Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.

Similar presentations


Presentation on theme: "E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions."— Presentation transcript:

1 E-commerce Security By John Doran

2 What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions are for selling actual physical products.  also involves the sale of electronic services, or access to online content [2].

3 Examples of e-commerce businesses  Amazon.com  Netflix.com  Experian  iTunes  Napster

4 E-commerce is growing  According to ACNielsen study performed in 2005, more than 627 million people have shopped online [8].  the amount of Netflix subscribers grew from 6.32 million in 2006 to 7.48 million subscribers in 2007 [7].  Amazon.com alone had an estimated revenue of $14.8 billion for 2007 [7]

5 Reasons For Growth  most online businesses operate 24 hours a day  larger variety of products from different parts of the world  offer shipping services  *many consumers are confident that their private and financial data is secure [9] *

6 Protection Principle 1  Confidentiality - It is expected that the personal and transactional details of a purchase will not be intercepted or disclosed to unauthorized people.

7 Protection Principle 2  Integrity -both consumers and merchants expect to have accurate data.

8 Protection Principle 3  availability -If consumers must wait for pages to load or are not even able to access a website, they may go elsewhere to shop  on a single day during the Christmas season, Amazon customers ordered more than 5.4 million items or an average of 62.5 items per second [10].

9 Threats 1  Malware - any software that is designed to do something to a computer without that user’s consent. Malware includes viruses, worms, Trojan horses, and even spyware [11].  Bugbear was a worm that mass emailed itself to many computers. One of its worst features is keystroke logging.

10 Threats 2  Denial of service (DOS) - DOS attacks prevent users from accessing a resource usually by flooding it with illegitimate traffic [12]  Website defacement - it damages the online retailer’s image and reduces consumer confidence in their security [1].

11 Threats 3  Data streaming - the theft of large amounts of sensitive personal information such as credit card information [1].  Phishing - is a social engineering technique where a criminal attempts to trick the user into revealing sensitive information [13].

12 Technical Measures 1  firewall protection  data backup  antivirus software  vulnerability patch management

13 Technical Measures 2  Secure Socket Layer or SSL -provides a private secure connection using a handshake protocol  Client and server authenticate each other by exchanging their digital certificates.  Also a secret symmetric session key is chosen to encrypt the data such as DES (Data Encryption Standard).  Validates the integrity of messages being sent by using a secure hash function such as SHA (Secure Hash Algorithm) [1].

14 Technical Measures 3  Secure Electronic Transaction (SEC).  designed specifically for credit card transactions.  uses certificates and digital signatures to ensure privacy.  The most interesting difference between it and SSL is that actual credit card information is not given to the merchant.  requires software to be installed on both the consumer and merchant end systems [1].

15 Technical Measures 4  3rd Party Verification  include Visa, Verisign, and eTrust  requiring certain standards of the merchant  help the merchant gain the confidence of consumers when they see the seal

16 Consumer Awareness  provide education to consumer.  Amazon.com has a help section titled “Identifying Phishing or Spoofed Emails”  a privacy policy will also help an e- commerce site to gain credibility.

17 References  1. Warkentin and Vaughn Enterprise Information Systems Assurance and System Security Hershey: Idea Publishing Group, 2006, Ch9.  2. Wikipedia (2008, April 1) “Electronic Commerce” [Online] Available: http://en.wikipedia.org/wiki/Electronic_commerce http://en.wikipedia.org/wiki/Electronic_commerce  3. U.S. Department of Commerce (2008, April 1) “What Is E-Commerce?” [Online] Available: http://www.export.gov/sellingonline/whatisecommerce.asp http://www.export.gov/sellingonline/whatisecommerce.asp  4. U.S. Census Bureau (2008, April 1) “” [Online] Available: http://www.census.gov/mrts/www/data/html/07Q2.html http://www.census.gov/mrts/www/data/html/07Q2.html  5. Wilkerson, David B. (2008, April 1) “Netflix's Profit and Subscriber Rolls Increase” [Online] Available: http://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7D http://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7Dhttp://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7D  6. Netflix (2008, April 1) “How It Works” [Online] Available: http://www.netflix.com/HowItWorks http://www.netflix.com/HowItWorks  7. Business Week (2008, April 1) “Amazon.com Inc. Earning Estimates” [Online] Available: http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O

18 References (cont)  8. Nielsen (2008, April 1) “One-Tenth of the World’s Population Shopping Online” [Online] Available: http://us.nielsen.com/news/20051019.shtml http://us.nielsen.com/news/20051019.shtml  9. Saunders, Christopher (2008, April 1) “Online Consumer Confidence, Spending Grows” [Online] Available: http://www.clickz.com/showPage.html?page=1473651 http://www.clickz.com/showPage.html?page=1473651  10. Austin, Marcus “Good News, Bad News, Part Two.” [Online] Available: http://www.internetretailing.net/news/good-news-bad-news-part-two http://www.internetretailing.net/news/good-news-bad-news-part-two  11. Wikipedia (2008, April 1) “Malware” [Online] Available: http://en.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware  12. Wikipedia (2008, April 1) “Denial-of-Service Attacks” [Online] Available: http://en.wikipedia.org/wiki/Denial-of-service_attack http://en.wikipedia.org/wiki/Denial-of-service_attack  13. Wikipedia (2008, April 1) “Phishing” [Online] Available:  http://en.wikipedia.org/wiki/Phishing http://en.wikipedia.org/wiki/Phishing  14. Amazon.com (2008, April 1) “Identifying Phishing or Spoofed E-mails” [Online] Available: http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501” http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501


Download ppt "E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions."

Similar presentations


Ads by Google