of providing new products and services to satisfy people's needs,
organizational strategies have changed too. In effect, corporations have altered their
organizational
and managerial structures, as well as work patterns, in order to leverage
technology to its greatest advantage such as e-banking services. Economic and technology
phenomena such as downsizing, outsourcing,
distributed architecture, client/server and e-
banking, all include the goal of making organizations leaner and more efficient. However,
information systems (IS) are deeply exposed to security threats as organizations push their
technological resources to the limit in order to meet organizational needs (Dhillon, 2001; Dhillon
and Torkzadeh, 2006).
According to Dr. David Chaum, CEO of DigiCash said that “security is simply the protection of
interests. People want to protect their own money and bank their own exposure. The role of
government is to maintain the integrity of and confidence in the whole system. With electronic
cash, just as with paper cash today, it will be the responsibility of government to protect against
system risk. This is serious role that cannot be left to the micro-economic interests of commercial
organizations”. The security of information may be one of the biggest concerns to the Internet
users. For electronic banking users who most likely connect to the Internet via dial-up modem, is
faced with a smaller risk of someone breaking into their computers. Only organizations such as
banks with dedicated internet connections face the risk of someone
from the internet gaining
unauthorized access to their computer or network. However, the e-banking system users still face
the security risks with unauthorized access into their banking accounts. Moreover, the e-banking
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org
439
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
system users also are concerned about non-repudiability which requires a reliable identification
of both the sender and the receiver of on-line transactions. Non-secure electronic transaction can
be altered to change the apparent sender. Therefore, it is extremely important to build in non-
repudiability which means that the identity of both the sender and the receiver can be attested to
by a trusted third party who holds the identity certificates.
There are a multitude of possible scenarios where sensitive data can be stolen or misplaced when
processing an online transaction. The methods used to steal and compromise sensitive data is
dynamic and ever changing. Their purpose is to target applications and architectures that are
widely used,
such as instant messaging, email, standardized shopping carts, redundant coding
schemes, database programs, and security techniques and encryption. Security concerns should
be discussed during the design stages of systems development to ensure it is addressed properly
(Chorafas, 2004). One reason for the multitude of security concerns faced by users is that the
internet was not developed
with security in mind, thus many of the techniques security
professionals are putting into place are reactionary and hackers are using these same methods.
Traditional E-commerce security can be broken down into a three-tier model where the client,
server, and database are described separately (Shwan, 2006). To gather an understanding for the
threats against E-Commerce applications, we must also explore security concerns that threaten
all systems.