Privacy and Security Concerns in Electronic Commerce Websites in Ghana: A Survey Study

Full Text (PDF, 514KB), PP.19-25

Views: 0 Downloads: 0

Author(s)

Issah Baako 1,* Sayibu Umar 1 Prosper Gidisu 1

1. Bagabaga College of Education, Tamale, Ghana

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2019.10.03

Received: 2 Aug. 2019 / Revised: 28 Aug. 2019 / Accepted: 11 Sep. 2019 / Published: 8 Oct. 2019

Index Terms

E-Commerce websites, privacy policies, security, vulnerabilities, data protection, Nmap

Abstract

This paper examines the privacy and security issues on electronic commerce websites in Ghana. Ghana is reported to have an Internet users’ rate of 27.8% and a mobile Internet subscription of 14% in 2017. The study assessed e-commerce websites for privacy policies that are meant to guide and inform website users on the collection of customer data, data use, protection and other related privacy issues on personal data. The study also analyzed e-commerce websites for encryption security tools that protect customer data and test e-commerce websites for the presence of security vulnerabilities that could threaten the sites and their users. The study used a combination of three methods; web content analysis, information security audit and testing of the websites using penetration testing tools for data collection and analysis. Nmap was used to test and identify possible vulnerabilities on the e-commerce websites that could be used by malicious users to steal customer data for fraudulent intent. The research revealed the presence or otherwise of privacy policies on e-commerce websites. The security weaknesses in these e-commerce websites have been highlighted as findings in the study. The findings of the study will inform policy direction on electronic data collection, protection and use in the e-commerce industry in Ghana is on areas that bother on privacy and security of the customer could be given attention. The findings will also inform industry players in the e-commerce sector on the need to strengthen security on their websites.

Cite This Paper

Issah Baako, Sayibu Umar, Prosper Gidisu, "Privacy and Security Concerns in Electronic Commerce Websites in Ghana: A Survey Study", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.10, pp.19-25, 2019.DOI:10.5815/ijcnis.2019.10.03

Reference

[1]Peddinti, Sai Teja, Keith W. Ross, and Justin Cappos. "On the internet, nobody knows you're a dog: A Twitter case study of anonymity in social networks." Proceedings of the second ACM conference on Online social networks. ACM, 2014.
[2]Mohamed, Duryana. "Sustaining the Right to Privacy in E-Commerce Environment: The Legal Approach." OIDA International Journal of Sustainable Development 5.01 (2012): 97-106.
[3]Charlton, Graham. "Just 23% of Web users would say yes to cookies." Journal of retailing 76.3 (2012): 309-322.
[4]Ferrie, Peter. "Attacks on more virtual machine emulators."Symantec Technology Exchange 55 (2007).
[5]2018 Internet Crimes Complaint Center Report. Federal Bureau of Investigation. Washington D.C.
[6]Drew, Stephen. "Strategic uses of e-commerce by SMEs in the East of England." European Management Journal 21.1 (2003): 79-88.
[7]Kendall, Jon D., et al. "Receptivity of Singapore's SMEs to electronic commerce adoption." The Journal of Strategic Information Systems 10.3 (2001): 223-242.
[8]Tawiah, A. eCommerce Report: Ghana's Top 20 eCommerce Websites. (2015, September 3). Retrieved from Modern Ghana: www.modernghana.com
[9]Tagoe, E. E-Commerce in Ghana: Where are we? Retrieved from Edward Tagoe Blog: (2015, March 22). www.edwardtagoe.com
[10]Boakye, Kwaku Adutwum. "Tourists’ views on safety and vulnerability. A study of some selected towns in Ghana."Tourism Management 33.2 (2012): 327-333.
[11]Internet Users by Country. Retrieved from Internet Live Statistics: (2016, October 20). http://www.internetlivestats.com/internet-users-by-country/
[12]Amigó, Enrique, et al. "WePS-3 evaluation campaign: Overview of the online reputation management task." CLEF 2010 (Notebook Papers/LABs/Workshops). 2010.
[13]Secure Your Website and Grow Your Business. Retrieved from Symantec: (2016, September 14). http://www.symantec.com/ssl-sem-page/?om_sem_cid=ws_sem_search|2890223931|secured%20websites|p|c|{placement}&sl=Z6Y0Q-0000-04-00
[14]Security Threats. Retrieved from Microsoft Developer Network: (2016, October 10). https://msdn.microsoft.com/en-us/library/cc723507.aspx
[15]Cha, Y. S. WindowsSecurity.com. Retrieved from E-Commerce Security Technologies: Firewalls: 2016, September 20.http://www.windowsecurity.com/whitepapers/firewalls_and_VPN/ECommerce_Security_Technologies_Fire_Wall.html
[16]Donald Rebovich. Identity Crimes Most Common Schemes. Retrieved from Center for Identity Management and Information Protection: (2016, September 20). http://www.utica.edu/academic/institutes/cimip/idcrimes/schemes.cfm
[17]HTTPS and HTTP Difference. Retrieved from Instant SSL by COMODO: (2016, September 20). https://www.instantssl.com/https-tutorials/what-is-https.html
[18]Bhiogade, Mittal S. "Secure socket layer." Computer Science and Information Technology Education Conference. 2002.
[19]Kant, Krishna, Ravishankar Iyer, and Prasant Mohapatra. "Architectural impact of secure socket layer on internet servers." Proceedings 2000 International Conference on Computer Design. IEEE, 2000.
[20]Thomas, Stephen. "SSL and TLS essentials." New Yourk(2000): 3.
[21]Turner, Sean. "Transport layer security." IEEE Internet Computing 18.6 (2014): 60-63.
[22]Dierks, Tim. "The transport layer security (TLS) protocol version 1.2." (2008).
[23]Transport Layer Security. (2016, October 12). Retrieved from wikipedia.com: https://en.wikipedia.org/wiki/Transport_Layer_Security
[24]McDermott, James P. "Attack net penetration testing." NSPW. 2000.
[25]Wilhelm, Thomas, and Jason Andress. Ninja hacking: unconventional penetration testing tactics and techniques. Elsevier, 2010.
[26]Cohen, Fred. "Managing network security—Part 9: Penetration testing?." Network Security 1997.8 (1997): 12-15.
[27]Massacci, Fabio, Marco Prest, and Nicola Zannone. "Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation."Computer Standards & Interfaces 27.5 (2005): 445-455.
[28]Hans, Kanchan. "Cutting edge practices for secure software engineering." International Journal of Computer Science and Security IJCSS 4.4 (2010): 403-408.
[29]Yeo, John. "Using penetration testing to enhance your company's security." Computer Fraud & Security 2013.4 (2013): 17-20.
[30]Midian, Paul. "Perspectives on Penetration Testing—Black Box vs. White Box." Network Security 2002.11 (2002): 10-12.
[31]Shah, Sugandh, and B. M. Mehtre. "A modern approach to cyber security analysis using vulnerability assessment and penetration testing." International Journal of Electronic Communincation Computer Engineering 4.6 (2013): 47-52.
[32]Lyon, Gordon Fyodor. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure, 2009.
[33]De Vivo, Marco, et al. "A review of port scanning techniques."ACM SIGCOMM Computer Communication Review 29.2 (1999): 41-48.
[34]Ghanem, Waheed Ali HM, and Bahari Belaton. "Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework." 2013 IEEE International Conference on Control System, Computing and Engineering. IEEE, 2013.
[35]Klevinsky, Thomas J., Scott Laliberte, and Ajay Gupta. Hack IT: security through penetration testing. Addison-Wesley Professional, 2002.