E-Commerce Security
The E-Commerce SecurityEnvironment For most law-abiding citizens, the Internet holds    the promise of a huge and conveni...
The Scope of the Problem Cybercrime is becoming a more significant  problem for both organizations and consumers Bot net...
The Scope of the Problem (cont.) One source of cybercrime information is the  Internet Crime Complaint Center (IC3) In 2...
Types ofAttacksAgainstComputerSystems(Figure)
The Underground Economy Marketplace:The Value of Stolen Information Criminals who steal information on the Internet do  n...
What is Good E-CommerceSecurity? What is a secure commercial transaction? Anytime you go into a marketplace you take ris...
The E-Commerce SecurityEnvironment
The Tension Between Securityand Other Values Can there be too much security? The answer is  yes. Computer security adds ...
Security Threats in the E-Commerce Environment From a technological perspective, there are three  key points of vulnerabi...
A Typical E-CommerceTransaction
Vulnerable Points in an E-Commerce Transaction
Common E-Commerce SecurityThreats Some of the most common and most damaging forms of security threats to e-commerce consu...
Technology Solutions It might seem like there is not much that can be  done about the onslaught of security breaches on  ...
Encryption Encryption is the process of transforming plain  text or data into cipher text that cannot be read by  anyone ...
Public Key Cryptography
Limitations to EncryptionSolutions All forms of encryption have limitations It is not effective against insiders Protec...
Communication Channel, Network, and Server/Client Security Technologies Communication channel security technologies:   S...
Management Policies, BusinessProcedures, and Public Laws US businesses and government agencies spend  about 14% of their ...
The Roles of Laws and PublicPolicy The public policy environment today is very  different fro the early days of e-commerc...
Government Policies and Controls onEncryption Software An interesting example of the difficulties involved  in enhancing ...
Ecommerce security
Upcoming SlideShare
Loading in …5
×

Ecommerce security

890 views

Published on

This lecture is deliver by MAM Shafia the lecturer in GCUF on ecommerce security
and modify by syed Mubashair Abid

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
890
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
83
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ecommerce security

  1. 1. E-Commerce Security
  2. 2. The E-Commerce SecurityEnvironment For most law-abiding citizens, the Internet holds the promise of a huge and convenient global marketplace For criminals, the Internet has created entirely new – and profitable – ways to steal from the more than one billion Internet consumers worldwide From products to services to cash to information, it’s all there for the taking on the Internet It’s also less risky to steal online For example, rather than rob a bank in person, the Internet makes it possible to rob people
  3. 3. The Scope of the Problem Cybercrime is becoming a more significant problem for both organizations and consumers Bot networks, DDoS attacks, Trojans, phishing, data theft, identify theft, credit card fraud, and spyware are just some of the threats that are making daily headlines Even social networking sites have had security breaches For example, an individual hacked into Britney Spears’ Twitter account and began sending messages saying the singer had died
  4. 4. The Scope of the Problem (cont.) One source of cybercrime information is the Internet Crime Complaint Center (IC3) In 2010, the IC3 processed more than 303,000 Internet crime complaints and it was estimated that in 2009 the total dollar loss for all referred crimes was $559 million In the past, auction fraud constituted over 70% of complaints, but in 2010 it was only 10%, displaced by non payment/delivery (21%) and identity theft (16%) The Computer Security Institute’s annual Computer Crime and Security Survey is another source of information
  5. 5. Types ofAttacksAgainstComputerSystems(Figure)
  6. 6. The Underground Economy Marketplace:The Value of Stolen Information Criminals who steal information on the Internet do not always use this information themselves, but instead derive value by selling the information to others Some recently observed prices for stolen information, which typically vary depending on the quantity being purchased Not every cybercriminal is necessary after money In some cases, such criminals aim to deface, vandalize, and/or disrupt a Web site, rather than actually steal goods or services
  7. 7. What is Good E-CommerceSecurity? What is a secure commercial transaction? Anytime you go into a marketplace you take risks, including the loss of privacy E-commerce merchants and consumers face many of the same risks as participants in traditional commerce, although in a new digital environment Reducing risks in e-commerce is a complex process that involves new technologies, organizational policies and procedures, and new laws and industry standards that empower law enforcement officials to investigate and prosecute offenders
  8. 8. The E-Commerce SecurityEnvironment
  9. 9. The Tension Between Securityand Other Values Can there be too much security? The answer is yes. Computer security adds overhead and expense to business operations Expanding computer security also has other downsides:  Makes systems more difficult to use  Slows down processors  Increases data storage demands  May reduce individual’s abilities to remain anonymous
  10. 10. Security Threats in the E-Commerce Environment From a technological perspective, there are three key points of vulnerability when dealing with e- commerce: the client, the server, and the communications pipeline Figure 5.4 illustrates some of the things that can go wrong at each major vulnerability point in the transaction
  11. 11. A Typical E-CommerceTransaction
  12. 12. Vulnerable Points in an E-Commerce Transaction
  13. 13. Common E-Commerce SecurityThreats Some of the most common and most damaging forms of security threats to e-commerce consumers and site operators include:  Malicious code (malware) – virus, worm, Trojan horse, bots, etc.  Unwanted programs (spyware)  Phishing and identify theft – social engineering  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming) and spam (junk) websites  Denial of service (DoS) attacks  Insider attacks  Poorly designed server and client software Social networks and mobile devices greatly expand the security threats to organizations and individuals
  14. 14. Technology Solutions It might seem like there is not much that can be done about the onslaught of security breaches on the Internet But in fact a great deal of progress has been made by private security firms, corporate and home users, network administrators, technology firms, and government agencies Two lines of defense include:  Technology solutions  Policy solutions
  15. 15. Encryption Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver The purpose of encryption is to secure stored information and to secure information transmission One early encryption method was symmetric key encryption where both the sender and the receiver use the same key to encrypt and decrypt the message They had to send the key to each other over some communications media or in person
  16. 16. Public Key Cryptography
  17. 17. Limitations to EncryptionSolutions All forms of encryption have limitations It is not effective against insiders Protecting private keys may also be difficult because they are stored on insecure desktop and laptop computers Additional technology solutions exist for securing channels of communications, networks, and servers/clients
  18. 18. Communication Channel, Network, and Server/Client Security Technologies Communication channel security technologies:  Secure Sockets Layer (SSL)  Virtual Private Networks (VPNs) Network protection technologies:  Firewalls  Proxy servers Server/client protection technologies  Operating system security enhancements  Anti-virus software
  19. 19. Management Policies, BusinessProcedures, and Public Laws US businesses and government agencies spend about 14% of their information technology budgets on security hardware, software, and services (about $35 billion in 2010) However, most CEOs and CIOs of existing e- commerce operations believe that technology is not the sole answer to managing the risk of e- commerce An e-commerce security plan would include a risk assessment, development of a security policy, implementation plan, creation of a security organization, and a security audit Implementation may involve expanded forms of
  20. 20. The Roles of Laws and PublicPolicy The public policy environment today is very different fro the early days of e-commerce The net result is that the Internet is no longer an ungoverned, unsupervised, self-controlled technology juggernaut It is also apparent that legal and public policy solutions also need to be enacted globally
  21. 21. Government Policies and Controls onEncryption Software An interesting example of the difficulties involved in enhancing security is the case of encryption software distribution Governments have required to restrict availability and export of encryption systems as a means of detecting and preventing crime and terrorism On one hand, restricting global distribution of advanced encryption systems may reduce the likelihood that they may be cracked But it also reduces global Internet security if different countries have different levels of protection

×