ASPIDA: A client-oriented platform for assessing websites security practices adoption and reward

Abstract

The adoption of good security practices for the e-commerce business is a challenging problem. The enforcement of a strict legal framework is not always effective. On the other hand, simple recommendations and raising awareness actions are not sufficient to prioritize the necessity of secure e-commerce websites. Our approach is a combination of self-assessment, self-improvement and self-regulation incentivization activities, implemented in the observAtory for Security and PrIvacy DAta (ASPIDA) system. To minimize security and privacy issues in commercial websites and e-shops, we propose a hybrid, multi-dimensional methodology to gather, monitor and analyze various indicators and metrics, into an integrated system. Although several interesting efforts have been developed for monitoring compliance with basic cybersecurity principles, their implementation is limited without any stimulus for the participants. ASPIDA automatically analyzes a set of technical security and privacy characteristics of commercial websites and correlates the output with the results of questionnaires answered by the respective owners, web-developers and webadministrators. Positive evaluation in the automatic testing and participation in the e-commerce cybersecurity survey generates a digital badge of good practices for the specific website. The digital badge is a premium for informed e-buyers that are aware of the impact of recent catastrophic security incidents and the importance of personal data. © 2021 IEEE.