Professional Documents
Culture Documents
E-Commerce Security and Fraud Protection
E-Commerce Security and Fraud Protection
Learning Objectives
1. Understand the importance and scope of security of
2.
3.
4.
5.
6.
9-2
Learning Objectives
7. Describe the major technologies for protection of EC
networks.
8. Describe various types of controls and special
defense mechanisms.
9. Describe consumer and seller protection from fraud.
10.Describe the role of business continuity and disaster
recovery planning.
11.Discuss EC securitys enterprisewide
implementation issues.
12.Understand why it is not possible to stop computer
crimes.
Copyright 2012 Pearson Education, Inc.
Publishing as Prentice Hall
9-3
9-4
9-5
Internet Architecture
9-6
9-7
of Insiders
NEEDED?
The Computer Security Strategy Dilemma
Copyright 2012 Pearson Education, Inc.
Publishing as Prentice Hall
9-8
Basic E-Commerce
Security
Issues
and
risk
The probability that a vulnerability will be
Landscape
known and used
social engineering
9-9
Basic E-Commerce
Security
Issues and
EC Security Requirements
authentication
Landscape
Process to verify (assure) the real identity of an individual,
9-10
9-11
9-12
9-13
integrity
Assurance that stored data has not been
modified without authorization; a message that
was sent is the same message as that which
was received
availability
Assurance that access to data, the website, or
other EC data service is timely, available,
reliable, and restricted to authorized users
9-14
9-15
The Defense I:
Access
Control,
Encryption,
symmetric (private) key encryption
andAnPKI
encryption system that uses the same key to
encrypt and decrypt the message
Data Encryption Standard (DES)
The standard symmetric encryption algorithm
supported by the NIST and used by U.S.
government agencies until October 2000
9-16
The Defense I:
Access Control, Encryption,
public key infrastructure (PKI)
and
PKIfor securing e-payments using public
A scheme
key encryption and various technical components
public (asymmetric) key encryption
9-17
9-18
9-19
9-20
AGENTS
intelligent agents
9-21
9-22
9-23
Managerial Issues
1. What is the best EC security strategy for my
2.
3.
4.
5.
company?
Is the budget for EC security adequate?
What steps should businesses follow in
establishing a security plan?
Should organizations be concerned with internal
security threats?
What is the key to establishing strong ecommerce security?
9-24
Summary
1. The key to establishing strong e-commerce
2.
3.
4.
5.
6.
security
Basic EC security issues and terminology
Threats, vulnerabilities, and technical
attacks
Internet fraud, phishing, and spam
Information assurance
Securing EC access control and
communications
Copyright 2012 Pearson Education, Inc.
Publishing as Prentice Hall
9-25
Summary
7. Technologies for protecting networks.
8. The different controls and special defense
mechanisms.
9. Protecting from fraud.
10. Role of business continuity and disaster
recovery planning.
11. Enterprisewide EC security.
12. Why is it impossible to stop computer
crimes?
Copyright 2012 Pearson Education, Inc.
Publishing as Prentice Hall
9-26
9-27