SlideShare uma empresa Scribd logo

E-commerce Security and Threats

Transferir como DOC, PDF
B
BPalmer13

The E-commerce environment allows companies such as Amazon, EBay, PayPal, financial institutions, and other e-commerce companies alike to allocate services to the consumer over the Internet resulting in the luxury of consumers not visiting a physical store. However, with that luxury also welcomes the risk of threats such as hackers and their various attacks on e-commerce sites and its consumers. To mitigate such risks, adequate security tools are implemented by companies to protect consumers from being victims of identity theft. However, some of the security tools implemented can have limitations in regards to protecting the required assets. In addition, companies offering e-commerce services should invest in additional security controls to implement into their network infrastructure to ensure a safe online environment for their consumers.

Tecnologia
1 de 18
E-commerce Specific Solution in E-commerce Brian D. Palmer University of Maryland University College Dr. Chen INFA 620 August 7, 2012 1
E-commerce 2 The E-commerce environment allows companies such as Amazon, EBay, PayPal, financial institutions, and other e-commerce companies alike to allocate services to the consumer over the Internet resulting in the luxury of consumers not visiting a physical store. However, with that luxury also welcomes the risk of threats such as hackers and their various attacks on e-commerce sites and its consumers. To mitigate such risks, adequate security tools are implemented by companies to protect consumers from being victims of identity theft. However, some of the security tools implemented can have limitations in regards to protecting the required assets. In addition, companies offering ecommerce services should invest in additional security controls to implement into their network infrastructure to ensure a safe online environment for their consumers. Over the years e-commerce has become more popular and convenient for both companies and consumers. For companies, e-commerce reduces cost and creates new market opportunities (Brooghani, 2010). This service over the Internet offers consumers the ability to shop, transfer funds, and sell goods from home, mobile device, or on the go. With this luxury, also comes a growing concern with the security of consumers’ information such as account numbers, social security numbers, e-mail addresses, etc. The movement of data from a browser to a server and back is vulnerable to an attack by an outside threat (Brooghani, 2010). There has been an overwhelming fear by consumers if e-commerce sites are safe and can be trusted with private information. The invading of this private information through unauthorized means is a risk that will continue to exist. Security relates to the ability of a company to protect its consumers online and prevent online fraud through security measures (Mandic, 2009). Security controls are implemented by companies to prevent an attack, but at the same time continuously allow
E-commerce 3 controlled access to the network to authorized users (Brooghani, 2010). The common ebusiness security controls include but not limited to firewall software, intrusion detection systems, secure electronic payment protocol, secure sockets layer(SSL), etc (Otuteye, 2003). However, with any security control implemented come limitations that could cause a system to be vulnerable to securing the required assets. With that said, no system of security is fool proof, so there may be a need to add additional security software/hardware to compliment the existing security controls currently in place. Firewalls (software or hardware) are implemented to protect the network from attack by viruses and hackers. The two key components in regards to enterprise networks are all inside and outside traffic must pass through the firewall. In addition, only authorized traffic based on the enterprises’ security policy is allowed transit. The firewall itself must be immune to penetration in order support advanced authentication techniques such as smart cards and one-time passwords (Ahamed, Ansari, Kubendran,, 2011). The four main firewalls used are packet filters, application gateways, circuit-level gateways, and stateful packet-inspection. For example, a large company like Motorola, might place a firewall at the outside of the system, and connect it to a gateway computer, and then connect that machine to a router with packet filters, and finally connect the router to the internal computer network (“Firewalls”, 2012). However, firewalls have limitations as stated below: • “Firewalls cannot protect against what has been authorized. Firewalls permit the normal communications of approved applications but if the applications themselves have flaws, a firewall will not stop the attack because, to the firewall, the communication is authorized.
E-commerce • Firewalls are only as effective as the rules they are configured to enforce. An overly permissive rule set will diminish the effectiveness of the firewall. • Firewalls cannot stop social engineering attacks or an authorized user intentionally using their access for malicious purposes. • Firewalls cannot fix poor administrative practices or poorly designed security policies. • Firewalls cannot stop attacks if the traffic does not pass through them.” (Bragg, Rhodes-Ousley, & Strassberg, 2004, p.230) Below is an example of a firewall configuration: (“PCI Compliance”, 2012) 4
E-commerce 5 Secure Sockets Layer (SSL) encrypts data such as credit cards numbers as well other personally identifiable information, which prevents the unauthorized individuals from stealing information for malicious intent. An SSL protected page’s address begins with "https" and there is a padlock icon at the bottom of the page. The user browser cannot secure the entire transaction which is the reason e-commerce sites implement SSL certificate. The SSL certificate is used to encrypt the data and to identify the Web site. In addition, the SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, and the root and the country it was issued in (“SSL”, 2010). However, the limitations are that SSL can be weak and vulnerable to Man-in-the-Middle (MITM) attacks. With the increased use of SSL by companies, hackers are discovering more ways to hack or bypass this authentication technology (Kissoon, 2011). Below is an example of SSL webpage: (“SSL Certificate”, 2012)
E-commerce 6 Secure electronic payment protocol is an open, vendor-neutral, non proprietary, license-free specification for securing on-line transactions developed by International Business Machines (IBM) and MasterCard. This security tool takes input from the negotiation process and causes payment process to occur via a three-way communication among the cardholder, merchant, and acquirer. There are four major business requirements addressed by SEPP which are: 1. “To enable confidentiality of payment information. 2. To ensure integrity of all payment data transmitted 3. To provide authentication that a cardholder is the legitimate owner of a card account. 4. To provide authentication that a merchant can accept MasterCard branded card payments with an acquiring financial institution” (Ahamed et al., 2004, p.1306). However, the privacy of non financial that is not addressed in the SEPP protocol as well as the negotiation and delivery is a limitation. Below is an example of a SEPP transaction between the cardholder, merchant, and acquirer: “The operation of the Secure Electronic Transaction (SET) protocol relies on a sequence of messages. In the first two, the consumer and merchant signal their intention to do business and then exchange certificates and establish a transaction ID number. In the third step, the consumer purchase request contains a signed hash of the goods and services order, which is negotiated outside the protocol. This request is accompanied by the consumer's credit card information, encrypted so that only the merchant's acquiring bank can read it. At this point, the merchant can acknowledge the order to the customer, seeking authorization later (steps five and six) or perform steps five and six first and confirm authorization in step four. Steps seven and eight give the consumer a query capability, while the merchant uses steps nine and ten to submit authorizations for capture and settlement” (Sirbu, 1997, p.1)
E-commerce 7 Hackers are the main threat to the e-commerce environment, however they are responsible for unleashing potential sub-threats such as Man-in-the-Mobile(MITMO), Main-in-the-Browser(MITB) through Trojans(Zeus, Silion, Torpig, and Yaludle), and Man-in-the-Middle(MITM). Phishing attacks can be used as part of the process with the previously mentioned attacks to steal financial information from consumers. The Man-inthe-Middle attack, also known as session hijacking is used by hackers to intrude into an existing connection to intercept the exchanged data and inject false information. It involves eavesdropping on a connection, intruding into a connection, intercepting messages, and modifying data (“Man-in-the-Middle”, 2008, p.1). If a hacker were to capture the cookie that is used to maintain the session state between a consumer’s browser and the genuine website they are logging into, the hacker could present that cookie to the web server and impersonate the connection. The consumer’s financial information is now at risk of being compromised (Sanders, 2010). Below is an example of a normal transmission and MITM attack: A normal transmission where the user logs on to an e-commerce website where the user’s credentials are verified and user gains access to website. (Sanders, 2010)
E-commerce 8 During the session hijacking attack, the hacker is intercepting the communication of a user logging into their account. Using this intercepted communication the hacker will impersonate that user and access the account from their attacking machine (Sanders, 2010) The Man-in-the-Browser attack is an enhancement of the Man-in-the-Middle attacker by using Trojans such as Zeus, Silon, Torpig, Yaludle, etc. The malicious software will modify the content in the victim's browser when they visit the log-in page adding additional form fields to the legitimate Web page. The idea is to phish for information that may be used as a secondary authentication mechanism (Prince, 2010). As a result, MITB enables hackers to steal consumer information such as login credentials, account numbers, and other financial information. During an MITB attack, the fraudulent website will look identical to the legitimate company website, but when the customer enters their account details and one-time-password, the malicious software used will immediately connect to the geniune website and use the details to impersonate the customer and make a fraudulent transaction (Murdoch, 2008). Below is an example of a MITB attack:
E-commerce 9 (Murdoch, 2008) The Man-in-the-Mobile attack uses a Trojan called SpyEye to steal funds during online transactions. The trojan injects fields into the webpage and asks the user to input their mobile phone number and the for International Mobile Equipment Identity (IMEI) of the phone. The user is then told the information is needed so a "certificate", actually the Trojan, can be sent to the phone and is informed that it can take up to three days before the certificate is ready (Heyman, 2011). The message is a cover up to convince the user that the Trojan is a legitimate certificate and to prevent any suspicion. According to Zorn (2011), Managing Editor of Help Net Security, “the trojan is signed with a developer certificate. Developer certificates are tied to certain IMEIs and can only be installed to phones that have an IMEI that is listed in the certificate. This is why the malware author(s) request the IMEI in addition to the phone number on the company’s website. Once they receive new IMEIs, they request an updated certificate with IMEIs for all victims and create a new installer signed with the updated certificate. The delay in
E-commerce 10 getting the new certificate explains why the SpyEye-injected message states it can take up to three days for the certificate to be delivered" (Zorn, 2011, p.1). The MITMO attack targets BlackBerry, Android, Symbian mobile devices. The regions affected are the United States, Europe, Middle East, and Asia. However new targeted countries have emerged such as Russia, Saudi Arabia, Bahrain, Oman, Venezuela, Belarus, Ukraine, Moldova, Estonia, Latvia, Finland, Japan, Hong Kong and Peru (Kirk, 2011). To the contrary of the SpyEye example, there are other MITMO which use similar malicious software to steal a consumer’s financial information. Below is an example of a MITMO attack: (1.) “The user is infected by a Trojan when visiting a compromised website. The site scans the user’s computer for vulnerabilities and, when it finds one, it injects a Trojan. (2.) By monitoring the user’s online activity, the Trojan collects and transmits login credentials, phone numbers and other sensitive data to the attacker. (3.) The attacker sends a phishing SMS to the victim’s cell phone using the number stolen at Step 2. The message is intended to persuade the user to click on a link that will (4.) Upload a mobile Trojan to the user’s cell phone. (5.) The attacker performs an unauthorized funds transfer using the stolen login credentials. (6.) The bank sends an SMS with confirmation code to the compromised cell phone. (7.) The cell phone silently sends this code to the attacker, which is then used to confirm the transaction (8.) Steps 5-8 can be repeated many times, because the Trojan masks true funds amount and displays only the online banking page the user expects to see” (“Online Banking Trojans”, 2012, p.1)
E-commerce 11 The following security controls are recommended solutions for e-commerce companies as additional security to thwart any cyber attacks. The recommended security controls are offered by Trusteer, a private held corporation. The security software offered by Trusteer such as Pinpoint, Mobile and Rapport will assist e-commerce companies in mitigating the discussed threats to ensure a safe online environment. According to Trusteer (2012), Trusteer Cybercrime Prevention Architecture “is the technology foundation of Trusteer’s sustainable security solution, enabling organizations to protect their employees and customers against malware and phishing attacks. It prevents credential theft, account takeover, and sensitive information theft. Trusteer Intelligence Center experts extract emerging Crime Logic (i.e. attack tactics) from threat information gathered by tens of millions of protected endpoints. Trusteer’s clientless and endpoint protection layers are constantly updated to secure users against the evolving threat landscape” (Trusteer, 2012, Cybercrime, para. 1). Below is an example of Trusteer’s Architecture:
E-commerce 12 (Trusteer, 2012) Trusteer’s Pinpoint application allows e-commerce companies to detect and mitigate malware attacks and account takeover activity with easy integration with the company’s online site and fraud prevention processes. Trusteer Pinpoint can alert fraud teams on possible infections or feed risk score to the web application or risk engine to mitigate potential fraud. Trusteer Pinpoint is clientless, completely transparent to end users and does not require any installation of software on the endpoint. The application enables companies to focus fraud prevention processes based on malware risk factors and initiate malware removal with the Trusteer Rapport on infected endpoints. In addition, Trusteer Pinpoint's analysis provides details on the specific malware kit used to generate the malware variant and the malware’s Crime Logic (Trusteer, 2012). In addition, e-commerce companies should implement Trusteer Rapport which can prevent future infections, allowing users to safely execute online monetary transactions (Trusteer, 2012). To protect customers from MITM and MITB attacks, the Rapport software locks down customer browsers and creates a tunnel for secure communication with the e-commerce website. This software prevents attacks such as MITB and MITM by securing user credentials and personal information, stops financial fraud and account takeover. Employees’ endpoints, managed and unmanaged, are protected against advanced malware and spear phishing attacks. Rapport prevents keylogging, screen capturing and application tampering credentials and sensitive data are secured from theft by Cyber criminals (Trusteer, 2012). Software vulnerabilities in mobile operating systems, such as Apple’s iOS and Google’s Android, allow malicious software to infect and take over devices. The MITMO
E-commerce 13 malware aims to steal credentials, tampers with financial transactions and out-of-band authentication and compromises mobile e-commerce applications. To address these issues, Trusteer Mobile provides layered protection against malware attacks by performing real time device risk analysis, end-to-end protection for sensitive transaction data and prevention of sensitive data leakage. Trusteer Mobile includes a secure mobile browser that is used after the device analysis is completed. The embedded browser blocks Man-in-the–Middle (i.e. Pharming) attacks by validating that online banking IP addresses and SSL certificates belong to the genuine site. Once users have logged in, the specific ecommerce company has the capability to leverage the risk score to restrict access to specific data or capabilities and decline approval of specific transactions. In addition, Trusteer Mobile Security SDK adds a protection layer to standalone mobile apps. As a result, developers can embed the Security SDK and use it to adapt their business logic to utilize device risk analysis and transaction protection provided by Trusteer (Trusteer, 2012). Below is an example of the Security SDK mobile app which detects malware on a user’s mobile device: (Trusteer, 2012)
E-commerce 14 Lastly, Trusteer Situation Room is an ongoing risk-assessment service that keeps track of fraudsters and their activities. It will present e-commerce companies with a clear and elaborate picture of threats at various levels including organizational, regional and industry wide. Using Trusteer Situation Room, companies can immediately identify new attacks targeting their systems and customers, and receive accurate analysis of these attacks, their implications, and suggestions for addressing them. Trusteer Situation Room features ongoing reports describing the change in threat over time and the effectiveness of various controls that e-commerce companies has in place against them. It is supported by a professional group of fraud and malware analysts who closely monitor financial fraud activities around the clock (Trusteer, 2012). Below is an example of Trusteer Situation Room: (Trusteer, 2012)
E-commerce 15 The four recommendations mentioned make up Trusteer’s Cybercrime Prevention Architecture (TPCA). Combined with Trusteer’s Intelligence Center, around the clock detection and blocking of new attacks are monitored. Furthermore, e-commerce will benefit from the above mentioned solutions because of the real-time intelligence which can automatically feed into layered fraud prevention and security systems. As a result, ecommerce companies are more knowledgeable of cyber crime attacks against themselves and their consumers. The Trusteer recommended solutions will allow e-commerce companies to proactively protect their e-commerce customers from becoming a victim of identity theft. By receiving real time alerts, e-commerce companies will be able to investigate emerging threats such as suspicious computers, reconnected infected computers, phishing attacks, and new zero day threats. The security software provided by Trusteer will assist ecommerce companies with securing their customers’ browsers from financial malware attacks and fraudulent websites (Trusteer, 2012). The implementation of the discussed recommended solutions will increase e-commerce companies’ visibility of unauthorized intrusion.
E-commerce 16 References Ahmadi-Brooghani, Z. (2010). Security Issues in E-commerce: an Overview. International Review on Computers & Software, 5 (5), 575-580. Retrieved August 4, 2012 from Academic Source Complete. Ahamed, Dr. S., Ansari, A., Kubendran, Dr. V. (2011). Transaction Based Security Issues and Pathways to Effective Electronic Commerce: From Tactics to Strategy. Internatoinal Journal of Engineering Science & Technology, 3(2), 1304-1310. Retrieved August 5, 2012 from Academic Search Complete. Bragg, R., Rhodes-Ousley, M., & Strassberg, K. (2004). The Complete Reference: Network Security. Emeryville, California: McGraw-Hill/Osborne Digicert (2012). Extended Validation EV SSL Certificate. Retrieved August 4, 2012, fromhttp://www.digicert.com/ev-ssl-certification.htm. Ektron Knowledge Base (2012). Info: Understanding PCI Compliance. Retrieved August 4, 2012 from http://dev.ektron.com/kb_article.aspx?id=26304 Firewalls (2012). Firewalls. Retrieved August 4, 2012 from http://www.referenceforbusiness.com/small/Eq-Inc/Firewalls.html Heyman, A. (2011). First SpyEye Attack on Android Mobile Platform now in the Wild. Retrieved August 4, 2012, from http://www.trusteer.com/blog/first-spyeye-attackandroid-mobile-platform-now-wild Kirk, J. (2011). SpyEye Trojan defeating online banking defenses. Retrieved August 4, 2012 from http://www.computerworld.com/s/article/9218645/SpyEye_Trojan_defeating_ online_banking_defenses
E-commerce 17 Kissoon, J. (2011). Secure Socket Layer-An Overview. Retrieved August 4, 2012 from http://www.cleverlogic.net/articles/secure-socket-layer-overview. Mandic, M. (2009). Privacy and Security in E-commerce. Trziste/Market, 21(2), 247-260. Retrieved August 4, 2012 from Business Source Complete Database. Murdoch, S. (2008). 2FA is dead. Retrieved August 5, 2012, from http://blog.cronto.com/index.php?title=2fa_is_dead Online Banking Security (2012). Online Banking Trojans. Retrieved August 4, 2012, from http://www.safensoft.com/print.phtml?c=758 Otuteye, E. (2003). A Systematic Apporach to E-business Security. Retrieved August 4, 2012 from http://www.ausweb.scu.edu.au/aw03/papers/otuteye/paper.html Prince, B. (2010). Understanding Man-in-the-Browser Attacks Targeting Online Banks Retrieved August 4, 2012, from http://securitywatch.eweek.com/exploits_and_attacks/understanding_man-in-thebrowser_attacks.html Sanders, C. (2010). Understanding Man-in-the-Middle Attacks. Retrieved August 4, 2012, from http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-AttacksARP-Part3.html Sirbu, M.(1997). Credits and debits on the Internet. Retrieved August 4, from http://spectrum.ieee.org/telecom/internet/credits-and-debits-on-the-internet/4 ToolBox (2008). Man-in-the-Middle. Retrieved August 4, 2012, from http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack
E-commerce 18 Trusteer (2012). Cybercrime Prevention Architecture. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-cybercrime-prevention-architecture Trusteer (2012). Rapport. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-rapport-pc-and-mac-security Trusteer (2012). Mobile. Retrieved August 4, 20112 from http://www.trusteer.com/Products/Trusteer-Mobile-for-Online-Banking Trusteer (2012). Pinpoint. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-pinpoint-clientless-fraud-prevention Trusteer (2012). Pinpoint Malware. Retrieved August 4, 2012 from http://www.trusteer.com/products/malware-detection Trusteer (2012). Pinpoint Phishing. Retrieved August 4, 2012 from http://www.trusteer.com/Products/phishing-detection Webopedia (2010). SSL: Your Key to E-commerce Security. Retrieved March August 4, 2012 from http://www.webopedia.com/DidYouKnow/Internet/2005/ssl.asp. Zorn, Z. (2011). SpyEye-Fueled Man-in-the-Mobile Attack Targets Bank Customers. Retrieved August 4, 2012 from http://www.net-security.org/malware_news.php?id=1683

Recomendados

E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerceabe8512000
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
E commerce
E commerceE commerce
E commerceHumayun Khalid Qureshi
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce SecurityRebecca Jones
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 

Recomendados

E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerceabe8512000
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
E commerce
E commerceE commerce
E commerceHumayun Khalid Qureshi
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Ecommerce Security
Ecommerce SecurityEcommerce Security
Ecommerce SecurityRebecca Jones
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 
E commerce
E commerceE commerce
E commerceKavita Sharma
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment systemGc university faisalabad
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce securityNuth Otanasap
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet BankingChiheb Chebbi
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e securityDr. C.V. Suresh Babu
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Mais conteúdo relacionado

Mais procurados

E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1Abdelfatah hegazy
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce securityNuth Otanasap
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet BankingChiheb Chebbi
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 

Mais procurados (20)

E commerce
E commerceE commerce
E commerce
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
Security In Internet Banking
Security In Internet BankingSecurity In Internet Banking
Security In Internet Banking
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Unit 4 e security
Unit 4 e securityUnit 4 e security
Unit 4 e security
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 

Destaque

E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
E commerce
E commerceE commerce
E commerceGBC
 
E Commerce Presentation
E Commerce PresentationE Commerce Presentation
E Commerce PresentationTylerjd
 
Chapter 6 value chain
Chapter 6 value chainChapter 6 value chain
Chapter 6 value chainKaysee Das
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
customer behavior in e-commerce
customer behavior in e-commercecustomer behavior in e-commerce
customer behavior in e-commerceNor Rasyidah
 
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...Quote Automation: Faster Supplier Identification and Bid Execution for Your P...
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...SAP Ariba
 
Autogenic Drainage
Autogenic DrainageAutogenic Drainage
Autogenic Drainagevinuravaliya
 
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...Amazon Web Services
 
Ageas Corporate Presentation
Ageas Corporate PresentationAgeas Corporate Presentation
Ageas Corporate PresentationAgeas
 

Destaque (20)

E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
E commerce ppt
E commerce pptE commerce ppt
E commerce ppt
 
E commerce
E commerceE commerce
E commerce
 
E Commerce Presentation
E Commerce PresentationE Commerce Presentation
E Commerce Presentation
 
E commerce
E commerceE commerce
E commerce
 
E commerce
E commerceE commerce
E commerce
 
Chapter 6 value chain
Chapter 6 value chainChapter 6 value chain
Chapter 6 value chain
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
 
Security threats
Security threatsSecurity threats
Security threats
 
customer behavior in e-commerce
customer behavior in e-commercecustomer behavior in e-commerce
customer behavior in e-commerce
 
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...Quote Automation: Faster Supplier Identification and Bid Execution for Your P...
Quote Automation: Faster Supplier Identification and Bid Execution for Your P...
 
Autogenic Drainage
Autogenic DrainageAutogenic Drainage
Autogenic Drainage
 
Why I Use SharePoint
Why I Use SharePointWhy I Use SharePoint
Why I Use SharePoint
 
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...
Indian Case Studies: How AWS Customers Have Successfully Built and Migrated a...
 
Ageas Corporate Presentation
Ageas Corporate PresentationAgeas Corporate Presentation
Ageas Corporate Presentation
 

Semelhante a E-commerce Security and Threats

Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperHai Nguyen
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...Milos Pesic
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023K7 Computing Pvt Ltd
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
computer and security
computer and security computer and security
computer and security Sumama Shakir
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
 

Semelhante a E-commerce Security and Threats (20)

Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaper
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
 
Ijetr042177
Ijetr042177Ijetr042177
Ijetr042177
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
9 3
9 39 3
9 3
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
securing-consumer-portals-consumer-access-management-as-business-driver-and-p...
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
computer and security
computer and security computer and security
computer and security
 
Information security
Information securityInformation security
Information security
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Retail
Retail Retail
Retail
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020
 

Último

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

E-commerce Security and Threats

  • 1. E-commerce Specific Solution in E-commerce Brian D. Palmer University of Maryland University College Dr. Chen INFA 620 August 7, 2012 1
  • 2. E-commerce 2 The E-commerce environment allows companies such as Amazon, EBay, PayPal, financial institutions, and other e-commerce companies alike to allocate services to the consumer over the Internet resulting in the luxury of consumers not visiting a physical store. However, with that luxury also welcomes the risk of threats such as hackers and their various attacks on e-commerce sites and its consumers. To mitigate such risks, adequate security tools are implemented by companies to protect consumers from being victims of identity theft. However, some of the security tools implemented can have limitations in regards to protecting the required assets. In addition, companies offering ecommerce services should invest in additional security controls to implement into their network infrastructure to ensure a safe online environment for their consumers. Over the years e-commerce has become more popular and convenient for both companies and consumers. For companies, e-commerce reduces cost and creates new market opportunities (Brooghani, 2010). This service over the Internet offers consumers the ability to shop, transfer funds, and sell goods from home, mobile device, or on the go. With this luxury, also comes a growing concern with the security of consumers’ information such as account numbers, social security numbers, e-mail addresses, etc. The movement of data from a browser to a server and back is vulnerable to an attack by an outside threat (Brooghani, 2010). There has been an overwhelming fear by consumers if e-commerce sites are safe and can be trusted with private information. The invading of this private information through unauthorized means is a risk that will continue to exist. Security relates to the ability of a company to protect its consumers online and prevent online fraud through security measures (Mandic, 2009). Security controls are implemented by companies to prevent an attack, but at the same time continuously allow
  • 3. E-commerce 3 controlled access to the network to authorized users (Brooghani, 2010). The common ebusiness security controls include but not limited to firewall software, intrusion detection systems, secure electronic payment protocol, secure sockets layer(SSL), etc (Otuteye, 2003). However, with any security control implemented come limitations that could cause a system to be vulnerable to securing the required assets. With that said, no system of security is fool proof, so there may be a need to add additional security software/hardware to compliment the existing security controls currently in place. Firewalls (software or hardware) are implemented to protect the network from attack by viruses and hackers. The two key components in regards to enterprise networks are all inside and outside traffic must pass through the firewall. In addition, only authorized traffic based on the enterprises’ security policy is allowed transit. The firewall itself must be immune to penetration in order support advanced authentication techniques such as smart cards and one-time passwords (Ahamed, Ansari, Kubendran,, 2011). The four main firewalls used are packet filters, application gateways, circuit-level gateways, and stateful packet-inspection. For example, a large company like Motorola, might place a firewall at the outside of the system, and connect it to a gateway computer, and then connect that machine to a router with packet filters, and finally connect the router to the internal computer network (“Firewalls”, 2012). However, firewalls have limitations as stated below: • “Firewalls cannot protect against what has been authorized. Firewalls permit the normal communications of approved applications but if the applications themselves have flaws, a firewall will not stop the attack because, to the firewall, the communication is authorized.
  • 4. E-commerce • Firewalls are only as effective as the rules they are configured to enforce. An overly permissive rule set will diminish the effectiveness of the firewall. • Firewalls cannot stop social engineering attacks or an authorized user intentionally using their access for malicious purposes. • Firewalls cannot fix poor administrative practices or poorly designed security policies. • Firewalls cannot stop attacks if the traffic does not pass through them.” (Bragg, Rhodes-Ousley, & Strassberg, 2004, p.230) Below is an example of a firewall configuration: (“PCI Compliance”, 2012) 4
  • 5. E-commerce 5 Secure Sockets Layer (SSL) encrypts data such as credit cards numbers as well other personally identifiable information, which prevents the unauthorized individuals from stealing information for malicious intent. An SSL protected page’s address begins with "https" and there is a padlock icon at the bottom of the page. The user browser cannot secure the entire transaction which is the reason e-commerce sites implement SSL certificate. The SSL certificate is used to encrypt the data and to identify the Web site. In addition, the SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, the name of the Certificate Authority who issued the certificate, and the root and the country it was issued in (“SSL”, 2010). However, the limitations are that SSL can be weak and vulnerable to Man-in-the-Middle (MITM) attacks. With the increased use of SSL by companies, hackers are discovering more ways to hack or bypass this authentication technology (Kissoon, 2011). Below is an example of SSL webpage: (“SSL Certificate”, 2012)
  • 6. E-commerce 6 Secure electronic payment protocol is an open, vendor-neutral, non proprietary, license-free specification for securing on-line transactions developed by International Business Machines (IBM) and MasterCard. This security tool takes input from the negotiation process and causes payment process to occur via a three-way communication among the cardholder, merchant, and acquirer. There are four major business requirements addressed by SEPP which are: 1. “To enable confidentiality of payment information. 2. To ensure integrity of all payment data transmitted 3. To provide authentication that a cardholder is the legitimate owner of a card account. 4. To provide authentication that a merchant can accept MasterCard branded card payments with an acquiring financial institution” (Ahamed et al., 2004, p.1306). However, the privacy of non financial that is not addressed in the SEPP protocol as well as the negotiation and delivery is a limitation. Below is an example of a SEPP transaction between the cardholder, merchant, and acquirer: “The operation of the Secure Electronic Transaction (SET) protocol relies on a sequence of messages. In the first two, the consumer and merchant signal their intention to do business and then exchange certificates and establish a transaction ID number. In the third step, the consumer purchase request contains a signed hash of the goods and services order, which is negotiated outside the protocol. This request is accompanied by the consumer's credit card information, encrypted so that only the merchant's acquiring bank can read it. At this point, the merchant can acknowledge the order to the customer, seeking authorization later (steps five and six) or perform steps five and six first and confirm authorization in step four. Steps seven and eight give the consumer a query capability, while the merchant uses steps nine and ten to submit authorizations for capture and settlement” (Sirbu, 1997, p.1)
  • 7. E-commerce 7 Hackers are the main threat to the e-commerce environment, however they are responsible for unleashing potential sub-threats such as Man-in-the-Mobile(MITMO), Main-in-the-Browser(MITB) through Trojans(Zeus, Silion, Torpig, and Yaludle), and Man-in-the-Middle(MITM). Phishing attacks can be used as part of the process with the previously mentioned attacks to steal financial information from consumers. The Man-inthe-Middle attack, also known as session hijacking is used by hackers to intrude into an existing connection to intercept the exchanged data and inject false information. It involves eavesdropping on a connection, intruding into a connection, intercepting messages, and modifying data (“Man-in-the-Middle”, 2008, p.1). If a hacker were to capture the cookie that is used to maintain the session state between a consumer’s browser and the genuine website they are logging into, the hacker could present that cookie to the web server and impersonate the connection. The consumer’s financial information is now at risk of being compromised (Sanders, 2010). Below is an example of a normal transmission and MITM attack: A normal transmission where the user logs on to an e-commerce website where the user’s credentials are verified and user gains access to website. (Sanders, 2010)
  • 8. E-commerce 8 During the session hijacking attack, the hacker is intercepting the communication of a user logging into their account. Using this intercepted communication the hacker will impersonate that user and access the account from their attacking machine (Sanders, 2010) The Man-in-the-Browser attack is an enhancement of the Man-in-the-Middle attacker by using Trojans such as Zeus, Silon, Torpig, Yaludle, etc. The malicious software will modify the content in the victim's browser when they visit the log-in page adding additional form fields to the legitimate Web page. The idea is to phish for information that may be used as a secondary authentication mechanism (Prince, 2010). As a result, MITB enables hackers to steal consumer information such as login credentials, account numbers, and other financial information. During an MITB attack, the fraudulent website will look identical to the legitimate company website, but when the customer enters their account details and one-time-password, the malicious software used will immediately connect to the geniune website and use the details to impersonate the customer and make a fraudulent transaction (Murdoch, 2008). Below is an example of a MITB attack:
  • 9. E-commerce 9 (Murdoch, 2008) The Man-in-the-Mobile attack uses a Trojan called SpyEye to steal funds during online transactions. The trojan injects fields into the webpage and asks the user to input their mobile phone number and the for International Mobile Equipment Identity (IMEI) of the phone. The user is then told the information is needed so a "certificate", actually the Trojan, can be sent to the phone and is informed that it can take up to three days before the certificate is ready (Heyman, 2011). The message is a cover up to convince the user that the Trojan is a legitimate certificate and to prevent any suspicion. According to Zorn (2011), Managing Editor of Help Net Security, “the trojan is signed with a developer certificate. Developer certificates are tied to certain IMEIs and can only be installed to phones that have an IMEI that is listed in the certificate. This is why the malware author(s) request the IMEI in addition to the phone number on the company’s website. Once they receive new IMEIs, they request an updated certificate with IMEIs for all victims and create a new installer signed with the updated certificate. The delay in
  • 10. E-commerce 10 getting the new certificate explains why the SpyEye-injected message states it can take up to three days for the certificate to be delivered" (Zorn, 2011, p.1). The MITMO attack targets BlackBerry, Android, Symbian mobile devices. The regions affected are the United States, Europe, Middle East, and Asia. However new targeted countries have emerged such as Russia, Saudi Arabia, Bahrain, Oman, Venezuela, Belarus, Ukraine, Moldova, Estonia, Latvia, Finland, Japan, Hong Kong and Peru (Kirk, 2011). To the contrary of the SpyEye example, there are other MITMO which use similar malicious software to steal a consumer’s financial information. Below is an example of a MITMO attack: (1.) “The user is infected by a Trojan when visiting a compromised website. The site scans the user’s computer for vulnerabilities and, when it finds one, it injects a Trojan. (2.) By monitoring the user’s online activity, the Trojan collects and transmits login credentials, phone numbers and other sensitive data to the attacker. (3.) The attacker sends a phishing SMS to the victim’s cell phone using the number stolen at Step 2. The message is intended to persuade the user to click on a link that will (4.) Upload a mobile Trojan to the user’s cell phone. (5.) The attacker performs an unauthorized funds transfer using the stolen login credentials. (6.) The bank sends an SMS with confirmation code to the compromised cell phone. (7.) The cell phone silently sends this code to the attacker, which is then used to confirm the transaction (8.) Steps 5-8 can be repeated many times, because the Trojan masks true funds amount and displays only the online banking page the user expects to see” (“Online Banking Trojans”, 2012, p.1)
  • 11. E-commerce 11 The following security controls are recommended solutions for e-commerce companies as additional security to thwart any cyber attacks. The recommended security controls are offered by Trusteer, a private held corporation. The security software offered by Trusteer such as Pinpoint, Mobile and Rapport will assist e-commerce companies in mitigating the discussed threats to ensure a safe online environment. According to Trusteer (2012), Trusteer Cybercrime Prevention Architecture “is the technology foundation of Trusteer’s sustainable security solution, enabling organizations to protect their employees and customers against malware and phishing attacks. It prevents credential theft, account takeover, and sensitive information theft. Trusteer Intelligence Center experts extract emerging Crime Logic (i.e. attack tactics) from threat information gathered by tens of millions of protected endpoints. Trusteer’s clientless and endpoint protection layers are constantly updated to secure users against the evolving threat landscape” (Trusteer, 2012, Cybercrime, para. 1). Below is an example of Trusteer’s Architecture:
  • 12. E-commerce 12 (Trusteer, 2012) Trusteer’s Pinpoint application allows e-commerce companies to detect and mitigate malware attacks and account takeover activity with easy integration with the company’s online site and fraud prevention processes. Trusteer Pinpoint can alert fraud teams on possible infections or feed risk score to the web application or risk engine to mitigate potential fraud. Trusteer Pinpoint is clientless, completely transparent to end users and does not require any installation of software on the endpoint. The application enables companies to focus fraud prevention processes based on malware risk factors and initiate malware removal with the Trusteer Rapport on infected endpoints. In addition, Trusteer Pinpoint's analysis provides details on the specific malware kit used to generate the malware variant and the malware’s Crime Logic (Trusteer, 2012). In addition, e-commerce companies should implement Trusteer Rapport which can prevent future infections, allowing users to safely execute online monetary transactions (Trusteer, 2012). To protect customers from MITM and MITB attacks, the Rapport software locks down customer browsers and creates a tunnel for secure communication with the e-commerce website. This software prevents attacks such as MITB and MITM by securing user credentials and personal information, stops financial fraud and account takeover. Employees’ endpoints, managed and unmanaged, are protected against advanced malware and spear phishing attacks. Rapport prevents keylogging, screen capturing and application tampering credentials and sensitive data are secured from theft by Cyber criminals (Trusteer, 2012). Software vulnerabilities in mobile operating systems, such as Apple’s iOS and Google’s Android, allow malicious software to infect and take over devices. The MITMO
  • 13. E-commerce 13 malware aims to steal credentials, tampers with financial transactions and out-of-band authentication and compromises mobile e-commerce applications. To address these issues, Trusteer Mobile provides layered protection against malware attacks by performing real time device risk analysis, end-to-end protection for sensitive transaction data and prevention of sensitive data leakage. Trusteer Mobile includes a secure mobile browser that is used after the device analysis is completed. The embedded browser blocks Man-in-the–Middle (i.e. Pharming) attacks by validating that online banking IP addresses and SSL certificates belong to the genuine site. Once users have logged in, the specific ecommerce company has the capability to leverage the risk score to restrict access to specific data or capabilities and decline approval of specific transactions. In addition, Trusteer Mobile Security SDK adds a protection layer to standalone mobile apps. As a result, developers can embed the Security SDK and use it to adapt their business logic to utilize device risk analysis and transaction protection provided by Trusteer (Trusteer, 2012). Below is an example of the Security SDK mobile app which detects malware on a user’s mobile device: (Trusteer, 2012)
  • 14. E-commerce 14 Lastly, Trusteer Situation Room is an ongoing risk-assessment service that keeps track of fraudsters and their activities. It will present e-commerce companies with a clear and elaborate picture of threats at various levels including organizational, regional and industry wide. Using Trusteer Situation Room, companies can immediately identify new attacks targeting their systems and customers, and receive accurate analysis of these attacks, their implications, and suggestions for addressing them. Trusteer Situation Room features ongoing reports describing the change in threat over time and the effectiveness of various controls that e-commerce companies has in place against them. It is supported by a professional group of fraud and malware analysts who closely monitor financial fraud activities around the clock (Trusteer, 2012). Below is an example of Trusteer Situation Room: (Trusteer, 2012)
  • 15. E-commerce 15 The four recommendations mentioned make up Trusteer’s Cybercrime Prevention Architecture (TPCA). Combined with Trusteer’s Intelligence Center, around the clock detection and blocking of new attacks are monitored. Furthermore, e-commerce will benefit from the above mentioned solutions because of the real-time intelligence which can automatically feed into layered fraud prevention and security systems. As a result, ecommerce companies are more knowledgeable of cyber crime attacks against themselves and their consumers. The Trusteer recommended solutions will allow e-commerce companies to proactively protect their e-commerce customers from becoming a victim of identity theft. By receiving real time alerts, e-commerce companies will be able to investigate emerging threats such as suspicious computers, reconnected infected computers, phishing attacks, and new zero day threats. The security software provided by Trusteer will assist ecommerce companies with securing their customers’ browsers from financial malware attacks and fraudulent websites (Trusteer, 2012). The implementation of the discussed recommended solutions will increase e-commerce companies’ visibility of unauthorized intrusion.
  • 16. E-commerce 16 References Ahmadi-Brooghani, Z. (2010). Security Issues in E-commerce: an Overview. International Review on Computers & Software, 5 (5), 575-580. Retrieved August 4, 2012 from Academic Source Complete. Ahamed, Dr. S., Ansari, A., Kubendran, Dr. V. (2011). Transaction Based Security Issues and Pathways to Effective Electronic Commerce: From Tactics to Strategy. Internatoinal Journal of Engineering Science & Technology, 3(2), 1304-1310. Retrieved August 5, 2012 from Academic Search Complete. Bragg, R., Rhodes-Ousley, M., & Strassberg, K. (2004). The Complete Reference: Network Security. Emeryville, California: McGraw-Hill/Osborne Digicert (2012). Extended Validation EV SSL Certificate. Retrieved August 4, 2012, fromhttp://www.digicert.com/ev-ssl-certification.htm. Ektron Knowledge Base (2012). Info: Understanding PCI Compliance. Retrieved August 4, 2012 from http://dev.ektron.com/kb_article.aspx?id=26304 Firewalls (2012). Firewalls. Retrieved August 4, 2012 from http://www.referenceforbusiness.com/small/Eq-Inc/Firewalls.html Heyman, A. (2011). First SpyEye Attack on Android Mobile Platform now in the Wild. Retrieved August 4, 2012, from http://www.trusteer.com/blog/first-spyeye-attackandroid-mobile-platform-now-wild Kirk, J. (2011). SpyEye Trojan defeating online banking defenses. Retrieved August 4, 2012 from http://www.computerworld.com/s/article/9218645/SpyEye_Trojan_defeating_ online_banking_defenses
  • 17. E-commerce 17 Kissoon, J. (2011). Secure Socket Layer-An Overview. Retrieved August 4, 2012 from http://www.cleverlogic.net/articles/secure-socket-layer-overview. Mandic, M. (2009). Privacy and Security in E-commerce. Trziste/Market, 21(2), 247-260. Retrieved August 4, 2012 from Business Source Complete Database. Murdoch, S. (2008). 2FA is dead. Retrieved August 5, 2012, from http://blog.cronto.com/index.php?title=2fa_is_dead Online Banking Security (2012). Online Banking Trojans. Retrieved August 4, 2012, from http://www.safensoft.com/print.phtml?c=758 Otuteye, E. (2003). A Systematic Apporach to E-business Security. Retrieved August 4, 2012 from http://www.ausweb.scu.edu.au/aw03/papers/otuteye/paper.html Prince, B. (2010). Understanding Man-in-the-Browser Attacks Targeting Online Banks Retrieved August 4, 2012, from http://securitywatch.eweek.com/exploits_and_attacks/understanding_man-in-thebrowser_attacks.html Sanders, C. (2010). Understanding Man-in-the-Middle Attacks. Retrieved August 4, 2012, from http://www.windowsecurity.com/articles/Understanding-Man-in-the-Middle-AttacksARP-Part3.html Sirbu, M.(1997). Credits and debits on the Internet. Retrieved August 4, from http://spectrum.ieee.org/telecom/internet/credits-and-debits-on-the-internet/4 ToolBox (2008). Man-in-the-Middle. Retrieved August 4, 2012, from http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack
  • 18. E-commerce 18 Trusteer (2012). Cybercrime Prevention Architecture. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-cybercrime-prevention-architecture Trusteer (2012). Rapport. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-rapport-pc-and-mac-security Trusteer (2012). Mobile. Retrieved August 4, 20112 from http://www.trusteer.com/Products/Trusteer-Mobile-for-Online-Banking Trusteer (2012). Pinpoint. Retrieved August 4, 2012 from http://www.trusteer.com/Products/trusteer-pinpoint-clientless-fraud-prevention Trusteer (2012). Pinpoint Malware. Retrieved August 4, 2012 from http://www.trusteer.com/products/malware-detection Trusteer (2012). Pinpoint Phishing. Retrieved August 4, 2012 from http://www.trusteer.com/Products/phishing-detection Webopedia (2010). SSL: Your Key to E-commerce Security. Retrieved March August 4, 2012 from http://www.webopedia.com/DidYouKnow/Internet/2005/ssl.asp. Zorn, Z. (2011). SpyEye-Fueled Man-in-the-Mobile Attack Targets Bank Customers. Retrieved August 4, 2012 from http://www.net-security.org/malware_news.php?id=1683