3.5 Online Services and Security and Privacy of Data


Published on

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

3.5 Online Services and Security and Privacy of Data

  1. 1. By: Momina
  2. 2. Click for More >>> Need to Protect Data Protection Confidentiality of Data Legislation Social and Ethical Shop Security Implications of Access to Personal Information Online Banking Online ShoppingBack toContents
  3. 3. Need to protect confidentiality of data • This means that data should only be seen by people who are authorised to see it. What is the main technique used into ICT to ensure the confidentiality of data in online systems? EncryptionBack to What is encryption?Contents
  4. 4. Encryption • This is a process by which ordinary data is converted into a secret code. This is done so that anyone unauthorised to see the data doesn‟t. • However, they do have the ability to delete the information that they intercept. • On the receiving on of the encrypted data it is decrypted using a secret key. Note: Unencrypted data is called plain text Encrypted data is referred to as cipherBack to textContents
  5. 5. Shop Security There are two types of encryption keys: 1. Public encryption key 2. Private encryption key People have a public encryption key they can tell everyone about. And they have a private encryption key, which only they know about. So what?Back toContents
  6. 6. So… • If you know a persons public encryption key; you can encrypt a message and send it to them. But ONLY that individual can decrypt the message using their private key. • For example: When John wants to send a secure message to Jane, he uses Janes public key to encrypt the message. Jane then uses her private key to decrypt it. What is a public key system?Back toContents
  7. 7. Public Key System “This is used to encrypt data that is transmitted using the Internet for payment purposes” Keep in mind that when we use the Internet to make a payment; all these tasks of encrypting and decrypting happens in the background (so we don’t see it)Back toContents
  8. 8. Online Banking “Online banking uses secure sites and all the data transferred using the Internet including your password, is encrypted.” • Encryption does not prevent hackers from accessing your PC. These hackers could use a key logging software. This allows them to detect the keys you are pressing on the keyboard. (this may also allow them to discover your password)Back to Additional Methods of SecurityContents
  9. 9. Additional Methods of Security 1- Use Transaction numbers (TANs): these are passwords that can only be used once. This could be sent to you via a text message from the bank. They are only valid for a few minutes thus reducing the time for a hacker to intercept and use it. 2- Ask the user to type in only part of the password. Every time the user logs in they are asked for the part of the password in a different combination (i.e. 2nd character, 3rd character, and 6th character) 3- Providing the customer with a handheld chip and PIN device. This device generates single-use passwords. Several things are required by the user to access their account, it includes the following: • debit card A customer enters the card into the •PIN number device and enters their PIN number. •Online security number They are then issued with an 8-digit •Chip and PIN itself code. Using this they can then log in.Back toContents
  10. 10. Online Shopping • It is the customers responsibility that they use a reputable, secure online store. How do you know if data is being transmitted in a secure way? 1. The „https‟ prefix in the URL compared Protocols used in the to the normal „http‟ encryption of 2. The secure socket messages between a layer (SSL)- the pad- client computer and lock sign at the bottom server of the screen. Few ImportantBack to PointsContents
  11. 11. Important Points × The customer MUST check the contact details of the company to ensure reliability. × The store MUST have a privacy policy and the customer MUST read this. If the store does not have one, or the customer is unsure about some parts of it, they shouldn‟t trust the online store. × The customer must know exactly what they are buying. “Both description and what to do in the event that they are not satisfied should be clear.” × A customer must always print out the details from the transaction they make in case of future disputes.Back toContents
  12. 12. Data Protection Legislation What does it do? It keeps data private as well as confidential. For example: The UK Data Protection Act states • Personal data shall be processed fairly and lawfully. • Personal data shall be obtained only for a lawful purpose. • Personal data shall be accurate and will be kept up-to- date. • Appropriate measures will be taken against unauthorised processing of personal data Punishment for breaking ANY rules listed in the UK Protection Act is a very large fine.Back toContents
  13. 13. Social and Ethical Implications of access to Personal Data Duty of Aggregated Phishing Confidence Information Breaches of Duty of Fidelity Spyware Confidence Responsibility for Need for Online Auction or passing on information Security Shopping Fraud Anonymised Identity Theft InformationBack toContents
  14. 14. Duty of Confidence • They must not tell anyone or use the information for any reason except with the permission of the person who it told them. • Confidential data includes business secrets or personal information. • This could be between an employee and employer. • The employee is asked to sign a confidentiality agreement.Back to Back to Social/ EthicalContents
  15. 15. Duty of Fidelity • This is when an employee must remain loyal to their employer. • They must not tell any of the rival companies about their work. • However, once an employee leaves a company they have the free liberty of using their skills and knowledge that they acquired from the company.Back to Back to Social/ EthicalContents
  16. 16. Responsibility for passing on information • When a company passes on information about any individual they must ensure that the least amount of information that could identify the individual is used. • Things like online banking or online shopping require you to give them your personal information. It MUST be ensured that information is not passed from organisation to organisation without authorisation from the individual.Back to Back to Social/ EthicalContents
  17. 17. Anonymised Information • This is when information about an individual is passed on without the mention of their name. • Companies should always omit any personal details wherever possible.Back to Back to Social/ EthicalContents
  18. 18. Aggregated Information • It is a summary of personal information without naming the person. For example: All the people who are above the age of 60 and have diabetes. This way no one can be identified. However, there is a downside to this. There might be only one person in the whole hospital so identification of the person will be easy and may be embarrassing for the individual.Back to Back to Social/ EthicalContents
  19. 19. Breaches of Confidence • This is basically a „non-disclosure agreement‟. • All employment contracts should have a duty of confidence clause.Back to Back to Social/ EthicalContents
  20. 20. Need for Security • All organisations need to protect they computerized information. • Many people don‟t use online banking because they are scared that people will defraud them.Back to Back to Social/ EthicalContents
  21. 21. Identity Theft • It starts off by stolen credit card details. So when does it all go wrong? Scenario: Purchase is made at a restaurant; the customer lets the waiter take their credit card out of their sight. The card is then skimmed on a special reader and all the details from the card are copied from the card.Back to Social/ Ethical A less obvious way Implications would be…Back toContents
  22. 22. Identity Theft • Sometimes the machine is below the cash till and the customer hardly notices that it has been skimmed as well as swiped for the transaction. Another Method: Retail outlets’ databases are hacked into and all the customer data is copied for illegal use. When data is encrypted, it at some point does need to be decrypted and at that point the information becomes vulnerable to theft.Back to Back to Social/ EthicalContents
  23. 23. Phishing • This is when a fraudulent email is sent to a person. It will seem as if the email is sent by the bank however in reality it isn‟t. • The email will request the person to give their password, card or account number and other security details. What the phishers do is that they include the website address for the customer to go on to. And this website looks legit. This fake website is set up PURELY to get customer details. What is pharming?Back to Back to Social/ EthicalContents
  24. 24. Pharming • This is when a fraudster REDIRECTS a genuine websites traffic to their own website. • The customer thinks that they are dealing with their bank site but they are actually sending details to the fraudsters website.Back to Back to Social/ EthicalContents
  25. 25. Spyware • This is a software that customers unknowingly download. • It usually is attached to a software which the computer user downloads. • The fraudster has attached spyware to gather personal details of the user. • They do this by using a key logging software when the user logs on to their bank account of online shopping.Back to Back to Social/ EthicalContents
  26. 26. Online Auction or Shopping Fraud • This is when somebody sets up a genuine site and puts up expensive items for sale and then they don‟t deliver it or they send a cheap imitation. • They take the money but never deliver the goods.Back to Back to Social/ EthicalContents