SlideShare uma empresa Scribd logo

Ecommerce security

Transferir como PPTX, PDF
P
politegcuf

This lecture is deliver by MAM Shafia the lecturer in GCUF on ecommerce security and modify by syed Mubashair Abid

EducaçãoTecnologia
1 de 22
E-Commerce Security
The E-Commerce Security Environment  For most law-abiding citizens, the Internet holds the promise of a huge and convenient global marketplace  For criminals, the Internet has created entirely new – and profitable – ways to steal from the more than one billion Internet consumers worldwide  From products to services to cash to information, it’s all there for the taking on the Internet  It’s also less risky to steal online  For example, rather than rob a bank in person, the Internet makes it possible to rob people
The Scope of the Problem  Cybercrime is becoming a more significant problem for both organizations and consumers  Bot networks, DDoS attacks, Trojans, phishing, data theft, identify theft, credit card fraud, and spyware are just some of the threats that are making daily headlines  Even social networking sites have had security breaches  For example, an individual hacked into Britney Spears’ Twitter account and began sending messages saying the singer had died
The Scope of the Problem (cont.)  One source of cybercrime information is the Internet Crime Complaint Center (IC3)  In 2010, the IC3 processed more than 303,000 Internet crime complaints and it was estimated that in 2009 the total dollar loss for all referred crimes was $559 million  In the past, auction fraud constituted over 70% of complaints, but in 2010 it was only 10%, displaced by non payment/delivery (21%) and identity theft (16%)  The Computer Security Institute’s annual Computer Crime and Security Survey is another source of information
Types of Attacks Against Compute r Systems (Figure)
The Underground Economy Marketplace: The Value of Stolen Information  Criminals who steal information on the Internet do not always use this information themselves, but instead derive value by selling the information to others  Some recently observed prices for stolen information, which typically vary depending on the quantity being purchased  Not every cybercriminal is necessary after money  In some cases, such criminals aim to deface, vandalize, and/or disrupt a Web site, rather than actually steal goods or services
What is Good E-Commerce Security?  What is a secure commercial transaction?  Anytime you go into a marketplace you take risks, including the loss of privacy  E-commerce merchants and consumers face many of the same risks as participants in traditional commerce, although in a new digital environment  Reducing risks in e-commerce is a complex process that involves new technologies, organizational policies and procedures, and new laws and industry standards that empower law enforcement officials to investigate and prosecute offenders
The E-Commerce Security Environment
The Tension Between Security and Other Values  Can there be too much security? The answer is yes.  Computer security adds overhead and expense to business operations  Expanding computer security also has other downsides:  Makes systems more difficult to use  Slows down processors  Increases data storage demands  May reduce individual’s abilities to remain anonymous
Security Threats in the E- Commerce Environment  From a technological perspective, there are three key points of vulnerability when dealing with e- commerce: the client, the server, and the communications pipeline  Figure 5.4 illustrates some of the things that can go wrong at each major vulnerability point in the transaction
A Typical E-Commerce Transaction
Vulnerable Points in an E- Commerce Transaction
Common E-Commerce Security Threats  Some of the most common and most damaging forms of security threats to e-commerce consumers and site operators include:  Malicious code (malware) – virus, worm, Trojan horse, bots, etc.  Unwanted programs (spyware)  Phishing and identify theft – social engineering  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming) and spam (junk) websites  Denial of service (DoS) attacks  Insider attacks  Poorly designed server and client software  Social networks and mobile devices greatly expand the security threats to organizations and individuals
Technology Solutions  It might seem like there is not much that can be done about the onslaught of security breaches on the Internet  But in fact a great deal of progress has been made by private security firms, corporate and home users, network administrators, technology firms, and government agencies  Two lines of defense include:  Technology solutions  Policy solutions
Encryption  Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver  The purpose of encryption is to secure stored information and to secure information transmission  One early encryption method was symmetric key encryption where both the sender and the receiver use the same key to encrypt and decrypt the message  They had to send the key to each other over some communications media or in person
Public Key Cryptography
Limitations to Encryption Solutions  All forms of encryption have limitations  It is not effective against insiders  Protecting private keys may also be difficult because they are stored on insecure desktop and laptop computers  Additional technology solutions exist for securing channels of communications, networks, and servers/clients
Communication Channel, Network, and Server/Client Security Technologies  Communication channel security technologies:  Secure Sockets Layer (SSL)  Virtual Private Networks (VPNs)  Network protection technologies:  Firewalls  Proxy servers  Server/client protection technologies  Operating system security enhancements  Anti-virus software
Management Policies, Business Procedures, and Public Laws  US businesses and government agencies spend about 14% of their information technology budgets on security hardware, software, and services (about $35 billion in 2010)  However, most CEOs and CIOs of existing e- commerce operations believe that technology is not the sole answer to managing the risk of e- commerce  An e-commerce security plan would include a risk assessment, development of a security policy, implementation plan, creation of a security organization, and a security audit  Implementation may involve expanded forms of
The Roles of Laws and Public Policy  The public policy environment today is very different fro the early days of e-commerce  The net result is that the Internet is no longer an ungoverned, unsupervised, self-controlled technology juggernaut  It is also apparent that legal and public policy solutions also need to be enacted globally
Government Policies and Controls on Encryption Software  An interesting example of the difficulties involved in enhancing security is the case of encryption software distribution  Governments have required to restrict availability and export of encryption systems as a means of detecting and preventing crime and terrorism  On one hand, restricting global distribution of advanced encryption systems may reduce the likelihood that they may be cracked  But it also reduces global Internet security if different countries have different levels of protection

Recomendados

Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerceBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptxKrishnaGupta769783
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Bank Fraud & Data Forensics
Bank Fraud & Data ForensicsBank Fraud & Data Forensics
Bank Fraud & Data Forensicswhbrown5
 
History of E commerce- Brief History
History of E commerce- Brief HistoryHistory of E commerce- Brief History
History of E commerce- Brief HistoryJustine Therese Zamora
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 

Recomendados

Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerceBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptxKrishnaGupta769783
 
Information system ethics
Information system ethicsInformation system ethics
Information system ethicsKriscila Yumul
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Bank Fraud & Data Forensics
Bank Fraud & Data ForensicsBank Fraud & Data Forensics
Bank Fraud & Data Forensicswhbrown5
 
History of E commerce- Brief History
History of E commerce- Brief HistoryHistory of E commerce- Brief History
History of E commerce- Brief HistoryJustine Therese Zamora
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ICFAI Business School
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and FraudsQuick Heal Technologies Ltd.
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Hacker Hunters Case Study
Hacker Hunters Case StudyHacker Hunters Case Study
Hacker Hunters Case StudyFableeha Choudhury
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trendsHadeel Sadiq Obaid
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Cyber Fraud
Cyber Fraud Cyber Fraud
Cyber Fraud Dixita S
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
E business security
E business securityE business security
E business securitySameer Sharma
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banksNetwork Intelligence India
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPTNitesh Dubey
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Generic social media presentation
Generic social media presentationGeneric social media presentation
Generic social media presentationDarren Copeland
 
E comm jatin
E comm jatinE comm jatin
E comm jatinJatin Mandhyan
 

Mais conteúdo relacionado

Mais procurados

Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trendsHadeel Sadiq Obaid
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Cyber Fraud
Cyber Fraud Cyber Fraud
Cyber Fraud Dixita S
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPTNitesh Dubey
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 

Mais procurados (20)

Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 
ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS ELECTRONIC FRAUD TACTICS
ELECTRONIC FRAUD TACTICS
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
Hacker Hunters Case Study
Hacker Hunters Case StudyHacker Hunters Case Study
Hacker Hunters Case Study
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security threats and trends
Cyber security threats and trendsCyber security threats and trends
Cyber security threats and trends
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Cyber Fraud
Cyber Fraud Cyber Fraud
Cyber Fraud
 
Cyber security
Cyber securityCyber security
Cyber security
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
E business security
E business securityE business security
E business security
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPT
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 

Destaque

Generic social media presentation
Generic social media presentationGeneric social media presentation
Generic social media presentationDarren Copeland
 
Zastita i sigurnost elektronskog poslovanja 2
Zastita i sigurnost elektronskog poslovanja 2Zastita i sigurnost elektronskog poslovanja 2
Zastita i sigurnost elektronskog poslovanja 2Ivan Rabrenovic
 
Zaštita i sigurnost u elektronskom poslovanju
Zaštita i sigurnost u elektronskom poslovanjuZaštita i sigurnost u elektronskom poslovanju
Zaštita i sigurnost u elektronskom poslovanjuMaja Todorovic
 
User-Centered Information Architecture for e-commerce
User-Centered Information Architecture for e-commerceUser-Centered Information Architecture for e-commerce
User-Centered Information Architecture for e-commerceSøren Engelbrecht
 
AWS_Architecture_e-commerce
AWS_Architecture_e-commerceAWS_Architecture_e-commerce
AWS_Architecture_e-commerceSEONGTAEK OH
 
E commerce infrastructure
E commerce infrastructureE commerce infrastructure
E commerce infrastructureRaj vardhan
 
Design and Instantiation of Reference Architecture for Pluggable Service Plat...
Design and Instantiation of Reference Architecture for Pluggable Service Plat...Design and Instantiation of Reference Architecture for Pluggable Service Plat...
Design and Instantiation of Reference Architecture for Pluggable Service Plat...Mohammad Anggasta Paramartha
 
6 THREE WAYS OF MEASURING CRIME
6 THREE WAYS OF MEASURING CRIME6 THREE WAYS OF MEASURING CRIME
6 THREE WAYS OF MEASURING CRIMEmattyp99
 
I way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-CommerceI way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-Commercemc aa
 
B2B and e-commerce Architecture
B2B and e-commerce ArchitectureB2B and e-commerce Architecture
B2B and e-commerce ArchitectureSonia Grover
 
Taxonomies and Metadata in Information Architecture
Taxonomies and Metadata in Information ArchitectureTaxonomies and Metadata in Information Architecture
Taxonomies and Metadata in Information ArchitectureAccess Innovations, Inc.
 
E commerce ( system analysis ) chapter 4
E commerce ( system analysis ) chapter 4E commerce ( system analysis ) chapter 4
E commerce ( system analysis ) chapter 4Qamar Farooq
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
Architecture for B2B models in Ecommerce
Architecture for B2B models in EcommerceArchitecture for B2B models in Ecommerce
Architecture for B2B models in EcommerceNirbhik Jangid
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1iasaglobal
 

Destaque (20)

Generic social media presentation
Generic social media presentationGeneric social media presentation
Generic social media presentation
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Zastita i sigurnost elektronskog poslovanja 2
Zastita i sigurnost elektronskog poslovanja 2Zastita i sigurnost elektronskog poslovanja 2
Zastita i sigurnost elektronskog poslovanja 2
 
Zaštita i sigurnost u elektronskom poslovanju
Zaštita i sigurnost u elektronskom poslovanjuZaštita i sigurnost u elektronskom poslovanju
Zaštita i sigurnost u elektronskom poslovanju
 
User-Centered Information Architecture for e-commerce
User-Centered Information Architecture for e-commerceUser-Centered Information Architecture for e-commerce
User-Centered Information Architecture for e-commerce
 
AWS_Architecture_e-commerce
AWS_Architecture_e-commerceAWS_Architecture_e-commerce
AWS_Architecture_e-commerce
 
Crime statistics
Crime statisticsCrime statistics
Crime statistics
 
SAP Architecture E commerce
SAP Architecture E commerceSAP Architecture E commerce
SAP Architecture E commerce
 
E commerce infrastructure
E commerce infrastructureE commerce infrastructure
E commerce infrastructure
 
Cloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-CommerceCloud Customer Architecture for e-Commerce
Cloud Customer Architecture for e-Commerce
 
Design and Instantiation of Reference Architecture for Pluggable Service Plat...
Design and Instantiation of Reference Architecture for Pluggable Service Plat...Design and Instantiation of Reference Architecture for Pluggable Service Plat...
Design and Instantiation of Reference Architecture for Pluggable Service Plat...
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce Security
 
6 THREE WAYS OF MEASURING CRIME
6 THREE WAYS OF MEASURING CRIME6 THREE WAYS OF MEASURING CRIME
6 THREE WAYS OF MEASURING CRIME
 
I way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-CommerceI way - Network Infrastructure for e-Commerce
I way - Network Infrastructure for e-Commerce
 
B2B and e-commerce Architecture
B2B and e-commerce ArchitectureB2B and e-commerce Architecture
B2B and e-commerce Architecture
 
Taxonomies and Metadata in Information Architecture
Taxonomies and Metadata in Information ArchitectureTaxonomies and Metadata in Information Architecture
Taxonomies and Metadata in Information Architecture
 
E commerce ( system analysis ) chapter 4
E commerce ( system analysis ) chapter 4E commerce ( system analysis ) chapter 4
E commerce ( system analysis ) chapter 4
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
Architecture for B2B models in Ecommerce
Architecture for B2B models in EcommerceArchitecture for B2B models in Ecommerce
Architecture for B2B models in Ecommerce
 
Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1Introduction to Enterprise Architecture and TOGAF 9.1
Introduction to Enterprise Architecture and TOGAF 9.1
 

Semelhante a Ecommerce security

5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptxnivi55
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Cyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdfCyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdfmessengerhelper4
 
Cyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdfCyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdfmessengerhelper4
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonnORagh
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docxMarcusBrown87
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 

Semelhante a Ecommerce security (20)

5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
C018131821
C018131821C018131821
C018131821
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Module 1.pptx
Module 1.pptxModule 1.pptx
Module 1.pptx
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Cyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdfCyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdf
 
Cyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdfCyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdf
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
 
UNIT 5.docx
UNIT 5.docxUNIT 5.docx
UNIT 5.docx
 
1402.1842.pdf
1402.1842.pdf1402.1842.pdf
1402.1842.pdf
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 

Último

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 

Último (20)

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 

Ecommerce security

  • 2. The E-Commerce Security Environment  For most law-abiding citizens, the Internet holds the promise of a huge and convenient global marketplace  For criminals, the Internet has created entirely new – and profitable – ways to steal from the more than one billion Internet consumers worldwide  From products to services to cash to information, it’s all there for the taking on the Internet  It’s also less risky to steal online  For example, rather than rob a bank in person, the Internet makes it possible to rob people
  • 3. The Scope of the Problem  Cybercrime is becoming a more significant problem for both organizations and consumers  Bot networks, DDoS attacks, Trojans, phishing, data theft, identify theft, credit card fraud, and spyware are just some of the threats that are making daily headlines  Even social networking sites have had security breaches  For example, an individual hacked into Britney Spears’ Twitter account and began sending messages saying the singer had died
  • 4. The Scope of the Problem (cont.)  One source of cybercrime information is the Internet Crime Complaint Center (IC3)  In 2010, the IC3 processed more than 303,000 Internet crime complaints and it was estimated that in 2009 the total dollar loss for all referred crimes was $559 million  In the past, auction fraud constituted over 70% of complaints, but in 2010 it was only 10%, displaced by non payment/delivery (21%) and identity theft (16%)  The Computer Security Institute’s annual Computer Crime and Security Survey is another source of information
  • 6. The Underground Economy Marketplace: The Value of Stolen Information  Criminals who steal information on the Internet do not always use this information themselves, but instead derive value by selling the information to others  Some recently observed prices for stolen information, which typically vary depending on the quantity being purchased  Not every cybercriminal is necessary after money  In some cases, such criminals aim to deface, vandalize, and/or disrupt a Web site, rather than actually steal goods or services
  • 7. What is Good E-Commerce Security?  What is a secure commercial transaction?  Anytime you go into a marketplace you take risks, including the loss of privacy  E-commerce merchants and consumers face many of the same risks as participants in traditional commerce, although in a new digital environment  Reducing risks in e-commerce is a complex process that involves new technologies, organizational policies and procedures, and new laws and industry standards that empower law enforcement officials to investigate and prosecute offenders
  • 9.
  • 10. The Tension Between Security and Other Values  Can there be too much security? The answer is yes.  Computer security adds overhead and expense to business operations  Expanding computer security also has other downsides:  Makes systems more difficult to use  Slows down processors  Increases data storage demands  May reduce individual’s abilities to remain anonymous
  • 11. Security Threats in the E- Commerce Environment  From a technological perspective, there are three key points of vulnerability when dealing with e- commerce: the client, the server, and the communications pipeline  Figure 5.4 illustrates some of the things that can go wrong at each major vulnerability point in the transaction
  • 13. Vulnerable Points in an E- Commerce Transaction
  • 14. Common E-Commerce Security Threats  Some of the most common and most damaging forms of security threats to e-commerce consumers and site operators include:  Malicious code (malware) – virus, worm, Trojan horse, bots, etc.  Unwanted programs (spyware)  Phishing and identify theft – social engineering  Hacking and cybervandalism  Credit card fraud/theft  Spoofing (pharming) and spam (junk) websites  Denial of service (DoS) attacks  Insider attacks  Poorly designed server and client software  Social networks and mobile devices greatly expand the security threats to organizations and individuals
  • 15. Technology Solutions  It might seem like there is not much that can be done about the onslaught of security breaches on the Internet  But in fact a great deal of progress has been made by private security firms, corporate and home users, network administrators, technology firms, and government agencies  Two lines of defense include:  Technology solutions  Policy solutions
  • 16. Encryption  Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver  The purpose of encryption is to secure stored information and to secure information transmission  One early encryption method was symmetric key encryption where both the sender and the receiver use the same key to encrypt and decrypt the message  They had to send the key to each other over some communications media or in person
  • 18. Limitations to Encryption Solutions  All forms of encryption have limitations  It is not effective against insiders  Protecting private keys may also be difficult because they are stored on insecure desktop and laptop computers  Additional technology solutions exist for securing channels of communications, networks, and servers/clients
  • 19. Communication Channel, Network, and Server/Client Security Technologies  Communication channel security technologies:  Secure Sockets Layer (SSL)  Virtual Private Networks (VPNs)  Network protection technologies:  Firewalls  Proxy servers  Server/client protection technologies  Operating system security enhancements  Anti-virus software
  • 20. Management Policies, Business Procedures, and Public Laws  US businesses and government agencies spend about 14% of their information technology budgets on security hardware, software, and services (about $35 billion in 2010)  However, most CEOs and CIOs of existing e- commerce operations believe that technology is not the sole answer to managing the risk of e- commerce  An e-commerce security plan would include a risk assessment, development of a security policy, implementation plan, creation of a security organization, and a security audit  Implementation may involve expanded forms of
  • 21. The Roles of Laws and Public Policy  The public policy environment today is very different fro the early days of e-commerce  The net result is that the Internet is no longer an ungoverned, unsupervised, self-controlled technology juggernaut  It is also apparent that legal and public policy solutions also need to be enacted globally
  • 22. Government Policies and Controls on Encryption Software  An interesting example of the difficulties involved in enhancing security is the case of encryption software distribution  Governments have required to restrict availability and export of encryption systems as a means of detecting and preventing crime and terrorism  On one hand, restricting global distribution of advanced encryption systems may reduce the likelihood that they may be cracked  But it also reduces global Internet security if different countries have different levels of protection