This document discusses e-commerce security and payment systems. It outlines key learning objectives about understanding e-commerce crime and security threats. It describes dimensions of e-commerce security like integrity, nonrepudiation, authenticity, confidentiality, and privacy. It then identifies common security threats in the e-commerce environment such as malware, phishing, hacking, data breaches, and denial of service attacks. It also describes major payment systems and issues involving credit card fraud.

1. E-COMMERCE SECURITY AND PAYMENT SYSTEMS

2. LEARNING OBJECTIVES
Understand the scope of e-commerce crime and security problems,
Identify the key security threats in the e-commerce environment.
Describe how technology helps secure Internet communications channels and protect networks,
servers, and clients. Identify the major e-commerce payment systems in use today.
Describe the features and functionality of electronic billing presentment and payment systems

3. THE E-COMMERCE SECURITY ENVIRONMENT

4. DIMENSIONS OF E-COMMERCE SECURITY
Integrity
Nonrepudiation
Authenticity
Confidentiality
Privacy
Availability

5. DIMENSIONS OF E-COMMERCE SECURITY
Integrity the ability to ensure that information being displayed on a website or transmitted or received over the Internet
has not been altered in any way by an unauthorized party
Nonrepudiation the ability to ensure that e-commerce participants do not deny (i.e., repudiate) their online actions
Authenticity the ability to identify the identity of a person or entity with whom you are dealing on the Interne
Confidentiality the ability to ensure that messages and data are available only to those who are authorized to view them
Privacy the ability to control the use of information about oneself
Availability the ability to ensure that an e-commerce site continues to function as intended

7. SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT

9. SECURITY THREATS
 Malicious code (malware)
 POTENTIALLY UNWANTED PROGRAMS (PUPS)
 PHISHING
 HACKING, CYBERVANDALISM, AND HACKTIVISM
 DATA BREACHES
 CREDIT CARD FRAUD/THEFT
 IDENTITY FRAUD
 SPOOFING, PHARMING, AND SPAM (JUNK) WEBSITES
 SNIFFING AND MAN-IN-THE-MIDDLE ATTACKS
 DENIAL OF SERVICE (DOS) AND DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS
 INSIDER ATTACKS
 POORLY DESIGNED SOFTWARE

10. MALICIOUS CODE (MALWARE)
Exploit kit collection of exploits bundled together and rented or sold as a commercial product
Maladvertising online advertising that contains malicious code
Virus a computer program that has the ability to replicate or make copies of itself, and spread to
other files
Worm malware that is designed to spread from computer to computer
Trojan horse appears to be benign, but then does something other than expected. Often a way
for viruses or other malicious code to be introduced into a computer system
Backdoor feature of viruses, worms, and Trojans that allows an attacker to remotely access a
compromised computer
Bot type of malicious code that can be covertly installed on a computer when connected to the
Internet. Once installed, the bot responds to external commands sent by the attacker
Botnet collection of captured bot computer
Drive-by download malware that comes with a downloaded file that a user requests

11. POTENTIALLY UNWANTED PROGRAMS (PUPS
Adware a PUP that serves pop-up ads to your computer
Browser parasite a program that can monitor and change the
settings of a user’s browser
Spyware a program used to obtain information such as a user’s
keystrokes, e-mail, instant messages, and so on

12. PHISHING
Social engineering exploitation of human fallibility and
gullibility to distribute malware
Phishing any deceptive, online attempt by a third party
to obtain confidential information for financial gain

13. HACKING, CYBERVANDALISM, AND HACKTIVISM
Hacker an individual who intends to gain unauthorized access to a computer
system
Cracker within the hacking community, a term typically used to denote a hacker
with criminal intent
Cybervandalism intentionally disrupting, defacing, or even destroying a site
Hacktivism cybervandalism and data theft for political purposes
White hats “good” hackers who help organizations locate and fix security flaws
Black hats hackers who act with the intention of causing harm
Grey hats hackers who believe they are pursuing some greater good by
breaking in and revealing system flaws

14. DATA BREACHES
Data breach occurs when an
organization loses control over
its information to outsiders

15. CREDIT CARD FRAUD/THEFT
Theft of credit card data is one of the most
feared occurrences on the Internet. Fear
that credit card information will be stolen
prevents users from making online
purchases

16. IDENTITY FRAUD
Identity fraud involves the
unauthorized use of another
person’s personal data for illegal
financial benefit

17. SPOOFING, PHARMING, AND SPAM (JUNK) WEBSITES
Spoofing involves attempting to hide a true identity by using someone else’s
e-mail or IP address
Pharming automatically redirecting a web link to an address different from
the intended one, with the site masquerading as the intended destination
Spam (junk) websites also referred to as link farms; promise to offer
products or services, but in fact are just collections of advertisements

18. SNIFFING AND MAN-IN-THE-MIDDLE ATTACKS
Sniffer a type of eavesdropping program that monitors information traveling
over a network
Man-in-the-middle (MitM) attack attack in which the attacker is able to
intercept communications between two parties who believe they are directly
communicating with one another, when in fact the attacker is controlling the
communications

19. DENIAL OF SERVICE (DOS) AND DISTRIBUTED DENIAL OF SERVICE
(DDOS) ATTACKS
Denial of Service (DoS) attack flooding a website with useless
traffic to inundate and overwhelm the network
Distributed Denial of Service (DDoS) attack using numerous
computers to attack the target network from numerous
launch point

20. INSIDER ATTACKS
Indicate that insiders are more likely
to be the source of cyberattacks
than outsiders, and to cause more
damage to an organization

21. POORLY DESIGNED SOFTWARE
SQL injection attack takes advantage of poorly coded web application software that
fails to properly validate or filter data entered by a user on a web page
Zero-day vulnerability software vulnerability that has been previously unreported
and for which no patch yet exists
Heartbleed bug flaw in OpenSSL encryption system that allowed hackers to decrypt
an SSL session and discover user names, passwords, and other user data

22. TITLE LOREM IPSUM DOLOR SIT AMET
2017
Lorem ipsum dolor sit amet
2018
Lorem ipsum dolor sit amet
2019
Lorem ipsum dolor sit amet