Chapter 5 E-commerce Security and Payment Systems

Copyright © Pearson Education, Inc. All Rights Reserved 1

 2

Learning Objective
After reading this chapter, you will be able to:

• Understand the scope of e-commerce crime and security problems, the key dimensions of e-
commerce security, and the tension between security and other values.

• Identify the key security threats in the e-commerce environment.

• Describe how technology helps secure Internet communications channels and protect networks,
servers, and clients.

• Appreciate the importance of policies, procedures, and laws in creating security.

Copyright © Pearson Education, Inc. All Rights Reserved 2

 3

Two kinds of cyberwar targets

Banks and
Related
Defense Financial
Installations Systems

Public Soft
Nuclear Hard Private
Infrastructure
Manufacturing Record
Plants Targets Firms
Facilities Targets Systems

Health
Management
Public and
Insurance
Infrastructure
Record
Systems

Copyright © Pearson Education, Inc. All Rights Reserved 3

 4

The Cyber Market for Stolen Data

DATA Price
Individual U.S. card number with expiration date and CVV2 (the three-digit number printed on back of card) (referred to as a $5–$8
CVV)
Individual U.S. card number with full information, including full name, billing address, expiration date, CVV2, date of birth, $20–$60
mother’s maiden name, etc. (referred to as a Fullz or Fullzinfo)
Dump data for U.S. card (the term “dump” refers to raw data such as name, account number, expiration data, and CVV $60–$100
encoded on the magnetic strip on the back of the card)
Bank account login credentials (depending on value and verification) 0.5%–10%
of value
Online payment accounts (PayPal, etc.) (depending on value and verification) 0.5%–10%
of value
Driver’s license information $20

Online account login credentials (Facebook, Twitter, eBay, Apple, Dropbox) $10–$15

Medical information/health credentials $10–$20

1,000 e-mail addresses $1–$10

Scan of a passport $1

Social security number $1

Copyright © Pearson Education, Inc. All Rights Reserved 4

 5

Security Threats in the E-commerce Environment

There are three key points of vulnerability when dealing with e-commerce:

The Client

The Server

The Communications Pipeline

Copyright © Pearson Education, Inc. All Rights Reserved 5

 6

Vulnerable Points in an E-commerce Transaction

There are three major vulnerable points in

e-commerce transactions:

- Internet communications,

- servers, and

- clients.

Copyright © Pearson Education, Inc. All Rights Reserved 6

 7

Most Common Security Threats in the E-commerce Environment

 Malicious code
• Viruses
• Worms
• Trojan horses
• Drive-by downloads
• Backdoors
• Bots, botnets
• Threats at both client and server levels

Copyright © Pearson Education, Inc. All Rights Reserved 7

 8

Most Common Security Threats in the E-commerce Environment (cont.)

 Potentially unwanted programs (PUPs)

• Browser parasites
• Adware
• Spyware
• Cryptojacking

 Phishing
• E-mail scams
• Social engineering
• Identity theft

Copyright © Pearson Education, Inc. All Rights Reserved 8

 9

Phishing

Phishing
• any deceptive, online attempt by a third party to obtain confidential information
for financial gain

Social engineering
• exploitation of human fallibility and gullibility to distribute malware

Copyright © Pearson Education, Inc. All Rights Reserved 9

 10

Most Common Security Threats in the E-commerce Environment (cont.)

 Hacking
• Hackers vs. crackers
• Types of hackers: White, black, grey hats
• Hacktivism
 Cybervandalism:
• Disrupting, defacing, destroying Web site
 Data breach
• Losing control over corporate information to outsiders

Copyright © Pearson Education, Inc. All Rights Reserved 10

 11

Hacking, Cybervandalism, and Hacktivism

Hacking
An individual who intends to gain unauthorized access to a computer
system.

Cracker
Within the hacking community, a term typically used to denote a hacker with
criminal intent

Cybervandalism
Intentionally disrupting, defacing, or even destroying a site

Hacktivism
Cybervandalism and data theft for political purposes

Copyright © Pearson Education, Inc. All Rights Reserved 11

 12

Most Common Security Threats in the E-commerce Environment (cont.)

 Credit card fraud/theft

• Hackers target merchant servers; use data to establish credit
under false identity
 Spoofing (Pharming)
 Spam (junk) Web sites
 Denial of service (DoS) attack
• Hackers flood site with useless traffic to overwhelm network
 Distributed denial of service (DDoS) attack

Copyright © Pearson Education, Inc. All Rights Reserved 12

 13

Spoofing, Pharming, and Spam

Spoofing Pharming
Involves attempting to hide a true identity Automatically redirecting a web link to an
by using someone else’s e-mail or IP address different from the intended one,
address with the site masquerading as the intended
destination

Spam (junk) websites

Also referred to as link farms; promise to
offer products or services, but in fact are
just collections of advertisements

Copyright © Pearson Education, Inc. All Rights Reserved 13

 14

Most Common Security Threats in the E-commerce Environment (cont.)

 Sniffing
• Eavesdropping program that monitors information traveling over a
network
 Insider attacks
 Poorly designed server and client software
 Social network security issues
 Mobile platform security issues
• Same risks as any Internet device
 Cloud security issues

Copyright © Pearson Education, Inc. All Rights Reserved 14

 15

Developing an E-commerce Security Plan

There are five steps involved in building an e-commerce security plan.

Copyright © Pearson Education, Inc. All Rights Reserved 15

 16

Alternative Online Payment Systems

Online stored value systems

– Based on value stored in a consumer’s bank, checking, or credit card
account
– e.g., PayPal
Other alternatives
– Amazon Payments
– Google Checkout
– Bill Me Later
– WUPay, Dwolla, Stripe

Copyright © Pearson Education, Inc. All Rights Reserved 16

 17

Mobile Wallet App Adoption

Copyright © Pearson Education, Inc. All Rights Reserved 17

 18

Digital Cash and Virtual Currencies

Digital cash
– Based on algorithm that generates unique tokens that can be
used in “real” world
– e.g., Bitcoin
Virtual currencies
– Circulate within internal virtual world
– e.g., Linden Dollars in Second Life, Facebook Credits

Copyright © Pearson Education, Inc. All Rights Reserved 18

 19

Electronic Billing Presentment and Payment (EBPP)

Online payment systems for monthly bills

50% of all bill payments
Two competing EBPP business models
– Biller-direct (dominant model)
– Consolidator
Both models are supported by EBPP infrastructure
providers

Copyright © Pearson Education, Inc. All Rights Reserved 19

 20

Major Players in the EBPP Marketspace

Copyright © Pearson Education, Inc. All Rights Reserved 20