Dual-Technique Privacy & Security Analysis for E-Commerce Websites Through Automated and Manual Implementation

• URL: http://arxiv.org/abs/2410.14960v1
• Date: Sat, 19 Oct 2024 03:25:48 GMT
• Title: Dual-Technique Privacy & Security Analysis for E-Commerce Websites Through Automated and Manual Implementation
• Authors: Urvashi Kishnani, Sanchari Das,
• Abstract summary: 38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function. Our manual assessment uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication and breach notification protocols. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols.
• Score: 2.7039386580759666
• License:
• Abstract: As e-commerce continues to expand, the urgency for stronger privacy and security measures becomes increasingly critical, particularly on platforms frequented by younger users who are often less aware of potential risks. In our analysis of 90 US-based e-commerce websites, we employed a dual-technique approach, combining automated tools with manual evaluations. Tools like CookieServe and PrivacyCheck revealed that 38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function, posing significant risks to users' Personally Identifiable Information (PII). Our manual assessment further uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication (MFA) and breach notification protocols. Additionally, we observed inadequate input validation, which compromises the integrity of user data and transactions. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols. These measures are essential for ensuring compliance with CCPA and COPPA, thereby fostering more secure online environments, particularly for younger users.

Related papers

• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities. This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users. An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure [4.169915659794567]
  This study assesses security improvements achieved when distributed identity is employed with ZTA principle. The study suggests adopting distributed identities can enhance overall security postures by an order of magnitude. The research recommends refining technical standards, expanding the use of distributed identity in practice, and its applications for the contemporary digital security landscape.
  arXiv  Detail & Related papers  (2025-01-14T00:02:02Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
  We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• Simple But Not Secure: An Empirical Security Analysis of Two-factor Authentication Systems [9.046883991816571]
  We propose SE2FA, a vulnerability evaluation framework designed to detect vulnerabilities in 2FA systems. We analyze the security of 407 2FA systems across popular websites from the Tranco Top 10,000 list.
  arXiv  Detail & Related papers  (2024-11-18T13:08:56Z)
• Privacy-Enhanced Adaptive Authentication: User Profiling with Privacy Guarantees [0.6554326244334866]
  This paper introduces a novel privacy-enhanced adaptive authentication protocol. It dynamically adjusts authentication requirements based on real-time risk assessments. By adhering to data protection regulations such as CCPA, our protocol not only enhances security but also fosters user trust.
  arXiv  Detail & Related papers  (2024-10-27T19:11:33Z)
• EIA: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage [40.82238259404402]
  We conduct the first study on the privacy risks of generalist web agents in adversarial environments. First, we present a realistic threat model for attacks on the website, where we consider two adversarial targets: stealing users' specific PII or the entire user request. We collect 177 action steps that involve diverse PII categories on realistic websites from the Mind2Web, and conduct experiments using one of the most capable generalist web agent frameworks to date.
  arXiv  Detail & Related papers  (2024-09-17T15:49:44Z)
• Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis [2.729532849571912]
  Single-factor authentication (SFA) protocols are often bypassed by side-channel and other attack techniques. To alleviate this problem, multi-factor authentication (MFA) protocols have been widely adopted recently.
  arXiv  Detail & Related papers  (2024-07-29T23:37:38Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Do Software Security Practices Yield Fewer Vulnerabilities? [6.6840472845873276]
  The goal of this study is to assist practitioners and researchers making informed decisions on which security practices to adopt. Four security practices were the most important practices influencing vulnerability count. The number of reported vulnerabilities increased rather than reduced as the aggregate security score of the packages increased.
  arXiv  Detail & Related papers  (2022-10-20T20:04:02Z)
• Secure Byzantine-Robust Machine Learning [61.03711813598128]
  We propose a secure two-server protocol that offers both input privacy and Byzantine-robustness. In addition, this protocol is communication-efficient, fault-tolerant and enjoys local differential privacy.
  arXiv  Detail & Related papers  (2020-06-08T16:55:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.