Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Module 10 e security-en
1. MODULE 10
e-Commerce Security
E-learning course on e-
commerce business in
rural sector
2016-1-ES01-KA202-025335
TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-025335
2. Practical information about training
You can follow the training modules one by one or
choose the module you are most interested in.
You should spend about 45-90 minutes for each
training module. But remember that at any time
you can interrupt the training and return to the
place where it previously left off.
To help you better organize the time that you
spend on the implementation, information about
where you are will be constantly visible on the
screen.
You are encourage to actively participate in the
training.You can do this by clicking “Next”, which is
located in the lower right corner of the screen. At
the end of the module you can find a final test for
checking the knowledge you acquired during each
module.
TransForm@ - Game based learning course to boost digital transformation of rural commerce sector – Project number:2016-1-ES01-KA202-0253352
You should spend about 60minutes for the implementation of this training module. But remember that at any time you can
interrupt the training and return to the place where it previously left off.
To help you better organize the time that you spend on the implementation, information about where you are will be
constantly visible on the screen.
We encourage you to actively participate in the training.You can do this by clicking “Next”, which is located in the lower
right corner of the screen. At the end of the module you can find a final test for checking the knowledge you acquired
during this module.
3. Contents
1.The E-commerce Security definition and
Environment and Dimensions
2.What you need to know for information
Security
3.Security threats in E-commerce
Threat definition
Key points of vulnerability
Most common security threats in the e-commerce
environment
Types of Frauds in e-commerce Marketplace
4.E-commerce Security Requirement
Server Security
Message Privacy
Message integrity
Authentication
Authorization
Payment and settlement
5.Electronic payment systems
6.Developing an E-commerce Security
Plan
7.Designing Security
8.Ways to protect yourself
9.Technology solutions protecting you
from security threats that you must see
with your programmer
E-commerce security tools
Protecting Internet communications
Securing channels of communication
Protecting Networks
Protecting servers and clients
4. Learning objectives
At the end of module 10 you will be able to:
Understand the fundamental aspects of e-commerce security
Recognise security threats in e-commerce
Define e-commerce security requirement
Design security plan for your e-commerce business
5. 1.The E-commerce Security definition
E-commerce security is the protection of e-commerce assets from
unauthorized access, use, alteration, or destruction.
6. 1. Dimensions of E-commerce Security
Authenticity
Integrity
Non-repudiation
Ability to ensure that information being displayed on a Web site
or transmitted/received over the Internet has not been
Altered in any way by an unauthorized part.
Ability to ensure that e-commerce participants do not deny
(repudiate) online actions.
Ability to identify the identity of a person or entity with whom you
are dealing on the Internet.
7. 1. Dimensions of E-commerce Security (cont.)
Availability
Confidentiality
Privacy
Ability to ensure that messages and data are available only to
those authorized to view them..
Ability to control the use of information a customer providers
about himself or herself to merchant.
Ability to ensure that e-commerce site continues to function as
intended.
8. 2. What you need to know for information Security
UsefulTips for Information security:
https://www.youtube.com/watch?v=eUxUUarTRW4
9. 3. Security threats in E-commerce
Threat definition
A threat is an object, person, or other entity that represents a constant
danger to an asset.
Management must be informed of the
various kinds of threats facing the organization.
By examining each threat category,
management effectively protects information
through policy, education, training an technology.
10. 3. Security threats in E-commerce
key points of vulnerability
Client
Server
Communications Channel
Server
Communications
Channel
Client
13. 3. Security threats in E-commerce
Most common security threats in the e-
commerce environment
Malicious code
Hacking and cyber vandalism
Spoofing and Spam
Denial of service attacks (DoS and DDoS)
Phishing
Insider Jobs
Credit card fraud/theft
14. 3. Security threats in E-commerce
Viruses
• Replicate and spread to other files
• Macro viruses, file-infecting viruses, script viruses
Worms
• Designed to spread from computer to computer
• Can replicate without being executed by a user or program like virus
Trojan horse
• Appears benign, but does something other than expected
Bots
• Covertly installed on computer. Respond to external commands sent
by attacker to create a network of compromised computers for
sending spam, generating a DoSattact, and stealing info from
computers
Most common security threats in the e-commerce
environment
Malicious code
15. 3. Security threats in E-commerce
Hacking
• Hackers: Individual who intends to gain unauthorized access
to computer systems
• Crackers: Hacker with criminal intent
• Types of hackers:
White hats- hired by corporate to find
weaknesses to
firm’s computer system
Black hats- hackers with intension of causing
harm
Grey hats- hackers breaking and revealing
system flaws without
disrupting site or attempting to profit
from their finds
Cyber Vandalism
• Intentionally disrupting, defacing, destroying Web site
Hacking and cyber vandalism
Most common security threats in the e-commerce
environment
16. 3. Security threats in E-commerce
Spoofing
•Hackers floodWeb site with useless traffic to
inundate and overwhelm network
•Use of bot networks built from hunted of
compromised workstations
Spam
•Microsoft andYahoo have experienced such
attacks
•Hackers use multiple computers to attack
target network from numerous launch points
Spoofing and Spam
Most common security threats in the e-commerce
environment
17. 3. Security threats in E-commerce
Denial of Service attack (DoS)
• is a cyber-attack where the perpetrator seeks to make a
machine or network resource unavailable to its
intended users by temporarily or indefinitely
disrupting services of a host connected to the Internet.
• A DoS attack is analogous to a group of people crowding
the entry door or gate to a shop or business, and not
letting legitimate parties enter into the shop or
business, disrupting normal operations.
Distributed denial of Service attack (DDoS)
• is a cyber-attack where the perpetrator uses more than
one unique IP address, often thousands of them.
Most common security threats in the e-commerce
environment
Denial of service attacks
(DoS and DDoS)
18. 3. Security threats in E-commerce
Is the attempt to
obtain sensitive
information such as
usernames, passwords,
and credit card details (and,
indirectly, money), often
for malicious reasons,by
disguising as a trustworthy
entity in an electronic
communication.
• E-mail scams
• Spoofing legitimateWeb sites
• Use of information to commit
fraudulent act, steal identity
Most common security threats in the e-commerce environment
Phishing
Email phishing example
19. 3. Security threats in E-commerce
Insider Jobs
Single largest financial threat
Data breach
• A data breach is a security incident in
which sensitive, protected or confidential
data is copied, transmitted, viewed, stolen
or used by an individual unauthorized to do
so.
• When organizations lose control over
corporate information to outsiders.
Most common security threats in the e-commerce
environment
Insider Jobs
Phisishing e-mails: What you need to know
https://www.youtube.com/watch?v=U7tbJVSInvo&index=4&list=PLW6yuz0hnr22ic7x77Io2xsV
pXHKSrhdM
20. 3. Security threats in E-commerce
• Fear that credit information will be stolen deters online
purchases
• Hackers target credit card and other customer
information files on merchant servers
• Fraud: occurs when the stolen data is used of modified
• Theft: of software through illegal copying from
company’s servers
• One solution: New identity verification mechanisms
Most common security threats in the e-commerce
environment
Credit card
fraud/theft
21. 3. Security threats in E-commerce
• Buyer fraud
•Credit Card Fraud
•Reseller Fraud
•Product exchange Fraud COD/RIO Fraud
• Seller fraud
•Brand Infringement
•Seller protection fund Fraud
•Fake listing
•Reviews/Ratings Fraud
•Price Abuse
Types of frauds in e-commerce Marketplace
22. 4. E-commerce security requirement
• Use firewalls and proxy servers
• Security against attack
• A key requirement for E-commerce
• Ensures that the communication between trading are not
revealed to other, therefore unauthorized part can not read of
understand the message
• Another key requirement for e-commerce
• Ensures that the communication between trading are not alerted
by an enemy
Server Security
Message Privacy
Message integrity
23. 4. E-commerce security requirement
• Ensures that the sender of the message is actually the person
he/she claims.
• Ensures that the trading has the authority of transaction
• Ensures that commitment to pay for goods/services over media
Authentication
Authorization
Payment
24. 5. Electronic payment system
A medium of payment between remote buyers and sellers
in cyberspace: electronic cash, software wallets, smart
cards, credit/debit cards.
26. 7. Designing Security
Adopt a security policy that make sense.
Considering Web Security needs .
Design the security environment .
Authorize and monitor the Security System.
27. 8.Ways to protect yourself
Change the password often.
Choose password with a mix
of numbers, low and upper
case letters, 8 digitals long
Don’t keep the sensitive files
in folders that have revealing
name.
Always use https while having
through your admin area.
Sign up with managed firewall
service.
Choose a shopping card that
can block IP addresses and
users.
28. 8.Ways to protect yourself
How to create stronger passwords:
https://www.youtube.com/watch?v=sloIvKZRMns&index=2&list=PLW6y
uz0hnr22ic7x77Io2xsVpXHKSrhdM
30. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Protecting Internet communications
Encryption
Decryption
Digital
Signature
Cryptography
31. 9.Technology solutions protecting you from security threats
and you must see with your programmer
The process of scrambling a message in such a way that is difficult,
expecting or time consuming for an unauthorized person to unscramble
it.
The process of unscrambling a message in such a way that is understand
by authorized person.
Protecting Internet communications
Encryption
Decryption
32. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Is the process of encryption and decryption of message or data by using
different algorithms or software’s.
Protecting Internet communications
Cryptography
33. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Protecting Internet communications
Digital
Signature
34. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Protecting Internet communications
Digital
Signature HOW?
35. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Secure Sockets Layer (SSL)
Designed to establish a secure connection between two computers.
Secure HyperTextTransfer Protocol (S-HTTP)
Virtual Private Network (VPN)
Allows remote users to securely access internal network through
the Internet.
Security channels of communications
Protocol
36. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Firewall
is a network security system that monitors and controls the incoming and
outgoing network traffic based on predetermined security rules.
Proxy servers
is a server (a computer system or an application) that acts as
an intermediary for requests from clients seeking resources from other
servers.
Protecting Networks
38. 9.Technology solutions protecting you from security
threats and you must see with your programmer
Antivirus software
Easiest and least expensive way to prevent threats to system integrity
Operating system controls
Authentication and access control mechanisms
Privacy
Cookies, anonymizer
Browser protection
Is the application of Internet security to web browsers in order to protect networked data
and computer systems from breaches of privacy or malware.
Digital certificate
A method for verification that the holder of a public or a private key is who he or she claim
to be.
Protecting Servers and clients
39. Evaluation questions
Match the types of ecommerce (a) - (d)
with (i) - (iv)
a. Authenticity
b. Integrity
c. Privacy
d. Non-repudiation
1. E-commerce participants do not
deny (repudiate) online actions.
2. control the use of information a
customer providers about himself
or herself to merchant.
3. Information being displayed on a
Web site or transmitted/received
over the Internet has not been
altered in any way by an
unauthorized part.
4. A person or entity with whom you
are dealing on the Internet.
True of false
1. Viruses, Worms,Trojan horse and bots are some
types of Malicious code.
2. DoS is a cyber-attack where the perpetrator uses
more than one unique IP address, often thousands
of them.
3. Phishing hovering over links reveals suspicious URL.
4. Credit card Fraud occurs when the stolen data is
used of modified
5. The technology solutions are encryption,
decryption, cryptography, firewall.
6. Protecting clients and servers needed a signature
certificate.
7. Cryptography is the process of unscrambling a
message in such a way that is understand by
authorized person.
8. Secure Sockets Layer (SSL) allows remote users to
securely access internal network through
the Internet.
40. Evaluation questions
Match the types of ecommerce (a) - (d)
with (i) - (iv)
a. Authenticity
b. Integrity
c. Privacy
d. Non-repudiation
1. E-commerce participants do not
deny (repudiate) online actions.
2. control the use of information a
customer providers about himself
or herself to merchant.
3. Information being displayed on a
Web site or transmitted/received
over the Internet has not been
altered in any way by an
unauthorized part.
4. A person or entity with whom you
are dealing on the Internet.
True of false
1. Viruses,Worms,Trojan horse and bots are some types of
Malicious code.T
2. DoS is a cyber-attack where the perpetrator uses more than
one unique IP address, often thousands of them. F
3. Phishing hovering over links reveals suspicious URL. F
4. Credit card Fraud occurs when the stolen data is used of
modified.T
5. The technology solutions are encryption, decryption,
cryptography, firewall. F
6. Protecting clients and servers needed a signature
certificate.T
7. Cryptography is the process of unscrambling a message in
such a way that is understand by authorized person. F
8. Secure Sockets Layer (SSL) allows remote users to securely
access internal network through
the Internet. F
a4, b3, c 2, d1
41. Evaluation questions
Which are the most common security threats in the e-commerce environment?
How you can protect yourself?
What does “hacking” mean and what type of hackers there are ?
Open questions