The potential for abuse can range from simple fraud, like the use of stolen or manufactured credit card numbers to buy merchandise from a retailer, to more sophisticated espionage launched from a terminal at a corporate supplier's network.

The international aspect of the Internet exposes businesses to cross-border liability, and the likelihood of an on-line business accidentally breaking a foreign country's commerce regulations is high.

Consumer  products ranging from books and jewelry to furniture and cars are all being sold via the Internet. Time-sensitive financial services like stock trading are fast becoming ubiquitous. Business-to-business commerce on the Web ranges from the sale of office supplies to computers and much more. Risk
management science divides this topic into two related areas: First Party risks to property or business
interruption and Third Party risks of a liability nature. This paper attempts to list these risk exposures
and discuss risk management steps including the possible transfer of risk via insurance products.

Risk Identification & Quantification

 Information is power. Information power resides on corporate networks, mainframes, Intranets, Extranets, and websites. Direct and permanent loss of that information is a constant threat to organizations. Because direct loss of information is not a new type of risk, proper backup systems and procedures have been standard risk management fare for decades. However, the reliance upon information power to guide and facilitate commerce has increased greatly, particularly over the past five years.

First Party Risks First Party exposures, otherwise described as direct loss and loss of use of information technology assets, can be caused by an expanding list of perils including:
- Physical damage to host computer equipment and network equipment
- Breaches of security by employees, former employees or contract professionals
- Breaches of security by outsiders (hackers)
- Destruction of information technology assets by employees, former employees or contract employees
- Destruction of information technology assets by outsiders (hackers)
- Disruption of computer networks due to computer viruses, e.g., Melissa virus
- Destruction of credit card or other credit information from customers leading to lost sales
- Credit injury to customers whose credit card numbers may be misused by unauthorized
 parties
- Lost E-Commerce revenues due to technological disruption (including telephone, data or
  internet service disruption on or off premises), particularly for time-sensitive industries like
                on-line brokerage firms
- Lost E-Commerce advertising revenues due to website disruption
- Disruption of E-Commerce due to "smurf" or "spam" attacks or incidents
- Lost new E-Commerce customers due to various forms of disruption (given Internet firm
   valuations based on number of customers, this can have a severe impact on valuations)
- Non-repudiation for various forms of disruption of time-sensitive E-Commerce
- Theft of intellectual property, trade secrets and other confidential information stored on
   company networks
- Cost of litigating against those who have infringed on company intellectual property
- Cost to restore damaged websites or networks
- Cost to repair or upgrade security systems/firewalls in the aftermath of a breach of security
- Extra expenses arising out of disruptions to Intranets and Extranets

        These risk exposures are difficult to quantify in terms of frequency or severity. Their quantification is difficult primarily because: (1) Most companies do not reveal losses and the extent of their economic impact; and, (2)  Since E-commerce is a young industry, insurers have not gained enough experience to formulate meaningful actuarial data.

        Third Party Risks

- Companies engaged in facilitating E-Commerce, including those who sell or service software that facilitates
- E-Commerce, face several exposures to financial loss. Among them are third party property damage, as well as liability arising out of the failure to deliver products or services. (Risk exposures like these are not very different from those of firms that provide software and related services for applications outside of  E-Commerce.)

- Another group of risk exposures encompasses all types of companies engaging in E-Commerce including legal  liability for:
- Wrongful access by hackers to credit card numbers or credit history information of awebsite’s customers
 -Transmission of computer viruses
 -Copyright, trademark, trade dress, patent infringement, piracy, plagiarism, misappropriation
and other forms of intellectual property violations
- E-Commerce and web-casting related personal injury including libel and slander
- E-Commerce related advertising injury including false or misleading advertising
- Inappropriate access or control of regulated products/services such as sale of pornography
 to minors, sale of guns to convicted felons or sale of liquor across state lines
- Unfair blocking or screening of a website by an Internet Service Provider
- False light (public disclosure of private facts)
- Over redemption of internet coupons, contests or games of chance
- Harassment of "any and all" forms in chat rooms
- Misleading information posted in chat rooms
- Hacker access to a website with wrongful information, e.g., PairGain on Bloomberg; and
failure to remove this information promptly
- Failure of hotlinks to function

          These examples merely outline some of the apparent risks of E-Commerce, and others will become evident as the Internet and E-Commerce mature.Some of the terms related to  common fraud and vandalism problems are described below:
- Lax security: Poor internal security -- uncontrolled access to computer
hardware, poor protection of passwords and     lack of formal securitypolicies -- is probably the biggest threat to information security of all kinds,including Internet security.
 
- Malicious software: Cyber-vandalism is becoming a big problem on theInternet. Viruses are probably the best-known form of online vandalism,though they are also among the easiest to defend against. Trojan horses posing as legitimate software can cause the host to divert confidential information to an unauthorized third person.

- Sniffing: Sniffing is electronic eavesdropping. Sniffers use an easy-to-produce piece of software that sits somewhere between the website user and the site provider's server and intercepts passing information. This information may include credit card numbers and other confidential data. Encrypting information can prevent sniffing.

- Spoofing: Spoofers fraudulently represent themselves as other organizations. The spoofers set up false sites and collect confidential information from unsuspecting Web users. Spoofing can be prevented with certification programs.
 
Selected links are given below to learn more about the subject:

To learn about risk of transaction making on the net and how to make them secure visit

http://www.akdiv.com/security.htm

To learn risks and how to insure them visit

http://ourworld.compuserve.com/homepages/Gregory_Walker/doc/vim-3928.htm
 
 To learn that e-commerce is not much more risky than others visit

http://www.corbinball.com/art-websecurity.html