Ecommerce refers to the purchase and sale of goods and/or services via electronic channels, such as the Internet. Online retail is convenient due to its 24hour availability, global reach and ease of customer service. Business to Business this kind of ecommerce involves companies doing business with each other. One example is manufacturers selling to distributors and wholesalers selling to retailers. Business to Consumer this is what most people think of when they hear "ecommerce." Business to Consumer consists of businesses selling to the general public through shopping cart software, without needing any human interaction. An example of this would be Amazon. Consumer to Business in this scenario, a consumer would post a project with a set budget online, and companies bid on the project. The consumer reviews the bids and selects the company Elance is an example of this. Consumer to Consumer this type of ecommerce is made up of online classifieds or forums where individuals can buy and sell their goods, thanks to systems like PayPal. An example of this would be eBay or etsy.
The risks of ecommerce are that there can be weak or non-existent database administrator passwords. In addition to a lack of passwords, many database administrators use weak passwords that are short, or that are common names, places, or events. This will make it easy for hackers to get in to the system and steal people’s information. One of the most sought-after DBA accounts is the system administrator account used by MS SQL Server. This is mainly because MS SQL Server includes several very powerful extended stored procedures that give a DBA – or a hacker – full access to the server's file system. Using programs, a hacker can simply test passwords at the SQL server until it cracks. If the password is missing or is weak, it will only be a matter of minutes before the hacker has access to the data. Poor programming or improper configuration on the SQL server: Another method of attack is via SQL injection techniques that exploit poor programming or improper configuration on the SQL server to allow a hacker to access, overwrite, or delete information in the data server.
Spoofing is that is such a low cost of Web site creation and the ease of copying existing pages makes it all too easy to create illegitimate sites that appear to be operated by established organizations. In fact, con artists have illegally obtained credit card numbers by setting up professional looking Web sites that mimic legitimate businesses.
There are risks of unauthorized disclosure so when transaction information is transmitted in the clear, without proper security and encryption, hackers can intercept the transmissions to obtain customers' sensitive information like personal information and/or credit card numbers.
There can also be an unauthorized action