This paper examines the security issues on electronic commerce websites in Ghana using technical and nontechnical procedures. The study assessed e-commerce websites for the security tools employed to protect user data and other related privacy issues on the websites. It also analyzed e-commerce websites for encryption security tools that protect customer data and test e-commerce websites for the presence of security vulnerabilities that could threaten the security of the sites and their users using w3af. The study used a combination of three methods; web content analysis, information security audit and testing of the websites using w3af, a vulnerability assessment tool. Web application attack and audit framework (w3af) was used to test and identify possible vulnerabilities on the e-commerce websites that could be used by malicious users to steal customer data for fraudulent intent. The research focused to reveal the security vulnerabilities present on e-commerce websites that could affect the trust of clients, the satisfaction of clients, and patronage of e-commerce services by customers. The study found credit card number disclosures, full path disclosures vulnerabilities, cross-site request forgery vulnerabilities and social security number exposures of clients on the e-commerce websites. These security weaknesses in these e-commerce websites have been highlighted as findings in the study that would inform policy direction on electronic data collection, protection and use in the e-commerce industry in Ghana. The findings will also inform industry players in the e-commerce sector on the need to strengthen security on their websites and caution customers to be security conscious on all e-commerce websites. The major significance of the study is the fact that majority of the electronic commerce websites have a lot of vulnerabilities making them unsecure for customers to trust their private data into their care. This study as such informs the customer society and the electronic commerce industry of these security weaknesses and the urgent need to get them fixed. Some solutions have been suggested in the paper to assist in fixing these security vulnerabilities. These solutions have provided the best results. A diligent application of these methods in addressing the vulnerabilities would provide a more secure and less vulnerable e-commerce websites for users. The precautions suggested could assist protect customers and reduce cyber threats during online shopping.

The decision to use either Cloud Computing (CC) applications or Traditional Information Technology Outsourcing (Traditional ITO) environments is a function of the security evaluations of these two options. Hackers are constantly nosing around websites and other computer networks for compromised computers that have some vulnerabilities to exploit them. Vulnerabilities in cloud computing and Traditional ITO environments are leading causes of recent data breaches. These breaches provide opportunities to hackers to attack and gain access to customer information such as credit cards and contact information, passwords, sending of malicious codes to website users or making users computer potential candidates of botnets and to hijack the sessions of authentic users to make unapproved purchases on their behalf. In this paper, security penetration tools have been employed to evaluate the security vulnerabilities of cloud-based solutions and Traditional ITO to discover possible vulnerabilities, their causes and mitigation strategies to securing web applications from the discovered vulnerabilities. Some web applications and a Traditional ITO network were ethically hacked to discover vulnerabilities in them. Analyses of the results obtained through the ZAP scan flagged Remote File Inclusion (RFI) alert were high priority alert. In all, RFI constitutes the most serious potential threat and it needs the fullest attention of CC service providers. Nmap disclosed opened ports in Traditional ITO Virtual Private Network which can make the server of the provider accessible to hackers leading to a considerable disclosure of information to unauthorized users.

This paper examines the privacy and security issues on electronic commerce websites in Ghana. Ghana is reported to have an Internet users’ rate of 27.8% and a mobile Internet subscription of 14% in 2017. The study assessed e-commerce websites for privacy policies that are meant to guide and inform website users on the collection of customer data, data use, protection and other related privacy issues on personal data. The study also analyzed e-commerce websites for encryption security tools that protect customer data and test e-commerce websites for the presence of security vulnerabilities that could threaten the sites and their users. The study used a combination of three methods; web content analysis, information security audit and testing of the websites using penetration testing tools for data collection and analysis. Nmap was used to test and identify possible vulnerabilities on the e-commerce websites that could be used by malicious users to steal customer data for fraudulent intent. The research revealed the presence or otherwise of privacy policies on e-commerce websites. The security weaknesses in these e-commerce websites have been highlighted as findings in the study. The findings of the study will inform policy direction on electronic data collection, protection and use in the e-commerce industry in Ghana is on areas that bother on privacy and security of the customer could be given attention. The findings will also inform industry players in the e-commerce sector on the need to strengthen security on their websites.