Latin America. Undoubtedly, security can become a major risk for digital entrepreneurship, given that while electronic security systems have evolved more and more. Cybercriminals have been able to take advantage of its vulnerabilities; making the amount that e-commerce companies must invest in security, is higher than that of physical businesses.
There are four elements that must be taken into account when evaluating security in online business transactions: the client software, the data transfer protocols, the web server and the operating system. The fact of presenting a simple flaw in any of these, directly compromises the security of transactions, putting at stake the trust of consumers and merchants in e-commerce.
It is essential that e-commerce companies develop neural systems independent of all those provided by security firms and banks; it is necessary to study the behavior or pattern of purchase of each user; and the different profiles of buyers that imply a certain level of "suspicion" must be identified, only in this way can proactive decisions be made to avoid the costs that may involve being reactive in these lides.
UNDERSTANDING THE THREATS
It is understood by threat to the action of the network environment – being able to involve person, hardware, event or idea – that, given an opportunity, can lead to a breach in security, from the confidentiality, integrity, availability or legitimate use of the data. In turn, these can be classified as internal and external, depending on the environment in which they occur.
There is also a classification by categories, ranging from vandalism, sabotage, theft and fraud on the internet; to the breach of data security and privacy, and denial of service.
The security model in e-commerce can be divided into four main components that must be protected: the customer's software; the transport of data; web server software; and the server's operating system. It is imperative to make an effort so that the security of these components is consistent since, if one of them presents an obvious weakness, it would be the target of most attacks, and due to its weakness many of those attacks would be successful.
The first refers to the security of the web client software, that is, the one used to browse the Internet, that is, browsers and active web components.
As for the transport of the data, the element that has been most emphasized and invested is the one that involves the confidentiality of the data, and the authenticity of who sends and who receives.
In turn, web servers, whose security flaws usually occur in server software and in interface programs with databases; those who provide the most services being more vulnerable.
And last but not least, the operating system; on which e-commerce applications are built. If it has vulnerabilities, the data stored on the server will be exposed. The flaws in the security of operating systems are usually: default options, weak authentication, vulnerabilities in network software, denial of service attacks, potholes in the operating system.
GUARANTEED SECURITY
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by an alliance between several of the world's leading credit card issuers – Visa, Mastercard, American Express, Discover and JCB– to establish a minimum of joint security requirements designed to protect what is known as the Cardholder Data Environment (CDE).
PCI Compliance is a requirement for all merchants that accept cards, and it is important that both users and website owners verify whether the information displayed is secure.
By: Jesús Cortina, General Manager of GM Security Technologies.
