Safeguarding the Digital Single Market’s E-Commerce Ecosystem

Combining an automatic, rigorous, distributed and open-source toolkit

Prevention & Response

System interfaces security & appropriate response to the affected users and partners

Monitoring & Mitigation

Run-time interface operations at the application and network level for resilience against both known and unknown threats

Awareness & Training

To make citizen clients of e‑commerce business partners (SMEs) aware of potential security threats and train on how to avoid them

ABOUT THE PROJECT

Enhancing citizens’ resilience to threats and their trust in e-commerce companies

ENSURESEC addresses the whole gamut of modern e‑commerce, from standard physical products purchased online and delivered via post, to entirely virtual products or services delivered online. It addresses threats ranging from maliciously modifying web e‑commerce applications or rendering them unavailable to legitimate customers, to delivery issues or fraud committed by insiders or customers. It achieves this by focusing on the common software and physical sensor interfaces that sit along the e‑commerce, payment and delivery ecosystem.

14

COUNTRIES

22

PARTNERS

ENSURESEC_banner_1920x1080_04
Online shopping icon on smart phone for global concept

Uniquely designed to protect distributed and evolving e-commerce infrastructures

Although ENSURESEC innovations are applicable to any critical infrastructure that relies and is monitored by networked software systems, its design and integration philosophy make it uniquely prepared to protect distributed and evolving e‑commerce infrastructures with its various forms of payment and delivery (virtual, online and physical). ENSURESEC also enhances citizens’ resilience to threats and their trust in e‑commerce companies, especially SMEs, thus contributing towards the vision of a reliable and trusted European digital single market.

CHALLENGES

E-commerce is the primary pillar of the European Digital Single Market

Building a better access to digital goods and services

With transactions reaching €621 billion during 2019, e‑commerce in the EU has an expressed need of providing better access for consumers and businesses to digital goods and services across Europe by establishing trust and security among digital actors.

Involving actors with different social and technical characteristics

The e‑commerce ecosystem involves actors with different social and technical characteristics, from citizens, technical vendors, numerous levels of cyber and physical services and their underlying soft and hard infrastructures, i.e., including delivery services and physical security services.

Tackling fraud losses through e-commerce payments

Online sales are projected to eclipse $4.9 trillion globally by 2021, which makes it an attractive area for cyber-crimes. For instance, in 2016, the EU suffered €1.32 billion of fraud losses through e‑commerce payments, while 73% of global e‑commerce declared fraud incidents occurred in the EU.

Establishing trust between e-commerce users and operators

A breach of data confidentiality may relate to trade secrets, personal and financial credentials, blueprints and formulations, as well as GDPR breaches related to staff and customers. A breach of data integrity may result in personal data leaks or in fraudulent payments, which may lead to a widespread lack of trust and recalls.

Building a comprehensive security toolkit

ENSURESEC integrates proven state-of-the-art inductive (machine learning) with deductive (formal methods) reasoning tools and techniques so that e-commerce operations are protected by design, as well as through continuous monitoring, response, recovery and mitigation measures at run-time

WORK STRUCTURE

At a logical level, ENSURESEC includes six main modules

online-payments-01

Prevention assesses and certifies that the design of the system interfaces is secure against certain classes of critical attacks and vulnerabilities.

Detection monitors run-time interface operations at the application level and network level for resilience against both known and unknown threats.

Whenever a vulnerability or arbitrary malicious activity is detected, the system continues operation in fail-safe mode while the response and mitigation engine communicates an appropriate response to the affected users and partners and attempts to mitigate the impact.

The recovery engine recovers the system‘s state by identifying what has gone wrong based on a dependency-directed diagnosis.

ENSURESEC develops live security monitors based on the resilient-oriented situational awareness component that employs advanced machine learning techniques to continuously detect any suspicious and evitable incident and visualize its impact and interdependencies at a different level.

To handle inevitable threats and promote trust and resilience, ENSURESEC conducts interactive and serious games-based training and awareness to make citizen clients of e-commerce business partners (SMEs) aware of potential security threats and train on how to avoid them.

THE CONSORTIUM

With 22 partners from 14 countries across Europe, ENSURESEC is uniquely positioned to provide a high impact solution for protecting European e‑commerce critical infrastructures and their ecosystems

Project Coordinator:   INOV

DELIVERABLES

Knowledge Base

The ENSURESEC project’s Public Deliverables, press releases and open publications are available at the open repository

Zenodo

CONTACT

If you would like to get in contact with us or receive regular updates on the project, please send us an e-mail to:  ensuresec @ inov.pt