E-commerce online payment risks and security countermeasures

Source: Internet
Author: User

E-commerce is a way to complete a series of business activities such as commodity transactions and settlement through computers and networks, the content includes information flow, capital flow, and logistics information flow and capital flow are directly based on the Internet. It should be said that information flow and logistics are relatively easy to implement, while capital flow, that is, online payment, is complicated to implement, therefore, when talking about e-commerce, people often use online payment methods as a metric to determine whether e-commerce is actually implemented.

I. Problems in online e-commerce payment

1. Online payment security issues. There are three main security risks that cause the development of online payment: first, the security of the bank website itself. Second, the security of transaction information transmitted between sellers and banks. Third, the security of transaction information transmitted between consumers and banks. Regardless of the risk, the root cause is the leakage of the login password or payment password.

(1) password management issues. Most companies and individuals suffer from network attacks mainly because of poor password policy management. The passwords used by most users are common word names or other simple passwords that can be found in the dictionary. 86% of users use the same password or limited passwords on all websites.

Many attackers also use software to crack some weak passwords. Therefore, it is recommended that users use complex passwords to reduce the possibility of deciphering the passwords by viruses and improve the security of computer systems. Note: Do not set the password to a simple password, such as name, common word, phone number, or birthday; third, the password must be at least 9 digits.

(2) Network viruses and Trojans. Nowadays, many popular Trojan viruses are specially designed to steal the passwords of online banks. Trojan will monitor the webpage accessed by lE browser. If you find that the user is logging on to your personal bank, you can directly record the account and password entered by the keyboard or pop up a forged logon dialog box, trick the user into entering the login password and payment password, and then send the stolen information via email.

(3) phishing platforms. Phishing "attackers use fraudulent emails and forged Web sites for fraud activities, such as disguising themselves as trusted brands such as well-known banks, online retailers, and credit card companies. Scammers often disclose their financial data, such as credit card numbers, account numbers, and passwords.

2. Online Payment credit issues. In online payment, due to its virtual nature and ultra-temporal characteristics, the two sides do not meet each other, and it is difficult to objectively judge the credit grade of the other party. As a result, the two sides of online payment have doubts about the credit of the other party, this hinders the development of network payment.

3. Online payment for legal issues. Currently, the legislation that restricts the development of online payment mainly includes: Who should issue electronic currency, how to identify the qualification of online banking, and how to supervise the business of online banking. At present, China's e-commerce policies are not clear enough, and relevant laws, regulations and standards have not yet been established. Cross-department and cross-region coordination has a large problem.

4. The construction of online security certification bodies (CAS) is chaotic. On the Internet, in order to complete the transaction, the identities of both parties must be confirmed by a third party, resulting from the e-commerce certification body. The e-Certification Authority is responsible for verifying the user's identity, managing the issuance of electronic certificates, and timely publishing invalid certificates.

Ii. Security countermeasures for e-commerce online payment

As there are many factors that may cause e-commerce security problems, we should also consider different security issues and provide different countermeasures:

1. Security technical policies. Necessary measures must be taken to ensure communication security. In terms of communication connections, technologies such as firewalls, proxy servers, and virtual private network (VPN) can be used. encryption and authentication technologies can be used for authentication and authentication.

Do a good job in daily security maintenance of your computer. Pay attention to the following points: first, update the computer system frequently, and second, install anti-virus software and firewall, and upgrade and disinfect the computer frequently, 3. When surfing the internet at ordinary times, try not to access some small websites. Select large websites with high-profile websites to prevent website viruses and trojans from causing viruses, 4. Do not use your account and password for related funds on the public computer whenever possible. 5. After confirming that the computer is safe after the system is installed, back up your computer and restore the system before using the Fund account.

When logging on to pay for funds, you should note: First, check whether the network is an official website, and second, carefully check whether the Domain Name of the network is correct, pay attention to lowercase "1", "L", "0", and "O" situations. 3. Ensure good surfing habits, add frequently-used websites to favorites, and reduce online connections.

E-commerce online payment is actually a transaction that implements online bank transfer settlement. To prevent hacker Trojans and phishing attacks, using digital certificates is a good way to ensure the security of online banking. However, try not to use the so-called "file Certificate", that is, the certificate downloaded to the hard disk of the browser, because this certificate is easy to be stolen by hackers with Trojans. At present, the application practices of banks prove that only adding digital certificates to UBKey is a good way to ensure security.

2. Legal protection. Because e-commerce activities are first a transaction of commodities, security issues should be protected by relevant laws, it is necessary to ensure the legal status of electronic contracts and digital signatures, the acceptance of electronic contracts by both parties, and the non-repudiation or modification of electronic contracts, so as to ensure the implementation of electronic contracts.

3. social morality. Because the transaction sides in e-commerce are not directly face-to-face, frequent frauds in the traditional transaction process will inevitably have a security impact on e-commerce. Therefore, the healthy development of E-commerce depends on the establishment and improvement of social ethics.

4. Complete management policies. As the e-commerce transaction system is a highly integrated system with a single machine, in addition to network security, management of management personnel is also very important and plays a decisive role. Therefore, a complete set of rules and regulations must be developed for the distribution and supervision of the management permissions of the entire system, the training and assessment of management personnel, and the cultivation of ethics and business level, this helps to cultivate the professionalism of management personnel. (Edited by Zhou guohong du Yunfeng Jiang Yue: China B2B Research Center)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.