E-Business

Chapter 5
Security and Payment Systems

Question;
What Is Good E-commerce Security?
What is needed To achieve the highest degree of security?
What are Other factors?
Customer and Merchant Perspectives on
the Different Dimensions of E-commerce Security?
The Tension Between Security and Other
Values
Three key points of vulnerability
Security Threats in the E-commerce
Environment
Potentially Unwanted Programs
Hacking, Cybervandalism, and
Hacktivism
Identity Fraud/Theft

2
What Is Good E-commerce Security?
• To achieve highest degree of security
(NO-IG)
– New technologies
– Organizational policies and procedures
– Industry standards and government laws

[
However, reducing risks in e-commerce is a complex process that involves new technologies,
organizational policies and procedures, and new laws and industry standards that
empower law enforcement officials to investigate and prosecute offenders.]

• Other factors
– Time value of money
– Security often breaks at weakest link
– Cost of security versu potential loss

3
Table 5.3
Customer and Merchant Perspectives on
the Different Dimensions of E-commerce Security

Customer perspective ( E-com site related quarries

Merchant's Perspective ( Customer related quarries)

PAaNIC
Privacy, Authenticity, Availability, Non_repu_dia_tion, Integrity, Confidentiality

Privacy
Can I control the use of information
about myself
transmitted to an e-commerce merchant?

What use, if any, can be made of personal data collected

as part of an e-commerce transaction?
Is the personal information of customers being used in an unauthorized manner?
Authenticity
Who am I dealing with?
How can I be assured that the person or
entity is who they claim to be?

What is the real identity of the customer?

Availability
Can I get access to the site?

Is the site operational?

*Non_re_pu_dia_tion
Can a party to an action with me
later deny taking the action?

Can a customer
deny ordering products?

Integrity
Has information /data
I transmitted or received been
altered?

Has data
on the site been
altered without authorization?
Is data being received from
customers valid?

Confidentiality
Can someone (else) other than the
intended recipient read my
messages?

Are messages or confidential data accessible to anyone other than those authorized to view
them?
4
The Tension Between Security and Other
Values
•Security versus Ease of use
– The more security measures added,
the more difficult a site is to use,
and the slower it becomes

• Public safety and the criminal uses

of the Internet
– Use of technology by criminals
to plan crimes or threaten nation-state

• Three key points of vulnerability in e-commerce environment:

– Client
– Server
– Communications pipeline
(Internet communications channels)

5
[ book; Figure 5.3 illustrates some of the things that can go wrong at each
major vulnerability point in the transaction—
over Internet communications channels, at the server level, and at the client level.
6
Security Threats in the E-commerce Environment
[ Malicious code (sometimes referred to as “malware”) below all falls into this category]
• Malvertising
• Exploits and exploit kits
• Drive-by downloads

• Ransomware
• Trojan horses
• Viruses

• Worms

• Backdoors
• Bots, botnets

mal_vertising
online advertising
that contains malicious code

exploit,
is designed to take advantage of
software vulnerabilities
in a computer’s operating system,
web browser,
applications,
or other software components.

exploit kit
collection of exploits
bundled together and
rented or sold as a commercial product

drive-by download
malware
that comes with a downloaded file
that a user requests

ransomware
malware
that prevents you from accessing your computer or files and
demands that you pay a fine

Trojan horse
malware
appears to be harmless,
but then does something other than expected.
Often a way for viruses or other malicious code to be introduced into a computer system

[Bard: The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to
the fall of the city of Troy.]

virus
a computer program
that has the ability to replicate or make copies of itself,
and spread to other files worm malware
that is designed to spread from computer to computer
But need a host file to attach themselves to it

Worm
computer programs that can replicate themselves and spread autonomously
across computer networks.

backdoor
feature of viruses, worms, and Trojans that
allows an attacker
to remotely access
a compromised computer

bot
type of malicious code
that can be secretly installed on a computer when connected to the Internet.
Once installed, the bot responds to external commands sent by the attacker

botnet
collection of captured bot computers

7
Potentially Unwanted Programs
(BAPS)
• Browser para_sites
– Monitor and change user’s browser

• Adware
– Used to call pop-up ads

• P_hish_ing
– Any deceptive,
online attempt by a third party
to obtain confidential information
for financial gain.
Generally used for identity fraud and theft

• Spyware
– Tracks users’ keystrokes, e-mails etc.

8
Hacking, Cybervandalism, and Hacktivism
{• Hacking
– Hackers versus crackers
– Goals: cybervandalism, data breaches
• Cybervandalism:
– Disrupting, defacing, destroying Web site

• Hacktivism

[hacker
an individual
who intends to gain
unauthorized access to
a computer system

Hacking
The process an individual follows
who intends to gain
unauthorized access to
a computer system
– Goals: cybervandalism, data breaches

cracker
within the hacking community,
a term typically
used to denote
a hacker with criminal intent
(Making cracked version of paid apps)

hacktivism
cybervandalism and data theft
for political purposes

9
Identity Fraud/Theft
• Unauthorized use of
another person’s personal data
for illegal financial benefit

– Credit card numbers

– Social security number

– Usernames/passwords
– Driver’s license

• 2019: Almost 13 million U.S. consumers suffered identity fraud

10
Insider Attacks
• Biggest financial threat
to businesses
comes from insider embez_zle_ment/ fraud
• Employee access to privileged information
• Poor security procedures
• Insiders more likely to be source of cyberattacks than
outsiders

QUESTION;
Social Network Security Issues
Internet of Things Security Issues
Encryption
Protecting Servers and Clients
Provides 4 of 6 key dimensions of e-commerce
Developing An E-commerce Security Plan
Mobile Payment Systems

Blockchain

11
Social Network Security Issues
• Social networks an environment for:
– Viruses, site takeovers, identity fraud, malware-loaded apps, click hijacking, phishing, spam

• 2020 Twitter hack

used social engineering to take control of dozens of prominent accounts and
post Bitcoin scam

• Manual sharing scams

– Sharing of files that link to malicious sites
• Fake offerings, fake Like buttons, and fake apps

12
Internet of Things Security ISSUES
(CV LMN)
• Challenging environment to protect
• Vast quantity of interconnected links
• Little visibility into workings, data, or security
• Many devices have no upgrade features
• Near identical devices with long service lives

[Internet of Things (IoT)

involves the use of the Internet
to connect a wide variety of
sensors, devices, and machines ]

13
Encryption
• Encryption
– Transforms data into cip_her text
readable only by
sender and receiver

– Secures
stored information and
information transmission

– Provides 4 of 6 key dimensions of e-commerce security:

▪ Authentication

▪ Message integrity
▪ Nonrepudiation
▪ Confidentiality

[ A NIC
• Authentication—
provides verification of the identity of the person (or computer) sending the message.

• Nonrepudiation—
prevents the user from denying he or she sent the message.

• Message integrity—
provides assurance that the message has not been altered.

• Confidentiality—
provides assurance that the message was not read by others.
]

14
Protecting Servers and Clients
• Operating system and application software security enhancements
– Upgrades, patches

• Anti-virus software
– Easiest and least expensive way to prevent threats to system integrity

– Requires daily updates

[The most obvious way to

protect servers and clients is to
take advantage of automatic computer security upgrades.

The Microsoft, Apple, and Linux/Unix operating systems are continuously

updated to patch vulnerabilities discovered by hackers.]

15
Developing An E-commerce Security Plan
(R_SIS_s)
perform a Risk assessment
develop a Security policy

develop an Implementation plan

create a Security organization

perform a Security audit

16
How does an online credit card transaction work?

Consumer makes purchase

[SSL/TLS
SSL/TLS stands for
secure sockets layer and
transport layer security.]

SSL/TLS provides secure connection

Merchant software contracts clearing house

Clearinghouse verified account and balance

Issuing bank credits mer_ch_ant account

Monthly statement issued with debit for4 purchase

(CS MC CM)

17
Mobile Payment Systems
• Use of mobile phones as payment devices
– Established in Europe and Asia
– Expanding in United States

• QR codes

• Different types of mobile wallets

– Universal proximity mobile wallet apps, such as Apple Pay, Google Pay, Samsung Pay

– Branded store proximity wallet apps, offered by Walmart, Target, Starbucks, others

[
Quick Response (QR) code
A QR code (quick response code) is a type of two-dimensional barcode that can be
read by smartphones and other mobile devices.
branded store proximity mobile wallets can be used only at a single merchant

18
Blockchain
• Blockchain
– Enables organizations to
create and verify transactions
nearly instantly
using a
distributed P2P database
(distributed ledger)

• Benefits:
– Reduces costs of verifying users,
validating transactions, and
risks of storing and
processing transaction information

– Transactions cannot be altered retroactively and therefore are more secure

• Foundation technology
for cryptocurrencies and supply chain management,
as well as potential applications in financial
services and healthcare industries

19

An order is submitted by an user or customer

The transaction is broadcasted to the P2P network {of computers}

The transaction is verified by others in the network

The block is added to the chain of transaction for this user

Production, warehouse and other blocks

The order is ful_filled

(S BVB BF)

20
Cryptocurrencies
• Use
blockchain technology and cryptography
to create
a purely digital medium of exchange

• Bitcoin the most prominent example

– Value of Bitcoins have widely fluctuated
– Major issues with theft and fraud
– Some governments have banned Bitcoin, although it is gaining acceptance in the U.S.

• Other cryptocurrencies (altcoins) include Ethereum/Ether, Ripple, Litecoin and Monero

• Initial coin offerings (ICOs) being used by some startups to raise capital

[Cryptography is the study of techniques

for secure communication in the presence of third parties