1 / 18

E-commerce Security

E-commerce Security. By John Doran. What is e-commerce?. the buying and selling of products or services over the internet [3]. Most e-commerce transactions are for selling actual physical products. also involves the sale of electronic services, or access to online content [2].

indiya
Download Presentation

E-commerce Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-commerce Security By John Doran

  2. What is e-commerce? • the buying and selling of products or services over the internet [3]. • Most e-commerce transactions are for selling actual physical products. • also involves the sale of electronic services, or access to online content [2].

  3. Examples of e-commerce businesses • Amazon.com • Netflix.com • Experian • iTunes • Napster

  4. E-commerce is growing • According to ACNielsen study performed in 2005, more than 627 million people have shopped online [8]. • the amount of Netflix subscribers grew from 6.32 million in 2006 to 7.48 million subscribers in 2007 [7]. • Amazon.com alone had an estimated revenue of $14.8 billion for 2007 [7]

  5. Reasons For Growth • most online businesses operate 24 hours a day • larger variety of products from different parts of the world • offer shipping services • *many consumers are confident that their private and financial data is secure [9] *

  6. Protection Principle 1 • Confidentiality - It is expected that the personal and transactional details of a purchase will not be intercepted or disclosed to unauthorized people.

  7. Protection Principle 2 • Integrity -both consumers and merchants expect to have accurate data.

  8. Protection Principle 3 • availability -If consumers must wait for pages to load or are not even able to access a website, they may go elsewhere to shop • on a single day during the Christmas season, Amazon customers ordered more than 5.4 million items or an average of 62.5 items per second [10].

  9. Threats 1 • Malware - any software that is designed to do something to a computer without that user’s consent. Malware includes viruses, worms, Trojan horses, and even spyware [11]. • Bugbear was a worm that mass emailed itself to many computers. One of its worst features is keystroke logging.

  10. Threats 2 • Denial of service (DOS) - DOS attacks prevent users from accessing a resource usually by flooding it with illegitimate traffic [12] • Website defacement - it damages the online retailer’s image and reduces consumer confidence in their security [1].

  11. Threats 3 • Data streaming - the theft of large amounts of sensitive personal information such as credit card information [1]. • Phishing - is a social engineering technique where a criminal attempts to trick the user into revealing sensitive information [13].

  12. Technical Measures 1 • firewall protection • data backup • antivirus software • vulnerability patch management

  13. Technical Measures 2 • Secure Socket Layer or SSL -provides a private secure connection using a handshake protocol • Client and server authenticate each other by exchanging their digital certificates. • Also a secret symmetric session key is chosen to encrypt the data such as DES (Data Encryption Standard). • Validates the integrity of messages being sent by using a secure hash function such as SHA (Secure Hash Algorithm) [1].

  14. Technical Measures 3 • Secure Electronic Transaction (SEC). • designed specifically for credit card transactions. • uses certificates and digital signatures to ensure privacy. • The most interesting difference between it and SSL is that actual credit card information is not given to the merchant. • requires software to be installed on both the consumer and merchant end systems [1].

  15. Technical Measures 4 • 3rd Party Verification • include Visa, Verisign, and eTrust • requiring certain standards of the merchant • help the merchant gain the confidence of consumers when they see the seal

  16. Consumer Awareness • provide education to consumer. • Amazon.com has a help section titled “Identifying Phishing or Spoofed Emails” • a privacy policy will also help an e-commerce site to gain credibility.

  17. References • 1. Warkentin and Vaughn Enterprise Information Systems Assurance and System Security Hershey: Idea Publishing Group, 2006, Ch9. • 2. Wikipedia (2008, April 1) “Electronic Commerce” [Online] Available: http://en.wikipedia.org/wiki/Electronic_commerce • 3. U.S. Department of Commerce (2008, April 1) “What Is E-Commerce?” [Online] Available: http://www.export.gov/sellingonline/whatisecommerce.asp • 4. U.S. Census Bureau (2008, April 1) “” [Online] Available: http://www.census.gov/mrts/www/data/html/07Q2.html • 5. Wilkerson, David B. (2008, April 1) “Netflix's Profit and Subscriber Rolls Increase” [Online] Available: http://www.marketwatch.com/news/story/netflixs-profit-subscriber-rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C-669C905843B8%7D • 6. Netflix (2008, April 1) “How It Works” [Online] Available: http://www.netflix.com/HowItWorks • 7. Business Week (2008, April 1) “Amazon.com Inc. Earning Estimates” [Online] Available: http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=AMZN.O

  18. References (cont) • 8. Nielsen (2008, April 1) “One-Tenth of the World’s Population Shopping Online” [Online] Available: http://us.nielsen.com/news/20051019.shtml • 9. Saunders, Christopher (2008, April 1) “Online Consumer Confidence, Spending Grows” [Online] Available: http://www.clickz.com/showPage.html?page=1473651 • 10. Austin, Marcus “Good News, Bad News, Part Two.” [Online] Available: http://www.internetretailing.net/news/good-news-bad-news-part-two • 11. Wikipedia (2008, April 1) “Malware” [Online] Available: http://en.wikipedia.org/wiki/Malware • 12. Wikipedia (2008, April 1) “Denial-of-Service Attacks” [Online] Available: http://en.wikipedia.org/wiki/Denial-of-service_attack • 13. Wikipedia (2008, April 1) “Phishing” [Online] Available: • http://en.wikipedia.org/wiki/Phishing • 14. Amazon.com (2008, April 1) “Identifying Phishing or Spoofed E-mails” [Online] Available: http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501”

More Related