Presentation is loading. Please wait.

Presentation is loading. Please wait.

Source: Ecommerce (Chapter 5) Pearson Education

Published byBrook Blankenship Modified over 6 years ago

Similar presentations

Presentation on theme: "Source: Ecommerce (Chapter 5) Pearson Education"— Presentation transcript:

1 Source: Ecommerce (Chapter 5) Pearson Education
E-commerce Security and Payment Systems Source: Ecommerce (Chapter 5) Pearson Education

2 Cyberwar: MAD 2.0 (Mutually assured destruction)
Cyber-offensive actions to destroy aggressors’ Internet and other critical infrastructure Cyberspace has become new battle field with algorithms and computer codes as weaponry The release of Stuxnet in 2010 by US/Israeli task force to disable the software and computers in Iranian uranium enrichment process which reportedly delay the Iran’s ability to make nuclear arms by 5 years

3 Cyberwar: MAD 2.0 (contd..) In 2012, Shamoon virus wiped out data on 75% of the computers on the main network of Saudi Arabia’s Amarco, an US ally In 2012, another DDoS (Distributed Denial of Service) attack on Websites of US financial banks As an example of the modern version of cold war era, the US CyberCommand has mentioned publicly of having 40 cyberteams, including 123 focusing on offensive operations

4 Types of Attacks Against Computer Systems (Cybercrime)
Copyright © 2010 Pearson Education, Inc. Types of Attacks Against Computer Systems (Cybercrime) Source: Based on data from Computer Security Institute, 2009.

5 The E-commerce Security Environment
Copyright © 2010 Pearson Education, Inc. The E-commerce Security Environment Overall size and losses of cybercrime unclear Reporting issues 2008 CSI survey: 49% respondent firms detected security breach Of those that shared numbers, average loss $288,000 Underground economy marketplace Stolen information stored on underground economy servers

6 What Is Good E-commerce Security?
Copyright © 2010 Pearson Education, Inc. What Is Good E-commerce Security? To achieve highest degree of security New technologies Organizational policies and procedures Industry standards and government laws Other factors Time value of money Cost of security vs. potential loss Security often breaks at weakest link

7 The E-commerce Security Environment
Figure 5.1, Page 252

8 Dimensions of E-commerce Security
Integrity ensures that info sent and received has not been altered by unauthorized party Nonrepudiation ability to ensure that participants do not deny (repudiate) their online actions Authenticity ability to identify the person’s identity with whom you are dealing with over the internet Confidentiality authorized to be seen by those who should view it Privacy ability to control who sees your info Availability e-commerce site functions as intended

9 Table 5.3, Page 254

10 The Tension Between Security and Other Values
Ease of use The more security measures added, the more difficult a site is to use, and the slower it becomes Security costs money and too much of it can reduce profitability Public safety and criminal uses of the Internet Use of technology by criminals to plan crimes or threaten nation-state

11 Security Threats in E-commerce Environment
Three key points of vulnerability in e-commerce environment: Client Server Communications pipeline (Internet communications channels)

12 A Typical E-commerce Transaction
Figure 5.2, Page 256

13 Vulnerable Points in an E-commerce Transaction
Figure 5.3, Page 257

14 Most Common Security Threats in the E-commerce Environment
Malicious code (malware, exploits) Exploits are designed to take the advantages of software vulnerabilities in a computer’s operating system, Web browsers, or other software components (e.g., 91% of all Web threats detected by AVG was Blackhole exploit kit as of 2012) Drive-by downloads malware that comes with a downloaded file the user intentionally or unintentionally request (e.g., ads on Websites directed users to malicious sites) Viruses are computer programs to destroy files or reformatting the drives

15 Most Common Security Threats in the E-commerce Environment
Malicious code (malware, exploits) Worms spread from computer to computer without human intervention (e.g., Slammer targeted Microsoft’s SQL server, infecting more than 90% of vulnerable computers worldwide within 10 minutes of its release, crashed Bank of America’s cash machine, took down the Internet connectivity South Korea and caused dip in stock market) Ransomware (scareware) used to solicit money from users by locking up your browser or files and displaying fake notices from FBI or IRS etc

16 Most Common Security Threats in the E-commerce Environment
Malicious code (malware, exploits) Trojan horses appear benign but is a way to introduce viruses or other malicious codes into a computer system Threats at both client and server levels Miscellaneous Trojan downloaders or droppers were found on 95% of computers worldwide at the end of 2012 Backdoors introduce viruses, worms or Trojans that allow an attacker to remotely access a computer (e.g., Downadup is a worm with a Backdoor, Virut is a virus that affects a file type and include Backdoor to install additional threats)

17 Most Common Security Threats in the E-commerce Environment
Malicious code (malware, exploits) Bots, as in robots, are malicious code that can be covertly installed on a computer when connected to the internet. Once installed, they respond to external commands from the attacker. Around 90% of the World’s spam and 80% of malwares are delivered by Botnets. Botnets are a collection of captured bot computers or zombies used to send spam, DDoS attacks, steal information from computers, and store network traffic for later analysis.

18 Most Common Security Threats (cont.)
Potentially unwanted programs (PUPs) Example Vista antispyware 2013 infects computers running Vista which disabled user’s security software, divert the user to scam Websites for more malwares Browser parasites changes user’s browser settings and collect browsing histories Adware displays calls for pop-up ads when you visit sites Spyware may be used to obtain information such as keystrokes, copies of , Instant Messages etc.

19 Most Common Security Threats (cont.)
Phishing Social engineering relies on human curiosity, greed, and gullibility to trick users into taking action that results into downloading malware scams (e.g., Nigerian letter scam) Spear-phishing messages targeting to known customers of a trusted bank or business Identity fraud/theft As per 2012, 1 in every 400 s contained Phishing attack

20 Most Common Security Threats (cont.)
Hacking Hackers intend to gain unauthorized access White hat role is to help identify and fix vulnerabilities Black hat intent on causing harm, breaks into Websites for confidential or proprietary information Grey hat breaks in to expose flaws and report them without disrupting the company. They may even try to profit from the event Crackers have criminal intent Hacktivist are politically motivated which typically attack governments, organizations or individuals for political purposes

21 Most Common Security Threats (cont.)
Cybervandalism: Disrupting, defacing, destroying Web site or stealing personal/corporate information for financial benefit Data breach Losing control over corporate information to outsiders A significant data breach at Zappos.com affected 24 million customers A breach at LinkedIn exposed the data of 6.5 million members

Download ppt "Source: Ecommerce (Chapter 5) Pearson Education"

Similar presentations

CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute.

CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Cyber Crimes.

Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Similar presentations

Ads by Google