Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Similar presentations


Presentation on theme: "Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall"— Presentation transcript:

0 E-Commerce Infrastructure
Chapter 4 E-Commerce Infrastructure

1 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Learning Objectives Understand the major components of EC infrastructure. Understand the importance and scope of security of information systems for EC. Learn about the major EC security Identify and assess major technologies and methods for securing EC access and communications. Describe various types of online payment. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

2 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

3 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
1. Security Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

4 The Information Security Problem
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction Security is needed for: Personal information Financial information Business information National information Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

5 EC Security threats and attacks
There are many threats for EC security: Virus: A piece of software code that inserts itself into a program (host) and change the action of that program. Worm: A software program that runs independently, consuming the resources of its host. Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

6 EC Security threats and attacks
banking Trojan: A Trojan that comes to life when computer owners visit an e-banking or e-commerce sites. denial-of-service (DoS) attack Using specialized software to send a flood of data packets to the target computer with the aim of overloading its resources Spam: The electronic equivalent of junk mail Hacker: Someone who gains unauthorized access to a computer system. Cracker: A malicious hacker that may change codes and steal information from the hacked systems. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

7 EC Security threats and attacks
Zombies: Computers infected with malware page hijacking: Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler; once there, an unsuspecting user is redirected to malicious websites Botnet: A huge number (e.g., hundreds of thousands) of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet This techniques is called ‘Phishing’ Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

8 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

9 EC Security - Assurance Model
Internet Security Assurance Model: Three security concepts important to information on the Internet: confidentiality, integrity, and availability Confidentiality: Assurance of data privacy and accuracy. Integrity: Assurance that stored data has not been modified without authorization; a message that was sent is the same message as that which was received Availability: Assurance that access to data, the website, or other EC data service is timely, available, reliable, and restricted to authorized users Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

10 EC Security - Defense Strategy
EC Security Requirements Authentication: Process to verify (assure) the real identity of an individual, computer, computer program, or EC website Authorization: Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform Nonrepudiation: Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchase or transaction Encryption: The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it Auditing Availability Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

11 EC Security - Defense Strategy
EC Security Requirements Authentication: Process to verify (assure) the real identity of an individual, computer, computer program, or EC website Authorization: Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform Nonrepudiation: Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchase or transaction Encryption: The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it Auditing Availability Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

12 EC Security - Defense Strategy
Some of the technologies used to provide EC Security: Anti-virus: to protect a computer from viruses Anti-spy: to protect a computer from spywares Firewall: to protect a network from unauthorized access Secured Socket Layer (SSL): used to encrypt data transferred between the server and the client. Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

13 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
2. Payment Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

14 The Payment Revolution
There are different methods for online payment: Using Payment Cards Smart Cards Stored-Value Cards Micropayment E-Checks Mobile Payment Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

15 The Payment Revolution
Choosing the E-Payment Method: Critical factors that affect choosing a particular method of e-payment can be: Independence Portability Security. Ease of Use Transaction Fees International Support Regulations Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

16 Using Payment Cards Online
Electronic card that contains information that can be used for payment purposes Credit cards Charge cards Debit cards PROCESSING CARDS ONLINE Authorization: Determines whether a buyer’s card is active and whether the customer has sufficient funds Settlement: Transferring money from the buyer’s to the merchant’s account Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

17 Using Payment Cards Online
FRAUDULENT CARD TRANSACTIONS Key tools used in combating fraud: Address Verification System (AVS) Detects fraud by comparing the address entered on a Web page with the address information on file with the cardholder’s issuing bank card verification number (CVN) Detects fraud by comparing the verification number printed on the signature strip on the back of the card with the information on file with the cardholder’s issuing bank Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

18 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Smart Cards smart card An electronic card containing an embedded microchip that enables predefined operations or the addition, deletion, or manipulation of information on the card contact card A smart card containing a small gold plate on the face that when inserted in a smart card reader makes contact and passes data to and from the embedded microchip contactless (proximity) card A smart card with an embedded antenna, by means of which data and applications are passed to and from a card reader unit or other device without contact between the card and the card reader Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

19 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Smart Cards smart card reader Activates and reads the contents of the chip on a smart card, usually passing the information on to a host system smart card operating system Special system that handles file management, security, input/output (I/O), and command execution and provides an application programming interface (API) for a smart card Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

20 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Stored-Value Cards stored-value card A card that has monetary value loaded onto it and that is usually rechargeable Stored-value cards come in two varieties: Closed loop are single-purpose cards issued by a specific merchant or merchant group Open loop are multipurpose cards that can be used to make debit transactions at a variety of retailers Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

21 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
E-Micropayments e-micropayments: Small online payments, typically under $10 can be done using : Aggregation Direct payment Stored value Subscriptions Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

22 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
E-Checking e-check A legally valid electronic version or representation of a paper check Automated Clearing House (ACH) Network A nationwide batch-oriented electronic funds transfer system that provides for the interbank clearing of electronic payments for participating financial institutions Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

23 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

24 Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Mobile Payments Mobile payment: payment transactions initiated or confirmed using a person’s cell phone or smartphone Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall


Download ppt "Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall"

Similar presentations


Ads by Google