Professional Documents
Culture Documents
Chapter 5
Security and Payment Systems
Question;
What Is Good E-commerce Security?
What is needed To achieve the highest degree of security?
What are Other factors?
Customer and Merchant Perspectives on
the Different Dimensions of E-commerce Security?
The Tension Between Security and Other
Values
Three key points of vulnerability
Security Threats in the E-commerce
Environment
Potentially Unwanted Programs
Hacking, Cybervandalism, and
Hacktivism
Identity Fraud/Theft
2
What Is Good E-commerce Security?
• To achieve highest degree of security
(NO-IG)
– New technologies
– Organizational policies and procedures
– Industry standards and government laws
[
However, reducing risks in e-commerce is a complex process that involves new technologies,
organizational policies and procedures, and new laws and industry standards that
empower law enforcement officials to investigate and prosecute offenders.]
• Other factors
– Time value of money
– Security often breaks at weakest link
– Cost of security versu potential loss
3
Table 5.3
Customer and Merchant Perspectives on
the Different Dimensions of E-commerce Security
PAaNIC
Privacy, Authenticity, Availability, Non_repu_dia_tion, Integrity, Confidentiality
Privacy
Can I control the use of information
about myself
transmitted to an e-commerce merchant?
Availability
Can I get access to the site?
*Non_re_pu_dia_tion
Can a party to an action with me
later deny taking the action?
Can a customer
deny ordering products?
Integrity
Has information /data
I transmitted or received been
altered?
Has data
on the site been
altered without authorization?
Is data being received from
customers valid?
Confidentiality
Can someone (else) other than the
intended recipient read my
messages?
Are messages or confidential data accessible to anyone other than those authorized to view
them?
4
The Tension Between Security and Other
Values
•Security versus Ease of use
– The more security measures added,
the more difficult a site is to use,
and the slower it becomes
5
[ book; Figure 5.3 illustrates some of the things that can go wrong at each
major vulnerability point in the transaction—
over Internet communications channels, at the server level, and at the client level.
6
Security Threats in the E-commerce Environment
[ Malicious code (sometimes referred to as “malware”) below all falls into this category]
• Malvertising
• Exploits and exploit kits
• Drive-by downloads
• Ransomware
• Trojan horses
• Viruses
• Worms
• Backdoors
• Bots, botnets
mal_vertising
online advertising
that contains malicious code
exploit,
is designed to take advantage of
software vulnerabilities
in a computer’s operating system,
web browser,
applications,
or other software components.
exploit kit
collection of exploits
bundled together and
rented or sold as a commercial product
drive-by download
malware
that comes with a downloaded file
that a user requests
ransomware
malware
that prevents you from accessing your computer or files and
demands that you pay a fine
Trojan horse
malware
appears to be harmless,
but then does something other than expected.
Often a way for viruses or other malicious code to be introduced into a computer system
[Bard: The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to
the fall of the city of Troy.]
virus
a computer program
that has the ability to replicate or make copies of itself,
and spread to other files worm malware
that is designed to spread from computer to computer
But need a host file to attach themselves to it
Worm
computer programs that can replicate themselves and spread autonomously
across computer networks.
backdoor
feature of viruses, worms, and Trojans that
allows an attacker
to remotely access
a compromised computer
bot
type of malicious code
that can be secretly installed on a computer when connected to the Internet.
Once installed, the bot responds to external commands sent by the attacker
botnet
collection of captured bot computers
7
Potentially Unwanted Programs
(BAPS)
• Browser para_sites
– Monitor and change user’s browser
• Adware
– Used to call pop-up ads
• P_hish_ing
– Any deceptive,
online attempt by a third party
to obtain confidential information
for financial gain.
Generally used for identity fraud and theft
• Spyware
– Tracks users’ keystrokes, e-mails etc.
8
Hacking, Cybervandalism, and Hacktivism
{• Hacking
– Hackers versus crackers
– Goals: cybervandalism, data breaches
• Cybervandalism:
– Disrupting, defacing, destroying Web site
• Hacktivism
[hacker
an individual
who intends to gain
unauthorized access to
a computer system
Hacking
The process an individual follows
who intends to gain
unauthorized access to
a computer system
– Goals: cybervandalism, data breaches
cracker
within the hacking community,
a term typically
used to denote
a hacker with criminal intent
(Making cracked version of paid apps)
hacktivism
cybervandalism and data theft
for political purposes
9
Identity Fraud/Theft
• Unauthorized use of
another person’s personal data
for illegal financial benefit
QUESTION;
Social Network Security Issues
Internet of Things Security Issues
Encryption
Protecting Servers and Clients
Provides 4 of 6 key dimensions of e-commerce
Developing An E-commerce Security Plan
Mobile Payment Systems
Blockchain
11
Social Network Security Issues
• Social networks an environment for:
– Viruses, site takeovers, identity fraud, malware-loaded apps, click hijacking, phishing, spam
12
Internet of Things Security ISSUES
(CV LMN)
• Challenging environment to protect
• Vast quantity of interconnected links
• Little visibility into workings, data, or security
• Many devices have no upgrade features
• Near identical devices with long service lives
13
Encryption
• Encryption
– Transforms data into cip_her text
readable only by
sender and receiver
– Secures
stored information and
information transmission
▪ Message integrity
▪ Nonrepudiation
▪ Confidentiality
[ A NIC
• Authentication—
provides verification of the identity of the person (or computer) sending the message.
• Nonrepudiation—
prevents the user from denying he or she sent the message.
• Message integrity—
provides assurance that the message has not been altered.
• Confidentiality—
provides assurance that the message was not read by others.
]
14
Protecting Servers and Clients
• Operating system and application software security enhancements
– Upgrades, patches
• Anti-virus software
– Easiest and least expensive way to prevent threats to system integrity
15
Developing An E-commerce Security Plan
(R_SIS_s)
perform a Risk assessment
develop a Security policy
16
How does an online credit card transaction work?
[SSL/TLS
SSL/TLS stands for
secure sockets layer and
transport layer security.]
(CS MC CM)
17
Mobile Payment Systems
• Use of mobile phones as payment devices
– Established in Europe and Asia
– Expanding in United States
• QR codes
– Branded store proximity wallet apps, offered by Walmart, Target, Starbucks, others
[
Quick Response (QR) code
A QR code (quick response code) is a type of two-dimensional barcode that can be
read by smartphones and other mobile devices.
branded store proximity mobile wallets can be used only at a single merchant
18
Blockchain
• Blockchain
– Enables organizations to
create and verify transactions
nearly instantly
using a
distributed P2P database
(distributed ledger)
• Benefits:
– Reduces costs of verifying users,
validating transactions, and
risks of storing and
processing transaction information
19
(S BVB BF)
20
Cryptocurrencies
• Use
blockchain technology and cryptography
to create
a purely digital medium of exchange
• Initial coin offerings (ICOs) being used by some startups to raise capital