The low cost and wide availability of the Internet for both businesses and customers has sparked a revolution in electronic commerce (e-commerce) and corresponding applications. In fact, many organizations are exploiting the opportunities offered by Internet-based e-commerce solutions, and many more are expected to follow. But in spite of the well-publicised success stories, many businesses and customers are also cautious about participating in e-commerce, and security concerns are often cited as being the single most important barrier. In this talk, we overview and briefly discuss client-side and server-side security as well as transaction security, and further elaborate on some legal and regulatory issues. In addition, we address the relationship between network and e-commerce security. More specifically, we argue that the currently existing network security technologies can also be used to secure e-commerce applications, but that the security requirements of these applications generally go beyond the more traditional requirements of network security. This is particularly true for the multi-party and multi-protocol characteristics of e-commerce environments, as well as the requirement that the corresponding cryptographic protocols must not only be complete and sound, but also efficient and fair. In addition, we have special requirements that address the online availability of specific parties, such as trusted third parties (TTPs), the anonymity of communicating peers, the traceability of communications, and the manageability of trust. These additional requirements further complicate the situation and must be addressed adequately. Consequently, we overview and briefly discuss some current and future directions for research and development in e-commerce security, and try to shape a corresponding research agenda.