A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and Technology
The Internet technology development is building a huge opportunity to expand existing businesses and forming what is called a Global Economy, New Economy, or Electronic Commerce (eCommerce). General, eCommerce portrays business transactions that involve ordering, delivery and payment, customer services and intra business missions that make use of the internet as well as the digital networked computing environment that links individuals and organizations in business, government, industry and the home. On the other hand, many organizations are frightened by the new technologies, hesitant of how to take advantage of them, and doubting how these new technologies will sustain existing investments in infrastructures and skills. Adding up, eCommerce comes with a batch of challenges especially those related to trust and security issues. Security in eCommerce is the protection of eCommerce assets from unauthorized access, use, alteration, or destruction. Dimensions of eCommerce security are; Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability. This eCommerce offers the banking industry huge opportunity, but also forms a set of new risks and vulnerability including security threats.
Without trust, a large amount of prudent business operators and clients may choose to abstain from use of the Internet and revert back to traditional methods of doing business. To defy this trend, the issues of network security at the eCommerce and customer sites must be constantly reviewed and appropriate countermeasures devised. These security measures must be implemented so that they do not inhibit or dissuade the intended eCommerce operation.
This dissertation analyzes the threat classification and control measures and on this basis, proposes a novel conceptual eCommerce transactions framework that integrates several security parameters, policy, stakeholders in business for proper and secure information exchange. A security plug-in software was developed and validated to measure the effectiveness of the proposed framework. Results show that; prior to commencing an eCommerce transaction, the merchant and customer parties must be registered by the Third-Party trustee (TPT); which will provide tokens for transaction to all Customers and Merchants parties involved. Thus when each customer and merchant gets their transactions tokens, then both parties start to communicate and this proposed framework will offer protection against security attacks. Hence, with this framework, a secure eCommerce information exchange can be achieved.