chapter 5
DESCRIPTION
dekh loTRANSCRIPT
-
7/17/2019 Chapter 5
1/43
7.1 @ Lalit Sharma, JIM
Online Security andPayment Systems
-
7/17/2019 Chapter 5
2/43
7.2 @ Lalit Sharma, JIM
The E-commerce Security Environment
-
7/17/2019 Chapter 5
3/43
7.3 @ Lalit Sharma, JIM
Customer and Merchant Perspectives on the Different
Dimensions of E-commerce Security
-
7/17/2019 Chapter 5
4/43
7.4 @ Lalit Sharma, JIM
Security Threats in the E-commerce Environment
Three key points of vulnerability: Client
Server Communications channel
-
7/17/2019 Chapter 5
5/43
7.5 @ Lalit Sharma, JIM
! Typical E-commerce Transaction
-
7/17/2019 Chapter 5
6/43
7.6 @ Lalit Sharma, JIM
"ulnerable Points in an E-commerce Environment
-
7/17/2019 Chapter 5
7/437.7 @ Lalit Sharma, JIM
Most Common Security Threats in the
E-commerce Environment
Malicious code #viruses$ %orms$ Tro&ans'
(n%anted pro)rams #spy%are$ bro%ser parasites'
Phishin)*identity theft
+ackin) and cybervandalism
Credit card fraud*theft
Spoofin) #pharmin)'*spam #&unk' ,eb sites
DoS and dDoS attacks Sniffin)
nsider attacks
Poorly desi)ned server and client soft%are
-
7/17/2019 Chapter 5
8/437.8 @ Lalit Sharma, JIM
Malicious Code
"iruses: +ave ability to replicate and spread to otherfiles. most also deliver a /payload0 of some sort#destructive or beni)n'. include macro viruses$ file-infectin) viruses$ and script viruses
,orms: Desi)ned to spread from computer tocomputer
Tro&an horse: !ppears to be beni)n$ but then doessomethin) other than e1pected
2ots: Can be covertly installed on computer.responds to e1ternal commands sent by the attacker
-
7/17/2019 Chapter 5
9/437.9 @ Lalit Sharma, JIM
(n%anted Pro)rams
nstalled %ithout the user3s informed
consent
2ro%ser parasites: Can monitor and chan)e settin)s ofa user3s bro%ser
!d%are: Calls for un%anted pop-up ads
Spy%are: Can be used to obtain information$ such as a
user3s keystrokes$ e-mail$ Ms$ etc4
-
7/17/2019 Chapter 5
10/437.10 @ Lalit Sharma, JIM
Phishin) and dentity Theft
!ny deceptive$ online attempt by a third party
to obtain confidential information for financial
)ain Most popular type: e-mail scam letter
5ne of fastest )ro%in) forms of e-commerce crime
-
7/17/2019 Chapter 5
11/437.11 @ Lalit Sharma, JIM
+ackin) and Cybervandalism
+acker: ndividual %ho intends to )ainunauthori6ed access to computer systems
Cracker: +acker %ith criminal intent #t%oterms often used interchan)eably'
Cybervandalism: ntentionally disruptin)$
defacin) or destroyin) a ,eb site
-
7/17/2019 Chapter 5
12/437.12 @ Lalit Sharma, JIM
Credit Card 7raud
7ear that credit card information %ill be
stolen deters online purchases
+ackers tar)et credit card files and othercustomer information files on merchant
servers. use stolen data to establish credit
under false identity
5ne solution: 8e% identity verification
mechanisms
-
7/17/2019 Chapter 5
13/437.13 @ Lalit Sharma, JIM
Spoofin) #Pharmin)' and Spam #9unk' ,eb
Sites
Spoofin) #Pharmin)' Misrepresentin) oneself by usin) fake e-mail addresses
or masueradin) as someone else
Threatens inte)rity of site. authenticity
Spam #9unk' ,eb sites
(se domain names similar to le)itimate one$ redirecttraffic to spammer-redirection domains
-
7/17/2019 Chapter 5
14/437.14 @ Lalit Sharma, JIM
DoS and DDoS !ttacks
Denial of service #DoS' attack +ackers flood ,eb site %ith useless traffic to inundate and
over%helm net%ork
Distributed denial of service #DDoS' attack +ackers use numerous computers to attack tar)et net%ork
from numerous launch points
-
7/17/2019 Chapter 5
15/437.15 @ Lalit Sharma, JIM
5ther Security Threats
Sniffin): Type of malicious pro)ram that
monitors information travelin) over a net%ork.
enables hackers to steal proprietary information
from any%here on a net%ork
nsider &obs: Sin)le lar)est financial threat
Poorly desi)ned server and client soft%are:
ncrease in comple1ity of soft%are pro)rams hascontributed to increase is vulnerabilities that
hackers can e1ploit
-
7/17/2019 Chapter 5
16/437.16 @ Lalit Sharma, JIM
Technolo)y Solutions
Protectin) nternet communications
#encryption'
Securin) channels of communication #SS;$S-+TTP$ "P8s'
Protectin) net%orks #fire%alls'
Protectin) servers and clients
-
7/17/2019 Chapter 5
17/437.17 @ Lalit Sharma, JIM
Tools !vailable to !chieve Site Security
-
7/17/2019 Chapter 5
18/437.18 @ Lalit Sharma, JIM
Protectin) nternet Communications:
Encryption
Encryption: Process of transformin) plain te1tor data into cipher te1t that cannot be read byanyone other than the sender and receiver
Purpose: Secure stored information andinformation transmission
Provides:
Messa)e inte)rity8onrepudiation
!uthentication
Confidentiality
-
7/17/2019 Chapter 5
19/437.19 @ Lalit Sharma, JIM
Symmetric
-
7/17/2019 Chapter 5
20/43
7.20 @ Lalit Sharma, JIM
Public
-
7/17/2019 Chapter 5
21/43
7.21 @ Lalit Sharma, JIM
Public
-
7/17/2019 Chapter 5
22/43
7.22 @ Lalit Sharma, JIM
Public
-
7/17/2019 Chapter 5
23/43
7.23 @ Lalit Sharma, JIM
Public
-
7/17/2019 Chapter 5
24/43
7.24 @ Lalit Sharma, JIM
Securin) Channels of Communication
Secure Sockets ;ayer #SS;': Most common form ofsecurin) channels of communication. used to establish asecure ne)otiated session #client-server session in %hich(=; of reuested document$ alon) %ith contents$ is
encrypted' S-+TTP: !lternative method. provides a secure messa)e-
oriented communications protocol desi)ned for use incon&unction %ith +TTP
"irtual Private 8et%orks #"P8s': !llo% remote users tosecurely access internal net%orks via the nternet$ usin)Point-to-Point Tunnelin) Protocol #PPTP'
-
7/17/2019 Chapter 5
25/43
7.25 @ Lalit Sharma, JIM
Protectin) 8et%orks: 7ire%alls and Pro1y
Servers
7ire%all: +ard%are or soft%are filterscommunications packets. prevents some packets
from enterin) the net%ork based on a securitypolicy
7ire%all methods include: Packet filters
!pplication )ate%ays Pro1y servers: Soft%are servers that handle all
communications ori)inatin) from or bein) sent tothe nternet
-
7/17/2019 Chapter 5
26/43
7.26 @ Lalit Sharma, JIM
7ire%alls and Pro1y Servers
-
7/17/2019 Chapter 5
27/43
7.27 @ Lalit Sharma, JIM
Protectin) Servers and Clients
5peratin) system controls: !uthentication
and access control mechanisms
!nti-virus soft%are: Easiest and leaste1pensive %ay to prevent threats to system
inte)rity
-
7/17/2019 Chapter 5
28/43
7.28 @ Lalit Sharma, JIM
Developin) an E-commerce Security Plan
-
7/17/2019 Chapter 5
29/43
7.29 @ Lalit Sharma, JIM
Types of Payment Systems
Cash
Cheue Transfer
Credit Card Stored "alue
!ccumulatin) 2alance
-
7/17/2019 Chapter 5
30/43
7.30 @ Lalit Sharma, JIM
Cash
;e)al tender
Most common form of payment in terms of number oftransactions
nstantly convertible into other forms of value %ithoutintermediation
Portable$ reuires no authentication
/7ree0 #no transaction fee'$ anonymous$ lo% co)nitive
demands ;imitations: easily stolen$ limited to smallertransaction$ does not provide any float
-
7/17/2019 Chapter 5
31/43
7.31 @ Lalit Sharma, JIM
Checkin) Transfer
7unds transferred directly via si)ned draft*cheue from a
consumer3s account to merchant* other individual
Most common form of payment in terms of amount spent
Can be used for small and lar)e transactions Some float
8ot anonymous$ reuires third-party intervention #banks'
ntroduces security risks for merchants #for)eries$ stopped
payments'$ so authentication typically reuired
-
7/17/2019 Chapter 5
32/43
7.32 @ Lalit Sharma, JIM
Credit Card
=epresents account that e1tends credit toconsumers. allo%s consumers to make payments tomultiple vendors at one time
Credit card associations: 8onprofit associations#"isa$ MasterCard' that set standards for issuin)banks
ssuin) banks: ssue cards and process transactions
Processin) centers #clearin)houses': +andleverification of accounts and balances
-
7/17/2019 Chapter 5
33/43
7.33 @ Lalit Sharma, JIM
Stored "alue
!ccounts created by depositin) funds into
an account and from %hich funds are paid
out or %ithdra%n as needed E1amples: Debit cards$ )ift certificates$ prepaidcards$ smart cards
Peer-to-peer payment systems such as PayPal a
variation
-
7/17/2019 Chapter 5
34/43
7.34 @ Lalit Sharma, JIM
!ccumulatin) 2alance
!ccounts that accumulate e1penditures and
to %hich consumers make period payments E1amples: (tility$ phone$ !merican E1press
accounts
-
7/17/2019 Chapter 5
35/43
7.35 @ Lalit Sharma, JIM
Dimensions of Payment Systems
-
7/17/2019 Chapter 5
36/43
7.36 @ Lalit Sharma, JIM
E-commerce Payment Systems
Credit cards are dominant form of online
payment$ accountin) for around FBG of online
payments in ?>
5ther e-commerce payment systems: Di)ital cash
5nline stored value systems
Di)ital accumulatin) balance payment systems Di)ital credit accounts
Di)ital checkin)
-
7/17/2019 Chapter 5
37/43
7.37 @ Lalit Sharma, JIM
+o% an 5nline Credit Transaction ,orks
-
7/17/2019 Chapter 5
38/43
7.38 @ Lalit Sharma, JIM
;imitations of 5nline Credit Card Payment
Systems
Security: neither merchant nor consumer
can be fully authenticated
Cost: for merchants$ around H4BG of
purchase price plus transaction fee of ?
H cents per transaction
Social euity: many people do not have
access to credit cards
-
7/17/2019 Chapter 5
39/43
7.39 @ Lalit Sharma, JIM
Di)ital Cash
5ne of the first forms of alternative payment
systems
8ot really /cash0: rather$ form of value stora)e
and value e1chan)e that has limited
convertibility into other forms of value$ and
reuires intermediaries to convert
Most early e1amples have disappeared. conceptssurvive as part of P?P payment systems
-
7/17/2019 Chapter 5
40/43
7.40 @ Lalit Sharma, JIM
5nline Stored "alue Systems
Permit consumers to make instant$ onlinepayments to merchants and other individualsbased on value stored in an online account
=ely on value stored in a consumer3s bank$checkin)$ or credit card account
PayPal most successful system
Smart cards another e1ample
-
7/17/2019 Chapter 5
41/43
7.41 @ Lalit Sharma, JIM
Di)ital !ccumulatin) 2alance Payment
Systems
!llo%s users to make micropayments and
purchases on the ,eb$ accumulatin) a debit
balance for %hich they are billed at the end
of the month
E1amples: "alista3s PaymentsPlus$
Clickshare
-
7/17/2019 Chapter 5
42/43
7.42 @ Lalit Sharma, JIM
Di)ital Checkin) Payment Systems
E1tends functionality of e1istin) checkin)
accounts for use as online shoppin) payment
tool
E1ample: Pay2yCheck
-
7/17/2019 Chapter 5
43/43
,ireless Payment Systems
(se of mobile handsets as payment devices
%ell-established in Europe$ 9apan$ South