Insights

How the New Era of EcomTech Will Defend Against Cyber Crime

How the New Era of EcomTech Will Defend Against Cyber Crime

The traditional values of security in the ecommerce industry is based on mutual trust; the trust is honesty and also an obligation. EcomTech, (ecommerce technology) fueled by AI and advanced algorithms, empowers self-executing smart contracts and micro-payments with blockchain and cryptocurrency, respectively. Besides, exponential growth of IoT is prepared to disrupt the traditional ecommerce architectural landscape.

EcomTech is enhanced further with blockchain, relying on algorithms, smart contracts and smart network properties. Nonetheless, contemporary ecommerce architecture promotes cyber warfare among hackers, providers and consumers at state and individual cyber crime levels, vulnerable to lose billions of dollars every year across finance and ecommerce industries.

Cyberwar, progressive data protection and blockchain is all about data and consumer protection!

Fundamental practice of traditional ecommerce

Payment Card Industry Data Security Standard (PCI DSS) is a global standard design initiated by credit card providers, developed and adopted widely to serve the ecommerce ecosystem. Hence, PCI DSS is a conducive environment to perform secure cyber transactions, to protect from cybercriminals and to embrace the protocols of cyber warfare if needed.

The PCI ecosystem constitutes: credit card payment systems such as POS, ATM, scanner or a swipe machine used at the front line; data input acceptance web interfaces for providers and consumers; transactions processing servers such as application and database servers serve at the backend; data transmission media such as WAN functions as data carrier; and storage of information such as encrypted data storage. Together, all facilitate, protect and maintain data integrity, confidentiality and availability.

The traditional PCI system is a centralized architect to link up ecommerce providers, consumers, issuing banks, sponsor banks, card processors and certificate authorities and verification entities. It is difficult to decouple PCI components off the entire IT eco-ecom-system; nevertheless, blockchain is expected to revolutionize it rapidly in the near future.

Cyber criminals always look for the lowest common denominators. Once the crypto key is compromised due to weak encryption algorithms, the cyber criminals can break administrative access to devices and POS devices, which leads to consumer payment card and information breach called side channel analysis.

Encrypting payment card details along with personnel information can be intensified by blockchain technology. Payment card data must be de-anonymized due to privacy issues, as well as to protect loss of financial data and assets.

To some extent, contemporary cyber crime and cyber warfare can be mitigated or neutralized at an acceptance level with the following eight methods:

  1. Understand cyber tools and technology in details before its adoption.
  2. Customize a valuable, vigilant team of self-motivated cyber professionals.
  3. Properly educate and train the cyber team on cyber awareness.
  4. Separate credit card details, especially card numbers and personal details, and store with strong encryption or hash value.
  5. Perform regular third-party PCI auditing in collaboration with internal cybersecurity auditing.
  6. Emphasize PCI security as a first priority of security in ecommerce and the IT ecosystem.
  7. Perform compliance assessment with regular pen testing and vulnerability scanning.
  8. Protect consumers from cybersecurity risks by collaborating with regulators, governments and ecommerce and finance industries.

Cryptocurrency

In layman’s terms, cryptocurrency is a payment method regulator of EcomTech trading against Fiat currency. BTC is a unit of cryptocurrency, whereas Satoshi is one hundred millionth of BTC.

Technically, cryptocurrency is an application backboned by blockchain technology. The cryptocurrency constitutes a digital wallet with a public key known to everyone, whereas a payee is required private keys to use hashed value. In the case of private keys that are compromised, the digital wallet gets emptied.

Blockchain is a distributed tamper-proof ledger where each transaction details are recorded and synced up across global databases. Nodes in the distributed network maintain their own copy of the ledger, and hashed data are verified and shared among others, thus it is highly tamper-proof at a database level.

The protocol for writing crypto transactions to the ledger is governed by programmable open source software and developers’ input. The protocol uses well-established, public security primitives and data structures or hashed values, such as SHA256 hashes, Elliptic Curve Asymmetric Cryptography and Merkle trees. Future quantum-processors are expected to push for increasing the size of encryption algorithms.

Blockchain and identity

EcomTech can utilize both public and private blockchain methodologies along with identity verification and management. For instance, bitcoin trading does not require identity information of their trading parties as it is public blockchain trading systems. The trust is achieved with agreed encryption and digital certificate exchanges. For each transaction, encryption or a hashed value is used and updated to the blockchain ledger.

In the case of a private blockchain system, the goal is to set up a private network for known participants or within members of a group. Participants’ identities are important for identification. Anonymizer is not necessary in this case – for instance, a beauty retailer portal where traders know each other’s identities as they are already registered and trusted members verified by the business. They can trade products with bitcoin micropayment that is managed and linked to public blockchain, and the beauty retailer business delivers the items to the buyer.

However, rules of engagement are most important here, as the transaction can be embedded within a smart contract with rules that payment can be transferred from buyer to seller, and the delivery service sends a receipt to the trusted blockchain. The recorded transaction receipt can be viewed by the seller, buyer and transporter. The recorded transaction receipt or details can also be viewed by regulators, police and fraudulent department in case of transaction dispute. The beauty retailer performs a pre-identification verification process, such as bank account details interlinked to bank blockchain or a passport interlinked to USCIS or a license interlinked to DMV blockchain database, respectively. From a scalability perspective, cloud-based Azure blockchain as a service may come in effect for this process.

Payment card use, cyber risks and blockchain

  • A payment card may tampered with during the card swipe on POS device, wireless scanner or used via a web portal. The card holder’s information may be compromised easily in traditional ecommerce method of payments. But EcomTech provides digital wallets with hashed values for both card information and transactions, making them impossible to tamper with unless credit card information is leaked publicly by providers or users leak their private keys. For example, a digital wallet with user’s details are public, and authentication and authorization mechanisms are protected by digital certificates and private keys.
  • Traditional ecommerce web interfaces or portals may be hacked and transactions redirected to hackers due to weak programming codes or exposable vulnerabilities. Blockchain provides smart programmable interfaces and files transformed to smart contracts and policies that are impossible to hack. For instance, existing ecommerce portals or websites can be anonymized only for authorized users’ access. They can further authenticate users to access the services or products portfolios and allow them to perform secure transactions that are protected by applied smart APIs backed by blockchain.
  • Cyber criminals may plant malware or spyware for possible cyber warfare on application servers that can be hacked due to vulnerabilities and weakness exploitation within applications. Those applications can be re-written with strong programmed security foundation, such as high cohesion method (putting all logic together to write a software that makes it easy to understand, reduces effects to the other systems and allows reuse of code within application) and less coupling method (less dependencies on functions or modules so it’s re-usable and robust) for each functions within a module or application. Blockchain algorithms can provide an extra layer of security by authenticating and authorizing services for each communication threads so malware identity will be discouraged, discerned and dismantled.
  • The hacking of database servers, information espionage and data exportation will be well-protected with distributed blockchained databases. Users’ data information can be stored with complex encryptions, and sensitive details or payment card numbers and validated data can be given hashed value and updated to blockchain directly.
  • Advanced threat and malware attacks and persistent data manipulation are slim due to blockchain protection applied to database at the frontier layer. Once database servers are transformed to chains of blockchained databases, these will be highly tamper-proof.
  • Data may be hijacked while at rest (while archived or stored) or during migration over internet, Wi-Fi or other means of wireless media. Since the data are encrypted and hashed within blockchain, derived values are less valuable for cybercriminals even if tampered.
  • Weak encryption and PKI certificates private keys leakages cause data theft. These methods can be enriched during the EcomTech evolution with an identity verification platform that runs on blockchain. Strong encryption is applied to private key protection. Multi-factor authentication and privileged authorization can be applied that are backed by blockchain algorithms and interactive APIs. Users and applications entitlement can also be derived and deployed from identity management smart contracts.

Without a doubt, a blockchain technology EcomTech revolution is inevitable. In some cases, current payment systems cannot be decoupled due to adhesive regulations, laws, obligations and mutual vendor profit objectives to protect fee for services.

Blockchain can provide strong authenticity by providing smart contracts and hashed value chaining techniques. Regulators, government and PCI providers must adopt smart blockchain technology to protect consumers and industrialize the PCI industry.

A new era of EcomTech has begun – one that will discourage cybercriminals and considerably reduce cyber warfare.

Additional information related to this topic and cybersecurity jobs can be found here.

Article written by Bip Khanal
Image credit by Getty Images, Cultura, Andrew Brookes
Want more? For Job Seekers | For Employers | For Contributors