The risks of ecommerce are that there can be weak or non-existent database administrator passwords. In addition to a lack of passwords, many database administrators use weak passwords that are short, or that are common names, places, or events. This will make it easy for hackers to get in to the system and steal people’s information. One of the most sought-after DBA accounts is the system administrator account used by MS SQL Server. This is mainly because MS SQL Server includes several very powerful extended stored procedures that give a DBA – or a hacker – full access to the server's file system. Using programs, a hacker can simply test passwords at the SQL server until it cracks. If the password is missing or is weak, it will only be a matter of minutes before the hacker has access to the data. Poor programming or improper configuration on the SQL server: Another method of attack is via SQL injection techniques that exploit poor programming or improper configuration on the SQL server to allow a hacker to access, overwrite, or delete information in the data server.
Spoofing is that is such a low cost of Web site creation and the ease of copying existing pages makes it all too easy to create illegitimate sites that appear to be operated by established organizations. In fact, con artists have illegally obtained credit card numbers by setting up professional looking Web sites that mimic legitimate businesses.
There are risks of unauthorized disclosure so when transaction information is transmitted in the clear, without proper security and encryption, hackers can intercept the transmissions to obtain customers' sensitive information like personal information and/or credit card numbers.
There can also be an unauthorized action