Search from the Journals, Articles, and Headings
Advanced Search (Beta)
Home > International Journal of Policy Studies > Volume 2 Issue 2 of International Journal of Policy Studies

E-COMMERCE AND CYBER VULNERABILITIES IN BANGLADESH: A POLICY PAPER |
International Journal of Policy Studies
International Journal of Policy Studies

Article Info
Authors

Volume

2

Issue

2

Year

2022

ARI Id

1682060069195_3112

PDF URL

https://www.ijpstudies.com/index.php/ijps/article/download/31/14

Chapter URL

https://www.ijpstudies.com/index.php/ijps/article/view/31

Asian Research Index Whatsapp Chanel
Asian Research Index Whatsapp Chanel

Join our Whatsapp Channel to get regular updates.

INTRODUCTION

As computing devices and communication technologies were developed and become more cost-efficient, online shopping or exchanging products or services over the Internet is becoming more common. It has room for growth. E-commerce is growing due to its accessibility, similar to the user-friendly benefits. Online retailers are no longer bound by conventional store hours. From small businesses to major corporations, e-commerce creates new windows of business opportunity. Today, many businesses choose to host their operations on the Internet to enter a new market that they could not easily reach through their sales force or advertisement campaigns.

However, when e-commerce is overproof security risks or cybercrime become visible in the e-commerce area. The potential for failure or damage to an organization's information or communications systems is known as cyber danger or cyber security risk. Any company may be exposed to cyber risk originating from within the organization (internal risk) or from third parties (external risk). Internal and external threats may be deliberate or accidental. The ever-increasing advancement in information and communication technology has resulted in cybercrime (ICT). The attackers primarily target organizations' confidential data or personal details. According to the 2019 Global Risk Perception Survey, cyber risk was ranked as a top 5 priority by 79% of global organizations (Reagan, 2019). The growth of cyber risk is largely partly tied to the increasing use of technology as a driver. Strategic initiatives—such as outsourcing, use of third-party vendors, cloud migration, mobile technologies, and remote access—are used to drive growth and improve efficiency, but also increase the cyber risk exposure. Cyber risk has evolved from a technology issue to an organizational problem.

With the growing digitalization of marketing practices and targeted marketing, it has been increasingly important to have additional rules and legislation to protect people’s privacy and security. India and Pakistan, for example, have passed legislation in this regard. Therefore, the case in Bangladesh is much more serious as the majority of users are not aware of their privacy and security. So, manipulation, falling into a trap, or getting hacked have been common. Bangladesh recently experienced a massive and organized cyber assault. At least 147 public and private organizations, including banks and non-bank financial institutions (NBFIs), were targeted, revealing their complete vulnerabilities (Rahman, 2021). Following the growing cybercrime scenario, Bangladesh Government established the Digital security act law (2018). The government has taken steps to form special bureaus to investigate, prevent cybercrimes, and execute the necessary measures to protect the data of citizens.

In the era of digitalization, to keep pace with the modern world, there is no room to look back to alternative devices or technologies in any segment including commerce and business. Therefore, in such a situation, what people can do is use technology by adopting necessary precautions and security measures. This research mainly dealt with the vulnerabilities of the general people in using technology, while indicating how people are falling into the trap of cybercriminals.

 

METHODOLOGY

The study is qualitative research that applies the case study method for analyzing the risks and vulnerabilities on the ground. The cases were mainly collected from secondary sources of information, including official and unofficial documents and complaints filed by the victims. As the study is quite a bit unique, it has found very few similar researches dealing with the problem. Because of that, it mainly relied on the new story, government reports, and police reports for information. Therefore, it has analyzed the existing policy measures by the government and law enforcement agencies to figure out the loopholes and step up with new recommendations. Here, it follows the policy review approach, which analyzes key indicators like Effectiveness, Equity, Acceptability, Feasibility, and Unintended consequences (Morestin 2012).

 

CONCEPTUAL UNDERSTANDING: E-COMMERCE

Electronic commerce is a relatively new concept that crept into the business vocabulary during the 1970s. E-commerce is frequently used to refer to the online sale of real goods, but it can also refer to any economic transaction that is made possible by the internet. The history of E-Commerce begins with the first-ever online sale: on August 11, 1994, a man sold a CD by the band Sting to his friends through his website Net Market, an American retail platform. This is the first example of a consumer purchasing a product from a business through the World Wide Web or “E-Commerce” as we commonly know it today. Since then, E-Commerce has progressed to make it easier to find and buy things through online shops and marketplaces. Independent freelancers, small enterprises, and large organizations have all benefited from e-commerce, which allows them to offer their products and services on a larger scale than traditional offline shopping.

In terms of customer dealings and business operations, some business models are going through like Business to Consumer (B2C), Business to Business (B2B), Consumer to Consumer (C2C), and Consumer to Business (C2B), etc.

 

HOW DOES E-COMMERCE FUNCTION

Although the business (Buy and sell in exchange for money) proceeds are the same, however, there are some significant differences between e-commerce and traditional offline business. In the e-commerce process, there are several steps followed to be completed the process indicated in figure 01.

 

 

 

 

 

Placing order

Unsupported image type.

 

 

Receiving Orders

Unsupported image type.

 

 

Processing Order

Unsupported image type.

 

 

Shipping

Unsupported image type.

 

 

Delivery & Payment

Unsupported image type.

 

 

Feedback

 

 

Figure 01:

Cycle of E-commerce

 

 

 

 

 

Figure 01 illustrates the beginning of e-commerce from placing orders to the delivery and feedback process. After receiving the order, the vendor starts the process of preparing particular products and services. And then, shipment and delivery with payment complete the particular cycle. In the end, the feedback and evaluation offer the customers control over the quality of products and services.

 

EMERGING CYBER THREATS IN E-COMMERCE

threat can be defined as anything that can exploit the vulnerability intentionally or accidentally, and obtain damage or destroy an asset. In other words, a threat is what an organization is defending itself against. Cyber threats are constantly evolving, and organizations must take steps to protect themselves against black market hackers, state-sponsored cybercriminals, and other nefarious individuals and groups. The most effective way to protect against cyber-attacks is by implementing a layered approach to cyber security - reviewing your current cybersecurity measures regularly and adapting them as needed.

The demand for online services is expanding significantly more than ever before. However, the ultimate goal of providing impartial security and handiness is seeming to be a harsh challenge due to the abundant conspicuous actors in a group known as “Cyber-Crime”. Acknowledged, “Cyber-Crime” is an illegitimate act that involves a computer and a network. (Moore R, 2005). Cybercrime is being measured as a grave threat to all spheres of the economic development of a country. Remarkably, monetary gain is still one of the pivotal driving factors behind lion’s share of cybercrime actions and there is a very rare chance of this altering in the upcoming days (Symantec, 2015).

Halder and Jaishankar (2009) define cybercrime as “the offenses that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as the Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”. The Oxford Dictionary defined the term cybercrime as “Criminal activities carried out using computers or the Internet.”

In the last few decades, we have observed an increasing scenario of cybercrime all over the world, which mostly hampered the growth of infant industries like E-commerce. Confronting the vibrant nature of cyber threats, which are newly grown, always shakes the security management of this industry. Transaction transshipment, online marketplace, everything is in large vulnerability due to insufficient measures of cyber security. The problem is much worse in the developing world and third-world countries, where people are new to technology but have not been introduced to threats emanating from that.

 

MALIGN ACTORS OF ORIGINATION ACTORS OF ORIGINATING CYBER CRIMES 

Cyber threat is now a real threat, originating from various sources including state actors, individuals, or groups from across the world. Usually, malign actors target national and international infrastructure institutions, and communication portals to destabilize the order and create panic. Sometimes, as an eventual cause, economic growth, currency flow, and other factors related to the production process caused hampered. The growing extent of reliance on the cyber world has been the real target to punish or pressure opponents.  Nowadays, even the state mechanism also is accused of sponsoring cyber threats to another country to gain a specific purpose. For example, Iran, Israel, North Korea, and others are accused of sponsoring such crimes. Sometimes, a well-structured crowd of hackers aims to intrude into computing systems for financial advantage. As a way of their weapons, these crowds use phishing, spam, spyware, and malware for extortion, theft of private information, and online scams. However, individual hackers aim at institutions by using various attack methods.

They are generally inspired by individual hidden profits, vengeance, monetary gain, etc. Hackers frequently create new hazards to move forward with their criminal skills and ameliorate their private reputation in the hacker neighborhood. In addition to that, the employee who has access to data and systems of the company sometimes misuses and pinches data or destroys computing systems for commercial or private gain.

 

GLOBAL INCIDENCE OF CYBERATTACKS

Big Basket, an Indian food e-commerce site, may have experienced a data breach that leaked the individual data of over two crore consumers. The data breach was found on October 30, 2020, during Cybele's normal dark web monitoring operation, according to the cyber intelligence group (Sachdeva, 2020).

In India, three out of every four small and medium-sized businesses (SMBs) had a cyber-event in the previous year, including 85 percent losing user information to malicious actors and a noticeable impact on business. Cyber-attacks cost two-thirds (62%) of Indian SMBs more than 3.5 crores over the last year. Each of those surveyed estimated the cost to be in the extent of Rs. 7 crores (Bureau& 2021).

More than 100,000 payment card details were exposed as a result of a data breach announced by a Japanese e-commerce business. Customers of two of Acro's four beauty product websites were impacted as a consequence of the exploitation of a vulnerability in a third-party payment processing provider, according to a data breach alert (Bannister, 2022).

The Bridge Chronicle reports that in the previous three years, a hacking organization has got into at least 570 e-commerce businesses across 55 countries, including India, exposing data to over 184,000 stolen credit cards and earning over $7 million (Rs 52 crore) from the sale of compromised payment cards (Tribune India News Service, 2020).

Global cybercrime expenses are expected to increase by 15% each year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This is the largest transfer of economic wealth in history, it jeopardizes incentives for innovation and investment, it is tenfold greater than the damage caused by natural catastrophes in a year, and it will be more profitable than the worldwide trade in all major illicit narcotics combined (Morgan, 2018).

 

CYBER THREATS

 

Table 01: Categories of Cyber Threats

Cyber Threats Category

Threats

Social Engineering Threats

Baiting, Pretexting, Phishing, Vishing, Smishing, Piggybacking, and Tailgating.

Supply Chain Attacks

 

Invaders are searching for a non-secure network set of rules, server communications, and coding methods, and utilize them to cooperate, construct and revise procedures, change resource code as well as conceal malicious content

Malware Threat

Viruses, worms, Trojans, spyware, and ransomware.

Supply chain Threats

Concession of form devices, the concession of the signing of the code, spiteful code which was sent as the updates whose are programmed to hardware or firmware apparatuses, and spiteful code preinstalled on corporal instruments.

DoS Threats

HTTP flood DDoS, SYN flood DDoS, UDP flood DDoS, ICMP flood, and NTP amplification.

Injection Threats

SQL injection, Code injection, OS command injection, LDAP injection, XML    external, attack. Injection Entities, Cross-site scripting.

 

Table 01 indicates that there are a number of threats that cause insecurity to cyber users. However, some threats, or cyber-crimes that are mostly applied to e-commerce, are given below here.

 

CARD TESTING FRAUD

Card fraud is when somebody gets access to credit card numbers taken illegally. It is a well-known approach used to cheat E-Commerce businesses.

 

FRIENDLY FRAUD

Friendly fraud is identical to charge-back fraud. It occurs when a customer buys a product or deal virtually then the merchant demands a chargeback from the disbursement workstation, demanding the transaction was not valid. The financial institutes or banks refund the contract amount to the consumers.

 

THE FRAUD OF REFUND

When somebody utilizes a credit card that was lifted to create an acquisition on an e-commerce website, this is described as repayment fraud. They then ask for a refund due to an unintended overpayment. On the surface, the scams seem to be building a valid assertion; however, they are trying to make money.

 

THE FRAUD OF ACCOUNT TAKEOVER

This happens if somebody acquires entrance into a client's account on an E-Commerce site. It involves many issues, including identity theft, price victims, and our seller status. Customers who believe their information is vulnerable to websites or E-Commerce sites are less likely to sign out.

 

 

INTERCEPTION FRAUD

It occurs when swindlers place orders on an e-commerce website where the billing address along with the delivery address goes to the data related to a credit card that was taken away. When the request of order is to be found, they aim to catch the box up and seize the items for their own purpose. They may do it in many ways.

 

TRIANGULATION FRAUD

When a buyer makes a legitimate purchase on a third-party marketplace (such as Amazon or Sears.com), the merchandise they get is purchased fraudulently from another retailer's website. This behavior is detrimental to all types of enterprises. Customers frequently need to be made aware of this.

 

SUPPLY CHAIN ATTACKS

Software supply chain attacks are particularly ruthless because the requests being co-operated by attackers are contracted and qualified by truthful merchants. In the attack of many software supply chains, the software trader is unconscious and its usages or apprises are contaminated. Spiteful code runs with the identical faith and freedoms as the conceded submission. Here are different types of supply chain attacks of form devices, the concession of the signing of the code, spiteful code which was sent as the updates that are programmed to hardware or firmware apparatuses, and spiteful code preinstalled on corporal instruments.

 

MALWARE ATTACK

Malware is taken from the short form of “malicious software”. The different types of malware that are frequently used are viruses, worms, Trojans, spyware, and ransomware.

 

SOCIAL ENGINEERING ATTACK

It engages swindling users by giving an access point for malware. The sufferer gives sensitive data or unintentionally mounts malware on their gadget, since the invader pretenses as a genuine actor. Here are some other types of social engineering attacks: Baiting, Pretexting, Phishing, Vishing, Smishing, Piggybacking, and Tailgating.

 

MAN-IN-THE-MIDDLE

It engages by interrupting the contact amid two points whose are terminal points, for instance, a user and an application. The invader may snoop on the contact, pinch insightful information, and take off each party participating in the contact. For example, the MitM attacks include the spying of WI-FI, the stealing of Email, the hoaxing of DNS, the bluffing of IP, and the bluffing of HTTPS.

 

THE ATTACK OF DENIAL OF SERVICE (DoS)

It overworks the system of objectives with a big amount of circulation, obstructing the capacity of the method to task generally. An assault engaging numerous gadgets is acknowledged as a distributed denial-of-service (DDoS) attack. DoS spasm systems contain HTTP deluge DDoS, SYN flood DDoS, UDP flood DDoS, ICMP flood, and NTP amplification.

 

THE ATTACK OF INJECTION

Injection spasms abuse a helpless diversity to place spiteful inputs into the program of online submission straightforwardly. Flourishing violence can uncover subtle data, implement a DoS, or cooperate with the whole method. Injection attacks include SQL injection, Code injection, OS command injection, LDAP injection, XML external attacks, injection Entities, and Cross-site scripting.

 

PHISHING AND SPEAR-PHISHING

Lance phishing is an electronic mail or else electrical transportations cheat which aims at a sole individual, corporation, or association. Cybercriminals can expect to set up malware on a targeted user's machine and thieving data for wicked purposes.

 

SPOOFING

If somebody or else somewhat have faith in to be unusual in an active effort to increase self-assurance of us, lifting cash, take information, acquire right of entry to methods of us, otherwise stretch, malware is known as spoofing. Spoofing has many kinds, such as Spoofing of URLs, Spoofing of Emails, spoofing, Spoofing concerned with Text message, Spoofing created from GPS, Spoofing of Extension, spoofing related to Caller ID, Spoofing related to face, and many more.

 

RANSOM WARE

It is a modified form of malware that encrypts our data and demands a ransom, which is typically paid in Bitcoin, to decrypt it.

 

WEBSITE DEFACEMENT

It is an attack in which a malevolent group of people intrudes into a website and then changes text or writing given on the E-commerce site by means of their individually influenced communications or messages. The emails or posts may suggest a politically aware or spiritual text, vulgarity, or new inapt text, which might humiliate the owners of the E-commerce site. On the other hand, it is observed that a particular group of covetous hackers has lacerated the E-commerce site. The usual reasons for occurrences that are related to the defacement of E-commerce sites comprise illegal right of entry, SQL instillation, Scripting of Cross-site (XSS), Hijacking of DNS, and infection of Malware.

 

E-COMMERCE IN BANGLADESH

E-Commerce is now a more modern gadget that is attracting people all over the world, including in Bangladesh. Bangladesh has so far had a very positive outcome in terms of its thriving e-commerce industry and the general people’s participation in it. People have fully recognized the effectiveness of digital transactions and internet buying. Due to people's increased usage of internet shopping since the pandemic, there has been a significant shift in purchasing habits. Additionally, the e-commerce sector has gotten a boost from the expanding mobile financial services (MFS) market, which has made it easier for customers to make online purchases.

From the year 2012, the local E-commerce market in Bangladesh started to develop into a genuine ecosystem. Expanded internet access and the Bangladesh Bank's subsequent validation plus endorsement of a virtual disbursement made this possible. A number of banks initially refused to support the online payment gateway technology. The growth of e-commerce has been facilitated by better internet connections and a rise in the number of individuals with access to the internet during the previous limited ages.

The E-commerce business growth has been aided by better internet connections and a rise in the number of individuals with access to the internet during the past few years. In 2016, 50 million dollars was consumed in the E-commerce market of Bangladesh. $10 million of that total came from FDI. In the year 2017, the retail market generated BDT 1335.71 billion, on the other hand, the B2C market for E-commerce business was 110 –115 million dollars (BDT 9.0 billion). According to the estimates of the E-Commerce Association of Bangladesh, the market reach of E-commerce companies increased to Tk 17.0 billion in 2017 from Tk 4.0 billion in 2016 (e-CAB). In 2021, it was worth Tk 70 billion (khan, 2020).

According to the 2017 study by the E-Cab (E-Commerce Association of Bangladesh), smartphone and data connections in Bangladesh have 99 percent geographic coverage. As of May 2021, the Bangladesh Telecommunication Regulatory Commission (BTRC) estimates that there are 117.3 million internet users nationwide, of whom only 9.8 million utilize broadband connections, and the remainder use mobile internet(khan, 2020).

 

PAYMENT GATEWAY IN BANGLADESH

Some companies in Bangladesh nowadays offer payment gateway services, which allow customers to pay with convenience methods like online banking, debit card, credit card, mobile banking, etc., the payment gateway also allows using local currency to buy a particular product priced with international currency. Recently, many educational institutions are using such payment systems to facilitate the payment of academic fees and others (Report, 2022). Mostly, the problem usually occurs in e-commerce where customers used to have a variety of payment choices, which the sellers needed help to afford for a single shop. But, now, it has been solved by this payment login service, which lets people with debit and credit or mobile banking from different companies in a unique process. Some payment gateway service providers in Bangladesh are SSLCOMMERZ, Port wallet, Aamarpay, Shurjapay, Paddle, etc., (Rabab, 2021).

 

 

 

E-COMMERCE POTENTIALS IN BANGLADESH

E-commerce states that the exchange of merchandises, products, services, and facilities involving businesses and customers through an electronic network. In Cisco it is seen as Business-to-Business or B2-B  E-commerce,  in the Amazon we can observe business-to-consumer or B2C e-commerce, in eBay, it is seen as consumer-to-consumer or C2C e-commerce, and business-to-government e-commerce is the four broad categories that makeup e-commerce (B2G).

E-commerce trade includes a mix of various types of skills and technologies, for instance, e-mail (Electronic mail), EDI (Electronic Data Interchange), as well as Electronic Fund Transfer (EFT). In the case of Electronic Data Interchange (EDI), trading partners must come to an agreement. A common way to exchange company data is using EDI. Other EDI methods include faxing and emailing. Small, medium, and large businesses in Bangladesh have used e-business platforms.

Bangladesh is also using other e-commerce mediums for improving the E-commerce sector like other developing and developed countries. In the present day's E–commerce business environment, Facebook Commerce (F-Commerce) in addition to Mobile Commerce (M-Commerce are quite prevalent.

The conventional E-commerce industry added an incredible additional Tk 1,000 crore to the total amount of business transactions conducted in the last year by the f-commerce sector. Currently, there are two thousand e-commerce websites and fifty thousand Facebook-based businesses that ship close to thirty thousand items daily. Currently, Dhaka, Chattogram, and Gazipur are responsible for eighty percent of online deals. (Ritekonnect, n.d.)

M-commerce has also grown tremendously in Bangladesh. Many private companies have introduced smartphone applications for online shopping, including retail giants like Agora, Meena, Bazaar, Swapno, and electronics and gadget retailers. Customers in Bangladesh are already becoming accustomed to mobile purchases. Along with Amazon, eBay, and Alibaba, which are shortly to open, the international payment gateway PayPal, Xoom has just been implemented in the nation and provides a new dimension to e-commerce (Saud, 2017).

 

 

E-COMMERCE RELATED GOVERNMENT REGULATION

Bangladesh passed the (ICT) Act of 2006 to promote information technology development and ease E-Commerce. The 2013 amendment to the Act added provisions for persons who conduct cybercrimes to face jail time and/or penalties (Barua, 2014). The implementation of this act has significantly impacted Bangladeshi businesses and consumers of mobile and online commerce.

The Ministry of Commerce's adoption of the Digital Commerce Operation Guidelines 2021 (Guideline) is undoubtedly a significant step toward successful operational governance of Bangladesh's "e-commerce" industry. Still, it is equally important that the guidelines be properly put into practice (Hossain, 2021).

A few operational procedures, including purchase, delivery, payment, refund, complaint management, etc., have been briefly covered in this guidance. These procedures are related to a number of legal issues.

 

STORIES OF CYBER INCIDENTS

 

DEEP DISCOUNT IS ANOTHER WAY OF FRAUD IN E-COMMERCE BUSINESS

Uneven competition plays a pivotal role to create the net of fraud in e-commerce in Bangladesh by offering deep discounts.  The story about discount fraud came out on 1 February 2022 in a leading English Daily, The Daily Star. The Bangladesh Commission for Competition (BCC) paraded a case against the famous E-commerce hub Alesha Mart, a related E-commerce enterprise, for making uneven competition within the market by providing prejudiced money. The case was filed which follows the Act for Competition of 2012, which conditions that no commercialism will be able to misuse its leading situation. The commission had lodged an objection against the well-founded e-commerce organization on its individual in the month November. Conferring to the court case, Alesha Mart traded motorcycles whose brand name is Bajaj Pulsar with a hundred and fifty solid capability engines at a worth of thirty-five percent less than the value in June 2021.

 

 

 

SCAMS SHATTERED THE E-COMMERCE GROWTH

The story concerning the downswing of the e-commerce business of Bangladesh given by the central bank came out on December 28, 2021. A Bangladesh Bank report on e-commerce transactions through the formal channel showed that the transactions declined to Tk 743 crore in October 2021, reaching the highest amount of Tk 1277.4 crore in June 2021. The transactions in October were 41.53 percent or Tk 534.4 less than the transactions in June. In Feb 2020, the transactions through the e-commerce platform were Tk 247.1 crore. Zeeshan Kingshuk Huq, co-founder, and chief officer of e-commerce platform Sindabad.com, aforesaid that customers’ confidence within the e-commerce sector was deterred due to the non-payment of the customers’ cash by a variety of e-commerce platforms that oversubscribed the product on substantial discount against advance payments and didn't either deliver the product or to allow the cash back. Zeeshan conjointly believes that the restoration or retention of customers’ confidence would rely upon the performance of platforms. Due to scams, this business is declining in revenue on a large scale.

 

FB PAGE IS A NEW TRAP FOR ONLINE SHOPPERS

Nowadays, it has been apparent that online marketing has additionally become standard through varied pages or groups on Facebook. Many folks have started online businesses by opening pages on their own initiative. However, the question is regarding how reliable sites are! The story will reflect the net of cybercrime through the FB page (The Daily Sun, 19th July 2020). The complaint was from a student of Jahangir Agar University. While scrolling through his newsfeed on Facebook, he suddenly saw an advert for an associated e-commerce website. He ordered the shirt off his selection worth TK 1,100. Per their terms, he paid money through BKash, a leading mobile banking company. Three days later, the ordered products fell upon his address. Therefore, after opening the packet, he found that the shirt he ordered wasn't there. Moreover, a low-quality dress was delivered. However, some other similar experiences that occurred with many e-commerce customers have been widespread.

 

 

 

E-ORANGE IS AN EXAMPLE PONZI SCHEME

In the previous record of structures of the Ponzi, no instance of evenhanded fairness is found. We observe simply a consequence: only the household of cards approaches banging down, the instigator is hauled off to prison, then the sufferers are the ones swung out to dry.

On 15th March 2022, a news story became the buzzword that reflected the Ponzi scheme. Take E-orange as an illustration. More than 5,573 cases were lodged related to the fake business of the e-commerce hub with the DNCRP (Board of controllers of state customer human rights security), nevertheless with a single penny visibility, merely thirty-three objections might be predisposed until now. The volume of cash in excess of which the objections were funneled is a big quantity. The escrow accounts were receiving a huge amount of payment money since the 1st of July of the last year, according to an instruction of the Central Bank of Bangladesh, as well as guessing authorization from the sellers relating to the supply of the manufactured goods, in agreement with the Ministry of Information of Bangladesh. Escrow is a third agent usage, which clutches a property or deposits before they are transmitted. The third agent grips the assets or cash until the individual agent has accomplished their inscribed contract requirement. On the other hand, although the e-orange owner and the COO (Chief Operating Officer) went to prison for more than Tk eleven thousand crore complaints and squashed bank accounts, that doesn’t bring any solution for the customers and investors.

Thus, a number of incidents and risks grow concerned among people demotivating them mainly to involve in e-commerce-related business.

 

ANALYSIS OF THE INCIDENTS

 

CAUSAL FACTORS   

The E-commerce sector in Bangladesh has been growing up rapidly for the last couple of years, welcoming a large number of new customers and sellers. Covid19 outbreak and strict lockdown forced people to stay inside, rather than out with friends, family, and colleagues. In an eventual cause, people swiftly took the option of E-commerce. Besides covid 19 restrictions, people now figured out that the cost of time, traveling, and hassles are not beneficial for them to go shopping, rather making orders by staying home is comfortable and affordable. Therefore, nowadays, the quality of e-commerce services and products is improving day by day. Renowned business outlets, super shops, and shopping malls opened their new chapter of operating business in E-commerce, which helps significantly to turn back the trust of the customers. Mobile banking and the facilitation of card service terms and conditions by different private and government banks are also considered blessings for E-Commerce. In addition to that, a supportive mindset from the government is also a major source of motivation for the growing e-commerce sector in Bangladesh.

Although online business in Bangladesh is amplified, however, recent fraudulence of customers has always posed new challenges. Most particularly, newcomers in E-Commerce, including small shop owners or homemade producers, need to be aware of cyber security knowledge. Even many fully rely on a third person for opening up the account, doing promotions, and managing payment gateways. Consequently, the privacy and security of their business accounts are already at stake. Most of them even need to learn about the immediate steps to meet security threats, if they get notifications.

The youth, who are new to E-Commerce mostly jumped up to social media tools to open their shops. But there are issues like spamming, phishing, email, scam, and spy apps, which malicious actors can use to get crucial security information. In addition to that, the e-payment system in our country needs to be developed more effectively to grow successful e-commerce. So, fraudulent poor customer servicing, mismanagement, loopholes in apps, and many other vulnerabilities are found in our research that indicates the riskiest area of the E-Commerce industry. Recently, the Bangladesh bank scam is the premier example of how the banking system in this country grows. Even now, Bangladesh Bank still needs to make mobile banking, e-banking, and card service provider banking organizations accountable for fraudulence, mismanagement, and poor-quality services. Even the government needs a specific regulations to deal with the problems immediately. The last couple of years ago, the government has introduced a digital security act in the orient of acting as a watchdog of security for online users. However, it is accused that the analysts are not properly utilized, but rather being abused to tackle the dissent.

Law enforcement agencies have also taken the necessary steps to train their staff to deal with cyber security threats, including sending them abroad for higher education, hiring experts from outside, buying sophisticated technologies, and creating new units named cyber-crime in the police force. Therefore, more is needed as crimes increase rapidly in different forms and natures. And even law enforcement agencies cannot do anything until the users are not aware enough of their safety. Even many government organizations still need to get a cyber-specialist and always rely on third-party services. In such a situation, the government requires a very concrete and coordinated step by utilizing its resources and manpower to deliver proper training and guidelines.

 

STEPS AHEAD

 

Table 02: Recommended Policy Steps

Key areas

Steps

Raising Public Awareness

Including a chapter in Textbooks

  • Workshops, Seminars, Training
  • Obligating a course completion before issuing a license
  • Nationwide Campaign (Social Media Campaign, Physical Mobilization)

Framing Regulations and Acts

 

Enhancing the Capacity of Law Enforcement Agencies

  • Training
  • Buying Sophisticated Tools
  • Hiring Specialists on a Temporary Basis

Research and Fund Allocation

  • Assess the Extent of threats
  • Identify the Variant and nature of threats
  • Upgrade the Technology
  • Better adaptation of the methods
  • Special Research Cell
  • Priority in the University Research
  • Fellowships, Scholarships, and Grants
  • Technology Festivals
  • Idea Contest
  • SWOT Analysis

The comprehensive plan and better coordination

  • Collaborating and cooperating with NGOs and Others to deal with the issues

Other Threats to Ecommerce

  • Low-Quality Products and Fraudulences
  • Arbitrary in Pricing
  • Bringing E-commerce under a particular umbrella of the organization
  • Strict E-commerce regulation and consumer rights preservation acts
  • Special cell for monitoring
  • Facilitating the submission of complaints and prompt steps

Source: Based on documents and story analysis

 

RAISING PUBLIC AWARENESS

In 2022, it will be crucial to be aware of and take precautions against cyber threats, which are a developing issue that affects both enterprises and individuals. Cyber security knowledge is more essential than ever as digital technology advances and permeates most facets of peoples' personal and professional lives. Everyone increasingly uses Internet-connected PCs, laptops, and other gadgets to complete numerous jobs. Since the commencement of Covid19, students in school have become increasingly reliant on the internet. Consequently, by integrating terminology related to cyber security in textbooks, the public might first become informed.

Businesses and banks are beginning to consider hosting seminars and workshops on cybersecurity issues to raise awareness. For instance, UCB Bank started a workshop on cyber security (The Business Standard, 2022).

The countrywide campaign is significantly boosting public awareness of cyber security.

A deal to start a cyber-security campaign for kids and teens was struck by the United Nations Development Programme (UNDP) and the government of Bangladesh's ICT Division (The Business Standard, 2022).

 

FRAMING REGULATIONS AND ACTS

Except for the traditional Information and Communication Technology (ICT) Act of 2006 and the Digital Security Act (DSA), of 2018, Bangladesh has no laws governing cyber security. The current legal system cannot address the threats that have emerged due to the ultra-advancements in surveillance technology during the past ten years.

The government of Bangladesh aims to create a cyber-security strategy. The Digital Bangladesh initiative's four pillars—Digital Government, Human Resource Development, IT Industry Promotion, and Connectivity & Infrastructure—are supported by the Bangladesh Cybersecurity Strategy 2021–2025(Molla, n.d.).

 

ENHANCING THE CAPACITY OF LAW ENFORCEMENT AGENCIES

The government of Bangladesh is requiring cyber security training. A cyber range is a simulation platform used to teach and evaluate cyber security professionals, educate students about cyber security, and test processes and technology in a real-world setting that mimics assaults, scenarios, and networks.

Ctfd.io is an open-source solution that may be altered to suit the demands of any institution or organization. For those interested in cybersecurity and those who work in the sector, as well as those who view cybersecurity as an advanced subject in the field of computer science, it can be a great learning tool (Bangladesh e-Government Computer Incident Response Team, n.d.). Numerous online forums have been developed to practice and discuss relevant problem sets, and they have greatly increased the opportunity for networking with like-minded individuals.

 

RESEARCH AND FUND ALLOCATION

Cyber threats are nowadays becoming an epidemic in nature and to an extent that was not thought of in previous days. There is no such universal nature of threats. Every day, the nature and variants have changed. Even it varies from person to person, city to city, and context to context. For example, in the village area of Bangladesh, people do have adequate knowledge of cyber security threats. They are very vulnerable and can be pulled into risk by simple spam links or hacks. Therefore, in city areas, people use different kinds of apps and services, where they are required to provide their information. Those apps also have access to their handsets and other information. So, in city areas, the threats are somewhat different from rural areas.

The traps being used always vary from person to person. So, rigorous and nonstop research is needed to assess and understand the variants of the threats and the reasons behind them. In addition to that, nowadays wide use of different apps also hampers the customer’s security. So, systematic and technical analysis is required to check and identify the malicious apps which fail to confirm users' security. However, methodological advancement and technological gradation also require advanced research. In doing so, government and Non-government actors should come forward and allocate research grants in different ways to accomplish the desired research objectives. There should be a special research cell for this particular purpose to confirm the betterment and gradation of the technology and methods. Therefore, law enforcement agencies and other institutions should also collaborate with universities in research and innovation to deal with the threats.

 

COLLABORATING AND COOPERATING WITH NGOs AND OTHERS TO DEAL WITH THE ISSUES

To improve online safety, The Bangladeshi government began collaborating with various NGOs and others to handle cyber concerns. At the moment, one of the top global agenda items is cooperation in the sphere of cyber security. On July 14 and 15, 2022, the Bay of Bengal Initiative for Multi-Sectorial Technical and Economic Cooperation (BIMSTEC) convened the first-ever meeting of its skilled assemblage on cyber safety collaboration in New Delhi. For the region's BIMSTEC nations, this is a new area of endeavor. Cyber Safety Coordinator of India, Lt. General Rajesh Pant presided over this face-to-face government-to-government gathering, which included representatives from South-East Asian countries (Bhattacharjee, 2022).

Here are seven policies that are recommended by the CPD (Centre for Policy Dialogue) to protect the E-commerce of Bangladesh.

Firstly, the present law and rules ought to be amended and people require to be enforced properly and take action against dishonest e-commerce organizations.

Secondly, the institutional capability of the relevant organizations and departments like the Ministry of Commerce, People's Republic of Bangladesh Bank, Board of National Consumers’ Right Protection, Monetary Intelligence Unit, and Competition Commission ought to be increased through sufficient and experienced human resources and the adoption of technology.

Thirdly, coordination among the varied establishments as well as the Ministry of Commerce, People's Republic of Bangladesh Bank, law-imposing bodies, and alternative relevant organizations ought to be enlarged. Therefore, the role of those bodies must be clearly outlined.

Fourthly, monetary intelligence ought to collect regular knowledge on E-commerce and share those with relevant bodies and conjointly with the public daily to extend the answerability of those businesses and build customers' attention to the activities of E-commerce businesses.

Fifthly, awareness among e-commerce customers ought to be enlarged so they behave responsibly and don't fall prey to such traps of dishonest e-commerce organizations.

Sixthly, non-public associations like the e-Commerce Association of Bangladesh (e-CAB) have the job of gathering data on recent businesses before registering, them as their property, and permitting members of the companies by observing the operations of those businesses.

Seventhly, the govt. ought to solve the matter, however, through the legal framework of the corporate Act and not by investing public cash in these dishonest firms.

 

CONCLUSION

Security is always the prime focus of every system from origin to evolution. Here, the new growing E-Commerce sees an outnumbered youths involved with their new ideas, entrepreneurship, and businesses. The government must manage the flow of a growing number of e-commerce while maintaining its security. Therefore, it is now realized that after experiencing several cyber fraud incidents, the people who are the main actors lack security knowledge and risk. At the same time, the government also shows inactivity in response to those incidents indicating the government’s unpreparedness and inexperience to problems. Therefore, this article explains the risks that occurred in those e-commerce sectors, while indicating their’ causal factors. By analyzing the problems and scenarios, the article also made some policy prescriptions for employing at individual and government levels, including engaging and educating people on cyber threats, vulnerabilities, and causal factors. At the same time, it recommends the government prepare for technological advancement, training, and approaches to dealing with the challenges of this techno-advanced future world.

 

CONFLICT OF INTEREST

The authors declare no conflict of interest.

 

DATA AVAILABILITY

The information used to help the outcomes of this policy paper are available from the corresponding author upon request.

 

REFERENCES

Amir, L. (2022, February 27). Adsale Website.Retrieved July 12, 2022, from adsale.com: https://adscale.com/blog/7-types-of-e-commerce-fraud-and-what-to-do-about-them/

Bangladesh e-Government Computer Incident Response Team (n.d.). CTFd.io: An interactive learning tool for Cybersecurity. Retrieved from BGD e-GOV CIRT |: https://www.cirt.gov.bd/ctfd-io-an-interactive-learning-tool/

Bangladesh e-Government Computer Incident Response Team (n.d.)| B. e-Government C. I. R. CYBER RANGE – BGD e-GOV CIRT |. Retrieved from https://www.cirt.gov.bd/cyber-range/

Bannister, A. (2022, March 4). Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards. Retrieved from The Daily Swig | Cybersecurity news and views website: https://portswigger.net/daily-swig/japanese-beauty-retailer-acro-blames-third-party-hack-for-breach-of-100k-payment-cards#:~:text=The%20attack%2C%20it%20added%2C%20compromised

Barua, B. J. (2014, January 1). Amended Information Technology and Communication Act. Retrieved October 29, 2022, from The Daily Star website: https://www.thedailystar.net/amended-information-technology-and-communication-act-4688 

Bhattacharjee, S. (2022, August 2). Together for cyber security. Retrieved from www.dhakatribune.com website: https://www.dhakatribune.com/op-ed/2022/08/02/together-for-cyber-security

Bureau&, O. (2021, September 27). Cyber-attacks in the past year cost 62% SMBs in India over ₹3.5 crore: Report. Retrieved from www.thehindubusinessline.com website: https://www.thehindubusinessline.com/info-tech/cyber-attacks-in-the-past-year-cost-62-smbs-in-india-over-35-crore-report/article36689903.ece

Halder, D., & Jaishankar, K. (2009). Cyber socializing and victimization of women. Temida, 12(3), 5–26. https://doi.org/10.2298/tem0903005h

Halder,S., & Hasan,M.(2021,September 24). The Daily Star Website. Retrieved July 12, 2022, from thedailystar.net: https://www.thedailystar.net/business/economy/e- commerce/news/another-e-commerce-scam-unfolding-2183056

Halder,S., & Sarker,M.A.(2022, February Tuesday). The Daily Star Website. Retrieved July 12, 2022, from thedailystar.net: https://www.thedailystar.net/business/economy/e-commerce/news/alesha-mart-sued-unfair-discounts-2951751 .

Hossain, A. (2021, August 10). OP-ED: Concerns about e-commerce regulations in Bangladesh. Retrieved from Dhaka Tribune website: https://archive.dhakatribune.com/business/2021/08/10/op-ed-concerns-about-e-commerce-regulations-in-bangladesh

Islam,Z.(2022, March 15). The Daily Star.(2021, September)  The Daily Star Website. Retrieved July 12, 2022, from thedailystar.net: https://www.thedailystar.net/business/economy/e-commerce/news/ecommerce-scam-victims-majority-would-never-get-their-money-back-2982881 .

Khan, sunera S. (2020, January 10). E-commerce in Bangladesh: Where are we headed? The Financial Express. Retrieved from https://thefinancialexpress.com.bd/views/views/e-commerce-in-bangladesh-where-are-we-headed-1578666791

Khatun, F.(2021, September 27). Centre for Policy Dialogue (CPD). Retrieved July 27, 2022, from Centre for Policy Dialogue (CPD) Website: https://cpd.org.bd/building-a-healthy-e-commerce-sector-needs-strong-actions/  .

Ministry of Trade, (2022, July 20). Bangladesh - eCommerce. Retrieved from www.trade.gov website:  https://www.trade.gov/country-commercial-guides/bangladesh-ecommerce#:~:text=and%20data%20connectivity

Molla, M. B. (n.d.). Meeting on Bangladesh Cybersecurity Strategy 2021-2025 Responsibility Matrix. Retrieved from BGD e-GOV CIRT | Bangladesh e-Government Computer Incident Response Team website: https://www.cirt.gov.bd/meeting-on-bangladesh-cybersecurity-strategy-2021-2025-responsibility-matrix/

Morestin, F (2012), A Framework for Analyzing Public Policies: Practical Guide, National Collaborating Centre for Healthy Public Policy, Briefings, September http://www.ncchpp.ca/docs/Guide_framework_analyzing_policies_En.pdf

Morgan, S. (2018, December 8). Global Cybercrime Damages Predicted To Reach $6 Trillion Annually By 2021. Retrieved from Cybercrime Magazine website: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/

Murtuza, H.(2021, December 29). The New Age. Retrieved July 12, 2022, from newage.bd: https://www.newagebd.net/article/158509/e-commerce-in-bangladesh-faces-rough-ride-in-2021-as-scams-shatter-growth

Rabab, S. (2021, June 27). Renowned online payment gateways in Bangladesh for domestic, international transactions. Retrieved from unb.com.bd website: https://unb.com.bd/category/Business/renowned-online-payment-gateways-in-bangladesh-for-domestic-international-transactions/74554

Rahman, S. (2021, April 3). 240 govt entities, banks come under cyber-attacks. Retrieved October 29, 2022, from The Financial Express website: https://thefinancialexpress.com.bd/national/240-govt-entities-banks-come-under-cyber-attacks-1661080789#:~:text=In%202021%2C%20at%20least%20147

Reagan, T. (2019, September). 2019 Global Cyber Risk Perception Survey. Retrieved October 28, 2022, from www.marshmclennan.com website: https://www.marshmclennan.com/insights/publications/2019/sep/global-cyber-risk-perception-survey-report-2019.html#:~:text=79%25%20of%20respondents%20ranked%20cyber

Ritekonnect. (n.d.). E-commerce Industry in Bangladesh, Retrieved October 29, 2022, from https://ritekonnect.com/ website: https://ritekonnect.com/e-commerce-industry-in-bangladesh/

Sachdeva, A. (2020, November 9). BigBasket Suffers Massive Data Breach; Over 2 Crore Users’ Personal Details Leaked. Retrieved from Beebom website: https://beebom.com/bigbasket-suffers-massive-data-breach/

Saud, M. A. N. (2017, November 30). From e-commerce to m-commerce: The upcoming trend. Retrieved from today.thefinancialexpress.com.bd website: https://today.thefinancialexpress.com.bd/print/from-e-commerce-to-m-commerce-the-upcoming-trend-1511943591

The Business Standard (2022, August 8). UCB organizes workshop on ’4th Industrial Revolution and Digital Upskilling’. Retrieved from: https://www.tbsnews.net/economy/banking/ucb-organizes-workshop-4th-industrial-revolution-and-digital-upskilling-473834

The Business Standard (2022, March 22). SSLCOMMERZ introduces online payment service for DU students. Retrieved from https://www.tbsnews.net/economy/corporates/sslcommerz-introduces-online-payment-service-du-students-389190

The Daily Star (2022, May 17) the Daily Star Website. Retrieved July 12, 2022, from thedailystar.net: https://www.thedailystar.net/news/bangladesh/crime-justice/news/arrest-warrants-issued-against-evaly-ceo-rassel-2-others-cheque-fraud-case-3025456.

The Daily Star.(2021, September)  The Daily Star Website. Retrieved July 12, 2022, from thedailystar.net: https://www.thedailystar.net/business/economy/e-commerce/news/evaly-scam-aftermath-customers-sellers-worried-sick-2179681.

The Daily Sun (2020.July, 2019) .The Daily Sun Website.  Retrieved July 12, 2022, from daily-sun.com: https://www.daily-sun.com/post/494473/Online-fraud:-An-obstacle-to-digital-Bangladesh.

The Financial Express (2022, May 2). UNDP, ICT Division sign deal to launch cyber security awareness campaign. Retrieved from: https://thefinancialexpress.com.bd/home/undp-ict-division-sign-deal-to-launch-cyber-security-awareness-campaign-1651498020

The Imperva. (2022). the Imperva Website. The Cyber Threats. Retrieved 2022, from imperva.com: https://www.imperva.com/learn/application-security/cyber-security-threats/ 

Tribune India News Service (2020, July 8). Hackers break into 570 e-commerce stores, generate over $7 million in 3 years. Retrieved from: https://www.tribuneindia.com/news/science-technology/hackers-break-into-570-e-commerce-stores-generate-over-7-million-in-3-years-110150

Loading...
Similar Articles
Loading...
Similar Article Headings
Loading...
Similar Books
Loading...
Similar Chapters
Loading...
Similar Thesis
Loading...

Similar News

Loading...
About Us

Asian Research Index (ARI) is an online indexing service for providing free access, peer reviewed, high quality literature.

Whatsapp group

asianindexing@gmail.com

Follow us

Copyright @2023 | Asian Research Index