the use of alternative ordering mechanisms such as phone or fax;
the prominence of information to allay fears – the guarantee is one of the main
menu options.Companies can also use independent third parties that set guidelines for online pri-
vacy and security. The best-known international bodies are TRUSTe (www.truste.org) and
Verisign for payment authentication (www.verisign.com). Within particular countries
there may be other bodies such as, in the UK, ISIS (www.imrg.org.uk/isis).Malicious threats to e-commerce security
Hackers can use techniques such as ‘spoofing’ to hack into a system and find credit card
details. Spoofing, as its name suggests, involves someone masquerading as someone else.
Spoofing can be of two sorts:
IP spoofing is used to gain access to confidential information by creating false identifi-
cation data such as the originating network (IP) address. The objective of this access can
be espionage, theft or simply to cause mischief, generate confusion and damage corpo-
rate public image or political campaigns. Firewalls can be used to reduce this threat.
Site spoofing, i.e. fooling the organisation’s customers: using a similar URL such as
http://www.amazno.comcan divert customers to a site which is not the bona fide retailer.Firewallscan be used to minimise the risk of security breaches by hackers and viruses.
Firewalls are usually created as software mounted on a separate server at the point the
company is connected to the Internet. Firewall software can then be configured to
accept only links from trusted domains representing other offices in the company or key
account customers. A firewall has implication for marketers since staff accessing a web
site from work may not be able to access some content such as graphics plug-ins.Denial-of-service attacks
The risk to companies of these attacks was highlighted in the spring of 2000, when the top
web sites were targeted. The performance of these sites such as Yahoo! (www.yahoo.com)
and eBay (www.ebay.com) was severely degraded as millions of data packets flooded the
site from a number of servers. This was a distributed attack where the sites were bom-
barded from rogue software installed on many servers, so it was difficult for the e-tailers to
counter. Since then, fraudsters have attempted to blackmail online merchants at critical
times, for example online betting companies before a major sporting event or e-retailers
before Christmas. These are often very sophisticated attacks which involve using viruses to
compromise many ‘zombie’ computers around the world which are not adequately pro-
tected by firewalls and are then subsequently used to broadcast messages. Such attacks are
very difficult to counter.‘Phishing’
Phishing(pronounced ‘fishing’) is a specialised form of online identity theft. The most
common form of ‘phishing’ is where a spam e-mail is sent out purporting to be from an
organisation such as a bank or payment service. In 2004, the sites barclaysprivate.com and
eurocitibank.com – neither of them anything to do with existing banks – were shut down,
having been used to garner ID details for fraud. Recipients are then invited to visit a web
site to update their details after entering their username and password. The web address
directs them to a false site appearing the same as the organisation’s site. When the usernameTECHNOLOGICAL FACTORSFirewall
A specialised software
application mounted on
a server at the point
where the company is
connected to the
Internet. Its purpose is
to prevent
unauthorised access
into the company from
outsiders.
Phishing
Obtaining personal
details online through
sites and e-mails
masquerading as
legitimate businesses.