Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. SECURE ELECTRONICAPPLICATION(SECURITY & RELIABILITY OF E-COMMERCE) Noor Syazana Bt Md Yusof Shajarotun Nur Bt Hamzah Siti Aishah Binti Isnin Sri Rahayu Bt Muhammad
  2. 2. Which one do you preferred most?
  3. 3. General E-Commerce Security Issues Any E-Commerce needs to be concerned about network security. The Internet is a “public” network consisting of thousands of interconnected private computer networks. Private computer network systems are exposed to threats from anywhere on the public network. Businesses must protect against the unknown. New methods of attacking networks and Web sites, and new network security holes, are being constantly discovered or invented. An E-Commerce cannot expect to achieve perfect security for its network and Web site.
  4. 4. Security Questions How is the data protected once it is delivered to the E-Commerce? How are credit card transactions authenticated and authorized? The biggest potential security problem in an E- Commerce is of human, rather than electronic, origin. The weakest link in any security system is the people using it.
  5. 5. Example of Online Application
  6. 6. SWOT analysis Strength :  Reliable  Good feedback from the user  Built trust in their customer by providing the ease of use of the application Weakness :  Not secure  Money lost  Information stealing – credit card no, password
  7. 7. SWOT analysis Opportunity :  Increase market scope  Increase the demand of their products or services  Competitive advantage  Can compete with their competitors Threat :  Hacking – SSL Man-in-the-Middle  Phishing attack  Fake website
  8. 8. Verisign
  9. 9. Sources:Kosmo OnlineDate:18 April 2012
  10. 10. Secure Socket Layer The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.
  11. 11. How it Works??
  12. 12. The VeriSign Secured Seal Increasesthe Likelihood to Buy With an understanding of the importance of trust marks in completing online transactions, Web merchants should be sure to choose the trust mark that offers the most value. The VeriSign Secured Seal is the most trusted symbol of secure commerce on the Web.
  13. 13. The VeriSign Secured Seal Increasesthe Likelihood to Buy  83 % of online shoppers are familiar with the VeriSign Secured Seal, more than any other mark.  Among shoppers who are aware of the VeriSign Secured Seal, more than 4 in 5 say it is their preferred seal.  The VeriSign Secured Seal rates best overall worldwide among endorsement programs in terms of consumer trust (67% within Australia, 60% worldwide), with consumers indicating they believe the seal represents security, protection, verification, and reputation.
  14. 14. The VeriSign Secured Seal Increasesthe Likelihood to Buy The VeriSign Secured Seal can also affect which vendor Web site online shoppers prefer to do business with. The majority of respondents (62% within Australia, 53% worldwide) prefer to use sites that display the VeriSign Secured Seal.
  15. 15. Network and Web Site Security An entire glossary of words and phrases identifies network and Web security risks, such as hacker, cracker, Trojan horse, and more. As part of planning a startup E-Business’s security, management should become familiar with network and Web server security risk terminology.
  16. 16. Denial of Service Attacks Designed to disable a Web site by flooding it with useless traffic or activity. Distributed denial of service attack uses multiple computers to attack in a coordinated fashion. Risk is primarily centered around downtime or lack of Web site availability. Defenses exist for these attacks.
  17. 17. Web Site Defacement Occurs when a hacker penetrates the system and replaces text or graphics with “other” material. Risk is primarily down time and repair costs. There have been many well publicized examples, including high profile industry and government sites. Ordinary defenses against unauthorized logins are a first line defense. Total security may be difficult to achieve.
  18. 18. Electronic Industrial Espionage A very serious problem, especially considering that “professional” hackers may be involved. Must implement and diligently maintain industry standard “best practices”. Additional recommendations:  Don’t open questionable or suspicious e-mail attachments.  Keep security software and virus checkers updated.
  19. 19. Credit Card Fraud & Data Theft E-Business is at risk from credit card fraud from stolen data. Secure your own data. Verify the identity of your customers and the validity of the incoming credit card data. Identity theft by a miscreant masquerading as someone else is also a common problem.
  20. 20. Data Spills A security problem caused, ordinarily by a bug or other “system” failure, occasionally hackers are behind this problem This is an unintended disclosure of customer or corporate data through the Web or other Internet service May expose firm to legal liability
  21. 21. E-Commerce Security An important issue that is often overlooked or given a lower priority in the face of startup activity. A startup firm should consider outsourcing Web and Internet services in part since the outsourcing company can address security concerns as part of the “package.”
  22. 22. Network and Web Site Security Tools such as passwords, firewalls, intrusion detection systems, and virus scanning software should be used to protect an E-Commerce’s network and Web site.
  23. 23. Transaction Security and DataProtection Use a predefined key to encrypt and decrypt the data during transmission. Use the secure sockets layer (SSL) protocol to protect data transmitted over the Internet. Move sensitive customer information such as credit card numbers offline or encrypting the information if it is to be stored online.
  24. 24. Transaction Security and DataProtection - internal Remove all files and data from storage devices including disk drives and tapes before getting rid of the devices. Shred all hard-copy documents containing sensitive information before trashing them. Security is only as strong as the weakest link.
  25. 25. Security Audits and PenetrationTesting Can provide an overall assessment of the firm’s current exposure and vulnerabilities. This is an outsourced item. Consultant will provide a comprehensive recommendation to address list of vulnerabilities.
  26. 26. Security Providers and Products There are many security consultants. Many commercial products are available. Training for in-house staff is a key issue.
  27. 27. Risk Management Network and Web site security and intruder detection programs Antivirus protection Firewalls Sound security policies and procedures Employee education
  28. 28. Risk Transfer A firm can manage and transfer risk through insurance products May be purchased as part of the firms business insurance package Consult an insurance professional
  29. 29. Opinion Government have to strengthen the Internet law Have video chat when doing online business Put company registration number in every e- commerce site
  30. 30. SECURITY Google data center security How SSL works tutorial - with HTTPS Top 10 Hackers