6. INTRODUCTION
• E-COMMERCE CAN BE CLEARLY DEFINED AS THE BUYING AND SELLING OF SER-
VICES OVER INTERNET.
• IT CAN ALSO BE REFERRED TO AS E-BUSINESS.
• WIKIPEDIA DESCRIBES MOBILE COMMERCE AS THE DELIVERY OF ELECTRONIC
COMMERCE CAPABILITIES DIRECTLY INTO THE CONSUMER’S HAND.
• THERE’S AN INCREASES IN E-COMMERCE AND AS A RESULT THIS HAS LED TO A
LOT OF SECURITY ISSUES PARTICULARLY IN THE MOBILE COMMERCE ARENA.
• PEOPLE USING THE INTERNET FOR COMMERCIAL TRANSACTIONS ALWAYS
REMAIN AT RISK OF THEIR CONFIDENTIAL INFORMATION (PASS, CREDIT CARD)
8. AUTHENTICATION
• AUTHENTICATION IS DEFINED AS ESTABLISHING THE IDENTITY OF ONE PARTY
TO ANOTHER.
• AUTHENTICATION MECHANISMS ALWAYS WORK IN TWO DIRECTIONS
• USER THAT HAS TO PROVE HIS IDENTIFY TO AN INFORMATION SYSTEM
• THE INFORMATION SYSTEM HAS TO CONFIRM THIS IDENTITY
• ONCE THE AUTHENTICATION TO A SYSTEM IS PERFORMED CORRECTLY, THE
USER IS AUTHORIZED FOR FURTHER ACTIONS
• E.G. EDITING PERSONAL SETTINGS OR CLOSING CONTRACTS.
10. AUTHORIZATION
• AUTHORIZATION IS THE PROCESS OF GIVING SOMEONE PERMISSION TO DO OR HAVE
SOMETHING.
• THE PROCESS OF GRANTING OR DENYING ACCESS TO A NETWORK RESOURCE.
• MOST COMPUTER SECURITY SYSTEMS ARE BASED ON A TWO-STEP PROCESS.
• THE FIRST STAGE IS AUTHENTICATION
• WHICH ENSURES THAT A USER IS WHO HE OR SHE CLAIMS TO BE
• THE SECOND STAGE IS AUTHORIZATION, WHICH ALLOWS THE USER ACCESS TO VARIOUS
RESOURCES BASED ON THE USER'S IDENTITY.
• IN MULTI-USER COMPUTER SYSTEMS, A SYSTEM ADMINISTRATOR DEFINES FOR THE SYSTEM
WHICH USERS ARE ALLOWED ACCESS TO THE SYSTEM AND WHAT PRIVILEGES OF USE
• E.G.: ACCESS TO WHICH FILE DIRECTORIES, HOURS OF ACCESS, AMOUNT OF ALLOCATED
STORAGE SPACE, AND SO FORTH.
14. CONFIDENTIALITY
• CONFIDENTIALITY IS THE PROTECTION OF PERSONAL INFORMATION.
• MEANS KEEPING A CLIENT’S INFORMATION BETWEEN YOU AND THE CLIENT,
AND NOT TELLING OTHERS INCLUDING CO-WORKERS, FRIENDS, FAMILY, ETC.
• INDIVIDUAL FILES ARE LOCKED AND SECURED
• SUPPORT WORKERS DO NOT TELL OTHER PEOPLE WHAT IS IN A CLIENT’S FILE UNLESS
THEY HAVE PERMISSION FROM THE CLIENT
• INFORMATION ABOUT CLIENTS IS NOT TOLD TO PEOPLE WHO DO NOT NEED TO
KNOW
15. CONTINUE…
• THE TYPES OF INFORMATION THAT IS CONSIDERED CONFIDENTIAL CAN
INCLUDE:
• NAME, DATE OF BIRTH, AGE, SEX AND ADDRESS
• CURRENT CONTACT DETAILS OF FAMILY, GUARDIAN ETC
• BANK DETAILS
• SERVICE RECORDS AND FILE PROGRESS NOTES
• INDIVIDUAL PERSONAL PLANS
• INCOMING OR OUTGOING PERSONAL CORRESPONDENCE.
• PRIVACY IS ABOUT PEOPLE. CONFIDENTIALITY IS ABOUT DATA.
16. INTEGRITY
• IT REFERS TO THE CORRECTNESS AND COMPLETENESS OF DATA.
• RELIABLE AND TRUSTABLE (ERROR FREE DATA).
• BY LOGICAL MEANS (IN THE DATA BASE DATA MUST BE CONSISTENT)
• ENSURING THAT INFORMATION WILL NOT BE ACCIDENTLY OR MALICIOUSLY
ALTERED OR DESTROYED.
17. NON REPUDIATION
• NONREPUDIATION IS THE ASSURANCE THAT SOMEONE CANNOT DENY
SOMETHING.
• TO REPUDIATE MEANS TO DENY.
• FOR MANY YEARS, AUTHORITIES HAVE SOUGHT TO MAKE REPUDIATION
IMPOSSIBLE IN SOME SITUATIONS.
• YOU MIGHT SEND REGISTERED MAIL, FOR EXAMPLE, SO THE RECIPIENT CANNOT
DENY THAT A LETTER WAS DELIVERED.
• SIMILARLY, A LEGAL DOCUMENT TYPICALLY REQUIRES WITNESSES TO SIGNING
SO THAT THE PERSON WHO SIGNS CANNOT DENY HAVING DONE SO.
18. CONTINUE…
• A DIGITAL SIGNATURE IS USED NOT ONLY TO ENSURE THAT A MESSAGE OR
DOCUMENT HAS BEEN ELECTRONICALLY SIGNED BY THE PERSON BUT ALSO,
• SINCE A DIGITAL SIGNATURE CAN ONLY BE CREATED BY ONE PERSON
• TO ENSURE THAT A PERSON CANNOT LATER DENY THAT THEY FURNISHED THE
SIGNATURE.
• SINCE NO SECURITY TECHNOLOGY IS ABSOLUTELY FOOL-PROOF,
• IT IS SUGGESTED THAT MULTIPLE APPROACHES BE USED, SUCH AS
• CAPTURING UNIQUE BIOMETRIC INFORMATION
• AND OTHER DATA ABOUT THE SENDER OR SIGNER THAT COLLECTIVELY WOULD BE
DIFFICULT TO REPUDIATE.
20. PRIVACY
• COMPROMISED PRIVACY IS ONE OF THE MOST COMPLICATED PROBLEM.
• THEY GATHER, AND THEY ARE RESPONSIBLE FOR, PERSONAL DATA THAT
ARE IDENTIFIABLE, AND MAY TRIGGER IDENTITY THEFT AND
IMPERSONATION.
• CURRENTLY, ANY RISK TAKEN IN THE FORM OF AN E-COMMERCE
TRANSACTION LIES IN THE HANDS OF THE PROVIDER. FOR EXAMPLE,
PAYPAL, AMAZON ETC…
• FORTY-ONE PERCENT OF WEB BUYERS SURVEYED LAST YEAR THEY SAID
THEY HAVE CONTACTED A SITE TO BE TAKEN OFF THEIR DATABASES
BECAUSE THEY FELT THAT THE ORGANIZATION USED THEIR
21. CONTINUE…
• MOST ONLINE CONSUMERS ARE AWARE THAT VARIOUS WEBSITES ARE COLLECT-
ING AND STORING THEIR PRIVATE INFORMATION.
• THEY FEAR, SOMETIMES RIGHTLY, THAT IF THIS DATA WERE TO FALL INTO THE
WRONG HANDS, THEY COULD BE IMPERSONATED AND PERHAPS LEFT OUT OF
POCKET
22. PHISHING
• IT IS THE CRIMINALLY FRAUDULENT PROCESS TO ACQUIRE SENSITIVE
INFORMATION SUCH AS
• USERNAMES, PASSWORDS AND CREDIT CARD DETAILS, BY PRETENDING AS A
TRUSTWORTHY ENTITY.
• PHISHING SCAMS GENERALLY ARE CARRIED OUT BY EMAILING THE VICTIM WITH A
‘FRAUDULENT’ EMAILS.
• WHEN THE VICTIM FOLLOWS THE LINK EMBEDDED WITHIN THE EMAIL THEY ARE
BROUGHT TO AN ELABORATE AND SOPHISTICATED DUPLICATE OF THE
LEGITIMATE ORGANIZATIONS WEBSITE.
• PHISHING ATTACKS GENERALLY TARGET
• BANK CUSTOMERS, ONLINE AUCTION SITES (SUCH AS EBAY),
• ONLINE RETAILERS (SUCH AS AMAZON)
25. DENIAL OF SERVICES ATTACK
• DENIAL OF SERVICE (DOS) ATTACKS CONSIST OF OVERWHELMING A SERVER, A NETWORK
OR A WEBSITE IN ORDER TO PARALYZE ITS NORMAL ACTIVITY .
• DEFENDING AGAINST DOS ATTACKS IS ONE OF THE MOST CHALLENGING SECURITY
PROBLEMS ON THE INTERNET TODAY.
• SYMPTOMS OF DENIAL-OF-SERVICE ATTACKS TO INCLUDE
• UNUSUALLY SLOW NETWORK PERFORMANCE
• UNAVAILABILITY OF A PARTICULAR WEB SITE
26. CONTINUE…
• INABILITY TO ACCESS ANY WEB SITE
• DRAMATIC INCREASE IN THE NUMBER OF SPAM EMAILS RECEIVED
• PHLASHING – ALSO KNOWN AS A PERMANENT DENIAL-OF-SERVICE (PDOS) IS AN
ATTACK THAT DAMAGES A SYSTEM SO BADLY THAT IT REQUIRES REPLACEMENT OR
REINSTALLATION OF HARDWARE
• RECENTLY TWITTER WAS THE SUBJECT OF A DOS ATTACK.
27.
28. UNAUTHORIZED ACCESS
• WHEN A PERSON WHO DOES NOT HAVE PERMISSION TO CONNECT TO OR USE A
SYSTEM GAINS ENTRY IN A MANNER UN-INTENDED BY THE SYSTEM OWNER.
• THE POPULAR TERM FOR THIS IS “HACKING”
• INFORMATION TO SECURE YOUR SYSTEM :
• CHANGE PASSWORDS OFTEN. IT IS RECOMMENDED AT LEAST ONCE EVERY FEW
MONTHS.
• CREATE A BIOS PASSWORD.
• WHEN CREATING A PASSWORD, ADD NUMBERS OR OTHER CHARACTERS TO THE
PASSWORD TO MAKE IT MORE DIFFICULT TO GUESS; FOR EXAMPLE:
1MYPASSWORD23!.
29. THEFT AND FRAUD
• CARD-BASED PAYMENTS FRAUD:
• INTERNET PAYMENT FRAUD IS CONSTANTLY INCREASING, AND IS, APPARENTLY,
UNSTOPPABLE
• THE NUMBER OF FRAUD CASES HAS INCREASED BY 19 PERCENT COMPARED TO 2013
• FRAUD IS NOT EXCLUSIVE TO CREDIT CARD PAYMENTS
• USE OF MALWARE TO COMMAND ONLINE BANKING LOGINS VIA PHONES, TABLETS
AND COMPUTERS
• USING THE STOLEN BANK ACCOUNT DETAILS TO MAKE FRAUDULENT PAYMENTS
• ALTERNATIVE” PAYMENT METHODS ARE ALSO ATTRACTING CRIMINALS
• FRAUD OCCURS WHEN THE STOLEN DATA IS USED OR MODIFIED.
30. DIFFERENCE
• FRAUD HAS THE INTENTION OF HIDING THE CRIMINAL ACT OF STEALING,
• WHILE THEFT DOES NOT.
• THIEVES KNOW THEY CAN’T HIDE THE ACT SO THEY DON’T MAKE MUCH EFFORT
TO HIDE IT,
• WHILE THE FRAUDSTER MAKES AN EXTRA EFFORT TO HIDE THE ACT.
• BANK ROBBERY IS THEFT WHILE BANK EMBEZZLEMENT(GHAPLA) IS FRAUD.
32. ENCRYPTION
• THUS "ENCRYPTION" BASICALLY IS SOME PROCESS OR ALGORITHM (KNOWN AS
A CIPHER) TO MAKE INFORMATION HIDDEN OR SECRET
• THE PROCESS OF SCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS
DIFFICULT, EXPECTING OR TIME CONSUMING FOR AN UNAUTHORIZED PERSON
TO UNSCRAMBLE (DECRYPT) IT.
• METHODS OF ENCRYPTION: HASHING, SYMMETRIC METHODS ,ASYMMETRIC
METHODS
33.
34. DECRYPTION
• THE PROCESS OF UNSCRAMBLING A MESSAGE IN SUCH A WAY THAT IT IS
UNDERSTAND BY UNAUTHORIZED PERSON.
36. CRYPTOGRAPHY
• CRYPTO" STANDS FOR "HIDDEN, SECRET",
• AND "GRAPHY" DENOTES "A PROCESS OR FORM OF DRAWING, WRITING,
REPRESENTING, RECORDING, DESCRIBING, ETC.,
• CRYPTOGRAPHY IS THE SCIENCE CONCERNED WITH THE STUDY OF SECRET
COMMUNICATION
• THE CONVERSION OF INFORMATION FROM A READABLE STATE TO
APPARENT NONSENSE.
37. BIOMETRIC
• IT REPLACES THE TRADITIONAL VERIFICATION METHODS OF SHOWING IDENTITY
CARDS
• OR ENTERING PASSWORDS
• WITH THE SCANNING OF FINGERPRINTS,
• FACE
• OR A PALM.
• BIOMETRICS ALSO INCLUDES THE IDENTIFICATION OF BEHAVIORAL ASPECTS
SUCH AS
• VOICE
• SIGNATURE
• OR THE WAY A USER STRIKES THE KEYS ON A KEYBOARD.
38. CONTINUE…
• BIOMETRICS ASSISTS CUSTOMERS IN RETAINING THEIR IDENTITY RATHER THAN
REMEMBERING PASSWORDS, CODES, OR SECRET QUESTIONS.
40. TWO STEP VERIFICATION
• TWO-STEP VERIFICATION IS A PROCESS THAT INVOLVES TWO AUTHENTICATION
METHODS
• PERFORMED ONE AFTER THE OTHER TO VERIFY THAT SOMEONE OR SOMETHING
REQUESTING TO ACCESS IS WHO OR WHAT THEY ARE DECLARED TO BE.
• 2-STEP VERIFICATION.
• YOU ADD AN EXTRA LAYER OF SECURITY TO YOUR ACCOUNT.
• YOU SIGN IN WITH SOMETHING YOU KNOW (YOUR PASSWORD)
• AND SOMETHING YOU HAVE (A CODE SENT TO YOUR PHONE).
• EVEN IF SOMEONE ELSE FINDS YOUR PASSWORD, THEY'LL BE STOPPED IF THEY
DON'T HAVE ACCESS TO YOUR SECURITY INFO
41. CONTINUE…
• IF YOU TURN ON TWO-STEP VERIFICATION,
• YOU’LL GET A SECURITY CODE TO YOUR EMAIL, PHONE, OR AUTHENTICATOR
APP EVERY TIME YOU SIGN IN ON A DEVICE THAT ISN'T TRUSTED.