Professional Documents
Culture Documents
Humber College CHP 5 E-Commerce Security and Payment Systems - Inclass
Humber College CHP 5 E-Commerce Security and Payment Systems - Inclass
Learning Objective
After reading this chapter, you will be able to:
• Understand the scope of e-commerce crime and security problems, the key dimensions of e-
commerce security, and the tension between security and other values.
• Describe how technology helps secure Internet communications channels and protect networks,
servers, and clients.
Banks and
Related
Defense Financial
Installations Systems
Public Soft
Nuclear Hard Private
Infrastructure
Manufacturing Record
Plants Targets Firms
Facilities Targets Systems
Health
Management
Public and
Insurance
Infrastructure
Record
Systems
Online account login credentials (Facebook, Twitter, eBay, Apple, Dropbox) $10–$15
Scan of a passport $1
The Client
The Server
- Internet communications,
- servers, and
- clients.
Malicious code
• Viruses
• Worms
• Trojan horses
• Drive-by downloads
• Backdoors
• Bots, botnets
• Threats at both client and server levels
Phishing
• E-mail scams
• Social engineering
• Identity theft
Phishing
Phishing
• any deceptive, online attempt by a third party to obtain confidential information
for financial gain
Social engineering
• exploitation of human fallibility and gullibility to distribute malware
Hacking
• Hackers vs. crackers
• Types of hackers: White, black, grey hats
• Hacktivism
Cybervandalism:
• Disrupting, defacing, destroying Web site
Data breach
• Losing control over corporate information to outsiders
Cracker
Within the hacking community, a term typically used to denote a hacker with
criminal intent
Cybervandalism
Intentionally disrupting, defacing, or even destroying a site
Hacktivism
Cybervandalism and data theft for political purposes
Spoofing Pharming
Involves attempting to hide a true identity Automatically redirecting a web link to an
by using someone else’s e-mail or IP address different from the intended one,
address with the site masquerading as the intended
destination
Sniffing
• Eavesdropping program that monitors information traveling over a
network
Insider attacks
Poorly designed server and client software
Social network security issues
Mobile platform security issues
• Same risks as any Internet device
Cloud security issues
Digital cash
– Based on algorithm that generates unique tokens that can be
used in “real” world
– e.g., Bitcoin
Virtual currencies
– Circulate within internal virtual world
– e.g., Linden Dollars in Second Life, Facebook Credits