E-commerce security is part of the Web security problems that arise in all business information systems that operate over the Internet. However, in e-commerce security, the dimensions of web security – secrecy, integrity, and availability-are focused on protecting the consumer’s and e-store site’s assets from unauthorized access, use, alteration, or destruction. The paper presents an overview of the recent security issues in e-commerce applications and the usual points the attacker can target, such as the client (data, session, identity); the client computer; the network connection between the client and the webserver; the web server; third party software vendors. Discussed are effective approaches and tools used to address different e-commerce security threats. Special attention is paid to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), phishing attacks, SQL injection, Man-in-the-middle, bots, denial-of-service, encryption, firewalls, SSL digital signatures, security certificates, PCI compliance. The research outlines and suggests many security solutions and best practices.
A SURVEY OF E-COMMERCE SECURITY THREATS AND SOLUTIONS