Download presentation
Presentation is loading. Please wait.
Published byCollin Lynch Modified over 8 years ago
1
E-commerce Security By John Doran
2
What is e-commerce? the buying and selling of products or services over the internet [3]. Most e-commerce transactions are for selling actual physical products. also involves the sale of electronic services, or access to online content [2].
3
Examples of e-commerce businesses Amazon.com Netflix.com Experian iTunes Napster
4
E-commerce is growing According to ACNielsen study performed in 2005, more than 627 million people have shopped online [8]. the amount of Netflix subscribers grew from 6.32 million in 2006 to 7.48 million subscribers in 2007 [7]. Amazon.com alone had an estimated revenue of $14.8 billion for 2007 [7]
5
Reasons For Growth most online businesses operate 24 hours a day larger variety of products from different parts of the world offer shipping services *many consumers are confident that their private and financial data is secure [9] *
6
Protection Principle 1 Confidentiality - It is expected that the personal and transactional details of a purchase will not be intercepted or disclosed to unauthorized people.
7
Protection Principle 2 Integrity -both consumers and merchants expect to have accurate data.
8
Protection Principle 3 availability -If consumers must wait for pages to load or are not even able to access a website, they may go elsewhere to shop on a single day during the Christmas season, Amazon customers ordered more than 5.4 million items or an average of 62.5 items per second [10].
9
Threats 1 Malware - any software that is designed to do something to a computer without that user’s consent. Malware includes viruses, worms, Trojan horses, and even spyware [11]. Bugbear was a worm that mass emailed itself to many computers. One of its worst features is keystroke logging.
10
Threats 2 Denial of service (DOS) - DOS attacks prevent users from accessing a resource usually by flooding it with illegitimate traffic [12] Website defacement - it damages the online retailer’s image and reduces consumer confidence in their security [1].
11
Threats 3 Data streaming - the theft of large amounts of sensitive personal information such as credit card information [1]. Phishing - is a social engineering technique where a criminal attempts to trick the user into revealing sensitive information [13].
12
Technical Measures 1 firewall protection data backup antivirus software vulnerability patch management
13
Technical Measures 2 Secure Socket Layer or SSL -provides a private secure connection using a handshake protocol Client and server authenticate each other by exchanging their digital certificates. Also a secret symmetric session key is chosen to encrypt the data such as DES (Data Encryption Standard). Validates the integrity of messages being sent by using a secure hash function such as SHA (Secure Hash Algorithm) [1].
14
Technical Measures 3 Secure Electronic Transaction (SEC). designed specifically for credit card transactions. uses certificates and digital signatures to ensure privacy. The most interesting difference between it and SSL is that actual credit card information is not given to the merchant. requires software to be installed on both the consumer and merchant end systems [1].
15
Technical Measures 4 3rd Party Verification include Visa, Verisign, and eTrust requiring certain standards of the merchant help the merchant gain the confidence of consumers when they see the seal
16
Consumer Awareness provide education to consumer. Amazon.com has a help section titled “Identifying Phishing or Spoofed Emails” a privacy policy will also help an e- commerce site to gain credibility.
17
References 1. Warkentin and Vaughn Enterprise Information Systems Assurance and System Security Hershey: Idea Publishing Group, 2006, Ch9. 2. Wikipedia (2008, April 1) “Electronic Commerce” [Online] Available: http://en.wikipedia.org/wiki/Electronic_commerce http://en.wikipedia.org/wiki/Electronic_commerce 3. U.S. Department of Commerce (2008, April 1) “What Is E-Commerce?” [Online] Available: http://www.export.gov/sellingonline/whatisecommerce.asp http://www.export.gov/sellingonline/whatisecommerce.asp 4. U.S. Census Bureau (2008, April 1) “” [Online] Available: http://www.census.gov/mrts/www/data/html/07Q2.html http://www.census.gov/mrts/www/data/html/07Q2.html 5. Wilkerson, David B. (2008, April 1) “Netflix's Profit and Subscriber Rolls Increase” [Online] Available: http://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7D http://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7Dhttp://www.marketwatch.com/news/story/netflixs-profit-subscriber- rolls-increase/story.aspx?guid=%7B50293CA4-41F4-4805-805C- 669C905843B8%7D 6. Netflix (2008, April 1) “How It Works” [Online] Available: http://www.netflix.com/HowItWorks http://www.netflix.com/HowItWorks 7. Business Week (2008, April 1) “Amazon.com Inc. Earning Estimates” [Online] Available: http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O http://investing.businessweek.com/research/stocks/earnings/earnings.asp?symbol=A MZN.O
18
References (cont) 8. Nielsen (2008, April 1) “One-Tenth of the World’s Population Shopping Online” [Online] Available: http://us.nielsen.com/news/20051019.shtml http://us.nielsen.com/news/20051019.shtml 9. Saunders, Christopher (2008, April 1) “Online Consumer Confidence, Spending Grows” [Online] Available: http://www.clickz.com/showPage.html?page=1473651 http://www.clickz.com/showPage.html?page=1473651 10. Austin, Marcus “Good News, Bad News, Part Two.” [Online] Available: http://www.internetretailing.net/news/good-news-bad-news-part-two http://www.internetretailing.net/news/good-news-bad-news-part-two 11. Wikipedia (2008, April 1) “Malware” [Online] Available: http://en.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware 12. Wikipedia (2008, April 1) “Denial-of-Service Attacks” [Online] Available: http://en.wikipedia.org/wiki/Denial-of-service_attack http://en.wikipedia.org/wiki/Denial-of-service_attack 13. Wikipedia (2008, April 1) “Phishing” [Online] Available: http://en.wikipedia.org/wiki/Phishing http://en.wikipedia.org/wiki/Phishing 14. Amazon.com (2008, April 1) “Identifying Phishing or Spoofed E-mails” [Online] Available: http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501” http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.