E-commerce platforms are increasingly targeted by sophisticated cyber-attacks that exploit the inherent vulnerabilities of centralised authentication architectures. Password-based systems, two-factor authentication, and centralised identity stores have demonstrated persistent susceptibility to phishing, credential stuffing, man-in-the-middle interception, and large-scale data breaches. This paper investigates the design, implementation, and evaluation of a blockchain-based authentication system as a structural response to these limitations. The proposed system leverages Ethereum’s public-key cryptographic infrastructure, MetaMask wallet integration, Web3.js, JSON Web Tokens (JWT), React.js, and Node.js to deliver a decentralised, tamper-proof, and privacy-preserving authentication flow for e-commerce applications. A proof-of-concept prototype was built and evaluated against conventional authentication methods across eleven analytical dimensions, including security architecture, data integrity, identity management, scalability, trust models, and regulatory alignment. Results confirm that the blockchain-based approach eliminates credential database attack surfaces, enables non-repudiable transaction signing, supports Zero-Knowledge Proof (ZKP) verification, and implements Self-Sovereign Identity (SSI) principles that return data ownership to users. Scalability under high transaction volumes and user onboarding complexity are identified as the primary adoption barriers, suggesting that hybrid architectures may offer the most pragmatic near-term deployment pathway. The study contributes an empirically grounded, real-world implementation perspective to the growing literature on blockchain security applications, and provides actionable guidance for e-commerce operators, security practitioners, and researchers exploring decentralised identity systems.
This paper has presented a comprehensive investigation of blockchain-based authentication as a structural response to the endemic security vulnerabilities of conventional e-commerce authentication architectures. Through a review of the relevant literature, the design and implementation of a proof-of-concept prototype on the Ethereum blockchain, and a structured comparative evaluation across eleven analytical dimensions, the study has demonstrated that blockchain-based authentication offers meaningful and qualitatively distinct security improvements over traditional centralised methods.
The central security advantage is architectural: the elimination of the centralised credential database removes the primary target of the vast majority of e-commerce data breaches. Authentication through ECDSA cryptographic signing provides non-repudiable, replay-resistant identity verification without transmitting or storing any secret. Zero-Knowledge Proof compatibility and Decentralised Identifier support enable privacy-preserving verification aligned with data minimisation principles. The Self-Sovereign Identity model returns data ownership to users and reduces the platform’s GDPR exposure.
These advantages come with substantive constraints. Blockchain consensus mechanisms limit authentication throughput below the requirements of large-scale platforms. MetaMask dependency introduces onboarding friction. Private key management places new responsibilities on users accustomed to password reset flows. The rapidly evolving blockchain tooling ecosystem creates implementation complexity and requires ongoing maintenance vigilance.
The practical recommendation emerging from this study is a phased, hybrid adoption strategy: deploy blockchain-based authentication for high-value transactions, account recovery events, and cross-platform identity federation, while retaining conventional authentication for routine low-stakes interactions. As Layer 2 scaling solutions mature, developer tooling stabilises, and user familiarity with blockchain wallets increases, the case for broader deployment strengthens. The trajectory of blockchain technology and the escalating costs of conventional authentication failures point toward a future in which decentralised cryptographic authentication becomes the norm rather than the exception for digital commerce security.
This research contributes to the empirical foundation of that transition, providing both a worked implementation reference and a structured evaluation framework for practitioners and researchers advancing the state of e-commerce security.
References
[1]Albshaier, L., Almarri, S. and Hashim, M.M. (2024) ‘A Review of Blockchain’s Role in E-Commerce Transactions: Open Challenges, and Future Research Directions’, Computers, 13(1). Available at: https://doi.org/10.3390/computers13010027.
[2]American Express (2024) Security Solutions and Best Practices to Protect Against E-Commerce Threats. Available at: https://www.americanexpress.com/en-us/business/trends-and-insights/articles/security-solutions-and-best-practices-to-protect-against-e-commerce-threats/ (Accessed: 11 July 2024).
[3]Banday, M.T. and Qadri, J.A. (2007) ‘Phishing-A Growing Threat to E-Commerce’, The Business Review, 12(2), pp. 76–83.
[4]Buterin, V. (2014) ‘A next-generation smart contract and decentralized application platform’. Ethereum Foundation. Available at: https://ethereum.org/en/whitepaper/ (Accessed: 15 July 2024).
[5]Comparitech (2024) 30+ Data Breach Statistics and Facts: Frequency, Impact & More. Available at: https://www.comparitech.com/blog/vpn-privacy/data-breach-statistics-facts/ (Accessed: 12 July 2024).
[6]Dahal, S.B. (2023) ‘Enhancing E-commerce Security: The Effectiveness of Blockchain Technology in Protecting Against Fraudulent Transactions’, International Journal of Intelligent Computing, 1(1). Available at: https://publications.dlpress.org/index.php/ijic/article/view/1/1 (Accessed: 19 July 2024).
[7]Jonker, M. et al. (2017) ‘Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem’, in Proceedings of the 2017 Internet Measurement Conference. New York: ACM, pp. 100–113.
[8]Kondova, G. and Erbguth, J. (2020) ‘Self-Sovereign Identity on Public Blockchains and the GDPR’, in Proceedings of the 35th ACM/SIGAPP Symposium on Applied Computing. New York: ACM. Available at: https://doi.org/10.1145/3341105.3374066.
[9]Marr, B. (2023) ‘The 5 Biggest Problems With Blockchain Technology Everyone Must Know About’, Forbes, 14 April. Available at: https://www.forbes.com/sites/bernardmarr/2023/04/14/the-5-biggest-problems-with-blockchain-technology-everyone-must-know-about/ (Accessed: 23 July 2024).
[10]MetaMask (2023) MetaMask Monthly Active Users. ConsenSys. Available at: https://metamask.io (Accessed: 18 July 2024).
[11]Nakamoto, S. (2008) ‘Bitcoin: A Peer-to-Peer Electronic Cash System’. Available at: https://bitcoin.org/bitcoin.pdf (Accessed: 15 July 2024).
[12]Ping Identity (2019) 2019 Consumer Survey: Data Misuse & Trust. Available at: https://www.pingidentity.com/en/resources/content-library/misc/3464-2019-consumer-survey-trust-accountability.html (Accessed: 13 July 2024).
[13]Security Brief (2024) Global surge in DDoS attacks causes dire financial consequences. Available at: https://securitybrief.in/story/global-surge-in-ddos-attacks-causes-dire-financial-consequences (Accessed: 13 July 2024).
[14]Siriwardena, P. (2020) Advanced API Security: OAuth 2.0 and Beyond. 2nd edn. Berkeley: Apress. Available at: https://doi.org/10.1007/978-1-4842-2050-4.
[15]Statista (2024) E-commerce worldwide – statistics & facts. Hamburg: Statista Research Department.
[16]Tobin, A. and Reed, D. (2017) ‘The Inevitable Rise of Self-Sovereign Identity’, Sovrin Foundation White Paper. Available at: https://sovrin.org/wp-content/uploads/2017/06/The-Inevitable-Rise-of-Self-Sovereign-Identity.pdf (Accessed: 17 July 2024).
[17]TokenMinds (2024) Unlocking Speed with Layer 2 Solutions: TokenMinds’ Comprehensive Guide. Available at: https://tokenminds.co/blog/blockchain-development/layer-2-solutions (Accessed: 16 July 2024).
[18]Treiblmaier, H. and Sillaber, C. (2021) ‘The impact of blockchain on e-commerce: A framework for salient research topics’, Electronic Commerce Research and Applications, 48, Article 101054. Available at: https://doi.org/10.1016/j.elerap.2021.101054.
[19]Tripathi, G., Ahad, M.A. and Casalino, G. (2023) ‘A comprehensive review of blockchain technology: Underlying principles and historical background with future challenges’, Decision Analytics Journal. Available at: https://doi.org/10.1016/j.dajour.2023.100344.
[20]Umoren, O. et al. (2022) ‘Blockchain-Based Secure Authentication with Improved Performance for Fog Computing’, Sensors, 22(22). Available at: https://doi.org/10.3390/s22228969.
[21]Voshmgir, S. and Zargham, M. (2020) ‘Foundations of Cryptoeconomic Systems’, Research Institute for Cryptoeconomics Working Paper Series, No. 1.
[22]W3C (2022) Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data Model, and Representations. W3C Recommendation. Available at: https://www.w3.org/TR/did-core/ (Accessed: 17 July 2024).
[23]Wilson, D. and Ateniese, G. (2015) ‘From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain’, in Qiu, M. et al. (eds) Network and System Security. Lecture Notes in Computer Science, vol 9408. Cham: Springer.
[24]Xu, X., Weber, I. and Staples, M. (2019) Architecture for Blockchain Applications. Cham: Springer.
Zheng, Z. et al. (2018) ‘Blockchain challenges and opportunities: A survey’, International Journal of Web and Grid Services, 14(4), pp. 352–375. Available at: https://doi.org/10.1504/IJWGS.2018.095647
How to Cite This Paper
Onyeagoziri Precious Akams (2026). Blockchain-Based Authentication Systems for Securing E-Commerce Transactions: Design, Prototype Implementation, and Comparative Evaluation. International Journal of Computer Techniques, 13(2). ISSN: 2394-2231.
