Key Requirements Of Mcommerce Systems

Print   

02 Nov 2017

Disclaimer:
This essay has been written and submitted by students and is not an example of our work. Please click this link to view samples of our professional work witten by our professional essay writers. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of EssayCompany.

The Architecture of M-Commerce Systems consists of Mobile Enduser Devices (Phones, PDAs, Tablets, Ipads and Communicators), Data Center hosting m-commerce applications, a Security Authority, a Clearing Authority (e.g., a bank) and merchants.

At the centre of this architecture is the Data Center. It directs and control m-commerce transactions sent from the mobile devices, issues shipping requests to the Suppliers, charges credit cards, among others. The Data Center is made up of a cluster of server computers running the server side of the m-commerce system, maintaining transaction information in a database.

Key Requirements of M-Commerce Systems

Device Independence

In order for M-Commerce systems to be successful they have to be able to run on varied mobile device platforms.

A browser-based architecture such as WAP might be sufficient for some m-commerce solutions, but others will require the deployment of a mobile application such as trading user interface.

Bearer Independence

This also means that different wireless bearers need to be supported: WAP, SMS, GPRS, and possibly UMTS.

Security Identification, authentication via the Security Authority, access control and end-to-end data encryption must be supported for any m-commerce solution to be acceptable.

Reliability

A middleware is used to enhance reliability where there is weak or intermittent network coverage.

Notifications

Another requirement is being able to send notifications to the customer to inform him/her that a transaction has taken place and his/her mode of payment such as credit card has been surcharged.

Proposing Solutions

Java Technology on the Devices and Servers

Where special m-commerce software for complex business transactions is to be used, Java can be deployed. This makes it possible to run various applications on the mobile platform without changing the operating system.

However, deploying Java does not provide the features for developing scalable and secure m-commerce systems that guarantees delivery of transactions, security, timely delivery of notifications, and integration of the data center software with the logistics systems of suppliers. A messaging middleware can be used to mitigate this.

A middleware is a class of invisible software residing between an application and the underlying operating system environment. The messaging middleware ensures the reliable delivery of m-commerce transactions, from a mobile device to the data center.

A Messaging middleware also makes it possible to integrate m-commerce services in the data center with the logistics information system at the suppliers.

Another distinctive feature of messaging middleware is its ability to deliver real-time information.

SECURITY ISSUES

Introduction

Security in an m-commerce system may generally be classified into three main parts. Namely, hardware security, software security and access security. The access security involves both physical access and logical access.

Deise identified a change in the concentration of IT security in businesses incorporating security into businesses processes and transactions while protecting the corporate IT infrastructure, culminating into new security policies focused on reliability, availability and trust.

Security Threats Arising from Mobile Commerce

Security threats in mobile commerce range eavesdropping on others’ messages to stealing user’s data. In a RF operated mobile commerce it is easier to do this with little difficulty.

Another problem is the inherent security risk involved in the transmission of data via a network. This can be highlighted into two: identification integrity and message integrity.

Zhang and Lee identified these two to cause a lot of concern to both parties involved in the transmission.

The sender could have his/her personnel information compromised while the merchant could be liable for repudiation of the transaction and resultant non-payment.

In addition, the mobile technology most often involves payment for services offered. This is evident special charges levied on users access other network carriers. These payments are normally done using the user’s account details which is transmitted via a network for authentication. Security breaches could occur if these networks are not adequately secured.

A security breach can also occur during the transformation of a user’s encrypted data for decryption. A WAP Gap could occur during these stages when translating one protocol to another. A hacker can compromise the security of the session capturing the data of the user at this point. Encryption technology consists of algorithms which a hacker could identify weaknesses since most of data transmission is based on encryption technology; it is obvious that data security is not fully assured.

Furthermore, there is no international regulatory framework to enforce security concerns committed across national boundaries. When a security of an international transaction is breached, no single country can prosecute the perpetrator. This therefore makes a user less confident in using an m-commerce application and an obvious loss of revenue to the SME concerned.

Trust is also crucial to the success of m-commerce. It is the result of the relationships that exist between transacting parties, familiarity with procedures and mechanisms for redress. In m-commerce, consumer trust is built on secure and reliable network services that guarantee safe transaction. Therefore the challenge is not to make m-Commerce devoid of risk but to make the system reliable.

Security Threats That Can Impact Financial Transactions

Security threats can pose tremendous security risk in an m-commerce environment. These threats can be classified into traditional risks and non-traditional risks. Traditional risks normally involve the loss or damage to tangible physical assets such as computer hardware such as data disks.

Non-traditional risks involve stolen information, damages to web sites by hackers, hijack of web sites and viruses, worms and trojans. This could be undertaken for financial gain or industrial espionage to give competitors competitive advantage.

Non-traditional security risks also include any unauthorised access or use of a company’s computer system and data by a hacker or insider in order to cause damage to the system or data. Due to businesses reliance on computers for their daily operations, breaches of a company’s computer or information security system are a risk to almost all functional components of businesses. Use of software to encrypt and, thus, safeguard communications provides some protection, but also adds a risk that a virus or other bug could damage equipment or data.

Further, according to Dang, theft of information such as critical electronic files that include financial data, customer information, marketing and new product data, trade secrets, and personnel data may provide competitors with a strategic advantage, criminals with the means to commit fraud, and others the opportunity to disparage the company. Dornan states

Raj Gururajan 75

that the use of misappropriated information may harm third parties such as customers, employees, and business partners. The theft of information may undermine an acquisition or cause a public relations problem and hence potential loss of revenue.

Another security issues worth noting is the insertion of viruses, worms or Trojan horses into one or more computer systems; the fraudulent transfer of money to personal accounts; the use of forged electronic signatures; the theft of credit card information and credit card fraud; the theft of intellectual property; illegal use of software; stock and commodity market manipulations; and similar illegal activities.

A hacker may use a number of methods such as insertion of viruses, spamming and web snatching to access computer systems and data and cause resulting damage. Damage may occur at data centres or to transmission networks, routers, and power sources. Virus attacks may also come from innocent parties who pass on an infection without knowing that the system is contaminated.

Using another technique called a distributed denial of service a hackers can attack a highly secured web. This technique hijacks numerous computers on the Internet and instructs each one to flood a target site with phoney data. The target site trying to accommodate the phoney data becomes overworked and soon begins to lose memory. The result is effectively slowing or shutting down the entire site to real customers.

Web snatching is a practice in which one party plants a virus in another party’s Web site that automatically moves the viewer from the selected site to a site run by the web snatcher. This is done without the permission of the selected Web site owner or the site visitor.

It is generally accepted that government legislation is needed to enforce security on the Internet since businesses owner are not very likely to succeed doing it on their own. This will enhance users ‘confidence in the use of m-commerce.

Security Risks in Mobile Commerce Emerging from Reliance on Third Parties

There are security risks associated with using third party security providers. Both traditional risks and non-traditional security risks can interfere with business operations or make it shut down completely

In m-commerce, Suppliers and customers can depend on each other’s electronic data systems and on mutual systems, such as a third-party commodity exchange. When one system fails, it may cause the other systems to fail as well.

Failure may be a slowdown in the dependent system, also called the "brownout," or a total denial of service, also called the "blackout."

The losses arising from reliance on a third party can generally be grouped into: (1) loss or damage to property, both tangible and intangible, (2) business interruption, and (3) extra expense.

Government legislation will be needed to ascertain to what extent data can be considered as tangible asset. This is necessary to assist insurers quantify damage to data when it occurs.

Property losses can also occur when an organisation’s intangible or intellectual property is infringed or violated. Copyrighted materials can be copied without permission, trademarks can be infringed upon or diluted, and patented property or ideas can be stolen. In a competitive knowledge based world, a firm’s intellectual property may be considered to be its most valuable asset as such needs to be protected.

There is the element of time due to business interruption and service interruption losses. Business interruption losses may result from the inability to access data, the theft of data, or a threat to the integrity of the database. Necessitating that the system be shut down for assessment.

Business interruption may have several consequences, e.g., loss of income; extra expenses to recover; loss of customer, partner, and shareholder confidence; and, ultimately, reduced market capitalisation. Third parties harmed by the denial of service may sue, adding liability losses to first-party damages. In some cases, business interruption may constitute a breach of contract.

According to Lee, service denial may cause a customer business interruption, network suspension, or a disruption in or delay of services.29 Service denials may result in damage claims or lawsuits for breach of contract.

Expense Incurred by Organisations Due to Business Interruptions

In the event of an interruption, a business may incur extraordinary expenses to resume operations as quickly as possible. Extra expense coverage is for those costs incurred by the policyholder in excess of the normal costs that would have been incurred to conduct business during the same period had no loss or damage occurred.

In the mobile commerce area, there are new types of costs that may need to be considered in the context of risk and insurance, including additional costs of operating Web sites from alternative servers, costs of operating Web sites through alternative providers, costs to repair Web sites damaged by hackers or equipment failures, and costs of rebuilding other lost information.30 Thus, various security risks arising from a combination of issues warrants a closer scrutiny for assessment of an organisation’s IT requirements in order to facilitate a secured financial transaction.



rev

Our Service Portfolio

jb

Want To Place An Order Quickly?

Then shoot us a message on Whatsapp, WeChat or Gmail. We are available 24/7 to assist you.

whatsapp

Do not panic, you are at the right place

jb

Visit Our essay writting help page to get all the details and guidence on availing our assiatance service.

Get 20% Discount, Now
£19 £14/ Per Page
14 days delivery time

Our writting assistance service is undoubtedly one of the most affordable writting assistance services and we have highly qualified professionls to help you with your work. So what are you waiting for, click below to order now.

Get An Instant Quote

ORDER TODAY!

Our experts are ready to assist you, call us to get a free quote or order now to get succeed in your academics writing.

Get a Free Quote Order Now