Volume 9, Issue 4 (April 2022), Pages: 106-113
----------------------------------------------
Original Research Paper
Title: Integrated e-commerce security model for websites
Author(s): Ibrahim Alfadli *
Affiliation(s):
Department of Information Systems, College of Computer Science and Engineering, Taibah University, Medina, Saudi Arabia
Full Text - PDF XML
* Corresponding Author.
Corresponding author's ORCID profile: https://orcid.org/0000-0002-4549-357X
Digital Object Identifier:
https://doi.org/10.21833/ijaas.2022.04.013
Abstract:
E-commerce is the branch of digital life that contains all economic and trade businesses conducted via the internet and commercial procedures connected to these businesses. It is considered the major and fastest-growing area in the world. It is the greatest way of purchasing goods and services done net. The old buying was changed by e-commerce only through this Covid pandemic. However, the enormous challenge of e-commerce is insider and outsider cyber-attacks, which threats the confidentiality, integrity, and availability of e-commerce. The researchers have proposed several security models and frameworks for the e-commerce field; however, there is a lack of an integrated model to secure the purchasing and selling of websites. Thus, this study presents a survey of cyberattacks that may damage e-commerce and proposes an integrated security model for e-commerce using a design science approach. The proposed model comprises three main parts: Client, e-commerce, and security. The results show that the proposed model can ensure purchasing and selling on the website and instantiate their solution models using a modeling approach.
© 2022 The Authors. Published by IASE.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Keywords: E-commerce, Financial attacks, Web security, Digital forensics
Article History: Received 28 October 2021, Received in revised form 31 January 2022, Accepted 14 February 2022
Acknowledgment
No Acknowledgment.
Compliance with ethical standards
Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Citation:
Alfadli I (2022). Integrated e-commerce security model for websites. International Journal of Advanced and Applied Sciences, 9(4): 106-113
Permanent Link to this page
Figures
Fig. 1 Fig. 2 Fig. 3 Fig. 4
Tables
Table 1
----------------------------------------------
References (61)
- Abd Razak S, Nazari NHM, and Al-Dhaqm A (2020). Data anonymization using pseudonym system to preserve data privacy. IEEE Access, 8: 43256-43264. https://doi.org/10.1109/ACCESS.2020.2977117 [Google Scholar]
- Abd Razak S, Othman SH, Aldolah AA, and Ngadi MA (2016). Conceptual investigation process model for managing database forensic investigation knowledge. Research Journal of Applied Sciences, Engineering and Technology, 12(4): 386-394. https://doi.org/10.19026/rjaset.12.2377 [Google Scholar]
- Aïmeur E and Schőnfeld D (2011). The ultimate invasion of privacy: Identity theft. In the 19th Annual International Conference on Privacy, Security and Trust, IEEE, Montreal, Canada: 24-31. https://doi.org/10.1109/PST.2011.5971959 [Google Scholar]
- Al-Dhaqm A, Abd Razak S, Dampier DA, Choo KKR, Siddique K, Ikuesan RA, and Kebande VR (2020b). Categorization and organization of database forensic investigation processes. IEEE Access, 8: 112846-112858. https://doi.org/10.1109/ACCESS.2020.3000747 [Google Scholar]
- Al-Dhaqm A, Abd Razak S, Ikuesan RA, Kebande VR, and Siddique K (2020a). A review of mobile forensic investigation process models. IEEE Access, 8: 173359-173375. https://doi.org/10.1109/ACCESS.2020.3014615 [Google Scholar]
- Al-Dhaqm A, Abd Razak S, Othman SH, Ali A, Ghaleb FA, Rosman AS, and Marni N (2020c). Database forensic investigation process models: A review. IEEE Access, 8: 48477-48490. https://doi.org/10.1109/ACCESS.2020.2976885 [Google Scholar]
- Al-Dhaqm A, Abd Razak S, Othman SH, Nagdi A, and Ali A (2016). A generic database forensic investigation process model. Journal Teknologi, 78(6-11): 45-57. https://doi.org/10.11113/jt.v78.9190 [Google Scholar]
- Al-Dhaqm A, Abd Razak S, Siddique K, Ikuesan RA, and Kebande VR (2020d). Towards the development of an integrated incident response model for database forensic investigation field. IEEE Access, 8: 145018-145032. https://doi.org/10.1109/ACCESS.2020.3008696 [Google Scholar]
- Al-Dhaqm A, Ikuesan RA, Kebande VR, Razak S, and Ghabban FM (2021c). Research challenges and opportunities in drone forensics models. Electronics, 10(13): 1519. https://doi.org/10.3390/electronics10131519 [Google Scholar]
- Al-Dhaqm A, Ikuesan RA, Kebande VR, Razak S, Grispos G, Choo KKR, and Alsewari AA (2021a). Digital forensics subdomains: The state of the art and future directions. IEEE Access, 9: 152476-152502. https://doi.org/10.1109/ACCESS.2021.3124262 [Google Scholar]
- Al-Dhaqm A, Razak S, and Othman SH (2018). Model derivation system to manage database forensic investigation domain knowledge. In the IEEE Conference on Application, Information and Network Security, IEEE, Langkawi, Malaysia: 75-80. https://doi.org/10.1109/AINS.2018.8631468 [Google Scholar]
- Al-Dhaqm A, Razak S, Ikuesan RA, Kebande VR, and Hajar Othman S (2021b). Face validation of database forensic investigation metamodel. Infrastructures, 6(2): 13. https://doi.org/10.3390/infrastructures6020013 [Google Scholar]
- Al-Dhaqm A, Razak S, Othman SH, Choo KKR, Glisson WB, Ali A, and Abrar M (2017a). CDBFIP: Common database forensic investigation processes for Internet of Things. IEEE Access, 5: 24401-24416. https://doi.org/10.1109/ACCESS.2017.2762693 [Google Scholar]
- Al-Dhaqm A, Razak S, Othman SH, Ngadi A, Ahmed MN, and Ali Mohammed A (2017b). Development and validation of a database forensic metamodel (DBFM). PLOS ONE, 12(2): e0170793. https://doi.org/10.1371/journal.pone.0170793 [Google Scholar] PMid:28146585 PMCid:PMC5287479
- Al-Dhaqm AMR, Othman SH, Abd Razak S, and Ngadi A (2014). Towards adapting metamodelling technique for database forensics investigation domain. In the International Symposium on Biometrics and Security Technologies, IEEE, Kuala Lumpur, Malaysia: 322-327. https://doi.org/10.1109/ISBAST.2014.7013142 [Google Scholar]
- Al-Dwairi RM and Kamala MA (2009). An integrated trust model for business-to-consumer (b2c) e-commerce: Integrating trust with the technology acceptance model. In the International Conference on CyberWorlds, IEEE, Bradford, UK: 351-356. https://doi.org/10.1109/CW.2009.34 [Google Scholar]
- Alfadli IM, Ghabban FM, Ameerbakhsh O, AbuAli AN, Al-Dhaqm A, and Al-Khasawneh MA (2021). CIPM: Common identification process model for database forensics field. In the 2nd International Conference on Smart Computing and Electronic Enterprise, IEEE, Cameron Highlands, Malaysia: 72-77. https://doi.org/10.1109/ICSCEE50312.2021.9498014 [Google Scholar]
- Ali A, Abd Razak S, Othman SH, and Mohammed A (2017b). Extraction of common concepts for the mobile forensics domain. In the International Conference of Reliable Information and Communication Technology, Springer, Johor Bahru, Malaysia: 141-154. https://doi.org/10.1007/978-3-319-59427-9_16 [Google Scholar]
- Ali A, Abd Razak S, Othman SH, Mohammed A, and Saeed F (2017a). A metamodel for mobile forensics investigation domain. PLOS ONE, 12(4): e0176223. https://doi.org/10.1371/journal.pone.0176223 [Google Scholar] PMid:28445486 PMCid:PMC5433730
- Ali A, Al-Dhaqm A, and Razak SA (2014). Detecting threats in network security by analyzing network packets using wire shark. In the International Conference of Recent Trends in Information and Communication Technologies, IEEE, Chennai, India. [Google Scholar]
- Ali A, Razak SA, Othman SH, and Mohammed A (2015). Towards adapting metamodeling approach for the mobile forensics investigation domain. In the 1st International Conference on Innovation in Science and Technology, Kuala Lumpur, Malaysia: 364-367. [Google Scholar]
- Ali M and Raza SA (2017). Service quality perception and customer satisfaction in Islamic banks of Pakistan: The modified SERVQUAL model. Total Quality Management and Business Excellence, 28(5-6): 559-577. https://doi.org/10.1080/14783363.2015.1100517 [Google Scholar]
- Amarasekara BR and Mathrani A (2016). Controlling risks and fraud in affiliate marketing: A simulation and testing environment. In the 14th Annual Conference on Privacy, Security and Trust, IEEE, Auckland, New Zealand: 353-360. https://doi.org/10.1109/PST.2016.7906986 [Google Scholar]
- Aswal K, Dobhal DC, and Pathak H (2020). Comparative analysis of machine learning algorithms for identification of BOT attack on the Internet of Vehicles (IoV). In the International Conference on Inventive Computation Technologies, IEEE, Coimbatore, India: 312-317. https://doi.org/10.1109/ICICT48043.2020.9112422 [Google Scholar]
- Badotra S and Sundas A (2021). A systematic review on security of E-commerce systems. International Journal of Applied Science and Engineering, 18(2): 1-19. [Google Scholar]
- Bhardwaj A, Mangat V, and Vig R (2020). Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access, 8: 181916-181929. https://doi.org/10.1109/ACCESS.2020.3028690 [Google Scholar]
- Chandler K and Hyatt K (2003). Customer-centered design: A new approach to Web usability. Prentice-Hall Professional, Hoboken, USA. [Google Scholar]
- Chong X, Zhang J, Lai KK, and Nie L (2012). An empirical analysis of mobile internet acceptance from a value–based view. International Journal of Mobile Communications, 10(5): 536-557. https://doi.org/10.1504/IJMC.2012.048886 [Google Scholar]
- Devaraj S, Fan M, and Kohli R (2002). Antecedents of B2C channel satisfaction and preference: Validating e-commerce metrics. Information Systems Research, 13(3): 316-333. https://doi.org/10.1287/isre.13.3.316.77 [Google Scholar]
- Dong Y, Jiang Z, Alazab M, and Kumar P (2021). Real-time fraud detection in e-market using machine learning algorithms. Journal of Multiple-Valued Logic and Soft Computing, 36(1-3): 191-209. [Google Scholar]
- Fletcher N (2007). Challenges for regulating financial fraud in cyberspace. Journal of Financial Crime, 14(2): 190-207. https://doi.org/10.1108/13590790710742672 [Google Scholar]
- Foley C (2016). E-commerce fraud: A guide to prevention. Ph.D. Dissertation, Utica College, Utica, USA. [Google Scholar]
- Ghabban FM, Alfadli IM, Ameerbakhsh O, AbuAli AN, Al-Dhaqm A, and Al-Khasawneh MA (2021). Comparative analysis of network forensic tools and network forensics processes. In the 2nd International Conference on Smart Computing and Electronic Enterprise, IEEE, Cameron Highlands, Malaysia: 78-83. https://doi.org/10.1109/ICSCEE50312.2021.9498226 [Google Scholar]
- Gray WD and Salzman MC (1998). Damaged merchandise? A review of experiments that compare usability evaluation methods. Human–Computer Interaction, 13(3): 203-261. https://doi.org/10.1207/s15327051hci1303_2 [Google Scholar]
- Green DT and Pearson JM (2009). The examination of two web site usability instruments for use in B2C e-commerce organizations. Journal of Computer Information Systems, 49(4): 19-32. [Google Scholar]
- Guo Y, Le-Nguyen K, Jia Q, and Li G (2015). Seller-buyer trust in cross-border e-commerce: A conceptual model. In the Twenty-first Americas Conference on Information Systems, San Juan, Puerto Rico: 1-7. [Google Scholar]
- Hayes JK (2020). Cyber security and corporate fraud. In: Baker HK, Purda-Heeler L, and Saadi S (Eds.), Corporate fraud exposed: 279-298. Emerald Publishing Limited, Bingley, UK. https://doi.org/10.1108/978-1-78973-417-120201018 [Google Scholar]
- Kashinath SA, Mostafa SA, Mustapha A, Mahdin H, Lim D, Mahmoud MA, and Yang TJ (2021). Review of data fusion methods for real-time and multi-sensor traffic flow analysis. IEEE Access, 9: 51258-51276. https://doi.org/10.1109/ACCESS.2021.3069770 [Google Scholar]
- Kaspersky E and Furnell S (2014). A security education Q&A. Information Management and Computer Security, 22(2): 130-133. https://doi.org/10.1108/IMCS-01-2014-0006 [Google Scholar]
- Kebande VR, Ikuesan RA, Karie NM, Alawadi S, Choo KKR, and Al-Dhaqm A (2020). Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments. Forensic Science International: Reports, 2: 100122. https://doi.org/10.1016/j.fsir.2020.100122 [Google Scholar]
- Lim K, Lim J, and Heinrichs JH (2005). Structural model comparison of the determining factors for e-purchase. Seoul Journal of Business, 11: 119-143. [Google Scholar]
- Manohar GV, Bhattacharjee B, and Pratap M (2021). Preventing misuse of discount promotions in e-commerce websites: An application of rule-based systems. International Journal of Services Operations and Informatics, 11(1): 54-74. https://doi.org/10.1504/IJSOI.2021.114111 [Google Scholar]
- March ST and Smith GF (1995). Design and natural science research on information technology. Decision Support Systems, 15(4): 251-266. https://doi.org/10.1016/0167-9236(94)00041-2 [Google Scholar]
- McCloskey D (2004). Evaluating electronic commerce acceptance with the technology acceptance model. Journal of Computer Information Systems, 44(2): 49-57. [Google Scholar]
- McKnight DH, Choudhury V, and Kacmar C (2002). Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research, 13(3): 334-359. https://doi.org/10.1287/isre.13.3.334.81 [Google Scholar]
- Mohd NA and Zaaba ZF (2019). A review of usability and security evaluation model of ecommerce website. Procedia Computer Science, 161: 1199-1205. https://doi.org/10.1016/j.procs.2019.11.233 [Google Scholar]
- Ngadi M, Al-Dhaqm R, and Mohammed A (2012). Detection and prevention of malicious activities on RDBMS relational database management systems. International Journal of Scientific and Engineering Research, 3(9): 1-10. [Google Scholar]
- Onwuegbuzie IU, Abd Razak S, Fauzi Isnin I, Darwish TS, and Al-Dhaqm A (2020). Optimized backoff scheme for prioritized data in wireless sensor networks: A class of service approach. PLOS ONE, 15(8): e0237154. https://doi.org/10.1371/journal.pone.0237154 [Google Scholar] PMid:32797055 PMCid:PMC7428073
- Paintal S (2021). Ecommerce and online security. International Journal of Management, 12(1): 682-687. [Google Scholar]
- Palmer G (2001). A road map for digital forensic research. In the First Digital Forensic Research Workshop, Utica, USA: 27-30. [Google Scholar]
- Pikkarainen T, Pikkarainen K, Karjaluoto H, and Pahnila S (2004). Consumer acceptance of online banking: An extension of the technology acceptance model. Internet Research, 14(3): 224-235. https://doi.org/10.1108/10662240410542652 [Google Scholar]
- Pradeep P and Kj S (2016). Detection of SPAM attacks in the remote triggered WSN experiments. In: Kim K and Joukov N (Eds.), Information science and applications: 715-727. Springer, Singapore, Singapore. https://doi.org/10.1007/978-981-10-0557-2_70 [Google Scholar]
- Rodríguez GE, Torres JG, Flores P, and Benavides DE (2020). Cross-site scripting (XSS) attacks and mitigation: A survey. Computer Networks, 166: 106960. https://doi.org/10.1016/j.comnet.2019.106960 [Google Scholar]
- Saleh MA, Othman SH, Al-Dhaqm A, and Al-Khasawneh MA (2021). Common investigation process model for internet of things forensics. In the 2nd International Conference on Smart Computing and Electronic Enterprise, IEEE, Cameron Highlands, Malaysia: 84-89. https://doi.org/10.1109/ICSCEE50312.2021.9498045 [Google Scholar] PMid:34022883 PMCid:PMC8140497
- Salomon D (2010). Elements of computer security. Springer Science and Business Media, Berlin, Germany. https://doi.org/10.1007/978-0-85729-006-9 [Google Scholar]
- Sengupta A, Mazumdar C, and Barik MS (2005). E-commerce security—A life cycle approach. Sadhana, 30(2-3): 119-140. https://doi.org/10.1007/BF02706241 [Google Scholar]
- Shahapurkar A (2021). A survey of data driven methodologies for mitigating cyber attack in online environment. Turkish Journal of Computer and Mathematics Education, 12(10): 3345-3353. [Google Scholar]
- Szymanski DM and Hise RT (2000). E-satisfaction: An initial examination. Journal of Retailing, 76(3): 309-322. https://doi.org/10.1016/S0022-4359(00)00035-X [Google Scholar]
- Wang JH, Liao YL, Tsai TM, and Hung G (2006). Technology-based financial frauds in Taiwan: Issues and approaches. In the IEEE International Conference on Systems, Man and Cybernetics, IEEE, Taipei, Taiwan, 2: 1120-1124. https://doi.org/10.1109/ICSMC.2006.384550 [Google Scholar]
- Zaaba ZF, Furnell S, and Dowland P (2011). End-user perception and usability of information security. In the Fifth International Symposium on Human Aspects of Information Security and Assurance, London, UK: 97-107. [Google Scholar]
- Zawali B, Ikuesan RA, Kebande VR, and Furnell S (2021). Realising a push button modality for video-based forensics. Infrastructures, 6(4): 54. https://doi.org/10.3390/infrastructures6040054 [Google Scholar]
|