SlideShare a Scribd company logo

Chapter 5.pdf

M
MehediHasan875455

this is very informative notes

Business
1 of 26
Download to read offline
E-Business Chapter 5 Security and Payment Systems Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved What Is Good E-commerce Security? • To achieve highest degree of security – New technologies – Organizational policies and procedures – Industry standards and government laws • Other factors – Time value of money – Cost of security versus potential loss – Security often breaks at weakest link
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.1 The E-commerce Security Environment
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Table 5.3 Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security Dimension Customer’s Perspective Merchant’s Perspective Integrity Has information I transmitted or received been altered? Has data on the site been altered without authorization? Is data being received from customers valid? Nonrepudiation Can a party to an action with me later deny taking the action? Can a customer deny ordering products? Authenticity Who am I dealing with? How can I be assured that the person or entity is who they claim to be? What is the real identity of the customer? Confidentiality Can someone other than the intended recipient read my messages? Are messages or confidential data accessible to anyone other than those authorized to view them? Privacy Can I control the use of information about myself transmitted to an e-commerce merchant? What use, if any, can be made of personal data collected as part of an e-commerce transaction? Is the personal information of customers being used in an unauthorized manner? Availability Can I get access to the site? Is the site operational?
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved The Tension Between Security and Other Values • Ease of use – The more security measures added, the more difficult a site is to use, and the slower it becomes • Public safety and the criminal uses of the Internet – Use of technology by criminals to plan crimes or threaten nation-state
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Security Threats in the E-commerce Environment • Three key points of vulnerability in e-commerce environment: – Client – Server – Communications pipeline (Internet communications channels)
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.3 Vulnerable Points in an E-commerce Transaction
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Malicious Code • Exploits and exploit kits • Malvertising • Drive-by downloads • Viruses • Worms • Ransomware • Trojan horses • Backdoors • Bots, botnets
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Potentially Unwanted Programs • Browser parasites – Monitor and change user’s browser • Adware – Used to call pop-up ads • Spyware – Tracks users’ keystrokes, e-mails etc.
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Phishing • Any deceptive, online attempt by a third party to obtain confidential information for financial gain • Tactics – Social engineering – E-mail scams • Used for identity fraud and theft
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Hacking, Cybervandalism, and Hacktivism • Hacking – Hackers versus crackers – Goals: cybervandalism, data breaches • Cybervandalism: – Disrupting, defacing, destroying Web site • Tiger teams and bug bounty hunters • Hacktivism
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Credit Card Fraud/Theft • One of most feared occurrences, despite federal law limits on liability • Hacking and looting of corporate servers is primary cause • Central security issue: establishing customer identity – E-signatures – Multi-factor authentication – Fingerprint identification
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Identity Fraud/Theft • Unauthorized use of another person’s personal data for illegal financial benefit – Social security number – Driver’s license – Credit card numbers – Usernames/passwords • 2019: Almost 13 million U.S. consumers suffered identity fraud
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Insider Attacks • Biggest financial threat to businesses comes from insider embezzlement • Employee access to privileged information • Poor security procedures • Insiders more likely to be source of cyberattacks than outsiders
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Poorly Designed Software • Increase in complexity of and demand for software has led to increase in flaws and vulnerabilities • SQL injection attacks • Zero-day vulnerabilities • Heartbleed bug; Shellshock (BashBug); FREAK
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Social Network Security Issues • Social networks an environment for: – Viruses, site takeovers, identity fraud, malware- loaded apps, click hijacking, phishing, spam • 2020 Twitter hack used social engineering to take control of dozens of prominent accounts and post Bitcoin scam • Manual sharing scams – Sharing of files that link to malicious sites • Fake offerings, fake Like buttons, and fake apps
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Internet of Things Security Issues • Challenging environment to protect • Vast quantity of interconnected links • Near identical devices with long service lives • Many devices have no upgrade features • Little visibility into workings, data, or security
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Encryption • Encryption – Transforms data into cipher text readable only by sender and receiver – Secures stored information and information transmission – Provides 4 of 6 key dimensions of e-commerce security: ▪ Message integrity ▪ Nonrepudiation ▪ Authentication ▪ Confidentiality
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Protecting Servers and Clients • Operating system and application software security enhancements – Upgrades, patches • Anti-virus software – Easiest and least expensive way to prevent threats to system integrity – Requires daily updates
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.12 Developing an E-commerce Security Plan
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.13 How an Online Credit Card Transaction Works
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Mobile Payment Systems • Use of mobile phones as payment devices – Established in Europe and Asia – Expanding in United States • Near field communication (NFC) and QR codes • Different types of mobile wallets – Universal proximity mobile wallet apps, such as Apple Pay, Google Pay, Samsung Pay – Branded store proximity wallet apps, offered by Walmart, Target, Starbucks, others – P2P mobile payment apps, such as Zelle, Venmo, Square Cash
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Blockchain • Blockchain – Enables organizations to create and verify transactions nearly instantaneously using a distributed P2P database (distributed ledger) • Benefits: – Reduces costs of verifying users, validating transactions, and risks of storing and processing transaction information – Transactions cannot be altered retroactively and therefore are more secure • Foundation technology for cryptocurrencies and supply chain management, as well as potential applications in financial services and healthcare industries
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.15 How Blockchain Works
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Cryptocurrencies • Use blockchain technology and cryptography to create a purely digital medium of exchange • Bitcoin the most prominent example – Value of Bitcoins have widely fluctuated – Major issues with theft and fraud – Some governments have banned Bitcoin, although it is gaining acceptance in the U.S. • Other cryptocurrencies (altcoins) include Ethereum/Ether, Ripple, Litecoin and Monero • Initial coin offerings (ICOs) being used by some startups to raise capital
Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.

Recommended

Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Kyriba Corporation
 
Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Kyriba Corporation
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Chapter 1.pdf
Chapter 1.pdfChapter 1.pdf
Chapter 1.pdfMehediHasan875455
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptxMhndHTaani
 

Recommended

Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Driving Payments Security and Efficiency During COVID-19
Driving Payments Security and Efficiency During COVID-19Kyriba Corporation
 
Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Driving Payments Security and Efficiency During COVID 19
Driving Payments Security and Efficiency During COVID 19 Kyriba Corporation
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Chapter 1.pdf
Chapter 1.pdfChapter 1.pdf
Chapter 1.pdfMehediHasan875455
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptxMhndHTaani
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Zeshan Sattar
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptxCopy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptxramidhavsclas
 
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptxramidhavsclas
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity| paul young cpa, cga
 
Power up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data ManagementPower up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data ManagementMithi Software Technologies Pvt Ltd
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Securter Systems
Securter Systems Securter Systems
Securter Systems KimberleyLau4
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Webinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the NumbersWebinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the NumbersSynopsys Software Integrity Group
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...Vaultastic
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 DVV Solutions Third Party Risk Management
 
Job Analysis.pptx
Job Analysis.pptxJob Analysis.pptx
Job Analysis.pptxMehediHasan875455
 
Chapter 6.pdf
Chapter 6.pdfChapter 6.pdf
Chapter 6.pdfMehediHasan875455
 

More Related Content

Similar to Chapter 5.pdf

Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Zeshan Sattar
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptxCopy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptxramidhavsclas
 
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptxramidhavsclas
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Power up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data ManagementPower up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data ManagementMithi Software Technologies Pvt Ltd
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...Vaultastic
 

Similar to Chapter 5.pdf (20)

Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor Management
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptxCopy of laudon-traver_ec17_ppt_ch01_accessible.pptx
Copy of laudon-traver_ec17_ppt_ch01_accessible.pptx
 
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
1 of laudon-traver_ec17_ppt_ch01_accessible.pptx
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
Power up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data ManagementPower up Digitalisation with Agile Business Communication and Data Management
Power up Digitalisation with Agile Business Communication and Data Management
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Securter Systems
Securter Systems Securter Systems
Securter Systems
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Webinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the NumbersWebinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the Numbers
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
Webinar mccia sm_bs_ how cloud backup can help you reduce risks and gain...
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 

More from MehediHasan875455

Dessler_hrm15_ inppt_05.pptx
Dessler_hrm15_ inppt_05.pptxDessler_hrm15_ inppt_05.pptx
Dessler_hrm15_ inppt_05.pptxMehediHasan875455
 
5. Offence, Penalty-ICAB.pptx
5. Offence, Penalty-ICAB.pptx5. Offence, Penalty-ICAB.pptx
5. Offence, Penalty-ICAB.pptxMehediHasan875455
 

More from MehediHasan875455 (15)

Job Analysis.pptx
Job Analysis.pptxJob Analysis.pptx
Job Analysis.pptx
 
Chapter 6.pdf
Chapter 6.pdfChapter 6.pdf
Chapter 6.pdf
 
HRM slide.pptx
HRM slide.pptxHRM slide.pptx
HRM slide.pptx
 
Dessler_hrm15_ inppt_11.ppt
Dessler_hrm15_ inppt_11.pptDessler_hrm15_ inppt_11.ppt
Dessler_hrm15_ inppt_11.ppt
 
Dessler_hrm15_ inppt_05.pptx
Dessler_hrm15_ inppt_05.pptxDessler_hrm15_ inppt_05.pptx
Dessler_hrm15_ inppt_05.pptx
 
CH 07 Entrepreneurship.pptx
CH 07 Entrepreneurship.pptxCH 07 Entrepreneurship.pptx
CH 07 Entrepreneurship.pptx
 
CH 05 Entrepreneurship.pptx
CH 05 Entrepreneurship.pptxCH 05 Entrepreneurship.pptx
CH 05 Entrepreneurship.pptx
 
CH 03 Entrepreneurship.pptx
CH 03 Entrepreneurship.pptxCH 03 Entrepreneurship.pptx
CH 03 Entrepreneurship.pptx
 
CH 02 Entrepreneurship.pptx
CH 02 Entrepreneurship.pptxCH 02 Entrepreneurship.pptx
CH 02 Entrepreneurship.pptx
 
CH 01 Entrepreneurship.pptx
CH 01 Entrepreneurship.pptxCH 01 Entrepreneurship.pptx
CH 01 Entrepreneurship.pptx
 
5. Offence, Penalty-ICAB.pptx
5. Offence, Penalty-ICAB.pptx5. Offence, Penalty-ICAB.pptx
5. Offence, Penalty-ICAB.pptx
 
project management L1.pptx
project management L1.pptxproject management L1.pptx
project management L1.pptx
 
L2.pptx
L2.pptxL2.pptx
L2.pptx
 
Chapter 4.pdf
Chapter 4.pdfChapter 4.pdf
Chapter 4.pdf
 
Chapter 3.pdf
Chapter 3.pdfChapter 3.pdf
Chapter 3.pdf
 

Recently uploaded

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiMalviyaNagarCallGirl
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxgeorgebrinton95
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756dollysharma2066
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...lizamodels9
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherPerry Belcher
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCRsoniya singh
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Investment analysis and portfolio management
Investment analysis and portfolio managementInvestment analysis and portfolio management
Investment analysis and portfolio managementJunaidKhan750825
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 

Recently uploaded (20)

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | DelhiFULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
FULL ENJOY - 9953040155 Call Girls in Chhatarpur | Delhi
 
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptxBanana Powder Manufacturing Plant Project Report 2024 Edition.pptx
Banana Powder Manufacturing Plant Project Report 2024 Edition.pptx
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
 
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Keshav Puram 🔝 Delhi NCR
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Investment analysis and portfolio management
Investment analysis and portfolio managementInvestment analysis and portfolio management
Investment analysis and portfolio management
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 

Chapter 5.pdf

  • 1. E-Business Chapter 5 Security and Payment Systems Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved
  • 2. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved What Is Good E-commerce Security? • To achieve highest degree of security – New technologies – Organizational policies and procedures – Industry standards and government laws • Other factors – Time value of money – Cost of security versus potential loss – Security often breaks at weakest link
  • 3. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.1 The E-commerce Security Environment
  • 4. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Table 5.3 Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security Dimension Customer’s Perspective Merchant’s Perspective Integrity Has information I transmitted or received been altered? Has data on the site been altered without authorization? Is data being received from customers valid? Nonrepudiation Can a party to an action with me later deny taking the action? Can a customer deny ordering products? Authenticity Who am I dealing with? How can I be assured that the person or entity is who they claim to be? What is the real identity of the customer? Confidentiality Can someone other than the intended recipient read my messages? Are messages or confidential data accessible to anyone other than those authorized to view them? Privacy Can I control the use of information about myself transmitted to an e-commerce merchant? What use, if any, can be made of personal data collected as part of an e-commerce transaction? Is the personal information of customers being used in an unauthorized manner? Availability Can I get access to the site? Is the site operational?
  • 5. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved The Tension Between Security and Other Values • Ease of use – The more security measures added, the more difficult a site is to use, and the slower it becomes • Public safety and the criminal uses of the Internet – Use of technology by criminals to plan crimes or threaten nation-state
  • 6. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Security Threats in the E-commerce Environment • Three key points of vulnerability in e-commerce environment: – Client – Server – Communications pipeline (Internet communications channels)
  • 7. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.3 Vulnerable Points in an E-commerce Transaction
  • 8. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Malicious Code • Exploits and exploit kits • Malvertising • Drive-by downloads • Viruses • Worms • Ransomware • Trojan horses • Backdoors • Bots, botnets
  • 9. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Potentially Unwanted Programs • Browser parasites – Monitor and change user’s browser • Adware – Used to call pop-up ads • Spyware – Tracks users’ keystrokes, e-mails etc.
  • 10. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Phishing • Any deceptive, online attempt by a third party to obtain confidential information for financial gain • Tactics – Social engineering – E-mail scams • Used for identity fraud and theft
  • 11. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Hacking, Cybervandalism, and Hacktivism • Hacking – Hackers versus crackers – Goals: cybervandalism, data breaches • Cybervandalism: – Disrupting, defacing, destroying Web site • Tiger teams and bug bounty hunters • Hacktivism
  • 12. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Credit Card Fraud/Theft • One of most feared occurrences, despite federal law limits on liability • Hacking and looting of corporate servers is primary cause • Central security issue: establishing customer identity – E-signatures – Multi-factor authentication – Fingerprint identification
  • 13. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Identity Fraud/Theft • Unauthorized use of another person’s personal data for illegal financial benefit – Social security number – Driver’s license – Credit card numbers – Usernames/passwords • 2019: Almost 13 million U.S. consumers suffered identity fraud
  • 14. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Insider Attacks • Biggest financial threat to businesses comes from insider embezzlement • Employee access to privileged information • Poor security procedures • Insiders more likely to be source of cyberattacks than outsiders
  • 15. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Poorly Designed Software • Increase in complexity of and demand for software has led to increase in flaws and vulnerabilities • SQL injection attacks • Zero-day vulnerabilities • Heartbleed bug; Shellshock (BashBug); FREAK
  • 16. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Social Network Security Issues • Social networks an environment for: – Viruses, site takeovers, identity fraud, malware- loaded apps, click hijacking, phishing, spam • 2020 Twitter hack used social engineering to take control of dozens of prominent accounts and post Bitcoin scam • Manual sharing scams – Sharing of files that link to malicious sites • Fake offerings, fake Like buttons, and fake apps
  • 17. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Internet of Things Security Issues • Challenging environment to protect • Vast quantity of interconnected links • Near identical devices with long service lives • Many devices have no upgrade features • Little visibility into workings, data, or security
  • 18. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Encryption • Encryption – Transforms data into cipher text readable only by sender and receiver – Secures stored information and information transmission – Provides 4 of 6 key dimensions of e-commerce security: ▪ Message integrity ▪ Nonrepudiation ▪ Authentication ▪ Confidentiality
  • 19. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Protecting Servers and Clients • Operating system and application software security enhancements – Upgrades, patches • Anti-virus software – Easiest and least expensive way to prevent threats to system integrity – Requires daily updates
  • 20. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.12 Developing an E-commerce Security Plan
  • 21. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.13 How an Online Credit Card Transaction Works
  • 22. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Mobile Payment Systems • Use of mobile phones as payment devices – Established in Europe and Asia – Expanding in United States • Near field communication (NFC) and QR codes • Different types of mobile wallets – Universal proximity mobile wallet apps, such as Apple Pay, Google Pay, Samsung Pay – Branded store proximity wallet apps, offered by Walmart, Target, Starbucks, others – P2P mobile payment apps, such as Zelle, Venmo, Square Cash
  • 23. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Blockchain • Blockchain – Enables organizations to create and verify transactions nearly instantaneously using a distributed P2P database (distributed ledger) • Benefits: – Reduces costs of verifying users, validating transactions, and risks of storing and processing transaction information – Transactions cannot be altered retroactively and therefore are more secure • Foundation technology for cryptocurrencies and supply chain management, as well as potential applications in financial services and healthcare industries
  • 24. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Figure 5.15 How Blockchain Works
  • 25. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Cryptocurrencies • Use blockchain technology and cryptography to create a purely digital medium of exchange • Bitcoin the most prominent example – Value of Bitcoins have widely fluctuated – Major issues with theft and fraud – Some governments have banned Bitcoin, although it is gaining acceptance in the U.S. • Other cryptocurrencies (altcoins) include Ethereum/Ether, Ripple, Litecoin and Monero • Initial coin offerings (ICOs) being used by some startups to raise capital
  • 26. Copyright © 2022, 2019, 2018 Pearson Education, Inc. All Rights Reserved Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.