Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Risks for an E-Commerce site and how to protect against them.

Published byGerard Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Risks for an E-Commerce site and how to protect against them."— Presentation transcript:

1 Security Risks for an E-Commerce site and how to protect against them.

2 Security Any business that operates online is at risk from Internet threats and so security is vital to successful operation. Identity theft can make customers the victims of serious fraud and damage caused by viruses can close companies down. Businesses need to be able to prove that customers' personal details, such as credit card numbers, will be safe. If this is done well, it can reassure potential customers and widen the potential market.

3 Prevention of Hacking E-commerce sites need to prevent hacking so that the running of their business is undisturbed and, more importantly, their customers' details are not stolen. Specialist software can be used to look at all the ports on a computer and see which are open and which are closed. If a port is open and not being used, that gives a hacker a way in. Therefore, the best way to deter hackers is to make sure unused ports are closed by the firewall.

4 Viruses 'Virus' has become a catch-all term to describe any malicious computer program that can cause an unwanted result when run. There are three main types: viruses, worms and Trojans. To try to prevent virus infections/ anti-virus software must be installed on the web server and all of an e-commerce business/s computers. Not only must it be installed/ but it also must be updated regularly/ ideally every day. New viruses are developed all the time and anti-virus software must have the latest defences to provide the best protection possible. All computer users must be wary of email attachments/ down loading files/ floppy disks and any unsolicited communication.

5 Hacking -when someone attempts to enter a computer system with the aim of stealing data, damaging the system or just to show that they can. Virus- a man made program or piece of code that causes an unexpected, usually negative, event and is self-replicating. It is often disguised as a game or image with a clever marketing title, such as officeparty jpg, and attached to an email or a down load file. Worm- a virus that resides in the active memory of a computer and duplicates itself. It may send copies of itself to other computers, such as through email or Internet Relay Chat (I RC). Trojan- a malicious program that pretends to be a benign application, but purposely does something the user does not expect. Trojans are technically not viruses since they do not replicate, but can be just as destructive. If left in a computer system, provides 'back door' access to the hard drive and data.

6 Activity Research further into recent viruses and the effects they had on businesses and the public. Make notes for future reference. Categorise each of the viruses as virus/ worm or Trojan. Some examples if you are stuck are: Melissa ILOVEYOU Nimda MyDoom Storm Worm

7 Identity theft is a relatively new form of crime that has had a recent upsurge and has been highlighted in the media. Identity theft involves a thief who has stolen the personal details of their victim and uses them to apply for services such as credit cards/ loans and mortgages under the guise of their victim. This crime is difficult to detect if the thief has a great deal of information about the victim. The crime is often detected when the victim receives correspondence requesting payment for the thief's spending. Tracing the thief is also difficult/ although possible by following the paper trail of all the correspondence received. The type of customer details stored by e-commerce businesses provides enough information to commit identity theft so it is very important that all e-commerce businesses protect their customers data with every method possible as described on the next slides.

8 Firewall impact on site performance A firewall builds a protective virtual barrier around a computer or a network of computers so that only authorised programs can access the data. It sets up a gateway and only allows authorised traffic through the gateway. Incoming data is inspected and only allowed through if it is legitimate. This is done by the opening and closing of ports. If ports are left open a back door becomes available for hackers to enter the system. When a user views a website that has passed through a firewall they might not see all of the features on the site. This is because the security policies on the firewall can be set to block certain types of scripts running on the users computer. This is done to prevent viruses and hackers attacking the system. When a security policy is decided for a firewall the administrator must balance the need for high security with the possibility of losing functionality from websites.

9 Secure sockets layer Secure sockets layer (SSL) is a cryptographic protocol that provides secure communication on the Internet. It provides endpoint authentication/ meaning that both the server and the client need to be identified and confirm that they are who they say they are. This is done by public key encryption and certificate- based authentication.

10 Identity theft - occurs when a victim's details are stolen and someone else pretends to be him or her, for example applying for financial products and making purchases. Firewall - a piece of software that protects the system from unauthorised access. This is especially important for web servers. Public key encryption- a method of coding information so that only the people with the right key at both ends of the communication can decode it. Certificate-based authentication - a method of cryptography which prevents data being read by unauthorised parties. HTTPS- stands for secure hypertext transfer protocol. Encryption- a method of encoding that is difficult to decipher by unauthorised parties. It uses prime numbers. The higher the prime number, the stronger the encryption.

11 HTTPS is the protocol usually used by websites on the Internet. HTTPS is a secure version of the protocol, which uses encryption to protect the data entered on the site. This protocol is usually used when customers are entering their payment details. RSA certificates are a method of coding information so that the people at either end are identified by a digital certificate, coupled with a digital signature. These can confirm the identity of the sender or recipient.

12 Strong Passwords It is vital for all computer users to use strong passwords. This is especially important for web servers and other e -commerce systems. A strong password should have: both letters and numbers both capitals and lowercase symbols such as * or# more than eight characters. Hackers can take advantage of weak passwords, especially those which are easy to guess. If a password is personal to the user, for example a pet's name, it will not take too much effort for a hacker to guess it. Software programs, called password crackers, can run through many possible combinations of characters and test whether each one is the chosen password. The stronger the password, the longer this software will take to work it out, and the more likely hackers will be to go on to try a different website. They are not likely to spend time working their way into a w ell-protected site. Does the password 10gbsotw seem easy to remember?

13 Alternative authentication methods A new authentication method that is slowly becoming more popular is the use of digital signatures. These are the electronic equivalent of the traditional signatures that have been used for hundreds of years as a personal authentication method. A digital signature allows someone to authenticate a document over the Internet. For example, a customer setting up a direct debit payment would traditionally need to wait for the paperwork to be posted to them, sign it, then return it. Now digital signatures can be used to authenticate the documents immediately anywhere in the world. This benefits both the customers and businesses.

14 Mega Fun Land To help keep the Mega Fun Land site safe…. What measures will you take to protect your business and your customers' details? What steps will you take for fraud protection, hackers and viruses? How will you ensure that customers have faith in your business? When discussing benefits and drawbacks, ensure you stay objective and give a balanced account of both. Stretch Activity If you have finished this activity I would like you to have a look at the following sites and research into legislation governing e-commerce sites. www.ico.gov.uk www.direct.gov.uk

Download ppt "Security Risks for an E-Commerce site and how to protect against them."

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
E-Commerce: Security LO: Create a leaflet discussing security issues Give examples of security issues Illustrate how businesses/individuals can protect.

E-Commerce: Security LO: Create a leaflet discussing security issues Give examples of security issues Illustrate how businesses/individuals can protect.
UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.

UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.
Implications and Security Issues of the Internet By Neelesh Patel.

Implications and Security Issues of the Internet By Neelesh Patel.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Hacking, Viruses and the Copyright Law. Learning Objectives  Describe what Hacking is and what Viruses are.  List what viruses can do and describe how.

Hacking, Viruses and the Copyright Law. Learning Objectives  Describe what Hacking is and what Viruses are.  List what viruses can do and describe how.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.

Similar presentations

Ads by Google