Your SlideShare is downloading. ×
Ecommerce security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Ecommerce security


Published on

This lecture is deliver by MAM Shafia the lecturer in GCUF on ecommerce security …

This lecture is deliver by MAM Shafia the lecturer in GCUF on ecommerce security
and modify by syed Mubashair Abid

Published in: Education, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. E-Commerce Security
  • 2. The E-Commerce SecurityEnvironment For most law-abiding citizens, the Internet holds the promise of a huge and convenient global marketplace For criminals, the Internet has created entirely new – and profitable – ways to steal from the more than one billion Internet consumers worldwide From products to services to cash to information, it’s all there for the taking on the Internet It’s also less risky to steal online For example, rather than rob a bank in person, the Internet makes it possible to rob people
  • 3. The Scope of the Problem Cybercrime is becoming a more significant problem for both organizations and consumers Bot networks, DDoS attacks, Trojans, phishing, data theft, identify theft, credit card fraud, and spyware are just some of the threats that are making daily headlines Even social networking sites have had security breaches For example, an individual hacked into Britney Spears’ Twitter account and began sending messages saying the singer had died
  • 4. The Scope of the Problem (cont.) One source of cybercrime information is the Internet Crime Complaint Center (IC3) In 2010, the IC3 processed more than 303,000 Internet crime complaints and it was estimated that in 2009 the total dollar loss for all referred crimes was $559 million In the past, auction fraud constituted over 70% of complaints, but in 2010 it was only 10%, displaced by non payment/delivery (21%) and identity theft (16%) The Computer Security Institute’s annual Computer Crime and Security Survey is another source of information
  • 5. Types ofAttacksAgainstComputerSystems(Figure)
  • 6. The Underground Economy Marketplace:The Value of Stolen Information Criminals who steal information on the Internet do not always use this information themselves, but instead derive value by selling the information to others Some recently observed prices for stolen information, which typically vary depending on the quantity being purchased Not every cybercriminal is necessary after money In some cases, such criminals aim to deface, vandalize, and/or disrupt a Web site, rather than actually steal goods or services
  • 7. What is Good E-CommerceSecurity? What is a secure commercial transaction? Anytime you go into a marketplace you take risks, including the loss of privacy E-commerce merchants and consumers face many of the same risks as participants in traditional commerce, although in a new digital environment Reducing risks in e-commerce is a complex process that involves new technologies, organizational policies and procedures, and new laws and industry standards that empower law enforcement officials to investigate and prosecute offenders
  • 8. The E-Commerce SecurityEnvironment
  • 9. The Tension Between Securityand Other Values Can there be too much security? The answer is yes. Computer security adds overhead and expense to business operations Expanding computer security also has other downsides:  Makes systems more difficult to use  Slows down processors  Increases data storage demands  May reduce individual’s abilities to remain anonymous
  • 10. Security Threats in the E-Commerce Environment From a technological perspective, there are three key points of vulnerability when dealing with e- commerce: the client, the server, and the communications pipeline Figure 5.4 illustrates some of the things that can go wrong at each major vulnerability point in the transaction
  • 11. A Typical E-CommerceTransaction
  • 12. Vulnerable Points in an E-Commerce Transaction
  • 13. Common E-Commerce SecurityThreats Some of the most common and most damaging forms of security threats to e-commerce consumers and site operators include:  Malicious code (malware) – virus, worm, Trojan horse, bots, etc.  Unwanted programs (spyware)  Phishing and identify theft – social engineering  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming) and spam (junk) websites  Denial of service (DoS) attacks  Insider attacks  Poorly designed server and client software Social networks and mobile devices greatly expand the security threats to organizations and individuals
  • 14. Technology Solutions It might seem like there is not much that can be done about the onslaught of security breaches on the Internet But in fact a great deal of progress has been made by private security firms, corporate and home users, network administrators, technology firms, and government agencies Two lines of defense include:  Technology solutions  Policy solutions
  • 15. Encryption Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver The purpose of encryption is to secure stored information and to secure information transmission One early encryption method was symmetric key encryption where both the sender and the receiver use the same key to encrypt and decrypt the message They had to send the key to each other over some communications media or in person
  • 16. Public Key Cryptography
  • 17. Limitations to EncryptionSolutions All forms of encryption have limitations It is not effective against insiders Protecting private keys may also be difficult because they are stored on insecure desktop and laptop computers Additional technology solutions exist for securing channels of communications, networks, and servers/clients
  • 18. Communication Channel, Network, and Server/Client Security Technologies Communication channel security technologies:  Secure Sockets Layer (SSL)  Virtual Private Networks (VPNs) Network protection technologies:  Firewalls  Proxy servers Server/client protection technologies  Operating system security enhancements  Anti-virus software
  • 19. Management Policies, BusinessProcedures, and Public Laws US businesses and government agencies spend about 14% of their information technology budgets on security hardware, software, and services (about $35 billion in 2010) However, most CEOs and CIOs of existing e- commerce operations believe that technology is not the sole answer to managing the risk of e- commerce An e-commerce security plan would include a risk assessment, development of a security policy, implementation plan, creation of a security organization, and a security audit Implementation may involve expanded forms of
  • 20. The Roles of Laws and PublicPolicy The public policy environment today is very different fro the early days of e-commerce The net result is that the Internet is no longer an ungoverned, unsupervised, self-controlled technology juggernaut It is also apparent that legal and public policy solutions also need to be enacted globally
  • 21. Government Policies and Controls onEncryption Software An interesting example of the difficulties involved in enhancing security is the case of encryption software distribution Governments have required to restrict availability and export of encryption systems as a means of detecting and preventing crime and terrorism On one hand, restricting global distribution of advanced encryption systems may reduce the likelihood that they may be cracked But it also reduces global Internet security if different countries have different levels of protection