Introduction To E-Shoplifting
The word shoplifting also known as (boosting or Five finger discount) means the art of stealing goods from a retail establishment as opposed to burglary or robbery. In the world of cyber, the term e-Shops refer to the retail establishment online which deals with selling of goods over the internet.
e-shoplifting is the modern art of concealing goods from an online e-commerce store with the interest of getting it for free or a lesser cost. The e-shoplifting is a trending Cyber Crime mechanism which gives a major threat to the e-Merchandise, banks, payment-gateways, and e-commerce organizations now-a- days.
Basic Elements of an Electronic Business
Payment Gateway :
The Payment gateway is an e-commerce application that ensures security measures for transactions performed online. When a customer adds a product to the cart, it directs him to the payment gateway to make the transaction using the desired bank to pay for the product. The gateways provide a One Time Password (OTP) for the customers to use the gateway, so that the transaction takes place securely.
Multi-Layer Components :
Multi-Layer Component in the e-Commerce system is the layer that provides a link between different components of the system and brings it to one platform. The Multi-Layer components in the e-commerce stores links the database of the store and the Payment gateway with the Store Front-End.
Shopping Cart System :
The Shopping cart system is the temporary storage area which the e-commerce sites provide to purchase multiple goods at the same time. It gives a good result at the customer’s end by allowing the customer to purchase multiple products from different dealers who have registered with the e-store. It also allows the user to get the overall price estimate of the product added to the cart.
Session Management System :
The Session management session in the e-commerce sites allows the store to have a track of all the user’s log in and log out sessions. By this the store will have a track of the customers registered with the store. It also maintains the cookie policy management of the e-commerce store and has a track of the cookies.
Customer :
Also referred to as the buyer is the individual who makes use of this e-commerce stores to purchase a product.
Flaws in e-commerce systems :
- Poor input validation by the e-commerce sites allows the hackers to trespass the gateway of the servers of the e-commerce sites. The validation in the e-shops are required to authenticate weather the data that enters the server from the user’s end is genuine or not, when poor monitoring is performed the validation becomes poor, where in the user without any proper authentication from the server’s end, trespasses the server and inserts malicious codes in the server, which later triggers manipulation of data in the server.
- Hidden field manipulation is a type of attack performed on e-shops. Hidden fields are often used by retailers to save information about a customer’s session. Many also use this to save merchandise prices. On unprotected sites hackers can also use this field to manipulate prices, by which they can conceal the items for a lesser fee or for free.
- Improper use of cookies allows the hackers to manipulate the cookies used by the e-shops and exploit the shops. Cookies are set by the e-commerce sites to track the previous used session of the customers. Once a customer logs in to the e-commerce site it creates a small file with your system information and saves it in the customers computer, so that if some item is left in the cart in the previous session it will still remain when the customer logs in the next time. The hackers insert malicious codes in these cookies and log in to the e-commerce sites. Once the session has successfully started the malicious codes manipulates the webpage.
- Poor session or state tracking at the websites end is also a flaw in the e-shops. Every time the user logs in to the website, it registers a session in the e-commerce database. Due to poor session tracking the hacker can easily bypass the security mechanism and can perform various actions in the e-commerce sites and its database.
- Improper database Integration means poor protection or monitoring of the database of the e-commerce sites. These databases contain the cost of the products, the customer details and the supplier details. The hacker trespasses this database which is in the SQL format, by either one of the previous flaws and exploits the database using SQL Injection. It is a code injection technique used to attack SQL Databases. Once the SQL injection is inserted in the database, it will change the price values of all the products.
- Security loopholes in payment gateways is a major attack in the e-commerce market. The hacker enters the e-commerce site, makes a purchase in the site using one of the steps mentioned earlier. Once the product is added to the cart, he clicks on payment and selects the payment method. When he clicks on pay, the e-commerce site directs him to a payment gateway registered with the e-commerce site. During this process the hacker extracts the script code of the payment gateway site and manipulates the script and changes the price value of the product purchased, due to which he gets the product at a lesser cost.
Author : cialfor
Updated : 9/26/2016
Reference :
www.google.com
en.wikipedia.org
Thanks, it was a good read.