Securing E-commerce Applications: Threat Modeling Investigation
VerifiedAdded on 2023/04/23
|84
|20598
|225
Project
AI Summary
This project investigates threat modeling tools and techniques used to secure e-commerce applications. It begins with an introduction to the importance of software security vulnerabilities and the increasing complexity of cyberattacks, particularly ransomware. The project aims to investigate threat modeling tools and techniques, reviewing security issues in e-commerce, and exploring methodologies like the Prototype, DSDM, Spring, and Agile Scrum models. The study reviews e-commerce security tools, including firewalls, encryption software, digital certificates, biometrics, and passwords, along with threat modeling approaches. The methodology includes data collection through interviews and analysis of security issues in e-commerce applications like E-bay, Amazon and Konga. The implementation involves the development of a new threat modeling technique, presenting website results, and evaluating the outcomes. The project concludes with a summary, recommendations, and references, providing a comprehensive analysis of e-commerce security through threat modeling.
TOPIC: An Investigation into Threat Modelling Tools and
Technique Used in Securing E-Commerce
Applications Online
Technique Used in Securing E-Commerce
Applications Online
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Chapter One: Introduction..............................................................................................................5
1.1 Background Study................................................................................................................5
1.2 Problem Statement................................................................................................................6
1.3 Project Aims and Objectives.................................................................................................6
1.4 Scope of Study................................................................................................................7
1.5 Background of the study.................................................................................................7
Chapter 2: Overview of Security Issues in E-commerce.................................................................9
2.1 Definition of terms..............................................................................................................10
Chapter 3: Literature review.........................................................................................................11
3.1 Literature Review...............................................................................................................11
3.1.1 The Underlying Principles in Online Shopping using Credit Card and PayPal............11
3.1.2 E-commerce Security Tools.........................................................................................14
3.1.3 Firewalls......................................................................................................................15
3.1.4 Types of Firewalls........................................................................................................16
3.1.5 Public Key infrastructure.............................................................................................17
3.1.6 Encryption software Tools...........................................................................................18
3.1.7 Digital Certificates and Signatures Security Tool........................................................20
3.1.8 Biometrics Security Tool.............................................................................................22
3.1.9 Passwords Security Tool..............................................................................................23
3.1.10 Major Threat Modelling Approaches.........................................................................24
3.1.11 Benefit of Effective E-commerce Security.................................................................28
Chapter 4: Methodology...............................................................................................................30
4.1 System Methodology..........................................................................................................30
4.1.1 Prototype Method.........................................................................................................31
4.1.2 Dynamic Systems Development Model (DSDM)........................................................31
4.1.3 Spring Model...............................................................................................................32
4.1.4 Agile Scrum methodology...........................................................................................33
4.1.5 Ethical consideration conducted the following process:...............................................34
4.2 Data Collection...................................................................................................................35
4.3 Evidence of the interview Conducted Online (Template)...................................................36
4.4 Interview Summary.............................................................................................................38
4.5 Data Analysis from the Interview.......................................................................................39
A. Security Issues Associated with E-Bay App System........................................................39
B. Security Issues Associated with Amazon App System.....................................................40
Chapter One: Introduction..............................................................................................................5
1.1 Background Study................................................................................................................5
1.2 Problem Statement................................................................................................................6
1.3 Project Aims and Objectives.................................................................................................6
1.4 Scope of Study................................................................................................................7
1.5 Background of the study.................................................................................................7
Chapter 2: Overview of Security Issues in E-commerce.................................................................9
2.1 Definition of terms..............................................................................................................10
Chapter 3: Literature review.........................................................................................................11
3.1 Literature Review...............................................................................................................11
3.1.1 The Underlying Principles in Online Shopping using Credit Card and PayPal............11
3.1.2 E-commerce Security Tools.........................................................................................14
3.1.3 Firewalls......................................................................................................................15
3.1.4 Types of Firewalls........................................................................................................16
3.1.5 Public Key infrastructure.............................................................................................17
3.1.6 Encryption software Tools...........................................................................................18
3.1.7 Digital Certificates and Signatures Security Tool........................................................20
3.1.8 Biometrics Security Tool.............................................................................................22
3.1.9 Passwords Security Tool..............................................................................................23
3.1.10 Major Threat Modelling Approaches.........................................................................24
3.1.11 Benefit of Effective E-commerce Security.................................................................28
Chapter 4: Methodology...............................................................................................................30
4.1 System Methodology..........................................................................................................30
4.1.1 Prototype Method.........................................................................................................31
4.1.2 Dynamic Systems Development Model (DSDM)........................................................31
4.1.3 Spring Model...............................................................................................................32
4.1.4 Agile Scrum methodology...........................................................................................33
4.1.5 Ethical consideration conducted the following process:...............................................34
4.2 Data Collection...................................................................................................................35
4.3 Evidence of the interview Conducted Online (Template)...................................................36
4.4 Interview Summary.............................................................................................................38
4.5 Data Analysis from the Interview.......................................................................................39
A. Security Issues Associated with E-Bay App System........................................................39
B. Security Issues Associated with Amazon App System.....................................................40
C. Security Issues Associated with Konga App System........................................................40
Chapter 5: Implementation and Results........................................................................................41
4.1 Evidence of Developing a New Threat Modelling Technique............................................41
4.1.1 Project Result Website.................................................................................................41
4.2 Project Result Discussion...................................................................................................43
Goals.....................................................................................................................................43
Newly Developed E-commerce Application Decomposition................................................45
Application Entry Point........................................................................................................46
Application Assets................................................................................................................47
Application Security Trust Level..........................................................................................49
Application Security Data Flow Diagram.............................................................................50
Determining high ranking threats..........................................................................................51
Determining possible countermeasures and mitigation.........................................................53
Amazon E-commerce Application Decomposition...............................................................54
Amazon Entry Point..............................................................................................................55
Amazon Security Asset.........................................................................................................56
Amazon Security Trust level.................................................................................................58
Amazon Security Data Flow Diagram..................................................................................59
4.3 Evaluation of the Result......................................................................................................61
Chapter 6: Summary and Conclusion...........................................................................................62
6.1 Summary.........................................................................................................................62
6.2 Conclusion......................................................................................................................71
6.3 Recommendation............................................................................................................72
References....................................................................................................................................74
Appendix......................................................................................................................................82
1. Time Scale Plan................................................................................................................82
2. Support Used....................................................................................................................82
3. Skills Audit.......................................................................................................................83
Figure 1: E-commerce Shopping Cycle........................................................................................13
Figure 2: Encryption and Decryption Diagrammatic representation.............................................19
Figure 3: Digital signature Process...............................................................................................21
Figure 4: Stride Threat Modelling Approach................................................................................26
Figure 5: Diagram showing an Attack Tree on Credit Card System.............................................28
Figure 6: Diagrammatic representation of Spring Model methodology........................................32
Figure 7: Diagrammatic Representation of Scrum Iteration..........................................................34
Chapter 5: Implementation and Results........................................................................................41
4.1 Evidence of Developing a New Threat Modelling Technique............................................41
4.1.1 Project Result Website.................................................................................................41
4.2 Project Result Discussion...................................................................................................43
Goals.....................................................................................................................................43
Newly Developed E-commerce Application Decomposition................................................45
Application Entry Point........................................................................................................46
Application Assets................................................................................................................47
Application Security Trust Level..........................................................................................49
Application Security Data Flow Diagram.............................................................................50
Determining high ranking threats..........................................................................................51
Determining possible countermeasures and mitigation.........................................................53
Amazon E-commerce Application Decomposition...............................................................54
Amazon Entry Point..............................................................................................................55
Amazon Security Asset.........................................................................................................56
Amazon Security Trust level.................................................................................................58
Amazon Security Data Flow Diagram..................................................................................59
4.3 Evaluation of the Result......................................................................................................61
Chapter 6: Summary and Conclusion...........................................................................................62
6.1 Summary.........................................................................................................................62
6.2 Conclusion......................................................................................................................71
6.3 Recommendation............................................................................................................72
References....................................................................................................................................74
Appendix......................................................................................................................................82
1. Time Scale Plan................................................................................................................82
2. Support Used....................................................................................................................82
3. Skills Audit.......................................................................................................................83
Figure 1: E-commerce Shopping Cycle........................................................................................13
Figure 2: Encryption and Decryption Diagrammatic representation.............................................19
Figure 3: Digital signature Process...............................................................................................21
Figure 4: Stride Threat Modelling Approach................................................................................26
Figure 5: Diagram showing an Attack Tree on Credit Card System.............................................28
Figure 6: Diagrammatic representation of Spring Model methodology........................................32
Figure 7: Diagrammatic Representation of Scrum Iteration..........................................................34
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Figure 8: Screenshot One showing the Website Page of the threat Modell for Securing E-
commerce Application..................................................................................................................41
Figure 9: Screenshot two showing the Website Page of the threat Modell for Securing E-
commerce Application..................................................................................................................42
Figure 10: Screenshot One showing the Website Page of the threat modelling for Securing E-
commerce Application..................................................................................................................42
Figure 11: New Application Security Data Flow Diagram...........................................................51
Figure 12: Amazon online Application Security Data Flow Diagram...........................................59
Table 1: Newly Developed E-commerce Application Decomposition..........................................46
Table 2: Application Entry Point..................................................................................................47
Table 3: Application Assets..........................................................................................................49
Table 4: Application Security Trust Level....................................................................................50
Table 5: High Ranking Threats.....................................................................................................53
Table 6: Countermeasures and Mitigation....................................................................................54
Table 7: Amazon E-commerce Application Decomposition.........................................................55
Table 8: Amazon Entry Point.......................................................................................................56
Table 9: Amazon Security Asset...................................................................................................58
Table 10: Amazon Security Trust level........................................................................................59
Table 11: High Ranking Threats...................................................................................................60
Table 12: Threat and Countermeasures.........................................................................................61
commerce Application..................................................................................................................41
Figure 9: Screenshot two showing the Website Page of the threat Modell for Securing E-
commerce Application..................................................................................................................42
Figure 10: Screenshot One showing the Website Page of the threat modelling for Securing E-
commerce Application..................................................................................................................42
Figure 11: New Application Security Data Flow Diagram...........................................................51
Figure 12: Amazon online Application Security Data Flow Diagram...........................................59
Table 1: Newly Developed E-commerce Application Decomposition..........................................46
Table 2: Application Entry Point..................................................................................................47
Table 3: Application Assets..........................................................................................................49
Table 4: Application Security Trust Level....................................................................................50
Table 5: High Ranking Threats.....................................................................................................53
Table 6: Countermeasures and Mitigation....................................................................................54
Table 7: Amazon E-commerce Application Decomposition.........................................................55
Table 8: Amazon Entry Point.......................................................................................................56
Table 9: Amazon Security Asset...................................................................................................58
Table 10: Amazon Security Trust level........................................................................................59
Table 11: High Ranking Threats...................................................................................................60
Table 12: Threat and Countermeasures.........................................................................................61
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Chapter One: Introduction
1.1 Background Study
To ensure that e-commerce information assets is not compromised, software security
vulnerabilities is the most important line of defense. The recent increase in the
complexity and volume of cyber security attacks gives convincing reasons for enhancing
the security of e-commerce software applications that monitors and regulate online
shopping information. This most recent global attack on e-commerce business was the
ransom ware attack. Most firms were affected. The nature at which the ransom ware
cyber attacked spread from nation to nation, and from one firm to another was very
worrisome. E-commerce is a very important and lucrative sector in any economy which
has strived positively since its introduction to the internet. This continues threat and
attack poses a security issues surrounding web applications today, and is a serious
concern to the e-commerce business.
Software security tools and model are proactive approach designed to combat computer
security threat that emerged about fifteen years ago. It addresses a vital need for software
applications to be designed and developed with security in mind. Threat modeling
techniques and analytical tools are among the practices utilized in the computer industry
to reduce the volume and severity of exploitable vulnerabilities to e-commerce software
applications. But most of these threat models are usually implement after the designed
and development of an e-commerce application which is not the best practice. There is a
trending knowledge that in other to produce dependable and secure applications, app
developers need to incorporate security into software development lifecycle 'SDLC' (Lee
1.1 Background Study
To ensure that e-commerce information assets is not compromised, software security
vulnerabilities is the most important line of defense. The recent increase in the
complexity and volume of cyber security attacks gives convincing reasons for enhancing
the security of e-commerce software applications that monitors and regulate online
shopping information. This most recent global attack on e-commerce business was the
ransom ware attack. Most firms were affected. The nature at which the ransom ware
cyber attacked spread from nation to nation, and from one firm to another was very
worrisome. E-commerce is a very important and lucrative sector in any economy which
has strived positively since its introduction to the internet. This continues threat and
attack poses a security issues surrounding web applications today, and is a serious
concern to the e-commerce business.
Software security tools and model are proactive approach designed to combat computer
security threat that emerged about fifteen years ago. It addresses a vital need for software
applications to be designed and developed with security in mind. Threat modeling
techniques and analytical tools are among the practices utilized in the computer industry
to reduce the volume and severity of exploitable vulnerabilities to e-commerce software
applications. But most of these threat models are usually implement after the designed
and development of an e-commerce application which is not the best practice. There is a
trending knowledge that in other to produce dependable and secure applications, app
developers need to incorporate security into software development lifecycle 'SDLC' (Lee
and Park, 2016). Embedding security into the design of different ‘SDLC’ allows security
analyst and developers to think proactively about the countermeasures to discover
available threat and avert future attack.
Threat modeling is vital in developing security system for all the SDLC stages as well as
in each specific stage. The aim of this project is on the use of threat modeling tools and
approach to identify and analyze security management in e-commerce applications.
1.2 Problem Statement
Most of the threat modeling tools used in developing E-business security systems today is
usually implement after the designed and development of an e-commerce application.
This is not the best practice because this approach increases the volume and severity of
exploitable vulnerabilities in the computer and E commerce industry.
1.3 Project Aims and Objectives
Project aims: The primary aim of the study is to investigate the tools that are required
for the threat modelling for utilizing while securing the e-commerce applications online.
These outlined aim would successfully help in investigating threat modelling tools and
technique used in securing e-commerce applications online. The Statue Quo of this study
is to investigate the current security challenges in e-commerce applications, by studying
past research work and recommending better approach.
Project Objectives: The objective of this project is focus on the specified requirements
to which E-commerce application should meet security standard. They are outlined
below:
analyst and developers to think proactively about the countermeasures to discover
available threat and avert future attack.
Threat modeling is vital in developing security system for all the SDLC stages as well as
in each specific stage. The aim of this project is on the use of threat modeling tools and
approach to identify and analyze security management in e-commerce applications.
1.2 Problem Statement
Most of the threat modeling tools used in developing E-business security systems today is
usually implement after the designed and development of an e-commerce application.
This is not the best practice because this approach increases the volume and severity of
exploitable vulnerabilities in the computer and E commerce industry.
1.3 Project Aims and Objectives
Project aims: The primary aim of the study is to investigate the tools that are required
for the threat modelling for utilizing while securing the e-commerce applications online.
These outlined aim would successfully help in investigating threat modelling tools and
technique used in securing e-commerce applications online. The Statue Quo of this study
is to investigate the current security challenges in e-commerce applications, by studying
past research work and recommending better approach.
Project Objectives: The objective of this project is focus on the specified requirements
to which E-commerce application should meet security standard. They are outlined
below:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Appraisal of the underlying principles in online shopping using credit card and
PayPal
Overview of E-commerce security.
Review the different security issues in E-commerce organization.
Review the available security tools and security modelling approaches in E-
commerce
Developing a standard security model for software development methodologies in
E-commerce organization.
Comparing the degree of successful developed security modelling approach for E-
commerce applications.
1.4 Scope of Study
This study focuses on the past and current challenges, threats securing e-commerce
applications online. Undergoing with this study the researcher aims at using past research
work, current research materials, and interactive social media platforms in getting the
most recent and up to date security models being used to curb or reduce security threats
online.
1.5 Background of the study
In the current global economy, application security plays a pivotal role in network
security. Consistently software hackers are using advance technologies and techniques to
access important data and carry out other significant activities to E-commerce network
application (Ott, 2008). In the electronic technologies sectors, Privacy and security are
major factor. The E-commerce sector also shares these views in line with other
technological fields. While some firms are faced with difficulties in making their website
PayPal
Overview of E-commerce security.
Review the different security issues in E-commerce organization.
Review the available security tools and security modelling approaches in E-
commerce
Developing a standard security model for software development methodologies in
E-commerce organization.
Comparing the degree of successful developed security modelling approach for E-
commerce applications.
1.4 Scope of Study
This study focuses on the past and current challenges, threats securing e-commerce
applications online. Undergoing with this study the researcher aims at using past research
work, current research materials, and interactive social media platforms in getting the
most recent and up to date security models being used to curb or reduce security threats
online.
1.5 Background of the study
In the current global economy, application security plays a pivotal role in network
security. Consistently software hackers are using advance technologies and techniques to
access important data and carry out other significant activities to E-commerce network
application (Ott, 2008). In the electronic technologies sectors, Privacy and security are
major factor. The E-commerce sector also shares these views in line with other
technological fields. While some firms are faced with difficulties in making their website
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
security sophisticated in order to provide customers with effective secure payment online,
other firms like Palpay, WePay and ProPay have provided their customers with the
security of assessing any website with an assurance that their information is safe.
Notwithstanding, big firms are investing heavily, in addressing E-commerce security
challenges using different tools and techniques. In analysing the security level of an
application, system and software, an approach is the threat modelling and security tools
(Li et al., 2012). It is a structured approach that enables one identify, measure and address
the security hazard associated with applications and software (Amini et 2017). This
project notwithstanding, will limit its scope to e-commerce applications such as E-bay,
Amazon and Konga.
There are basically three different types of threat modelling approaches available today,
they include fault tree Analysis, Attack trees, Stride and Dread (Wagner et al 2009).
These approaches and techniques to application security have proven to be ineffective,
this is evidence in their vulnerabilities, permitting applications to be attacked or damaged.
A challenging task is determining with approach will give the best result when applied to
specific software application or e-commerce applications. Therefore, determine how to
effectively solve this security challenge using the most effective tool is crux of this
project.
An overview of the problem statement is why security in e-commerce application is
needed, and the best approach to apply. This research survey evaluated the existing threat
modelling techniques and tools from the literature review. The report discussed various
methodologies to this research and give reason to why the agile methodology was
adopted in developing a new threat modelling technique framework. This new threat
other firms like Palpay, WePay and ProPay have provided their customers with the
security of assessing any website with an assurance that their information is safe.
Notwithstanding, big firms are investing heavily, in addressing E-commerce security
challenges using different tools and techniques. In analysing the security level of an
application, system and software, an approach is the threat modelling and security tools
(Li et al., 2012). It is a structured approach that enables one identify, measure and address
the security hazard associated with applications and software (Amini et 2017). This
project notwithstanding, will limit its scope to e-commerce applications such as E-bay,
Amazon and Konga.
There are basically three different types of threat modelling approaches available today,
they include fault tree Analysis, Attack trees, Stride and Dread (Wagner et al 2009).
These approaches and techniques to application security have proven to be ineffective,
this is evidence in their vulnerabilities, permitting applications to be attacked or damaged.
A challenging task is determining with approach will give the best result when applied to
specific software application or e-commerce applications. Therefore, determine how to
effectively solve this security challenge using the most effective tool is crux of this
project.
An overview of the problem statement is why security in e-commerce application is
needed, and the best approach to apply. This research survey evaluated the existing threat
modelling techniques and tools from the literature review. The report discussed various
methodologies to this research and give reason to why the agile methodology was
adopted in developing a new threat modelling technique framework. This new threat
modelling technique framework was proposed with a functional website discussing how
it should be use. The report also document the appropriate ethical conservation observed
following an interview conducted to observe how E-bay, Amazon and Konga e-
commerce mobile application users are concern with the security on this platform. Its
findings are discussed in the later chapter, where recommendations will be made.
Chapter 2: Overview of Security Issues in E-commerce
There has been a significant increase in the level of business transactions perfumed
electronically since the emergence of the Internet and the World Wide Web. For every
transaction that occurs on the web and the internet, security is of utmost important. The e-
commerce security threat is a major aspect of the trending security obstacles facing E-
business activities today. It covers all areas of the e-business including social networking,
marketing and other realm of Information security (Kelly and Rowland, 2000). E-
commerce security is one of the major security issues affecting most end user today;
through interactions with online businesses, which could be payment for service rendered
and other financial transactions.
Traditionally, authentication mechanism in e-commerce is based on providing personal
security identification and access control methods (Hanumesh and Sunder, 2000).
Though there has been improvement using modern day advance encryption and
compliment authentication mechanism, which employ authentication algorithm to
optimise security power in e-commerce. The advent of e-commerce has exposed the
banking industry to great opportunity, even though it created a new set of risks and
increase vulnerability and security threats. Information security should be seen as an
essential and integral part of management and technical requirement for any efficient and
it should be use. The report also document the appropriate ethical conservation observed
following an interview conducted to observe how E-bay, Amazon and Konga e-
commerce mobile application users are concern with the security on this platform. Its
findings are discussed in the later chapter, where recommendations will be made.
Chapter 2: Overview of Security Issues in E-commerce
There has been a significant increase in the level of business transactions perfumed
electronically since the emergence of the Internet and the World Wide Web. For every
transaction that occurs on the web and the internet, security is of utmost important. The e-
commerce security threat is a major aspect of the trending security obstacles facing E-
business activities today. It covers all areas of the e-business including social networking,
marketing and other realm of Information security (Kelly and Rowland, 2000). E-
commerce security is one of the major security issues affecting most end user today;
through interactions with online businesses, which could be payment for service rendered
and other financial transactions.
Traditionally, authentication mechanism in e-commerce is based on providing personal
security identification and access control methods (Hanumesh and Sunder, 2000).
Though there has been improvement using modern day advance encryption and
compliment authentication mechanism, which employ authentication algorithm to
optimise security power in e-commerce. The advent of e-commerce has exposed the
banking industry to great opportunity, even though it created a new set of risks and
increase vulnerability and security threats. Information security should be seen as an
essential and integral part of management and technical requirement for any efficient and
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
effective transactions and financial activities over the internet. Online e-commerce
applications that uses payments methods such as electronic transactions, debit cards,
credit cards, PayPal or other tokens stands a greater risk of been hacked, either network
servers, data loss or alteration of e-commerce applications (Lin, 2017).
2.1 Definition of terms
Online customer’s awareness about possible identity theft, financial fraud and other
irregularities when performing financial transaction on the web, has increase due to
warming from media houses on security and privacy breaches. This has placed
limitations on e-commerce businesses, in terms of growth and profit maximisation. A lot
of end users and customers are having declined to perform online exchanges due to lack
of trust and fear of losing their personal information to criminals (Bruton, 1999). End
users are no longer having confidence in e-business due to: -
Fraud: This is an act that can results in direct financial loss by, from a customer’s
account to a criminal’s accounts without any financial records update.
Electronic thief: It refers to an intruder that can disclose confidential or protected,
information to a third party, with sole aim of having financial gain. E-commerce system
is liable to irregularities which could result in interception of customers online shopping
activities, thereby resulting to distress.
Security confidentiality: giving customers the confidence that the data sent to e-
commerce firms are has integrity and confidentiality and not for public view.
E-commerce integrity: assuring customers that information provided and data is real,
accurate and safeguarded from unauthorized user modification, which is not usually the
applications that uses payments methods such as electronic transactions, debit cards,
credit cards, PayPal or other tokens stands a greater risk of been hacked, either network
servers, data loss or alteration of e-commerce applications (Lin, 2017).
2.1 Definition of terms
Online customer’s awareness about possible identity theft, financial fraud and other
irregularities when performing financial transaction on the web, has increase due to
warming from media houses on security and privacy breaches. This has placed
limitations on e-commerce businesses, in terms of growth and profit maximisation. A lot
of end users and customers are having declined to perform online exchanges due to lack
of trust and fear of losing their personal information to criminals (Bruton, 1999). End
users are no longer having confidence in e-business due to: -
Fraud: This is an act that can results in direct financial loss by, from a customer’s
account to a criminal’s accounts without any financial records update.
Electronic thief: It refers to an intruder that can disclose confidential or protected,
information to a third party, with sole aim of having financial gain. E-commerce system
is liable to irregularities which could result in interception of customers online shopping
activities, thereby resulting to distress.
Security confidentiality: giving customers the confidence that the data sent to e-
commerce firms are has integrity and confidentiality and not for public view.
E-commerce integrity: assuring customers that information provided and data is real,
accurate and safeguarded from unauthorized user modification, which is not usually the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
case. Insecure Firewall filters in e-commerce network and internet create loop holes in
files and information thereby allowing it into wrong hands.
Phishing: attack on e-commerce network and system by cyber criminals resulting in
vulnerable attacks on software and machines enabling cyber theft. Malicious Code sent to
attack e-commerce systems in form of worms by Trojans horse and bots which, can
replicated and spread from one file to another or from one system to another.
When it comes to buying and selling of goods and services online, e-commerce is still in
the forefront, shopping and making transactions with just a click using desktop and
mobile apps are effectively utilised. Because numerous web based mobile applications
are being created to satisfy client shopping desires, there is a need to address the e-
business security issues, by effectively using an appropriate tools and threat technique.
These tools and other existing ones will be evaluated in this report. Also, the possibility
of this threat modelling tools and approaches being imbedded into software development
processes in tackling security before e-commerce applications are developed.
Chapter 3: Literature review
3.1 Literature Review
3.1.1 The Underlying Principles in Online Shopping using Credit Card and PayPal
The current innovation of online card payments and PayPal payment occur with online
generated virtual personal account numbers. The account numbers are usually invisible to
individuals using the internet to make online purchases. All online shopping cards have
an internally writeable magnetic data stripe which enables, then to be used at a point-of-
sale tale, automated readable machines and E-business website. This is because the
files and information thereby allowing it into wrong hands.
Phishing: attack on e-commerce network and system by cyber criminals resulting in
vulnerable attacks on software and machines enabling cyber theft. Malicious Code sent to
attack e-commerce systems in form of worms by Trojans horse and bots which, can
replicated and spread from one file to another or from one system to another.
When it comes to buying and selling of goods and services online, e-commerce is still in
the forefront, shopping and making transactions with just a click using desktop and
mobile apps are effectively utilised. Because numerous web based mobile applications
are being created to satisfy client shopping desires, there is a need to address the e-
business security issues, by effectively using an appropriate tools and threat technique.
These tools and other existing ones will be evaluated in this report. Also, the possibility
of this threat modelling tools and approaches being imbedded into software development
processes in tackling security before e-commerce applications are developed.
Chapter 3: Literature review
3.1 Literature Review
3.1.1 The Underlying Principles in Online Shopping using Credit Card and PayPal
The current innovation of online card payments and PayPal payment occur with online
generated virtual personal account numbers. The account numbers are usually invisible to
individuals using the internet to make online purchases. All online shopping cards have
an internally writeable magnetic data stripe which enables, then to be used at a point-of-
sale tale, automated readable machines and E-business website. This is because the
internally writeable magnetic data strips are readable with special payment readable
software's (Hayashi, 2012).
Automated online card payment system appears to be on most shopping website, to
permits faster, easier and verifiable transactions using the magnetic stripes on the back of
the cards which is link to a card number (Long and Vy, 2016). A card reader is used to
verify the card details in real-time to track fraudulent cards speedily and accurately (Long
and Vy, 2016). However online fraudsters are constantly looking for modern technique to
defeat online card reading machines (Virtue, 2013).
An online card could be MasterCard, Visa, Vector One and Other typical payment cards,
usually unique to identify an account holder (Virtue, 2013). A standard card contains a
customised personal account number usually a system number, bank number, user
account number or a cheque digit. The personal account number is associated an
expiration date and year issued my bank, in some cases the account holder's name or
business appears on the card as well as the bank unique sort code. On the other side of the
card is a 3-digit number (CVC), known as the card confirmation code. The CVC is not
embedded on the card, therefore different online system cannot print or store the number,
thus can only be approved by the card holder.
There two main sorts of transactions while a using Credit card, the online associate with
web transaction and offline associated with POS transactions (Dara and Gundemoni,
2017). For online transactions of any sort to be complete a card holder obtains a virtual
account online that can be used only once. The virtual online number is generated for a
user device intending to access an E-commerce website for transaction. PayPal is a
company in which its main service is to generate an online virtual account instead of
software's (Hayashi, 2012).
Automated online card payment system appears to be on most shopping website, to
permits faster, easier and verifiable transactions using the magnetic stripes on the back of
the cards which is link to a card number (Long and Vy, 2016). A card reader is used to
verify the card details in real-time to track fraudulent cards speedily and accurately (Long
and Vy, 2016). However online fraudsters are constantly looking for modern technique to
defeat online card reading machines (Virtue, 2013).
An online card could be MasterCard, Visa, Vector One and Other typical payment cards,
usually unique to identify an account holder (Virtue, 2013). A standard card contains a
customised personal account number usually a system number, bank number, user
account number or a cheque digit. The personal account number is associated an
expiration date and year issued my bank, in some cases the account holder's name or
business appears on the card as well as the bank unique sort code. On the other side of the
card is a 3-digit number (CVC), known as the card confirmation code. The CVC is not
embedded on the card, therefore different online system cannot print or store the number,
thus can only be approved by the card holder.
There two main sorts of transactions while a using Credit card, the online associate with
web transaction and offline associated with POS transactions (Dara and Gundemoni,
2017). For online transactions of any sort to be complete a card holder obtains a virtual
account online that can be used only once. The virtual online number is generated for a
user device intending to access an E-commerce website for transaction. PayPal is a
company in which its main service is to generate an online virtual account instead of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 84
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.