Security of M-Commerce Transactions
Security of M-Commerce Transactions
Abstract.
In this material electronic market are defined. How they are structured.
Security in E-Commerce applications is very important both at the administrative
level and from the user perspective. The new trend in the field is the M-commerce
that involves making purchases through mobile devices. And for M-commerce
transactions the security is a very important thing. Here's how to analyze the
security of M-commerce transactions and ways to increase security for these
transactions taking into account the organization of M-Commerce applications,
software used, hardware used and other important issues in the development of
these applications.
1. E-Commerce applications
A business of any kind for prosperous should have the number of clients
higher. Thus it is necessary that its potential customers to know its existence. One
of the many ways to make a company known work is the World Wide Web, which
the company presents its products and customer service. Above both Internets
enables customers to order the products and services offered by the company.
When analyzes were performed online business involved, the next step is the
implementation site. This involves several steps and implementation related
technologies, as shown in Table 1.
The next step to be run is to promote the business, this being done in
traditional way, by announcements by distributing presentation materials, or
publish online advertisements on high traffic websites or sending via e-mail the
promotional messages.
To publish the site, the business owner has to find a web hosting provider.
The discretion of the supplier, to consider several factors, such as:
the monthly cost of service (there are providers who offer this service for free),
existence of high technical characteristics, and both in terms of security of
stored
data, as well as the implementation of superior software solutions for data access
and management and implementation of information;
bandwidth available for users to access the site.
Next step for online publishing business is the choice of, this being the name
that will be accessed the site to publish it on server. In Romania, the organization
that manages domain names is Romanian Top Level Domain (http://rotld.ro/).
Except payment systems presented, there are other ways of payment counter
products bought online, but they must be approved both of the buyer and seller.
Knowing that the payment method is a prerequisite for the eventual buyer to apply
for goods and services online, it is important for online business that developer to
use an approve payment method and commonly used by customers.
Developing a business in the online environment must emphasize that its role
is to market products and services, marketing which, in the first phase, entails the
recording of transactions. In this regard, business developers must implement
options to certify transactions recorded in agreement.
Internet transaction has three components, each affecting in some way its
security, namely:
user - the person entering the site to buy;
server - representing business owner;
connection of the two components.
Vulnerability study is done systematically cover the most important idea of the
generation effect vulnerabilities.
For vulnerabilities that cause the greatest losses are calculated a percentage
of the software applications resulting value of each vulnerability, of the total value
of losses. If the weight exceeds the threshold of 0.97, this vulnerability is analyzed
to identify the causes and ways to improve computer security applications and
WCF.
representing that the vulnerability identified in the table line is rectified security
component identified in the table column.
If in 1998 the power of mobile penetration was only 5%, it increased in 10 years to
2008 to 55% in the mobile market and will increase to 96% or more in next period.
Of these shares only a small part represents smart phone, the rest being normal
mobile phone for people who just want to make calls and send messages,
applications used especially in 1998, when the penetration power of smart mobile
devices was very low. In 2008 the applications used on mobile phones have
become more diversified, and the power of penetration of smart phones increased.
In addition to making calls and sending these devices users listen to music,
viewing video clips, internet browsing and other specific business. For 2018 we do
not know what applications will be used but certainly those used today will be used
and other new applications, strength of smart phone penetration reaching 40%.
Communications networks used until now are divided into four distinct
generations:
1st generation (1G), designed to provide a single service, the voice appeared
starting in 1980; currently one generation systems are out of service in many
countries they have worked;
2nd generation (2G) was originally designed to provide voice services, while
having a limited capacity for data transmission services with relatively low
speed; by using packet data transmission through GPRS process, data
transmission speed can be up to 172 kbit/s (compared to speed of 14.4 kbit/s
offered in phase 1 development); it becomes possible to make multimedia
transmission;
3th generation (3G) increased transmission speeds of up to 2 Mbit/s (in some
versions up to 8 Mbit/s) and the multiple possibilities for quality multimedia
services and to operate in different environments; entry into service of the first
3G systems were conducted in 2001-2002;
4th generation (4G) can offer download speeds of up to 100 mbps.
Security for mobile devices and applications for these devices is provided in the
following aspects:
authentication found in the M-Commerce applications with virtual identity
verification (Ivan et al., 2012), the request of personally identifiable information
and checking them with the information previously provided in the registration;
according to (Marian, 2009) authentication is the process of establishing or
confirming the accuracy and reliability of information relating to the identity or
origin of an entity. The authentication process is divided into two parts:
– the first part is to identify the entity that is done by presenting an identifier
associated with the entity that authenticates;
– the second step is the verification and validation entity that authenticates.
These steps are similar to the steps identified in the authentication process.
Such user authentication satisfies the conditions of the authentication process. Also
all mobile applications which are components of authentication must acknowledge
these restrictions and authentication process to meet. In all applications, the
authentication process must submit these steps.
communication and sending text messages is one of the core activities of mobile
phones and also transactions; so this is a very important segment where security is
vital to protect users of mobile devices; in paper of Boja et al. (2011) SMSEncrypt
application is presented for the people who want a secure communication through
SMS service; SMSEncrypt software is composed of two parts: first part of sending
encrypted with specified key and the second allows receiving messages and
decrypt the secret key that the message receiver must know.
Encryption key and decryption key are identical and are known only to the
sender of the message and its receiver.
Figure 3 presents the steps that are taken in order to send an encrypted message
and steps taken to read it to reception.
These aspects are very important in developing mobile applications and should
be considered so that the quality of the application is increased by the security
offered to the user.
Currently many mobile users use saving passwords in browsers and if lost or
stolen mobile device user access to old accounts is done with great ease. To do this
is recommended that for electronic shopping made via mobile devices to be used a
new method of authentication or a new level of security and request a new
password that is not stored in the mobile device browser.
Conclusions
Increasing the number of users who choose to order products and services
online led to the implementation of new methods and concepts of online business.
Mobile ecommerce solutions increase the number of users and thus increase the
number of potential customers. However, an increased number of potential mobile
users in the field of online commerce are also a growing number of potential
people to be victims of cybercrime.
References
1. AV Security, http://www.avsecurity.ro/index.php?
option=com_content&view =article&id =217: tendintele-securitatii-it-in-
2013-niciun-razboi-cibernetic-la-orizont&catid=42:fp-rnp
5. Ivan, I., Boja, C., Zamfiroiu, A. (2012). „Process de emulate pentru test area
aplicatiilor mobile”, Revista Româna de Informatica si Automatica, Vol. 22,
No. 1, pp. 5-16
6. Kwok, Sai Ho, Chi, R. (2006). “Digital Rights Management for Mobile
Commerce Using Web Services”, Journal of Electronic Commerce
Research, Vol. 7, No. 1