E-Commerce Security & Payment SystemE-Commerce Security & Payment SystemE-Commerce

Learning ObjectivesLearning Objectives

• Basic Security Issues

• Threats and Attacks

• Managing E-Commerce Security

• Payment Revolution

• Online Payment

Case: eBayCase: eBay

Basic Security IssuesBasic Security Issues

• Today’s web security problem has three primary facets:

•Securing web server and data on it

•Securing information that travels between web server and user

•Securing end user’s computer and other devices that people use to access the Internet

Basic Security Issues(cont’d)Basic Security Issues(cont’d)

Threats and AttacksThreats and Attacks

1. NONTECHNICAL ATTACK (SOCIAL ENGINEERING)

2. TECHNICAL ATTACK

Technical AttackAn attack perpetrated using software and systems knowledge or expertise

Social Engineering

An attack that uses social pressures to

trick computer users into compromising

computer networks to which those

individuals have access

Social EngineeringSocial Engineering

Dear user of stmp.ciputra.ac.id,

We have detected that your email account was used to send a large amount of spam during the recent week. Obviously, your computer had been compromised and now runs a trojan proxy server. We recommend you to follow the instruction in the attachment (stmp-ciputra.zip) in order to keep your computer safe.

Regards,ICT SupportCiputra University

Dear user of stmp.ciputra.ac.id,

We have detected that your email account was used to send a large amount of spam during the recent week. Obviously, your computer had been compromised and now runs a trojan proxy server. We recommend you to follow the instruction in the attachment (stmp-ciputra.zip) in order to keep your computer safe.

Regards,ICT SupportCiputra University

Phishing examplesPhishing examples

Social Engineering(cont’d)Social Engineering(cont’d)

Social Engineering, the USB WaySteve StasiukonisVP & founder of Secure Network Technologies, Inc.

Social Engineering(cont’d)Social Engineering(cont’d)

• COUNTERMEASURES

• Education and training

• Policies and procedures

• Penetration testing

Social Engineering(cont’d)Social Engineering(cont’d)

Technical AttackTechnical AttackDDoS

Managing EC SecurityManaging EC Security

• Security Policy

• Risk Assessment

• Authentication methods:

‣ Something you know: password

‣ Something you have: smart cards

‣ Something you are: biometrics

Managing EC Security(cont’d)Managing EC Security(cont’d)

Managing EC Security(cont’d)Managing EC Security(cont’d)

Managing EC Security(cont’d)Managing EC Security(cont’d)

Managerial IssuesManagerial Issues

• Have we budgeted enough for security?

• What are the business consequences of poor security?

• Should organizations be concerned with internal security threats?