Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 4 : E-COMMERCE SECURITY AND PAYMENT SYSTEM (6 Dimensions to E…
CHAPTER 4 : E-COMMERCE SECURITY AND PAYMENT SYSTEM
What is Good E-Commerce Security?
☺
To achieve highest degree of security
New technologies
Organizational policies and procedures
Industry std. and government laws
Other factors:
Time value of money
Cost of security VS potential loss
Security often breaks at weakest link
6 Dimensions to E-Commerce Security
Integrity
The ability to ensure any particular information has not been altered in any way by an unauthorized party.
Nonrepudiation
The ability to ensure that e-commerce participants do not deny (i.e., repudiate) their online actions.
Authenticity
The ability to identify the identity of a person or entity with whom you are dealing on the Internet.
Confidentiality
The ability to ensure that messages and data are available only to those who are authorized to view them.
Privacy
The ability to control the use of information a customer provides about himself or herself to an e-commerce merchant.
Availability
the ability to ensure that an e-commerce site continues to function as intended
2 Major Areas - Tensions between Security and Website Operations
Ease Of Use
The more security measures that are added to an e-commerce site, the more difficult it is to use and the slower the site becomes, hampering ease of use.
Too much security can harm profitability, while not enough can potentially put a company out of business
Public Safety
There is a tension between the claims of individuals to act anonymously and the needs of public officials to maintain public safety that can be threatened by criminals or terrorists.
3 Key Points of Vulnerability in E-Commerce Environment
Client
Server
Communications pipeline (Internet Communications Channels)
Key Security Threats
Malicious Code
viruses, worms, Trojan horses, ransomware, and bot networks are a threat to a system’s integrity and continued operation, often changing how a system functions or altering documents created on the system.
Phishing
any deceptive, online attempt by a third party to obtain confidential information for financial gain.
Hacking & Cyber vandalism
intentionally disrupting, defacing, or even destroying a site.
Credit Card Fraud/Theft
The most common cause of credit card fraud is a lost or stolen card that is used by someone else, followed by employee theft of customer numbers and stolen identities.
Spoofing
occurs when hackers attempt to hide their true identities or misrepresent themselves by using fake e-mail addresses or masquerading as someone else.
Sniffing
a type of eavesdropping program that monitors information traveling over a network, enabling hackers to steal proprietary information from anywhere on a network
Technology Solutions
Encryption
The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver.
1. Symmetric Key Cryptography
Two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. Once the keys are used to encrypt a message, the same keys cannot be used to unencrypt the message.
2. Public key cryptography using digital signatures and hash digests