Abstract
M.Sc. (Computer Science)
An increasing number of corporate and government institutions are utilising
electronic commerce to provide or improve their services. These new online services
are becoming increasingly complex, offering diverse functionality and managing high
volumes of personal and confidential data. The protection and confidentiality of such
data is imperative but the security mechanisms and the policies governing its security
are rarely sufficient. Nonetheless electronic commerce service providers market their
services as being “secure” and by doing so they are developing a false sense of
security within computer users.
Average computer users are aware of security threats like hackers, viruses, Trojans
and spyware, but their limited computer knowledge doesn’t allow them to
understand, identify or respond to such security threats. A lack of computer
knowledge, little experience and gullibility render the average computer user
incapable of managing computer security. This is even more true when the average
computer user is put up against the wit and cunning of a hacker.
Electronic commerce has changed, the threats have changed, the users have
changed and electronic commerce security solutions remain the same. Hackers are
no longer hobbyists: they hack for financial gain and not fame, they work together
and they exploit any security weakness to get what they want. More and more often
the average computer user falls victim to hacker attacks, not only because of the
above mentioned human factors but also because of weak security mechanisms that
govern users’ access to critical online services.