CHAPTER 4 : E-COMMERCE SECURITY AND PAYMENT SYSTEM (Key Security Threats…
CHAPTER 4 : E-COMMERCE SECURITY AND PAYMENT SYSTEM
The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver.
1. Symmetric Key Cryptography
Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. Once the keys are used to encrypt a message, the same keys cannot be used to unencrypt the message.
2. Public key cryptography using digital signatures and hash digests
Key Security Threats
a type of eavesdropping program that monitors information traveling over a network, enabling hackers to steal proprietary information from anywhere on a network
occurs when hackers attempt to hide their true identities or misrepresent themselves by using fake e-mail addresses or masquerading as someone else.
Credit Card Fraud/Theft
The most common cause of credit card fraud is a lost or stolen card that is used by someone else, followed by employee theft of customer numbers and stolen identities.
Hacking & Cyber vandalism
intentionally disrupting, defacing, or even destroying a site.
any deceptive, online attempt by a third party to obtain confidential information for financial gain.
viruses, worms, Trojan horses, ransomware, and bot networks are a threat to a system’s integrity and continued operation, often changing how a system functions or altering documents created on the system.
6 Dimensions to E-Commerce Security
The ability to control the use of information a customer provides about himself or herself to an e-commerce merchant.
The ability to ensure that messages and data are available only to those who are authorized to view them.
The ability to identify the identity of a person or entity with whom you are dealing on the Internet.
The ability to ensure that e-commerce participants do not deny (i.e., repudiate) their online actions.
The ability to ensure any particular information has not been altered in any way by an unauthorized party.
the ability to ensure that an e-commerce site continues to function as intended
What is Good E-Commerce Security?
To achieve highest degree of security
Organizational policies and procedures
Industry std. and government laws
Time value of money
Cost of security VS potential loss
Security often breaks at weakest link
2 Major Areas - Tensions between Security and Website Operations
Ease Of Use
The more security measures that are added to an e-commerce site, the more difficult it is to use and the slower the site becomes, hampering ease of use.
Too much security can harm profitability, while not enough can potentially put a company out of business
There is a tension between the claims of individuals to act anonymously and the needs of public officials to maintain public safety that can be threatened by criminals or terrorists.
3 Key Points of Vulnerability in E-Commerce Environment
Communications pipeline (Internet Communications Channels)