0
0
Answer Now
Comment
Report
7
Answers
Hello, guys! Ensuring the security of your e-commerce business is a necessary aspect of managing your business. I can recommend you to take a closer look at the website of eCommerce software developers for more info. Here I found a lot of useful information on this subject. Good luck to you, friends!
Important Note โ Preparing for IT?
CAKART provides Indias top faculty each subject video classes and lectures โ online & in Pen Drive/ DVD โ at very cost effective rates. Get video classes from CAKART.in. Quality is much better than local tuition, so results are much better.
Watch Sample Video Now by clicking on the link(s) below โ
For any questions Request A Call Back
Integrity: prevention against unauthorized data modification
Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
Authenticity: authentication of data source
Confidentiality: protection against unauthorized data disclosure
A procedure that recognizes, reduces, or eliminates a threat
1. Intellectual property protection
โ Legislature
โ Authentication
2. Client computer protection
โ Privacy -- Cookie blockers; Anonymizer
โ Digital certificate (Figure 5.9)
โ Browser protection
โ Antivirus software
โ Computer forensics expert
3. Communication channel protection
โ Encryption
1. Integrity: prevention against unauthorized data modification
2. Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
3. Authenticity: authentication of data source
4. Confidentiality: protection against unauthorized data disclosure
5. Privacy: provision of data control and disclosure
6. Availability: prevention against data delays or removal
Dear Friend
> E-commerce security
To achieve highest degree of security New technologies Organizational policies and procedures Industry standards and government laws Other factors Time value of money Cost of security vs. potential loss Security often breaks at weakest .
It is a procedure that followed by entity and others so secure every thing related to them and e-commerce.
Thanks
**E-COMMERCE SECURITY**
E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or
destruction. It can be measured on the following dimensions.
โ Integrity : Prevention against unauthorized data modification
โ Authenticity : Authentication of data source
โ Confidentiality : Protection against unauthorized data disclosure
โ Privacy : Provision of data control and disclosure
โ Availability : Prevention against data delays or removal
โ Non-repudiation : Prevention against any party from reneging on an agreement after the fact
Thanks
E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.
6 dimensions of e-commerce security (Table 5.1)
1. Integrity: prevention against unauthorized data modification
2. Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
3. Authenticity: authentication of data source
4. Confidentiality: protection against unauthorized data disclosure
5. Privacy: provision of data control and disclosure
6. Availability: prevention against data delays or removal
E-COMMERCE THREATS (Figure 5.4)
Threats: anyone with the capability, technology, opportunity, and intent to do harm.Potential threats can be foreign or domestic, internal or external, state-sponsored or a single rogue element.Terrorists, insiders, disgruntled employees, and hackers are included in this profile (President's Commission on Critical Infrastructure Protection)
Concern
2001
2000
Loss of Privacy/confidentiality, data misuse/abuse
28%
25%
Cracking, eavesdropping, spoofing, rootkits
25%
20%
Viruses, Trojans, worms, hostile ActiveX and Java
21%
26%
System unavailability, denial of service, natural disasters, power interruptions
18%
20%
2001 Information Security Industry Survey
1. Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g., music downloading, domain name (cybersquatting), software pirating
2. Client computer threats
โ Trojan horse
โ Active contents
โ Viruses
3. Communication channel threats
โ Sniffer program
โ Backdoor
โ Spoofing
โ Denial-of-service
4. Server threats
โ Privilege setting
โ Server Side Include (SSI), Common Gateway Interface (CGI)
โ File transfer
โ Spamming
COUNTERMEASURE (Figure 5.5)
A procedure that recognizes, reduces, or eliminates a threat
1. Intellectual property protection
โ Legislature
โ Authentication
2. Client computer protection
โ Privacy -- Cookie blockers; Anonymizer
โ Digital certificate (Figure 5.9)
โ Browser protection
โ Antivirus software
โ Computer forensics expert
3. Communication channel protection
โ Encryption
* Public-key encryption (asymmetric) vs Private-key encryption (symmetric) (Figure 5-6)
* Encryption standard: Data Encryption Standard (DES), Advanced Encryption Standard (AES)
โ Protocol
* Secure Sockets Layer (SSL) (Figure 5.10)
* Secure HyperText Transfer Protocol (S-HTTP)
โ Digital signature (Figure 5-7)
Bind the message originator with the exact contents of the message
โA hash function is used to transform messages into a 128-bit digest (message digest).
โThe senderโs private key is used to encrypt the message digest (digital signature)
โThe message + signature are sent to the receiver
โThe recipient uses the hash function to recalculate the message digest
โThe senderโs public key is used to decrypt the message digest
โCheck to see if the recalculated message digest = decrypted message digest
4. Server protection
โ Access control and authentication
* Digital signature from user
* Username and password
* Access control list
โ Firewalls (Figure 5.11)
International Computer Security Association's classification:
ยท Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list of trusted addresses (prone to IP spoofing)
ยท Application level proxy server: examines the application used for each individual IP packet (e.g., HTTP, FTP) to verify its authenticity.
ยท Stateful packet inspection: examines all parts of the IP packet to determine whether or not to accept or reject the requested communication.
HOW TO MINIMIZE SECURITY THREATS (Figure 5.12)
1. Perform a risk assessment ร a list of information assets and their value to the firm
2. Develop a security policy ร a written statement on:
* what assets to protect from whom?
* why these assets are being protected?
* who is responsible for what protection?
* which behaviors are acceptable and unacceptable?
3. Develop an implementation plan ร a set of action steps to achieve security goals
4. Create a security organization ร a unit to administer the security policy
5. Perform a security audit ร a routine review of access logs and evaluation of security procedures
ELECTRONIC PAYMENT SYSTEMS
A medium of payment between remote buyers and sellers in cyberspace: electronic cash, software wallets, smart cards, credit/debit cards.
Offline payment methods
Number of transactions: cash (42%), check (32%), credit card (18%) (Figure 6.1)
Dollar amount: check(52%), credit card (21%), cash (17%) (Figure 6.2)
Payment systems
Properties
Costs
Advantages
Disadvantages
Electronic cash
e.g., PayPal
โ 31% of US population do not have credit cards
โ micropayments (< $10)
โ Independent
โ Portable
โ Divisible
โ Internet cash transfer: no fixed cost of hardware
โ No distance costs
โ Small processing fee to banks
โ Efficient
โ Less costly
โ Money laundering
โ Forgery
โ Low acceptance
โ Multiple standards
Electronic wallets
e.g., Passport
โ Stores shipping & billing information
โ Encrypted digital certificate
โ Lengthy download for client-side wallets
โ Enter information into checkout forms automatically
โ Client-side wallets are not portable
โ Privacy issue for server-side wallets
Smart cards
e.g., Blue
โ Embedded microchip storing encrypted personal information
โ Time value of money
โ Convenience
โ Need a card reader
โ Card theft
โ Low acceptance
Credit cards
e.g., VeriSign
โ Line of credit
โ Purchase dispute protection
โ Secure Electronic Transaction (SET) Protocol
โ Unpaid balance charge
โ $50 limit on frauds
โ Processing fee
โ Most popular
โ Worldwide acceptance
โ Costly
SECURITY REQUIREMENTS
1. Authentication of merchant and consumer
2. Confidentiality of data
3. Integrity of data
4. Non-repudiation
SECURITY MEASURES
1. Secure Electronic Transaction (SET) protocol: developed jointly by MasterCard and Visa with the goal of providing a secure payment environment for the transmission of credit card data.
Features
SSL
SET
Encryption of data during transmission
Yes
Yes
Confirmation of message integrity
Yes
Yes
Authentication of merchant
Yes
Yes
Authentication of consumer
No
Yes
Transmission of specific data only on a "need know" basis
No
Yes
Inclusion of bank or trusted third party in transaction
No
Yes
No need for merchant to secure credit card data internally
No
Yes
SET payment transaction:
* A shopper makes a purchase and transmits encrypted billing information with his/her digital certificate to the merchant.
* The merchant transfers the SET-coded transaction to a payment card-processing center.
* The processing center decrypts the transaction.
* A certification authority certifies the digital certificate as belonging to the shopper.
* The processing center routes the transaction to the shopper's bank for approval.
* The merchant receives notification from the shopper's bank that the transaction is approved.
* The shopper's payment card account is charged for the transaction amount.
* The merchant ships the merchandize and transmits the transaction amount to the merchant's bank for deposit.
2. Disposable credit numbers: one-time-use credit card numbers (private payment number) are transmitted to the merchant
โ Register with American Express or Discover
โ Download software (a Private Payment icon tray will be displayed on the screen)
โ Shop online
โ Click on the Private Payment icon
โ Log-in
โ Select the credit card to be used
โ View unique, one-time-use credit card number and expiration date
โ Enter the one-time-used credit card number and expiration date into merchant's standard form