E- Commerce transactions And Shopping Cart ERDEM OZDEN INBS 510 ANNA STORY APRIL 16, 2002 Online Credit Card Fraud Stats Global online purchases will reach $310 billion in 2005. Online credit card fraud will cost $9 billion in 2001.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
INBS 510 ANNA STORY
APRIL 16, 2002
Source: Meridien Research
Source: Jupiter Media Metrix
Online Store: The merchant sets up an online store.
Bank Account: The merchant registers with a bank to authorize transactions.
Product Selection: Customers browse products by product category, or by text search.
Shopping Cart:Customers view and change the contents of their shopping cart.
Customer Registration: Registration is needed when customers make a purchase.
Check Out: The customer may verify or change items, and then proceed with their purchase.
Credit Card Authorization: The customer submits credit card information for authorization.
Order Processing:After credit card authorization, the merchant sends the product.
to Check out.
Shopping CartOnline Credit Card Transaction
2. Shipping, tax added
for total amount.
3. Customer’s address,
Get User Info
5. If the CC is Declined
Get New CC.
4. Customer’s credit card
Enter Credit Card Information
5. If the CC is Authorized
One-click Buy : CC data is stored in database, and used for instant purchases.
Personalization : Some merchants offer personalized services like special offers, and
recommendations, for registered customers.
Order Tracking : The customers monitor order status by using the order ID.
Save your cart : Customers save their cart and complete the transaction at a later date.
E-mail Verification : The customers receive emails about news, special events,
recommendations, and the recent order.
User Selects New
Or Returning User
1. Cardholder calls Issuer
Bank for fraud.
4. Issuer Bank gives
2. Issuer Bank calls
3. Acquirer Bank debits
or cancels agreement.
“Charge-back fraud has slowed the growth of e-commerce…Nothing is going to happen until credit card companies can positively authenticate every consumer buying from a website.”
Theodore Lacobuizo, Senior Analyst, TowerGroup
Employee Theft: Employee steals data. This is the largest threat.
Trojan Horse: Can be used for snooping. Frequently used in a virus attack.
Hacking : Breaking into a system. Trojan horses used for returning to server.
Social Engineering: Hackers act like a network engineer.
Buffer Overflow: Cause an overflow condition. May grant root access.
Cracking: Breaking into system to steal things.
Password Fishing: Trying to log in with common passwords.
Snooping: Use of a software program to intercept data.
Application Attack: Force application to fall-over, and root access to system.SECURITY THREAT
1. Browser sends SSL request massage.
2. Server responds by sending it’s certificate.
3. Browser verifies that the certificate is valid.
4. Browser sends one time session key.
5. Server decrypts the massage with it’s private key.
6. Source exchanges with symmetric encryption.
The certificate, which contains the Web server’s public key, will be used by the browser to:
Certification Authority (CA) Certificates
“3-D” refers to the three domains
1. Cardholder selects ’buy’.
2. Merchant queries Visa for account data.
3. Visa checks CAD
for customer data.
Issuer Access Control
4. Issuer ACS validates password, digitally signs response,
transmits copy to Authentication History Server
5. Merchant verifies signature,
and sends authorization request.