1 / 20

PART THREE E-commerce in Action

PART THREE E-commerce in Action. Chapter 7: Online Security and Payment Systems. Learning Objectives. Understand the scope of e-commerce crime and security problems. Describe the key dimensions of e-commerce security.

vail
Download Presentation

PART THREE E-commerce in Action

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PART THREE E-commerce in Action E-commerce in Action

  2. Chapter 7: Online Security and Payment Systems E-commerce in Action

  3. Learning Objectives • Understand the scope of e-commerce crime and security problems. • Describe the key dimensions of e-commerce security. • Understand the tension between security and other values. • Identify the key security threats in the e-commerce environment. • Describe how technology helps protect the security of messages sent over the Internet. E-commerce in Action

  4. Understand the scope of e-commerce crime and security problems While the overall size of cyber-crime is unclear at this time, cyber-crime against e-commerce sites is growing rapidly, the amount of losses is growing, and the management of e-commerce sites must prepare for a variety of criminal assaults. E-commerce in Action

  5. The key dimensions of e-commerce security There are six key dimensions to e-commerce security: - Integrity - Non-repudiation - Authenticity - Confidentiality - Privacy - Availability E-commerce in Action

  6. The key dimensions of e-commerce security (Cont.) Integrity: Ensures that information displayed on a Web site or sent or received via the Internet has not been altered in any way by an unauthorized party. Non-repudiation: Ensure that e-commerce participants do not deny (repudiate) their online actions. E-commerce in Action

  7. The key dimensions of e-commerce security (Cont.) Authenticity: Verifies an individual’s or business’s identity. Confidentiality: Determines whether information shared online, such as through e-mail communication or an order process, can be viewed by anyone other than the intended recipient. E-commerce in Action

  8. The key dimensions of e-commerce security (Cont.) Privacy: Deals with the use of information shared during an online transaction consumers want to limit the extent to which their personal information can be divulged to other organizations, while, merchants want to protect such information from falling into the wrong hand. Availability: Determines whether a Web site is accessible and operational at any given moment. E-commerce in Action

  9. The tension between security and other values Although computer security is considered necessary to protect e-commerce activities, it is not without a downside. Two major areas where there are tensions between security and Web site operations include: Ease of use and Public safety. E-commerce in Action

  10. The tension between security and other values (Cont.) Ease of use: The more security measures that are added to an e-commerce site, the more difficult it is to use and the slower the site becomes, hampering ease of use. Security is purchased at the price of slowing down processors and adding significantly to data storage demands. Too much security can harm profitability, while not enough can potentially put a company out of business. E-commerce in Action

  11. The tension between security and other values (Cont.) Public safety: There is a tension between the claims of individuals to act anonymously and the needs of public officials to maintain public safety that can be threatened by criminals or terrorists. E-commerce in Action

  12. The security threats in the e-commerce environment The nine most common and most damaging forms of security threats to e-commerce sites include: - Malicious code - Unwanted programs (adware, spyware, etc.) - Phishing - Hacking and cyber-vandalism - Spoofing - Denial of Service attacks - Sniffing - Insider jobs - Poorly designed server and client software E-commerce in Action

  13. The security threats in the e-commerce environment (Cont.) Malicious code: Viruses, worms, Trojan horses, and bot networks are a threat to a system’s integrity and continued operation, often changing how a system functions or altering documents created on the system. Unwanted programs (adware, spyware, etc.): A kind of security threat that arises when programs are surreptitiously installed on your computer or computer network with. E-commerce in Action

  14. The security threats in the e-commerce environment (Cont.) Phishing: Any deceptive, online attempt by a third party to obtain confidential information for financial gain. Hacking and cyber-vandalism: Intentionally disrupting, defacing, or even destroying a site. E-commerce in Action

  15. The security threats in the e-commerce environment (Cont.) Credit card fraud/theft: One of the most feared occurrences and one the main reasons more consumers do not participate in e-commerce. The most common cause of credit card fraud is a lost or stolen card that is used by someone else, followed by employee theft of customer numbers and stolen identities (criminals applying for credit card using false identities). E-commerce in Action

  16. The security threats in the e-commerce environment (Cont.) Spoofing: Occurs when hackers attempt to hide their true identities or misrepresent themselves by using fake e-mail addresses or masquerading as someone else. Spoofing also can involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. E-commerce in Action

  17. The security threats in the e-commerce environment (Cont.) Denial of Service attacks: Hackers flood a Web site with useless traffic to inundate and overwhelm the network, frequently causing it to shut down and damaging a site’s reputation and customer relationships. Sniffing: A type of eavesdropping program that monitors information traveling over a network, enabling hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential report. The threat of sniffing is that confidential or personal information will be made public. E-commerce in Action

  18. The security threats in the e-commerce environment (Cont.) Insider jobs: Although the bulk of Internet security efforts are focused on keeping outsiders out, the biggest threat is from employees who have access to sensitive information and procedures. Poorly designed server and client software: The increase in complexity and size of software programs has contributed to an increase in software flaws or vulnerabilities that hackers can exploit weaknesses. E-commerce in Action

  19. How technology helps protect the security of messages sent over the Internet ? Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. Encryption can provide four of the six key dimensions of e-commerce security. Message integrity, Non-repudiation, Authentication and Confidentiality. E-commerce in Action

  20. How technology helps protect the security of messages sent over the Internet ? (Cont.) Message integrity: Provides assurance that the sent message has not been altered. Non-repudiation: Prevents the user from denying that he or she sent a message. Authentication: Provides verification of the identity of the person (or computer) sending the message. Confidentiality: Gives assurance that the message was not read by others. E-commerce in Action

More Related